privacy

Privacy eng

INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR DATA COLLECTED FROM THE DATA SUBJECT FOR PROCESSING: WEBSITE

pursuant to Article 13 of Regulation (EU) 679/2016 on the protection of individuals with regard to the processing of personal data
GASTHOF S.A.S. DI NEGRI CORRADO C. (hereinafter referred to as the "Company" or the "Controller"), with registered office at CORSO ROMA 146 23031 APRICA (SO) Italy and VAT number 00649790144, as the data controller, informs you, pursuant to Article 13 of the European Regulation 679/2016 on the protection of personal data ("GDPR"), about the processing of your personal data that will be carried out by the undersigned.

  1. Type of data processed

The Company is the data controller for the personal data communicated by the User to the undersigned and includes: Last name, first name, Arrival Date, gender, date of birth, city of birth, province of birth, country of birth, Document Type, Document Number, Place of issue of the document, Data on behavior, user profiles, consumers, taxpayers, etc. Email address

  1. Purpose of the processing

The processing of the Data is carried out by the Company in the course of its activities. In particular, the data provided by the Data Subjects will be processed, using both electronic and non-electronic means, for the following purposes: Promotional activities

  • • The legality criterion that makes the processing possible is: The processing is necessary for the pursuit of the legitimate interests of the data controller or third parties • Its legal basis is found in a legal provision: Union Norm Tourism and recreational activities
  • • The legality criterion that makes the processing possible is: The processing is necessary for the pursuit of the legitimate interests of the data controller or third parties
  • • Its legal basis is found in a legal provision: Union Norm Reservation Management
  • • The legality criterion that makes the processing possible is: The processing is necessary for the pursuit of the legitimate interests of the data controller or third parties • Its legal basis is found in a legal provision: Union Norm
  1. Processing methods

The Data will be processed by the Company using electronic and manual systems in accordance with the principles of fairness, lawfulness, and transparency provided for by the applicable legislation on the protection of personal data, protecting the confidentiality of the Data Subject through technical and organizational security measures to ensure an adequate level of security.

  1. Data retention

The Data provided by the Data Subject will be processed for a duration:

  • • Start Date: 25/05/2018
  • • Duration criterion: Determination criterion period
  • • Duration criterion: The personal data of the User will be processed by the Controller for the sole period necessary to achieve the purposes for which they were collected (not exceeding two years), after which they will be retained solely in compliance with the legal obligations in force, for administrative purposes and/or to assert or defend one's own right, in case of disputes and pre-litigation. The user can always request the interruption of the Processing or the deletion of the data. It should be noted that the site respects the principle of essentiality, as the collected data (and therefore requested from the user) are limited to those strictly necessary for the provision of the specific service.
  1. Communication, dissemination, and transfer of Data

The Data will be processed, to the extent necessary, by authorized personnel, adequately trained and instructed, by the Controller as well as by the personnel of third parties providing services to the Controller and carrying out Data processing on his behalf as data processors. In case of communication to third parties, the recipients may be: Categories:

  • • Recipient: Intermediation agencies
  • • Recipient: Customers and users
  • • Recipient: Public disclosure Recipients: No specific recipients to whom the data may be communicated have been defined

More generally, in carrying out its ordinary business activities, the Data may be communicated to subjects performing control, review, and certification activities related to the activities carried out by the Controller, consultants and professionals in the context of tax, judicial assistance services, and in the case of corporate transactions for which it is necessary to evaluate the company's assets, entities and public administrations, as well as subjects authorized by law to receive such information, Italian and foreign judicial authorities, and other public authorities, for purposes connected to the fulfillment of legal obligations, or for the fulfillment of obligations arising from the contractual relationship, including the need for defense in court. The collected data will not be subject to transfer to non-EU countries

  1. Profiling and/or automatic processing activities The collected data will not be subject to profiling or automatic processing

  2. Other subjects connected to the processing

Controller/s and any representative/s in the EU:

• Name and surname of the controller: CORRADO NEGRI Co-controller/s: There is no co-controller for the processing in question

Processor/s:

  • • Name and Surname: CORRADO NEGRI
  • • Tax code: NGRCRD63D01I829S

DPO: The appointment of a DPO/RDP is not provided for the processing in question

  1. What are the rights of the Data Subject

The Data Subject may exercise, in relation to the processing of the data described, the rights provided by the GDPR (Articles 15-21), including:

  • • receive confirmation of the existence of the Data and access their content (right of access); • update, modify, and/or correct the Data (right of rectification);
  • • request deletion or limitation of the processing of Data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the Data was collected or otherwise processed (right to be forgotten and right to limitation);
  • • object to the processing (right of objection); • lodge a complaint with the supervisory authority (Italian Data Protection Authority www.garanteprivacy.it) in case of violation of the regulations on the protection of personal data;
  • • receive a copy in electronic format of the Data concerning him as a Data Subject when such Data has been provided in the context of the contract and request that such Data be transmitted to another data controller (right to data portability). To exercise these rights, the Data Subject can contact the Data Controller by sending a communication to: This email address is being protected from spambots. You need JavaScript enabled to view it. When contacting us, the Data Subject must ensure to include their name, email/postal address, and/or phone number(s) to ensure that their request can be handled correctly.

APRICA, 25/05/2018

Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
statistiche di Google
Accept
Decline
Essential
indispensabili per la gestione interna
hotelitalia-aprica.com
cookie amministrativo e di consenso
Accept