Privacy Policy

Introduction to Our Privacy Approach

This privacy policy explains how personal data is collected, used, stored, and protected when you interact with our digital services. It outlines the key principles that guide our data practices, describes your rights as a data subject, and provides transparency about the lifecycle of your personal information. By understanding this policy, you can make informed decisions about how you share information and how it is processed.

Scope of This Privacy Policy

This policy applies to all visitors and users who access our online platforms under the path /privacy-policy/. It covers the processing of personal data in connection with browsing, submitting forms, participating in initiatives, or using any functionality that requires the collection of identifiable information. The terms described here are intended to be consistent with modern data protection regulations and best practices.

Definitions and Key Concepts

To make this policy clear and easy to understand, the following key concepts are used:

  • Personal Data: Any information that directly or indirectly identifies a natural person, such as a name, identification number, online identifier, or factors specific to their identity.
  • Processing: Any operation performed on personal data, whether automated or not, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: A third party that processes personal data on behalf of the data controller and under its instructions.
  • Data Subject: Any identified or identifiable individual whose data is processed.

Types of Personal Data We Collect

The type and volume of data we collect depend on how you interact with our services. In general, the information may include:

  • Identification details: Name, surname, and other basic identifiers when voluntarily provided.
  • Contact information: Details you provide through forms or registrations, such as your preferred method of communication.
  • Professional or organizational information: Data related to your role within an organization, participation in initiatives, or involvement in accessibility or inclusion projects.
  • Technical data: IP address, browser type, device characteristics, pages visited, time of access, and navigation patterns, usually collected automatically through cookies or similar technologies.
  • Usage and preference data: Information about how you interact with content, which sections you visit frequently, and how you engage with specific features.

Legal Basis for Processing Personal Data

Personal data is processed only when a valid legal basis exists. Typical legal grounds include:

  • Consent: When you explicitly agree to the processing of your data for specific purposes, such as receiving updates or participating in accessibility-related initiatives.
  • Legitimate interest: When the processing is necessary to manage and improve digital services, secure platforms against misuse, understand user engagement, or ensure inclusivity and accessibility, provided that your fundamental rights and freedoms are not overridden.
  • Compliance with legal obligations: When data needs to be processed to comply with applicable laws, regulations, or requirements from competent authorities.
  • Performance of a relationship or participation framework: When processing is needed to manage activities or programs you have chosen to engage with.

Purposes for Which We Use Your Data

Personal data is processed for specific, explicit, and legitimate purposes. These may include:

  • Managing your participation in programs, events, or initiatives related to accessibility, innovation, and social impact.
  • Providing access to digital content, tools, and resources that promote inclusion and remove barriers.
  • Responding to your queries, requests for information, or feedback about services and initiatives.
  • Improving the usability, performance, and accessibility of our websites and online platforms.
  • Ensuring the security and integrity of systems, detecting fraud, and preventing misuse of services.
  • Producing aggregated statistics and reports that support decision-making and the design of better projects, without identifying users individually wherever possible.
  • Complying with legal obligations and addressing requests from public authorities, where required.

How We Collect Personal Data

Personal data reaches us through several channels, all of which are subject to safeguards and transparency rules:

  • Data you provide directly: Information that you share when completing forms, submitting applications, participating in surveys, or engaging with interactive platforms.
  • Data collected automatically: Information gathered when you browse our website, such as IP addresses and navigation patterns, usually captured via cookies and similar technologies.
  • Data from third parties: In some cases, information may be validated or enriched by trusted external providers or collaborating organizations, always in accordance with applicable data protection rules.

Use of Cookies and Similar Technologies

Cookies and comparable technologies help enhance your browsing experience and optimize website functionality. They may be used to remember preferences, provide secure sessions, measure page performance, and understand how visitors interact with content.

Cookies generally fall into different categories, such as strictly necessary cookies, functional cookies, and analytical or performance cookies. Depending on your jurisdiction, certain cookies may require your prior consent. You can typically manage consent and cookie settings through your browser or dedicated preference tools, bearing in mind that some features may be affected if cookies are disabled or restricted.

Data Retention Periods

Personal data is kept only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal requirements. Retention periods vary based on the nature of the data and the context of processing, but they are always defined in accordance with the principles of limitation and minimization.

Once the relevant period expires, data is either securely deleted, anonymized, or, if still needed for limited reasons such as legal defense, restricted so that it is no longer used for active processing.

Data Security and Protection Measures

Protecting personal data is a core priority. A combination of technical and organizational measures is applied to safeguard information against unauthorized access, alteration, loss, or disclosure. These measures may include encryption, access controls, secure development practices, continuous monitoring, and regular reviews of data-handling procedures.

Although no system can be guaranteed to be completely invulnerable, robust risk management and incident-response mechanisms are in place to mitigate potential impacts and to act promptly in case of any suspected breach involving personal data.

