The Hotel Villaggio Cala di Volpe – “Turiano Srl”, Owner of the processing of personal data, with operational headquarters in Torre Marino, Capo Vaticano 89866 Ricadi (VV) – ITALY, VAT number 03291490799, contacted by phone at 0963 669222 – 669699 or to the e-mail address email@example.com – considers the “privacy” of its users to be of fundamental importance and ensures that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to confidentiality, personal identity and the right to protection of personal data.
1) Personal information that is collected
In any occasion of contact or interaction with the guest and in all other aspects of our work, we may collect personal information. This personal information may include: contact information; personal information, nationality, passport number and date and place of issue; travel history; payment information, such as payment card number and other card information, as well as authentication information and other billing and account details related to electronic invoicing; preferences, with prior written consent, of the guest; preferences, with prior written consent, regarding marketing and communication; as well as relating to the reservation
2) Treatment purpose
The personal data, even of an identifying nature, provided by you will be processed for purposes connected to the management of the booking and any stay, by way of example, we inform you that the data may be processed: • for the insertion in the personal data of the computer databases and / or in the company’s physical archives; • for the management of hotel services; • for the management of payments; • for the management of promotions and offers; • for statistical purposes related to the functionality of the website; • to satisfy any management of the dispute, as well as to fulfill any other contractual and / or legal obligations, in particular accounting and tax;
3) Navigation Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.
5) Processing methods
Personal data are processed using automated and manual tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
6) Nature of the provision of data
For the purposes of booking for a hotel stay, the provision of data is mandatory and failure to provide it may result in the inability to obtain what is required, for the purposes (by way of example
sending promotional offers, update on rates, etc.) the transfer data is optional and does not prevent the provision of the requested service (hotel stay).
7) Recipients of the data
No data deriving from the web service (therefore navigation data specified above and cookies) is communicated or disseminated (save communication to judicial or police bodies if necessary).
The data are processed by personnel specifically appointed in writing to the processing of data (administrative staff and persons in charge of relations with the public, even outside the Company, who are in charge of the management of information systems even outside the Company who may also perform functions as system administrator and are in this case, those appointed, personnel in the marketing sector, also external to the Company, interns, data processors and their collaborators, in charge of the specific sector to which a request is made, who are responsible for managing the site even outside the Company) only if the processing is necessary to carry out their duties by performing only the operations necessary for the performance of the tasks. They can also be processed by data processors (including companies outside the Company that perform shipping, marketing, and server management and storage). The external companies can process the data also through specifically appointed employees in writing who can perform the same activities and process the data for the same purposes, for which the managers have been appointed by Turiano S.r.l.
The data provided by the user can be communicated to the subjects for whom there is a duty of communication under the law or a need for communication to assert the right of the company to the bodies in charge.
8) Storage times
The Data are processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document.
9) Data transfer
The Data Controller does not transfer personal data to third countries or international organizations outside the EU.
10) Rights of the interested parties
The interested party is always entitled to exercise and assert, towards the Data Controller, the rights recognized by the EU Regulation 2016/679 (articles 15 to 22), in particular:
Article 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679
The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing the processing of personal data concerning him and in this case, to obtain access to personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
d) the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
Right pursuant to art. 17 of EU Reg. 2016/679 – right to cancellation (“right to be forgotten”)
The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists:
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
(b) the data subject revokes the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing ;
(c) the data subject opposes the processing pursuant to Article 21 (1) and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21 (2);
d) personal data have been processed unlawfully;
e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the controller is subject;
f) personal data have been collected in relation to the information society service offer referred to in Article 8, paragraph 1 of EU Reg. 2016/679
Right referred to in art. 18 Right of limitation of treatment
The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to verify, exercise or defend a right in court;
d) the interested party has opposed the treatment pursuant to article 21, paragraph 1, Reg EU 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
Right pursuant to art. 20 Right to data portability
The data subject has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning him / her provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the Data Controller.
If you would like more information on the processing of your personal data, or exercise your rights, you can write to the e-mail address firstname.lastname@example.org. Before we can provide you, or change any information, you may need to verify your identity and answer some questions. An answer will be provided as soon as possible.