Privacy policy

 ECT Italy

 

 

Index

  1. Objetivo de la Política de Privacidad
  2. Definitions
  3. Identity of the Data Controller
  4. Applicable laws and regulations
  5. Principles applicable to the processing of  personal data
  6. Security measures
  7. Purposes of processing
  8. Legitimation of the treatment
  9. Recipients of your data
  10. Data Processing Activities Carried Out
  11. Personal data of minors
  12. Origin and types of data processed
  13. Rights of data subjects
  14. Acceptance

 

 

 

1. Purpose of the Privacy Policy

ECT Italy SRL (hereinafter, ECT Italy ) establishes this Privacy Policy to inform users about how their personal data is processed in accordance with Regulation (EU) 2016/679 (GDPR), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and other applicable Italian laws, including the provisions of the Garante per la Protezione dei Dati Personali.

The purpose of this document is to explain the principles, obligations, rights, and procedures related to the collection, processing, storage, and communication of personal data through the website https://thaithreeseasons.com, particularly in relation to wellness and massage services offered by ECT Italy .

The Data Controller commits to ensuring the transparency, lawfulness, and fairness of data processing activities and to respect the fundamental rights and freedoms of users, including privacy, as protected under the Italian Constitution and the Charter of Fundamental Rights of the European Union.

 

 

2. Definitions

  • ‘Personal data’: any information relating to an identified or identifiable natural person (“data subject”), including names, identification numbers, location data, online identifiers, or factors specific to the individual’s identity, as defined under Article 4(1) of the GDPR.
  • ‘Processing’: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, erasure or destruction.
  • ‘Controller’: the natural or legal person, public authority or other body which determines the purposes and means of processing personal data, pursuant to Article 4(7) of the GDPR and Article 2 of the Italian Privacy Code (D.Lgs. 196/2003).
  • ‘Processor’: any person or organisation processing personal data on behalf of the controller, in accordance with a written contract as required by Article 28 of the GDPR.
  • ‘Consent’: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she agrees to the processing of personal data, in line with Article 7 of the GDPR and Italian legal provisions.
  • ‘Data subject’: the individual to whom the personal data relates.
  • ‘Supervisory Authority’: the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority), which oversees compliance with data protection laws in Italy.
  • ‘Data breach’: a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
  • ‘Profiling’: any automated processing of personal data used to evaluate personal aspects, particularly to analyse or predict work performance, health, interests or behaviour.
  • ‘Pseudonymisation’: processing of personal data in a way that data can no longer be attributed to a specific data subject without additional information.

 

 

 

 

3. Identity of the Data Controller

The Data Controller, pursuant to Article 4(7) of Regulation (EU) 2016/679 (GDPR) and Article 2 of Legislative Decree No. 196/2003 (Italian Privacy Code), is the natural or legal person who determines the purposes and means of the processing of personal data.

In this case, the Data Controller is:

  • Legal name: ECT Italy SRL
  • VAT/Tax ID: 14020160967
  • Registered office: Via Uberto Visconti di Modrone 2 . 20122, Milano (Lombardia), Italy
  • Email: info@thaithreeseasons.com
  • Phone: +39 02 494 332 62
  • Website: https://thaithreeseasons.com
 

 

4. Applicable Laws and Regulations

This Privacy Policy is based on the applicable legislation of the Italian Republic and the European Union, including:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation – GDPR).
  • Legislative Decree No. 196/2003 (Codice in materia di protezione dei dati personali), as amended by Legislative Decree No. 101/2018.
  • Legislative Decree No. 70/2003 on electronic commerce, implementing Directive 2000/31/EC.
  • Italian Civil Code, in particular provisions related to contractual and non-contractual obligations.
  • Any other relevant national or European law or regulation applicable to data protection and electronic commerce.

The privacy and data processing practices of ECT Italy are aligned with the guidelines issued by the Italian Data Protection Authority (Garante per la protezione dei dati personali).

 

5. Principles Applicable to the Processing of Personal Data

The processing of personal data collected through this website shall be carried out in accordance with the following principles, as established by Regulation (EU) 2016/679 and the Italian Privacy Code (Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018):

  • Lawfulness, fairness and transparency: Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
  • Purpose limitation: Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Data minimisation: Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: Data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that inaccurate personal data are erased or rectified without delay.
  • Storage limitation: Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.
  • Integrity and confidentiality: Data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • Accountability: The controller shall be responsible for, and be able to demonstrate, compliance with these principles.
 

6. Security Measures

ECT Italy applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in compliance with Article 32 of Regulation (EU) 2016/679 and the provisions of the Italian Data Protection Code (Legislative Decree 196/2003 as amended).

