AVA Social Club Privacy Policy
Last updated: 30/05/2026
AVA Social Club attaches particular importance to safeguarding the privacy and protecting the personal data of its Users and Community members.
This Privacy Policy describes how AVA collects, uses, stores and protects personal data processed through the website avasocialclub.com, the Application, the Community, events, experiences, promoted activities and any related services.
This notice is provided in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable national legislation on the protection of personal data.
1. DATA CONTROLLER
The data controller is:
AVA Social Club, owned by Laura Spagni
VAT number: IT03145180356
Email: privacy@avasocialclub.com
Website: avasocialclub.com
For any enquiries regarding the processing of personal data or to exercise the rights provided for under applicable legislation, data subjects may contact the Data Controller using the contact details provided on the Website.
2. SCOPE OF APPLICATION
This Privacy Policy applies to personal data collected or processed by AVA in connection with the following activities:
- browsing the Website;
- completing and submitting the Application;
- requesting information;
- subscribing to the newsletter;
- participating in the Community;
- participating in activities, events, experiences and initiatives promoted by AVA;
- purchasing products from the AVA Collection;
- use of any restricted areas, accounts or digital services linked to the project;
- communications between AVA and Users via email, online forms or other official channels.
This policy does not apply to third-party websites, platforms or services that may be accessed via links on the Website; for these, please refer to their respective privacy policies.
3. CATEGORIES OF PERSONAL DATA PROCESSED
AVA may collect and process the following categories of personal data.
IDENTIFICATION AND CONTACT DETAILS
Data provided directly by the User, such as:
- first name and surname;
- email address;
- telephone number and/or WhatsApp number;
- any other contact details provided by the User.
PERSONAL AND GEOGRAPHICAL DATA
Data provided by the User as part of the Application or when using the Services, such as:
- date of birth;
- age or age group;
- city, county, region or country of residence;
- preferred language for communications.
PROFESSIONAL DATA
Information relating to profession, employment or other professional details provided by the User.
DATA PROVIDED VIA THE APPLICATION
Information voluntarily provided by the User as part of their application to join the Community, including, but not limited to:
- personal interests;
- preferences regarding activities, events, experiences and initiatives;
- availability for participation;
- preferences regarding group size;
- preferences regarding methods of participation and the pace of experiences;
- values, interests and orientations expressed within the Application;
- motivation, expectations and other information provided in responses to descriptive or open-ended fields in the Application.
DATA RELATING TO PARTICIPATION IN THE COMMUNITY AND THE SERVICES
Information relating to the User’s participation in activities promoted by AVA, such as:
- registrations for activities, events, experiences or initiatives;
- requests to participate;
- expressions of interest in specific activities or experiences;
- communications with AVA;
- history of interactions with the Community and the Services offered.
DATA RELATING TO TRAVEL, STAYS AND EXPERIENCES
Should the User express an interest in specific experiences, stays or trips promoted by AVA, further information necessary for the organisational management of the request may be collected, such as:
- the experience or initiative of interest;
- participation preferences;
- accommodation preferences;
- preferences regarding any additional services that may be available;
- further organisational information necessary for the management of the requested activity.
DATA RELATING TO PURCHASES
In the event of the purchase of products from the AVA Collection or other paid Services, AVA may process the data necessary for the management of orders, payments, shipments, invoicing and after-sales support.
Data relating to payment methods is processed by specialist providers responsible for managing payments in accordance with their respective privacy policies.
BROWSING DATA
Whilst browsing the Website, technical data and information relating to the use of the Services may be collected automatically, including:
- IP address;
- information about the device used;
- browser and operating system;
- date and time of access;
- pages visited;
- statistical and usage data relating to the Website.
Such data may also be collected via cookies and similar technological tools, as described in the Cookie Policy.
DATA PROVIDED VOLUNTARILY
AVA may also process any further information that the User chooses to provide voluntarily via contact forms, emails, support requests or other communications sent to AVA.
4. PURPOSES AND LEGAL BASIS OF THE PROCESSING
AVA processes Users’ personal data exclusively for specific, explicit and legitimate purposes, in compliance with the applicable legislation on the protection of personal data.
A) MANAGEMENT OF ACCESS REQUESTS AND THE APPLICATION
Personal data provided via the Application may be processed for the following purposes:
- to receive and manage requests for access to the Community;
- to assess applications;
- to contact the User for any clarifications, further details or confirmations regarding the information provided in the Application;
- to conduct, where deemed appropriate, a brief introductory interview to support the application assessment process;
- add the User to the Community, place them on a waiting list or manage other outcomes of the application;
- organise activities related to access to and participation in the Community.
