PRIVACY POLICY
INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of EU Reg. 2016/679 (GDPR)
updated on 25/09/2020
This page describes the methods and logic about the processing of personal data of the users who visit the website: www.residencesanpietrobarisano.it/ (hereinafter referred to as the “Site”). This information is provided pursuant to art. 13 of EU Regulation 2016/679 ‘General Data Protection Regulation’ (hereinafter referred to as GDPR) and the Italian legislation in force for the treatment of personal data, Legislative Decree no. 196/2003 and subsequent amendments, in particular those introduced by Legislative Decree no. 101/2018, to those who interact with the site from the address www.residencesanpietrobarisano.it and www.ristorantesanpietrobarisano.com and not for other external and possibly connected websites.
DATA CONTROLLER OF THE PROCESSING
The data controller of personal data processing (hereinafter referred to as the “Data controller”) is
San Pietro Barisano Residence
Rione San Biagio 52/56 (Sasso Barisano)
VAT number 00461590770
Phone number: 0835 346 191 – email address: info@residencesanpietrobarisano.it
DATA COLLECTION
The personal data that the data controller of data processing collects, processes, records, stores and/or transfers to third parties, are those identifying natural persons (by way of example and not exhaustively) such as names, surnames, addresses, tax codes, landline telephone / mobile phone numbers, dates or places of birth, etc..
Personal data may be communicated by the interested party either on a voluntary or mandatory basis. The latter case concerns the data that are considered as necessary for the processing of personal data by the data controller or to allow the data controller to carry out the service requested or whose collection is connected to the protection of legitimate interests of the data controller or to legal matters. Failure to provide the data deemed necessary to obtain the service / product requested to the Data controller, will make it impossible to provide the service. In this case, no responsibility can be ascribed to the Data controller.
Any personal data is collected on our website either on a voluntary basis (e.g. filling in the contact form on the Site) or when navigating on our website.
Navigation Data
The computer systems and software procedures operating this site usually collect some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes either IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user.
These data, which are necessary for the use of web services, are also processed to obtain statistics on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.); to check the correct functioning of the services offered.
Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact details of the Site, the filling in of the contact forms on the Site, involve the collection of the sender’s contact details, which are necessary to reply, as well as all the personal data included in the relative information.
Cookies and Other Tracking Systems
Neither cookies for user profiling nor other tracking methods are used.
Session cookies are used in a strictly limited way (not persistent) to ensure the safe and efficient navigation of the sites. The user controls the memorisation of session cookies in terminals or browsers. At the end of HTTP sessions, information relating to cookies are stored on the servers of the service logs for no more than seven days like other navigation data.
PURPOSES OF DATA PROCESSING
The personal data collected are processed by the Data controller for the following purposes:
1.To fulfil pre-contractual, contractual and fiscal obligations arising from existing or newly established relationships;
- To allow the correct performance of the company’s activities (bookkeeping, office management, human resource management, etc.).
- To carry out marketing activities, consisting in sending newsletters and/or commercial /marketing communications and/or advertising material, related to services / products offered by the Data controller;
- To monitor the interests and preferences of the interested parties;
- To improve and optimize the services offered by the Data controller;
- To collect anonymous statistics on the of the website and check its correct functioning;
- To be able to ascertain, exercise or defend a right in court.
LEGAL DATA PROCESSING
The Data controller processes Personal Data relating to the User if one of the following conditions is met:
1.The User has given his/her consent for one or more specific purposes; in some jurisdictions the data controller may be authorized to process Personal Data without the User’s consent or any other legal aspect specified below, unless the User objects (“opt-out”) to such processing. However, this is not applicable if the processing of Personal Data is governed by the European legislation on the protection of Personal Data;
- the processing is necessary for the performance of a contract with the User and/or the fulfilment of pre-contractual measures;
- the user shall processing his/her personal data to fulfil legal obligations;
- the processing is necessary for the performance of a task in the public interest or for the exercise of public authority the user is subject to;
- the processing is necessary for the pursuit of the legitimate interest of the Data controller or of third parties.
However, it is always possible to ask the Data controller to clarify the legal aspect of each processing and in particular to specify whether the processing is based on law, provided for in a contract or necessary to sign a contract.
DURATION OF THE PROCESSING
Personal data will be processed for the time strictly necessary to achieve the purposes for which they were collected and in compliance with all the necessary precautions to avoid their loss, illegal or incorrect use and to prevent unauthorized access.
