Information on the processing of personal data ex art. 13-14 Reg.to EU 2016/679
Data Subjects: navigators Website.
Hotel Santa Gilla S.r.l. in the capacity of Data Controller of your personal data, pursuant to and in accordance with EU Reg. 2016/679 hereinafter ‘GDPR’,
hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
Your personal data will be processed in accordance with the legislative provisions of the above-mentioned legislation and the confidentiality obligations provided therein.
Purposes and legal basis for processing: in particular, your data will be processed for the following purposes related to the implementation of obligations related to legislative or contractual obligations:
- technical and Functional access to the Site no data is kept after the Browser is closed;
- Statistical purposes and Analysis of navigation and users.
Your data will also be used for the following purposes necessary to pursue the legitimate interest of the data controller:
- Some personal data are strictly necessary for the operation of the site such as the IP addresses or domain names of the computers used by the
users who connect, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method
used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given
response given by the server (successful, error, etc.), other parameters relating to the user’s operating system and computer environment, the pages that were visited or searched. Others are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct
operation, and are deleted immediately after processing. In the processing of personal data that can directly or indirectly, identify you personally, we respect the principle of strict necessity. For this reason, we have configured the site in such a way that the use of your personal data is kept to a minimum and in such a way that the processing of personal data which can identify you only in cases of necessity or at the request of the authorities and the police (such as, for example, for data relating to traffic and your stay on the Sites or your IP address) or to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site; - purposes of statistical research/analysis on aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the
functioning of the Site, measuring traffic and assessing usability and interest.
Method of processing. Your personal data may be processed in the following ways:
- by means of electronic computers using software systems managed by Third Parties;
- temporary processing in Anonymous Form.
All processing is carried out in compliance with the modalities set out in Articles 6, 32 of the GDPR and through the adoption of appropriate security measures.
Your data will be processed only by personnel expressly authorised by the Data Controller and, in particular, by the following categories of employees:
- duly appointed and instructed company staff and collaborators.
Communication: Your data may be communicated to external parties for proper management of the relationship and, in particular, to the following categories of Recipients including all the duly appointed Data Processors:
- Google Analytics: Advertising Target, Analytics/Measurement, Optimisation;
- to the subjects necessary for the provision of the services offered by the Site including, by way of example, the sending of e-mails and the analysis of the operation of the Site who typically act as Data Processors.
Dissemination: Your personal data will not be disseminated in any way. Your Personal Data may also be transferred, limited to the above purposes, to the following countries:
- some of your Personal Data are transferred to recipients that may be located outside the European Economic Area. We ensure that the electronic processing of your Personal Data by the Recipients takes place in accordance with Applicable law. Transfers are based either on an adequacy decision approved by the European Commission or on consent given;
- EU countries.
Retention Period. Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of the GDPR, the retention period for your personal data is:
- for a maximum duration of one year, except where necessary for the establishment of offences by the Judicial Authority and/or for the exercise of rights by the Data Controller in court.
Management of cookies: in the event that you have doubts or concerns regarding the use of cookies, you can always take action to prevent their
setting and reading cookies, for example by changing the privacy settings within your browser to block certain types of cookies.
As each browser – and often different versions of the same browser – also differ considerably from one another, if you prefer to act
If you prefer to do this yourself via your browser preferences, you can find detailed information on the necessary procedure in your browser’s help file. For an overview of how to take action for the most common browsers, please visit www.cookiepedia.co.uk.
Advertising companies also allow you to opt out of receiving targeted advertisements if you so wish. This does not prevent the setting of cookies, but
it does stop the use and collection of certain data by these companies.
For more information and opt-out options, please visit www.youronlinechoices.eu/.
Data Controller: The Data Controller, in accordance with the Law, is Hotel Santa Gilla S.r.l. (Via Ustica 13 , 09012 Capoterra (CA); VAT No.: 02426970923; contact details:: E-mail: info@hotelsantagilla.it; Telephone: 070 710832) in the person of its legal representative pro tempore.
You have the right to obtain from the owner the cancellation (right to be forgotten), limitation, updating, rectification, portability, opposition to the
processing of your personal data, as well as in general to exercise all the rights provided for in Articles 15, 16, 17, 18, 19, 20, 21, 22 of the
GDPR.
EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject
1. The data subject shall have the right to obtain confirmation of the existence or otherwise of personal data concerning him/her, even if not yet recorded, their
communication in intelligible form and the possibility of lodging a complaint with the Supervisory Authority.
2. The data subject shall have the right to be informed of
a. the origin of the personal data
b. the purposes and methods of processing
c. the logic applied in the event of processing carried out with the aid of electronic instruments
d. the identity of the data controller, data processors and the representative designated pursuant to Article 5(2)
e. the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. The interested party has the right to obtain
a. the updating, rectification or, where interested therein, integration of the data;
b. the deletion, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
d. portability of the data.
4. The data subject has the right to object, in whole or in part
a. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection
b. to the processing of personal data concerning him/her for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication.