Information on the processing of personal data
This document describes how to manage the website www.hotel-la-marina.it (“ Site “), with reference to the processing of personal data of users (“ User / Users “) Who consult it.
This is an information notice pursuant to the art. 13 of Legislative Decree no. 196/2003, so called Personal Data Protection Code (“ Privacy Code “) and Article 13 of EU Regulation 679/2016 (“ GDPR “), to all those who visit the Website and / or interact with the web services of Auto Po s.a.s. accessible through the Website.
The information is provided only for the Site and not for other web sites that may be consulted by the User through link on the Website.
1. Data controller
The holder of the processing of your personal data is Auto Po s.a.s., with registered office in Via Traversagno, 49 – 44122 Ferrara (FE), mail email@example.com, pec firstname.lastname@example.org, tel +39 0532 731893 (hereinafter “ Auto Po s.a.s.” or “ Owner “).
2. Types of processed data
2.1 Browsing data
The computer systems and the software procedures responsible for operating the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This is information that is not collected to be associated with identified individuals, but that by their very nature could allow users to be identified.
This category of data includes (i) the IP addresses or the domain names of the computers used by the users connecting to the Website, (ii) the URI notation addresses ( Uniform Resource Identifier ) of the requested resources , (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (good end, error) and (vii) other parameters related to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.
2.3 Data provided voluntarily by the user
The Data Controller processes personal, identifying and non-sensitive data (as an example, but not limited to, name, surname, address, telephone, email, etc. – later, “personal data” or data) communicated by the User on the occasion registration to the web pages of the Site or to the registration form of the Data Controller, the compilation and sending of a contact form to the Data Controller or, in any case, of any other request.
The User assumes responsibility for the data of third parties published or shared via the Website and warrants that he has the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.
3. Purpose and legal basis of processing
The processing of personal data of the User by the Owner is aimed at:
- pursuing, in compliance with art. 6.1, lett. f) of the GDPR, its own legitimate interest, consisting in ensuring the safety of the Site and the information exchanged therein, ie the ability of such Site to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible;
- to allow the User to send requests for information and to the Owner to provide the User with any feedback to the requests formulated; make User registration and authentication possible;
- for marketing purposes only with your specific and distinct consent pursuant to art. 23 and 130 of the Privacy Code and art. 7 of the GDPR: sending by e-mail newsletter, commercial communications and / or advertising material on products and services of the owner;
- allow the Owner, to receive the User’s personal data through Facebook, and other and other social networks of which the user may provide contact details, if any;
- to exercise the rights of the owner, for example the right of defense;
- to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority.
The purposes referred to in letters c), d) and e) will be prosecuted only after the User has expressed their specific consent and free consent to such processing, remaining understood the possibility for the latter to always request the exclusion of some modes of automated or traditional communications.
4. Consequences of a possible refusal to answer
5. Method of treatment
Personal data are processed with computerized and automated systems, such as e-mails, databases, spreadsheets, web services for the time necessary to achieve the purposes for which they are collected.
It should be noted, in particular, that the User’s personal data are processed by persons duly appointed to perform these tasks, constantly identified and / or appointed, appropriately instructed and made aware of the constraints imposed by law, as well as by the use of security measures to guarantee the protection of your privacy and to avoid risks of loss or destruction, unauthorized access, or processing that is not permitted or does not comply with the aforementioned purposes.
6. Communication and dissemination of data
In any case, the communication of data to companies expressly appointed to perform certain services within the activity carried out by the Owner and / or, in general, in his favor, which will operate as autonomous holders and / / o controllers, as well as the communication and / or dissemination of data required, in compliance with the law, by police forces, judicial authorities, information and security bodies or other public entities for defense or security purposes State or prevention, ascertainment or repression of crimes.
Data is not subject to disclosure.
The updated list of Managers can always be requested from the Data Controller.
7. Data transfer
The management and storage takes place on servers located within the European Union at the company DENALI Golden Core ltd. In any case, it is understood that the Data Controller, if necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Holder ensures from now on that the transfer of non-EU data will take place in accordance with the applicable legal provisions stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the Commission European.
8. Rights of the interested party
Pursuant to art. 7 of the Privacy Code and articles 15 and ss. of the GDPR, the User has the right to obtain:
- the confirmation of the existence or not of personal data concerning you, even if not yet registered, their communication in an intelligible form and access to them;
- a copy of your personal data;
- the correction of any inaccurate personal data;
- cancellation of your personal data;
- the limitation of the processing of your personal data;
- in a structured format, in common use and readable by an automatic device, the personal data you have provided or which you yourself have created – excluding the judgments created by the Data Controller and / or by the persons appointed pursuant to art. 4 of the Privacy Code / by the persons authorized to process the data in the name and on behalf of the Data Controller pursuant to art. 4 of the GDPR – and to transmit them, directly or through the Data Controller, to another data controller (so-called data portability);
- information about:
- of the origin of personal data;
- of the categories of personal data processed;
- of the purposes and methods of processing;
- of the logic applied in case of treatment carried out with the aid of electronic instruments;
- of the identifying details of the Data Controller and of any responsible parties;
- of the retention period of your personal data or of the criteria useful for determining this period;
- of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or persons in charge pursuant to art. 4 of the Privacy Code / persons authorized to process data in the name and on behalf of the Data Controller pursuant to art. 4 of the GDPR;
- updating, rectification or, when interested, integration of data;
- the transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment it proves impossible or involves a use of means manifestly disproportionate to the protected right.
- The User also has the right to object, in whole or in part:
- for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
- to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.
To exercise the aforementioned rights, Users can send a communication to the e-mail address of the Owner, as per the previous art. 1, indicating the subject “Privacy exercise of rights”.
Finally, we inform you that if you believe that your rights have been violated by the Owner and / or a third party, you have the right to lodge a complaint with the Data Protection Authority and / or other competent supervisory authority in strength of the GDPR.
9. Duration of processing and storage of personal data
The User’s personal data will be processed by the Data Controller for the only period of time necessary to achieve the purposes of the processing referred to in Article 3 above, after which they will be kept only in compliance with current legal requirements, for administrative purposes and / or to assert or defend a right in the event of litigation and pre-litigation.
The user can always request the interruption of the treatment or the cancellation of data using personal details Cancellation’s schedule DSVGO-GDPR
Finally, we inform you that if you believe that your rights have been violated by the Owner and / or a third party, you have the right to lodge a complaint with the Data Protection Authority and / or other competent supervisory authority in force of the Rules. To this page http://www.garanteprivacy.it/home/urp