Specifically, personal data shall be processed for no more than 10 years from the termination of the relationship for the purposes set forth in points 3a and 3b and for no more than 5 years for the purposes set forth in points 3c, 3d and 3e unless it is deemed, in good faith, that the law or other regulations allow and/or require its storage for a longer period of time.
The data collected for the purposes referred to in point 3g will be kept for the time provided for by the law.
Once these terms have expired, our systems will delete all personal data in compliance with the law.
RECIPIENTS OF PERSONAL DATA
The data collected by the Data controller may also be communicated, within the limits strictly pertinent to the purposes indicated in point 3 “PURPOSES OF TREATMENT”, to the following subjects or categories of subjects:
employees of the Data controller, who will process them as subjects authorized by the Data controller under their own precise and careful control;
collaborators of the Data controller who will process the data on behalf of the Data controller as data processors pursuant to art. 28 of GDPR;
public/private bodies to whom the communication is required by law, regulation or national or EU legislation as well as for the fulfilment of contractual obligations;
legal advisors, accountants, employment consultants who shall need them either to analyse or solve any legal issues concerning the existing contract;
external firms specializing in accounting or tax consulting;
technicians in charge of hardware and software support.
All data collected by the Data controller for the purposes referred to in point 3) above may also be communicated, if necessary, to the judicial authorities or to those subjects to whom communication is required by law.
With the exception of the subjects referred to in letters a) and b), the others shall process the data as autonomous data controllers.
PROCESSING METHODS
Personal data are processed exclusively for the purposes indicated above by means of manual, IT or telematic devices and stored on databases.
The Data controller has implemented suitable security measures in order to ensure integrity and security, as well as prevent the destruction, loss, accidental or illegal alteration, unauthorized disclosure, or access to Personal Data transmitted, stored or otherwise processed.
If the interested party suspects a possible improper use or loss or unauthorized access to his or her personal data, he or she is invited to immediately inform the Data controller through the contacts indicated in point 1. above.
PLACE OF DATA PROCESSING AND POSSIBLE DATA TRANSFER
All data collected are processed on paper or with automated tools at the company headquarters of the Data Controller indicated on the website www.globalsanificazioni.it as well as at the headquarters of the hosting and/or website management company. Currently the servers are located in Italy.
Should the data be transferred outside the European Economic Area or EEA (i.e. the Member States of the European Union as well as Norway, Iceland and Liechtenstein), the Data Controller assures from now on that the transfer shall be compliant to the applicable legal temporary provisions by signing, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
USER’s RIGHTS
The GDPR guarantees the interested parties a series of rights on their personal data processed by the data controller.
Users may be entitled to certain rights with reference to the Data processed by the Data Controller. In particular, the User is entitled to:
withdraw consent at any time. The User may withdraw his/her prior consent to the processing of his/her Personal Data.
object to the processing of his/her Data. The User may object to the processing of his/her Data without affecting the lawfulness of processing based on consent before the withdrawal. Further details on the right to object are indicated in the section below.
access to your Data. The User is entitled to obtain information on the Data processed by the data controller, on certain aspects of the processing and to receive a copy of the Data processed.
verify and request rectification. The User may verify the correctness of his/her Data and request either its upgrade or rectification.
obtain the restriction of the processing. When certain conditions are met, the User may request the restriction of the processing of his/her Data. In this case, the data controller shall not process the Data for any other purpose than their storage.
obtain the elimination or removal of his/her Personal Data. When certain conditions are met, the User may ask the data Controller to remove his/her Data.
receive your Data or have it transferred to another Data Controller.
The User is entitled to receive his or her Data in a structured, commonly used and readable format and, where technically feasible, to transfer his/her data to another data controller. This provision is applicable when Data are processed by automated tools and the processing is based on the User’s consent, on a contract to which the User is a party of or on contractual measures connected to it.
lodge a complaint. The User may lodge a complaint with the competent personal data protection supervisory authority or take legal action.
Users are reminded that, if their Data are processed for direct marketing purposes, they may object to the processing without giving any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.
THE EXERCISE OF DATA SUBJETC’S RIGHTS
To exert data subject’s rights, Users may send a request to the contact details of the Data controller indicated in this document. The Data controller undertakes to reply within 30 days. If he/she cannot comply with these deadlines, he/she must explain the reason for this delay in replying .