Data Sharing and International Transfers

Personal data may be shared with carefully selected third parties when necessary to support the purposes described in this policy. Such recipients may include technology service providers, analytics partners, or organizations that collaborate in accessibility, innovation, and inclusion initiatives.

Whenever data is shared, it is done under strict contractual obligations that require recipients to process the data only for the agreed purposes and to apply an appropriate level of security. If data is transferred to countries outside your local jurisdiction, adequate safeguards are implemented in line with applicable data protection laws, such as standard contractual clauses or equivalent mechanisms recognized by regulators.

Third-Party Services and External Platforms

Our digital services may integrate functionalities provided by third parties, such as embedded content, social media tools, or analytics and measurement platforms. These external providers may manage their own cookies and process data according to their individual privacy policies.

Whenever you interact directly with third-party services, you are encouraged to review their privacy documentation to understand how your information is processed. While we aim to partner with trustworthy and compliant providers, we do not control all aspects of external platforms.

Your Rights Regarding Personal Data

As a data subject, you have specific rights in relation to your personal information, subject to certain conditions and local legal requirements. These rights typically include:

  • Right of access: To obtain confirmation about whether your data is being processed and to receive a copy of that data, where appropriate.
  • Right to rectification: To request that inaccurate or incomplete personal data be corrected.
  • Right to erasure: To request the deletion of your personal data when it is no longer necessary or when processing is based solely on consent that you withdraw, provided there are no overriding legitimate grounds.
  • Right to restriction of processing: To ask that certain data be marked and only processed for limited purposes, for example while the accuracy of the data is being verified or a legal claim is being evaluated.
  • Right to data portability: To receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transmitted to another controller.
  • Right to object: To object, on grounds relating to your particular situation, to processing carried out on the basis of legitimate interests or for certain types of profiling.
  • Rights related to consent: Whenever processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Exercising Your Privacy Rights

You can exercise your rights under this privacy policy through clearly indicated channels on our digital platforms, such as dedicated forms or account settings, where available. When you submit a request, we may need to verify your identity to protect you and others from unauthorized access to personal data.

Requests are handled in a timely manner and in accordance with applicable laws. In some cases, limitations or exemptions may apply, for example where your request could adversely affect the rights and freedoms of others or conflict with legal retention obligations. In such situations, the reasons for any restriction will be explained to you whenever required by law.

Children's Data and Vulnerable Individuals

Our services are primarily aimed at adults and professionals involved in accessibility and inclusion initiatives. They are not intentionally designed for children or for collecting data from individuals who cannot lawfully give consent on their own. Where interactions involve vulnerable individuals, additional safeguards are applied and, when necessary, consent or authorization is obtained through appropriate legal guardians or institutions.

Principles of Data Minimization and Purpose Limitation

Data protection is grounded in the principles of minimizing and limiting how personal data is used. Only the information strictly necessary to achieve specific objectives is collected. Data is not reused for unrelated purposes without a new legal basis or, where required, renewed consent.

These principles ensure that the impact on privacy is reduced while still enabling digital services to function effectively and support broader goals related to accessibility, social responsibility, and innovation.

Accountability and Governance

Robust privacy governance ensures that policies are not just written but actively applied. This may involve internal procedures, staff training, privacy impact assessments, and periodic reviews of data-processing activities. Documentation is maintained to demonstrate compliance with data protection duties, and mechanisms are in place to address new regulatory requirements or emerging risks.

By cultivating a culture of accountability, data protection becomes an integral part of the design and operation of services rather than an afterthought.

Updates to This Privacy Policy

This privacy policy may be updated over time to reflect changes in laws, technologies, or the way services are delivered. When relevant modifications are made, a revised version will be made available and, where required by applicable regulations, you will be informed in a clear and timely manner so that you can review the changes.

Continued use of digital services after such updates may be interpreted as acceptance of the revised terms, subject to local legal requirements. For this reason, it is advisable to consult the policy periodically to stay informed about how your data is handled.

Balancing Innovation and Privacy

Modern digital projects, especially those focused on inclusion and accessibility, rely on data to measure impact, improve user experiences, and identify barriers faced by different groups. At the same time, it is crucial to respect privacy and uphold individual rights. This policy is intended to strike that balance, enabling responsible innovation that is aligned with ethical standards and legal frameworks.

By combining privacy by design, security by default, and transparent communication, it is possible to create digital environments where users feel informed, respected, and empowered.

These principles of data protection are especially relevant in sectors where trust, comfort, and personalization are essential, such as the hotel industry. When guests book rooms, request accessible accommodations, or share preferences about their stay, they entrust hotels with sensitive personal information that must be handled with the same rigor and transparency described in this privacy policy. By adopting clear consent mechanisms, limiting data collection to what is strictly necessary, and applying robust security measures, hotels can deliver tailored, inclusive experiences—from barrier-free rooms to adaptive services for different needs—while ensuring that every stage of the guest journey remains respectful of privacy and aligned with modern data protection standards.

Read more