Legal basis: the performance of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) of the GDPR).
B) MANAGEMENT OF THE COMMUNITY AND AVA SERVICES
Personal data may be processed for the following purposes:
- to manage participation in the Community;
- to organise activities, events, experiences and initiatives promoted by AVA;
- to facilitate participation in the Services offered;
- to manage communications between AVA and Users;
- improve the quality of the experience offered;
- ensure the proper functioning of the Community and Services.
The information provided by the User via the Application and during participation in the Community may be used to understand interests, preferences, availability and methods of participation, in order to organise activities, experiences and initiatives consistent with the interests expressed by Users and with the aims of the project.
Any assessments affecting access to the Community or participation in activities are not based solely on automated processes and involve human intervention.
Legal basis: performance of the contractual or pre-contractual relationship and the Data Controller’s legitimate interest in the proper management of the Community and the Services (Article 6(1)(b) and (f) of the GDPR).
C) MANAGEMENT OF ACTIVITIES, EVENTS, EXPERIENCES, STAYS AND TRIPS
Personal data may be processed for the following purposes:
- to manage requests to participate and expressions of interest relating to activities, events, experiences, stays and trips;
- to organise and coordinate activities, events, experiences and initiatives promoted by AVA;
- to manage bookings, confirmations, waiting lists and organisational communications;
- to provide operational information relating to the activities and Services requested;
- coordinating, where necessary, services and activities with Partners, suppliers or parties involved in the provision of experiences;
- ensuring the proper organisational management of the activities and experiences requested by Users.
Legal basis: the performance of pre-contractual and contractual measures requested by the data subject (Article 6, paragraph 1, point (b) of the GDPR).
D) MANAGEMENT OF PURCHASES, PAYMENTS AND THE AVA COLLECTION
Personal data may be processed for the following purposes:
- to manage purchase requests, orders and bookings relating to products or services offered by AVA;
- to process payments and manage the related administrative tasks;
- to organise shipments, deliveries and logistics;
- provide pre- and post-sales support;
- manage any requests for returns, replacements or refunds;
- comply with applicable administrative, tax, accounting and regulatory obligations;
- manage communications relating to purchases made by the User.
Data relating to payment methods is processed by specialist providers responsible for payment processing in accordance with their respective privacy policies.
Legal basis: performance of the contract and compliance with legal obligations (Article 6(1)(b) and (c) of the GDPR).
E) INFORMATIVE, EDITORIAL AND PROMOTIONAL COMMUNICATIONS
Subject to the data subject’s consent, AVA may use the User’s contact details to:
- send newsletters and regular updates;
- share editorial content, articles, in-depth features and inspiration published by AVA;
- communicate Community activities, events, experiences, stays, trips and initiatives;
- provide information on new Services, features, projects or opportunities promoted by AVA;
- send communications relating to the AVA Collection, products, services or special initiatives.
The data subject may withdraw their consent at any time using the tools made available by AVA or by contacting the Data Controller.
Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal. Legal basis: consent of the data subject (Article 6(1)(a) of the GDPR).
F) SECURITY, PREVENTION OF MISUSE AND PROTECTION OF THE COMMUNITY
Personal data may be processed for the following purposes:
- to ensure the security of the Website, the Services and the tools used by AVA;
- to prevent, detect and combat misuse of the Website, the Application, the Community or the Services offered;
- verify any anomalies, fraudulent behaviour, manifestly false information or uses that do not comply with the Terms and Conditions;
- safeguard the security, quality and proper functioning of the Community and the activities promoted by AVA;
- manage reports, complaints, requests for assistance or situations that may affect the smooth running of organised activities and experiences;
- to establish, exercise or defend a right of AVA in judicial, extrajudicial or administrative proceedings.
Legal basis: the Data Controller’s legitimate interest in the security of the Services, the protection of the Community, the prevention of abuse and the defence of its rights (Article 6(1)(f) of the GDPR).
G) COMPLIANCE WITH LEGAL OBLIGATIONS
Personal data may be processed to comply with obligations laid down by applicable legislation, regulations, orders issued by the competent authorities, or other provisions binding on AVA.
