Soledad S.r.l. Unipersonale, as data controller, intend to provide you the following specific information about the management of the website (https://www.chaletcorvara.com/eng/) with reference to the process of personal data of users who consult it. It is also an information notice, according to article 13 of European Regulation 2016/679 (“GDPR” or “Regulation”)
- Directive 2002/58 /EC concerning the “processing of personal data and the protection of privacy in the electronic communications sector”;
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46 / EC (General Data Protection Regulation).
- Legislative Decree 30 June 2003 n. 196 "Code regarding the protection of personal data", as amended by Legislative Decree 10 August 2018 n. 101.
THE DATA CONTROLLER
The Data Controller of the process is Soledad S.r.l. Unipersonale, Verona, via Locatelli n. 20.
DATA PROCESSING PLACE
The processing related to the services of this website are realized at the seat of Soledad, as well as at the seat of third parties, appointed as Data Processor, who offer outsourced services.
CATEGORIES OF DATA PROCESSED
The information systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
These information are not collected to be associated with identified Data Subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.
To this category of data belong the IP addresses or the domain names of the PC used by the users who connect to the web site, the URI (Uniform Resource Identifier) notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in the response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.
Such data are used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation, and are delated immediately after the processing.
The data could be used to ascertain the liability in case of possible cybercrimes damaging the web site.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of personal data by the user by filling the registration forms on the website or by calling the telephone numbers published on the website, entails the subsequent acquisition of the data provided by the user, necessary to provide the service or the information requested. Specific information on the processing of personal data will be published on the pages of the website set up for particular services requested.
Anonymous or aggregated data
Anonymization is a process aimed at preventing the identification of the data subjects. The data made anonymous don’t belong to the application field of the data protection regulation. The aggregated data may derive from personal data supplied by the user but is not considered personal data since, as specified, it doesn’t allow to directly or indirectly identify the data subject.
PURPOSES AND LEGAL BASIS OF THE PROCESS
Personal data will be processed for the following purposes:
- Purposes aimed at allowing navigation and consultation within the website.
The legal base of the process is the consent that is explicitly given by consulting the site (art. 6, paragraph 1, let. a), GDPR).
- Purposes related to the provision of the requested services (replies to requests for information).
The legal base of the process is the consent that is explicitly given by filing the form (art. 6, paragraph 1, let. a), GDPR).
- Purposes related to the booking requests.
The legal basis of the processing is to take steps at the request of the data subject prior to entering into a contract or the performance of a contract to which the data subject is party (art. 6, first paragraph, let. b), GDPR).
- Purposes related to direct marketing.
The legal basis of the processing is the legitimate interest pursued by the controller (art. 6, first paragraph, let. f), GDPR and Article 130, fourth paragraph, D. Lgs. 196/2003).
- Defensive purposes in case of abuse in the use of the site or attempted fraud.
The legal basis of the processing is the legitimate interest (art. 6, first paragraph, let. f) GDPR).
SPECIAL CATEGORIOES OF PERSONAL DATA
In the execution of the services requested by the customers (booking request and requests of information), the process of personal data of the data subject may concern special categories of personal data concerning health, freely given by the data subject and previous explicit consent.
LINKS TO OTHER WEBSITES
This website could contain links or references for the access to other websites. We inform you that the data controller does not control the cookies or other monitoring technologies of such websites to which this policy does not apply. We therefore recommend that you consult the individual privacy policies relating to these websites.
OPTIONAL SUPPLY OF DATA
Apart from what has been specified for the browsing data (needed for the running of this web site), users are free to supply their personal data or not. However, the non-supply of such data may entail the impossibility to obtain what has been requested.
CHECK ON YOUR PERSONAL DATA
We inform you that at any time you can choose to limit the collection or use of your personal data. For example, at any time you can object to the processing of your personal data for direct marketing purposes by sending us an email to the email address indicated below. The company will not sell or distribute the personal data collected to third parties unless it has obtained explicit consent from the data subject or unless this is explicitly required by law.
ROCESSING METHODS AND STORAGE TIME
Personal data are processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are taken in order to prevent the loss of data, its unlawful or wrongful use and unauthorised access.
SHARING, COMMUNICATION AND CIRCULATION OF DATA
The collected data may be shared, transferred or communicated to other companies, appointed as data processor, for activities strictly connected to the purposes indicated and instrumental to the operativeness of the service, such as the management of the information system. Apart from these cases, personal data won’t be communicated unless there’s a contractual or legal provision, or upon specific consent by the Data Subject. In this sense, personal data may be transmitted to third parties, but only and exclusively if: a) there is explicit consent to share the data with third parties; b) there is a need to share information with third parties in order to provide the service required by the Data Subject; c) it is necessary in order to meet a request by the judicial or public security authorities. No data deriving from the web service is circulated.
TRANSFER OF PERSONAL DATA
Personal data will not be transferred to third countries, namely countries not belonging to the European Union or to the European Economic Area.
DATA SUBJECTS RIGHTS
The regulation protecting the personal data expressly provides some rights for the subjects to whom the data refers (the so-called data subjects). In particular, pursuant to articles 15 and following of the EU Regulation 2016/679, each data subject has the right to obtain the confirmation of the existence or not of data concerning him/her and in this case, to obtain access to personal data, to obtain rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
RIGHT TO LODGE A COMPLAINT
Every data subject shall have the right to lodge a complaint with a supervisory authority if considers that the processing of personal data relating to him or her infringes the GDPR, pursuant to article 77 of the GDPR.
The personal data will be stored only for the time necessary to fulfil the specific purposes indicated. Any further storage of data or part of data may be arranged if required by law or to assert or defend its rights in any given location and in particular before the Court.
CHANGES TO THIS DATA PROTECTION POLICY
The data controller periodically controls its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organisations, or as dictated by technological evolution. Should the policy be modified, the new version will be published on this web page.
QUESTIONS, COMPLAINTS, SUGGESTIONS AND EXERCISING ONE’S RIGHTS
Anyone interested in more information, wanting to contribute suggestions or make a complaint about the data protection policy or the way our Company processes personal data, or who wants to assert the rights provided by the data protection regulation, may contact the data controller in writing at Soledad S.r.l. Unipersonale, Via Locatelli n. 20, Verona, o by emailing firstname.lastname@example.org