Information pursuant to EU Regulation 2016/679 (“GDPR”)
This document is intended to tell you what data we collect, why and how we use it.
When you use our services, we ask you for some data that we need to make our performance efficient. The data we may ask you for are:
certified e-mail (PEC);
unique billing code;
credit card number, expiration and security number;
identity document number and release date.
Data of minors under the age of 18
If you are under the age of 18, you cannot provide us with any personal data, and in any case we do not take responsibility for any false statements you provide. If we become aware of the existence of untruthful declarations, we will proceed with the immediate cancellation of any personal data acquired.
We use the data collected to offer you our service every day, to inform you about our commercial activities or to offer you a more personalized service in line with your interests. In detail:
A) guarantee access to our services and their delivery: how to send us direct messages via e-mail using the appropriate contact forms if present;
B) fulfill legal obligations such as invoicing and bookkeeping;
C) we use the data collected, if you have expressly given us your consent, to inform you about promotional activities that may interest you. In particular, we use them to: communicate promotional, commercial and advertising activities on events, initiatives or partnerships, by e-mail, sending SMS or push notifications;
D) we process the data collected, if you have expressly given us your consent, to analyze your habits or consumption choices in order to offer you an increasingly personalized service in line with your interests and to improve our commercial offer;
E) allow you to make a reservation directly from the site or pre-check in to speed up the time of your arrival at the reception.
The provision of personal data is mandatory to guarantee access to our services and their provision and to fulfill legal obligations such as billing and bookkeeping, see points A) and B) section 1. For all other services, the provision of the data is optional.
The data controller is: Annalisa Casasola with headquarters in Via F. Cesone, 12 – 13853 Lessona (BI). It is possible to contact the data controller at the e-mail address: firstname.lastname@example.org.
The data collected as part of the provision of the service may be communicated to:
administrative and judicial bodies and authorities by virtue of legal obligations;
companies that perform functions strictly related to our business, such as: DOTTORI COMMERCIALISTI RIUNITI, which takes care of bookkeeping;
Your personal data may be transferred outside the European Union to be processed by some of our service providers. In this case, we make sure that this transfer takes place in compliance with current legislation and that an adequate level of protection of personal data is guaranteed based on an adequacy decision, on standard clauses defined by the European Commission or on Binding Corporate Rules.
In no case do we transfer or sell personal data to third parties.
You can request your data in our possession or request its cancellation by sending a request to the email address: email@example.com.
Your personal data will be processed within 30 days or, if the processing becomes particularly complex, within 3 months.
Any natural person who uses our services can:
obtain from the owner, at any time, information about the existence of their personal data, the origin of the same, the purposes and methods of treatment and, if present, to obtain access to personal data and the information referred to in the article 15 of the GDPR;
request the updating, rectification, integration, cancellation, limitation of data processing if one of the conditions set out in article 18 of the GDPR occurs, transformation into anonymous form or blocking of personal data, processed in violation by law, including those whose retention is unnecessary for the purposes for which the data were collected and / or subsequently processed;
object, in whole or in part, for legitimate reasons, to the processing of data, even if pertinent to the purpose of the collection and processing of personal data provided for the purposes of commercial information or for sending advertising or direct sales material or for carrying out market research or commercial communication. Each user also has the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
receive your personal data, knowingly and actively provided or through the use of the service, in a structured format, commonly used and readable by an automatic device, and to transmit them to another data controller without impediments;
propose a complaint to the Guarantor Authority for the protection of personal data in Italy;
We remind you that for any question or request relating to your personal data and respect for your privacy you can write to the address: firstname.lastname@example.org.
The storage of personal data will take place in paper and / or electronic / IT form and for the time strictly necessary for the fulfillment of the purposes referred to in point 1, in compliance with your privacy and current regulations.
Invoices, accounting documents and transaction data are kept for 10 years pursuant to the law (including tax obligations).
The security of your data is of paramount importance to us. Our IT systems are equipped with backups and specific software for protection against attacks. The connections with the servers all have a security certificate which has the task of encrypting the incoming and outgoing data (you are protected for example when you send us a message or perform operations from the website, write to us by e-mail or process the your data with us).
This information may be subject to changes. If substantial changes are made to the use of user data by the Owner, the latter will notify the user by publishing them with the utmost evidence on their pages or through alternative or similar means.
Last updated on 24/04/2020.