These measures include, but are not limited to:

  • Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restoring the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Regular testing, assessment, and evaluation of the effectiveness of technical and organisational measures for ensuring the security of processing.
  • Pseudonymisation and encryption of personal data where necessary, especially when processing sensitive categories of data.

Information systems are managed in accordance with the principles of proportionality, data minimisation, and secure access, ensuring that only authorised personnel have access to personal data in accordance with assigned responsibilities.

Staff involved in personal data processing are adequately trained and bound by confidentiality obligations in line with Article 29 of the GDPR and Article 2-quaterdecies of the Italian Data Protection Code.

 

7. Purposes of Processing

Your personal data is collected and processed for the following purposes, in accordance with Article 6 of Regulation (EU) 2016/679 and the relevant provisions of the Italian Data Protection Code (Legislative Decree 196/2003 as amended):

  • To respond to enquiries submitted via the contact form on https://thaithreeseasons.com.
  • To manage voluntary subscriptions to the newsletter and send promotional or informative communications, with the data subject’s prior consent.
  • To manage online bookings and the provision of wellness and massage services offered by ECT Italy .
  • To comply with administrative, accounting and fiscal obligations deriving from the contractual relationship and from applicable Italian laws.
  • To guarantee the technical functionality of the website and to analyse usage for service improvement, subject to consent when required for analytics or profiling cookies.

Each processing activity is carried out on the basis of specific legal grounds, such as the execution of a contract, the fulfilment of a legal obligation, the consent of the data subject, or the legitimate interest of the controller, always within the limits established by Italian and European law.

 

8. Lawful Basis for Processing

The lawful basis for processing your personal data is established in accordance with Article 6 of the General Data Protection Regulation (EU) 2016/679 and applicable provisions of Legislative Decree 196/2003 as amended by Legislative Decree 101/2018. Specifically, your data may be processed on the following legal grounds:

  • Consent: When you have freely and expressly given your consent for one or more specific purposes, such as receiving newsletters or marketing communications.
  • Performance of a contract: When processing is necessary for the execution of a contract to which you are a party, such as purchasing or booking a massage service online.
  • Legal obligations: When processing is required to comply with legal obligations under Italian or EU law, such as tax or accounting requirements.
  • Legitimate interest: When processing is necessary for the legitimate interests pursued by ECT Italy , provided that such interests do not override your fundamental rights and freedoms.

Where consent is used as the legal basis for processing, it will be collected through explicit, documented means, and you will retain the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

 

 

9. Recipients of Your Data

Your personal data may be disclosed to third parties only when strictly necessary and under one of the legal bases provided by Regulation (EU) 2016/679 and the Italian Privacy Code (Legislative Decree 196/2003, as amended).

Specifically, your data may be shared with the following categories of recipients:

  • Service providers (e.g., hosting companies, web developers, email marketing platforms) acting as data processors under Article 28 GDPR, with whom ECT Italy has signed appropriate data processing agreements.
  • Payment platforms for the purpose of completing transactions related to massage service purchases or bookings. These platforms operate under their own privacy policies and are compliant with European data protection laws.
  • Public authorities when required by law, for compliance with legal obligations such as tax, accounting, or judicial measures.
  • Analytics and tracking services (if consented by the user), such as tools for measuring user traffic or behaviour, subject to cookie consent rules under the Italian Data Protection Authority's (Garante) guidelines of 10 June 2021.

Your data will not be sold or disclosed to third parties for commercial purposes without your explicit consent.

ECT Italy ensures that all third parties receiving your personal data offer sufficient guarantees regarding the implementation of appropriate technical and organisational measures, in accordance with Article 28 of the GDPR, ensuring the protection of your rights.

 

10. Data Processing Activities Carried Out

The website https://thaithreeseasons.com carries out several personal data processing activities based on the interaction of users with its services. These activities are strictly limited to the purposes described in this Privacy Policy and comply with the legal bases established under Regulation (EU) 2016/679 and the Italian Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).

Below is a summary of the main data processing activities:

  • Newsletter Subscription: When users subscribe to the newsletter, their email address and consent are collected. Purpose: sending commercial communications. Legal basis: explicit consent. Data are stored until consent is withdrawn.
  • Contact Form: When users contact us via the contact form, we collect their name, email, and message. Purpose: managing requests and communication. Legal basis: pre-contractual measures. Data are stored for the time necessary to respond.
  • Account Creation and Purchases: For users who register or make purchases, we process name, email, address, phone number, and payment details. Purpose: user account management and order fulfilment. Legal basis: contract execution. Data are stored in accordance with legal retention obligations (e.g., tax laws).
  • Cookies and Analytics: Technical cookies are used to ensure basic functionality of the site. Subject to user consent, the site may also install:
    • Analytical cookies (e.g., Google Analytics) to monitor traffic and improve performance.
    • Profiling cookies for personalised advertising or content, if applicable.
    Consent is collected via a cookie banner that complies with the Garante’s guidance of 10 June 2021, allowing users to:
    • Accept all cookies.
    • Reject non-essential cookies.
    • Manage preferences through a control panel.
    Legal basis: consent (except for technical cookies, which do not require consent). Data are retained for no longer than 12 months unless renewed.

