|What is this document? |
Pursuant to Art. 13 European Reg. n. 679/2016 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, Camping Alleghe di Rudatis M. & c. s.n.c. intends to inform each user (the “User”) about the processing of personal data happening on its website (www.allegheresort.it).
Controller and contact detail
Camping Alleghe di Rudatis M. & c. s.n.c. (hereinafter “Controller”,pursuant to Art. 4(7) GDPR),
with registered offices in Via Masarè 58, 32023 Rocca Pietore (BL), Italy
Purpose of processing, Legal Basis, Personal Data and Retention Period
The Controller processes Personal Data for the following purposes, as specified here in below. The table also shows the legal basis which justifies the processing and the period of data retention:
|Purposes||Personal Data||Legal Basis||Data Retention|
|Purchase or booking of the Company’s services.||? Anagraphic Information? Special categories of personal data? Contact details? Payment details||- Performance of a contract [Art. 6, 1, lett. b) GDPR] - Special categories of personal data [Art. 9, 1, lett.e) GDPR]||For the period of time necessary to complete the recruitment process.|
|Send communications and reply to queries concerning the Company Activities.||? Anagraphic Information ? Contact details||- Consent [Art. 6, 1, lett. a)] - Performance of a contract [Art. 6, 1, lett. b) GDPR]||For the period of time necessary to reply.|
|Send newsletters of a general informational, promotional and advertising nature and/or other materials for marketing communication purposes, in relation to the Website’s functionalities.||? Anagraphic Information? Contact details||Consent [Art. 6, 1, lett. a)]||Until the withdrawal of consent or until a denial has been communicated.|
|Allow the Controller to accomplish all formalities required by law, including those of administrative and tax/fiscal nature.||? Anagraphic Information? Contact details? Payment details||- Legal Obligation [Art. 6, 1, lett. c)] - Art. 109 TULPS - d.lgs. 7 January 2013||Until the expiry of the data retention period, as provided by the applicable law.|
|Improve the Website by analyzing how Visitors and/or Users navigate and/or use the Website.||? IP Address||Legitimate Interest[Art. 6, 1, lett. f) GDPR]||Not applicable (aggregate or anonymous data).|
|Detecting or preventing fraudulent activity and exercising the Controller's rights in Court||? Anagraphic Information? Contact details||Legitimate Interest[Art. 6, 1, lett. f) GDPR]||10 years|
In case the User prefers not to communicate mandatory and/or necessary data for the fulfilment of certain purposes, the Controller reserves the right to not provide the service through its Website.
Users can ask for explanation of the legal basis of each treatment at any time.
The processing of Personal Data will take place through automated and/or manual tools in order to ensure proper security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.
The user’s Personal Data may be shared with the following subjects, on a need-to-know basis and in accordance with Applicable Privacy Laws:
- Internet service providers and platforms used by the Controller as organisation tools, channels of communication and/or promotion;
- Third-party vendors, consultants and other third-party service providers who perform services for us or on our behalf and require access to such information to do that job;
All of the relations with the subjects listed above are - and will be - formalized with a contract pursuant to Art. 28 GDPR (Data Protection Agreement or “DPA”).
Personal data will be processed by internal staff specifically authorized under Article 29 of the GDPR. The names of all authorized personnel are available under request to the Data Controller, at email@example.com
Communication of any unwanted access to the Data Protection Authority
The computers and management system is periodically monitored, controlled and implemented by computer technicians. In the event that an unwanted access occurs, the Controller undertakes to give timely notice, within the terms provided by law, as expressly provided in the GDPR.
Data processing locations
Personal data are processed at the headquarters of the Controller, as well as in the servers that host the website www.allegheresort.it. The Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers shall be carried out by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.
Data subjects’ right
The User may exercise all the rights provided for by Articles 15-21 of EU Reg. n. 679/2016, at any time and without unjustified limitations, by contacting the Data Controller at firstname.lastname@example.org.Requests shall be filed free of charge and processed by the Controller within 30 days.
Specifically, the User can:
- Obtain from the controller confirmation as to whether or not personal data are being processed (Art.15);
- Obtain from the controller the rectification of inaccurate personal data (Art. 16);
- Obtain from the controller the erasure of personal data (Art. 17);
- Obtain from the controller restriction of processing (Art. 18);
- Have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);
- Have the right to object (Art. 21);
In any case, Users are always entitled to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), under Art. 77 of the Regulation, if they believe that the Data Controller’s processing of their Personal Data is in violation of the applicable law