Processing may also be carried out where necessary to respond to requests from public, administrative or judicial authorities, or from other entities authorised under current legislation.
Legal basis: compliance with legal obligations to which the Data Controller is subject (Article 6(1)(c) of the GDPR).
H) STATISTICAL ANALYSIS, MEASUREMENT AND IMPROVEMENT OF THE SERVICES
AVA may process browsing data, technical data and information relating to the use of the Website and the Services in order to:
- analyse traffic and usage of the Website;
- understand how Users interact with the pages, content and features available;
- measure the effectiveness of communication, promotion and advertising activities;
- monitor conversions and campaign performance;
- improve the structure, content, usability and functioning of the Website;
- optimise the Services, activities and initiatives offered by AVA;
- develop new features, content or services consistent with the evolution of the project.
These activities may also be carried out using analysis, measurement, tracking and tag management tools provided by third parties.
Where required by applicable legislation, processing will be carried out subject to the User’s consent, expressed via the cookie banner or other consent management tools made available on the Website.
Legal basis: consent of the data subject and/or the Data Controller’s legitimate interest, depending on the type of processing carried out and the nature of the tools used (Article 6(1)(a) and (f) of the GDPR).
5. METHODS FOR EVALUATING APPLICATIONS AND DECISION-MAKING PROCESSES
The information provided by Users via the Application is used by AVA as part of the process for evaluating requests for access to the Community and the subsequent management of the activities, experiences, initiatives and Services promoted by AVA.
As part of these activities, AVA may take into account the information provided by the User, the preferences expressed, the methods of participation indicated and other details voluntarily communicated via the Application or in subsequent interactions with AVA
The aim of these assessments is to enable the proper management of the Community, the activities and experiences promoted by AVA, as well as to preserve the quality, security and consistency of the environment offered by AVA.
Applications for access may be approved, placed on a waiting list or rejected, in accordance with the procedures described in the Terms and Conditions and those adopted by AVA.
AVA does not make decisions based solely on automated processes that produce legal effects or have a similar and significant impact on data subjects within the meaning of Article 22 of the GDPR.
Any technological tools, automated systems or analytical support tools that may be used by AVA do not replace human assessment, which remains an integral part of the decision-making process.
6. RETENTION OF PERSONAL DATA
AVA retains personal data for a period no longer than is necessary to fulfil the purposes for which it was collected and processed, unless otherwise required by law or necessary to protect the rights of the Data Controller.
In particular, personal data may be retained for the following periods:
COMMUNITY MEMBERS
Data relating to Users admitted to the Community is retained for the entire duration of the relationship with AVA and, subsequently, for a period not exceeding 36 months from the last significant interaction with the Community, the Services, activities, experiences or initiatives promoted by AVA.
For the purposes of this policy, significant interactions may include, by way of example, participation in activities or experiences, the purchase of products or Services, the renewal of any membership plans, access to restricted areas or other relevant interactions with AVA.
USERS ON THE WAITING LIST
Data relating to users on the waiting list is retained for a period not exceeding 36 months from the last significant interaction with AVA, in order to allow for any future opportunities to access the Community or participate in the initiatives promoted.
REJECTED ACCESS REQUESTS
Data relating to unsuccessful access requests are retained for a period not exceeding 12 months from the conclusion of the assessment process.
Where necessary for the protection of the Community, the prevention of misuse of the Services, the handling of disputes or the protection of AVA’s rights, certain strictly necessary data may be retained for a further period within the limits permitted by applicable legislation.
INFORMATIVE, EDITORIAL AND PROMOTIONAL COMMUNICATIONS
Data processed on the basis of the data subject’s consent is retained until such consent is withdrawn or the data subject requests erasure, unless otherwise required by law.
PURCHASES, PAYMENTS AND ADMINISTRATIVE DOCUMENTATION
Data relating to purchases, payments, bookings, invoices and administrative, tax and accounting documentation are retained for the period provided for by applicable legislation and, in any event, for the time necessary to fulfil legal obligations.
ENQUIRIES AND SUPPORT REQUESTS
Data relating to enquiries, support requests or contact details are retained for a period not exceeding 24 months from the date the request is processed, unless it is necessary to retain them for further legitimate purposes or to comply with legal obligations.
At the end of the periods indicated above, personal data will be deleted, anonymised or processed in such a way as to no longer allow the identification of the data subject, except in cases where retention is necessary to comply with legal obligations or to protect the rights of the Data Controller.