International transfers of data may occur in the context of using third-party services (e.g., analytics, email platforms) located outside the European Economic Area. These transfers are carried out with appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, where applicable.

 

11. Personal Data of Minors

The services offered through the website https://thaithreeseasons.com are not intended for minors under the age of 14. In accordance with Article 8 of Regulation (EU) 2016/679 and Article 2-quinquies of the Italian Privacy Code (D.Lgs. 196/2003 as amended), personal data of individuals under 14 years of age shall only be processed with prior authorisation from the holder of parental responsibility.

ECT Italy does not knowingly collect or process personal data of minors without such consent. Should we become aware that data of a minor under the applicable age threshold has been processed without the necessary consent, we will take immediate steps to delete such data unless the processing is otherwise permitted by law.

Parents or guardians who become aware that a minor has provided their personal data without their consent may contact us at info@thaithreeseasons.com to request the erasure of such data and exercise the data subject’s rights.

 

12. Source and Types of Data Processed

12.1 – Data Source

Personal data processed by ECT Italy are collected directly from the data subject through:

  • Interaction with the website https://thaithreeseasons.com (e.g., cookies and browsing).
  • Completion of contact, registration, or booking forms.
  • Newsletter subscription requests.
  • Purchases of services via the online shop.

No data are collected from public sources or from third parties unless otherwise specified at the time of collection or through the privacy policy associated with third-party tools (e.g., Instagram).

12.2 – Types of Data Processed

The following categories of personal data may be processed:

  • Identification data: Name, surname, and user account details.
  • Contact details: Email address, phone number, and mailing address (where applicable).
  • Transactional data: Purchase history, billing, and payment information, excluding full credit card details (handled directly by the payment gateway).
  • Navigation data: IP address, device and browser information, time spent on the site, and pages visited (via cookies, with user consent).
  • Communication data: Messages sent through contact forms or via email.

Special categories of personal data (Article 9 GDPR) are not collected through this website. Should any sensitive data be voluntarily provided by the user, it will be processed only when necessary and in accordance with Article 9(2)(a) of the GDPR, with explicit consent.

 

13. Rights of the Data Subjects

Under Regulation (EU) 2016/679 (GDPR) and the Italian Privacy Code (Legislative Decree 196/2003, as amended), data subjects have the following rights regarding their personal data:

  • Right of Access: To obtain confirmation of whether your personal data is being processed and to access such data and related information.
  • Right to Rectification: To request the correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): To request the deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: To request the limitation of the processing of your data in specific situations.
  • Right to Data Portability: To receive your data in a structured, commonly used and machine-readable format and transmit it to another controller.
  • Right to Object: To object, on grounds relating to your situation, to the processing of your personal data.
  • Right to Withdraw Consent: To withdraw your consent at any time, where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: To lodge a complaint with the Italian Supervisory Authority (Garante per la Protezione dei Dati Personali) if you believe your rights have been violated.

To exercise any of these rights, you may contact the Data Controller at the following addresses:

  • Company Name: ECT Italy SRL
  • Registered Office: Via Uberto Visconti di Modrone 2 . 20122, Milano (Lombardia), Italy
  • Email: info@thaithreeseasons.com
  • Phone: +39 02 494 332 62
  • Website: https://thaithreeseasons.com

 

 

14. Acceptance

The availability of this Privacy Policy implies that the user has read and understood its contents. Acceptance of this policy is necessary for the use of our services and is formalised by checking the relevant consent box on the website forms.

It is understood that acceptance does not always rely on consent but may also be based on other lawful bases for processing, such as the performance of a contract, legal obligations, or legitimate interests, in accordance with Article 6 of Regulation (EU) 2016/679 and Article 2-quinquies of Legislative Decree 196/2003 as amended.

ECT Italy reserves the right to modify this Privacy Policy at any time, either on its own initiative or due to legislative or jurisprudential updates, or regulatory interpretations by the Garante per la Protezione dei Dati Personali or other competent authorities. Any substantial changes affecting data subjects’ rights, the purposes of the processing, or the conditions for data sharing or international transfers will be clearly communicated to users.

This Privacy Policy is regularly reviewed and updated to ensure compliance with applicable regulations and the operational reality of ECT Italy . The latest version is always available on our website.

Last updated: July 22nd, 2025