7. RECIPIENTS OF PERSONAL DATA
For the purposes described in this Privacy Policy, personal data may be disclosed to or made available to parties acting on behalf of AVA as data processors pursuant to Article 28 of the GDPR, or as independent data controllers where required by applicable legislation.
In particular, data may be processed by entities belonging to the following categories:
- providers of hosting, IT infrastructure and website management services;
- providers of email and communication services;
- providers of CRM, newsletter, marketing automation and contact management services; providers of statistical analysis, performance measurement and website usage monitoring services;
- providers of advertising, remarketing and promotional campaign measurement services;
- providers of electronic payment, transaction management and invoicing services;
- providers of services and platforms used to manage activities, events, experiences, stays, trips and initiatives promoted by AVA;
- consultants, professionals, collaborators and providers of administrative, tax, legal or organisational services;
- public authorities, bodies, organisations or entities entitled to receive the data pursuant to legal provisions or orders from the competent authorities.
By way of example, AVA may use suppliers and platforms such as Google, Microsoft, Meta, LinkedIn, Brevo, Stripe, WooCommerce, WooPayments, SumUp, JotURL, WhatsApp Business, Wordfence and other technology providers necessary for the operation and development of the Services.
An up-to-date list of Data Processors may be requested by contacting the Data Controller at the contact details provided in this Privacy Policy.
8. TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EEA
Some of the service providers used by AVA may process personal data in countries located outside the European Economic Area (EEA).
In such cases, data processing is carried out in accordance with the provisions of Regulation (EU) 2016/679 (GDPR) and other applicable data protection legislation.
Where necessary, the transfer of data to third countries is carried out on the basis of an adequacy decision adopted by the European Commission or through the adoption of the appropriate safeguards provided for in Articles 44 et seq. of the GDPR, including, where applicable, the Standard Contractual Clauses (SCCs) approved by the European Commission.
The User may request further information regarding the transfer of personal data and the related safeguards by contacting the Data Controller at the contact details provided in this Privacy Policy.
9. RIGHTS OF THE DATA SUBJECT
In accordance with Articles 15 et seq. of the GDPR, the data subject may at any time exercise the rights recognised by the applicable legislation on the protection of personal data.
In particular, the data subject has the right to:
- obtain confirmation as to whether or not personal data concerning them are being processed and to access such data;
- request the rectification of inaccurate data or the completion of incomplete data;
- request the erasure of personal data in the cases provided for by applicable legislation;
- request the restriction of processing in the cases provided for by applicable legislation;
- object to the processing of personal data in the cases provided for by applicable legislation;
- receive the personal data provided to the Data Controller in a structured, commonly used and
- machine-readable format and, where technically feasible, transmit it to another data controller (right to data portability);
- withdraw any consent given at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.
The data subject may exercise their rights or request further information regarding the processing of their personal data by contacting the Data Controller at privacy@avasocialclub.com.
Should the data subject consider that the processing of their personal data is in breach of applicable legislation, they also have the right to lodge a complaint with the competent Data Protection Authority or to bring the matter before the competent courts.
10. COOKIES AND TRACKING TOOLS
AVA uses cookies and other tracking tools to ensure the Website functions correctly, to improve the browsing experience, to analyse the use of the Services, to measure the performance of communication and marketing activities and, where applicable, to provide personalised content and communications.
Cookies and other tracking tools may be used directly by AVA or by third-party providers offering technical, statistical, advertising, remarketing or marketing automation services.
Detailed information regarding the types of cookies used, the purposes pursued, the parties involved, retention periods and how to manage preferences is available in the Website’s Cookie Policy, which forms an integral part of this policy.
You may at any time manage, change or withdraw your cookie preferences using the tools provided on the Website, subject to the provisions regarding technical cookies strictly necessary for the functioning of the Services.
11. CHANGES TO THIS PRIVACY POLICY
AVA reserves the right to amend or update this Privacy Policy at any time, including in response to changes in legislation, developments in the Services offered, technological updates or changes to the organisation of the Community’s activities.
Any changes will be published on the Website and will take effect from the date of publication, unless otherwise stated.
Where changes relate to processing operations for which the data subject’s consent is required or significantly affect Users’ rights, AVA will, where necessary, take the measures required by applicable legislation.
Users are invited to consult this Privacy Policy periodically to check for any updates.
The date of the last update shown at the beginning of the document indicates the version currently in force.