In accordance with article 13 Guidelines 2016/679 (GDPR) pursuant to article 13 Legislative Decree n. 196/2003 (Code on personal data protection), the policy relates to all personal data processed according to the following procedure.
The data controller is
Hotel Ondina di Torelli G. & C snc
Viale Milazzo 122 - Cervia (RA)
Processed personal data are collected as directly provided by the users or automatically supplied.
a) Data directly provided by the users are all personal data entered to use the site or provided to the Data Controller in any modality.
b) Automatically collected data are browsing data. During their ordinary operation, specific computer systems and software procedures for the website acquire some personal data which transmission is implied in the use of Internet communication protocols. Such information is not collected to be connected to identified users, but, due to its very nature, could allow to identify the users by processing and association with data held by third parties or by the data controller. The category of acquired data includes IP addresses or domain names of computers used by the users who log in, addresses in URI notation, request time, method used to submit the request to the server, numerical code including the state of the request provided by the server (completed successfully, error, etc.) and other parameters related to the operating system and to the users' computer environment. The data are used only to gather statistical and anonymous information on the use of the site and to check its correct functioning. The data could be used to verify liability in case of cybercrime against the site or other users.
In particular, the following personal data are collected and processed:
- E-mail address
- Surname, name, telephone number
Automatically collected data are browsing data. Such data, though not gathered to be associated with identified users, could indirectly allow their identification, by processing and association with data gathered by the Collector. In particular:
- IP Address
- Surfing browser and device
Personal data provided shall be communicated to conveniently appointed recipients who will process the data as data supervisors and/or in charge of the processing, to comply with the agreements or connected purposes.
Legal ground and purposes of processing
The data are exclusively processed for the following purposes.
We use the data provided by the users:
- to reply to the users' specific requests
- only if the users specifically agree, to allow subscription to specific and further services such as transmission of future information and promotional material by e-mail or electronic devices.
The provision of the listed data within the "Collected Data" section for the above mentioned purposes is mandatory to allow the users to access the service. For such reason, consent is mandatory and rejection of processing, that is to say, missed, inaccurate or partial provision of data could prevent accurate provision of the service.
The provision of data for newsletters aiming at promotional, information or research purposes is non-obligatory and rejection of consent to the Processing will not allow the users to be updated about business initiatives and/or promotional campaigns, to receive offers or other promotional material and/or to be sent customised offers.
We restate that the data controller does not provide any information on the users to third parties without the users' consent, except as provided by the Law.
The data will not be spread and transferred outside the EU.
Withdrawal of consent
The users can withdraw their consent for receiving promotional and business material immediately, by sending request to the data controller's e-mail address or clicking on the unsubscription link to be found on the footer area of each promotional and business e-mail received.
Data are processed by automated devices no longer than strictly necessary for the purposes they have been collected, providing annual verification of the stored data to erase outdated ones, unless the Law provides to store information.
Generally, data processing takes place at the company headquarter, by the staff or by outside contractors, appointed in charge. The full list of the data supervisors and of those in charge of personal data processing can be required by sending specific request to the data controller's e-mail address.
Specific safety measures are followed to prevent data loss, offensive and incorrect uses, and unauthorised accesses.
IIn particular, the users have the right to receive by the data controller information about:
- the source of their personal data;
- the processing purposes and methods;
- the logic applied in case of processing carried out by electronic/computer devices;
- the identification details of the data controller, the supervisors and the appointed representative;
- the subjects and categories of subjects their data can be delivered to or those who can acknowledge them, as appointed representative in the Country, supervisors or in charge of the processing.
Moreover, the users have the right to receive by the data controller:
- updating, rectification or integration of their own data;
- erasure, transformation into anonymous form or block of data processed in breach of the Law;
- access to their own data, that is to say, confirmation whether their personal data processing is currently underway or not;
- processing restriction,
- data portability, that is to say, the right to receive their personal data in a structured format;
- the right to complain to the supervisory Authority.
Finally the users, in whole or in part and for legitimate reasons, have the right to take position against their personal data processing, though aimed at collecting purposes. In particular, the users have the right to take position against their personal data processing for advertising business material or direct sale, for market research or business communication. The requests for the above mentioned points must be sent to the data controller's e-mail address.
Session cookies are essential to distinguish among logged in users and are useful to avoid requested functionality to be provided to the wrong user, but also for safety purposes to prevent cyber attacks. Session cookies do not contain personal data and last for the ongoing session only, that is to say up to browser closing. No consent is required.
Functionality cookies used by the site are strictly necessary for the site use, in particular they are connected to a user's expressed request of functionality (like login). No consent is required.
The Site uses both first and third party cookies. First-party cookies are used to browse the Site and to allow access to protected areas. These cookies last for the user session and are deleted once the users close the browser. First-party cookies are essential and cannot be disabled, as they would prevent the correct use of the Site itself.
Third-party cookies can have several purposes: statistical analysis, social interactions, visualisation of videos, memorising interests to provide aimed advertising services. These cookies are not monitored directly by the Controller and to disable them one needs to follow each provider procedures.
Generally, all cookies can be completely disabled in all users' browsers any time, following point A.4 procedures.
A.2 FIRST-PARTY COOKIES
If you have an account and access this website, a temporary cookie will be set up to check whether the browser accepts the cookies. The cookie does not contain personal data and is deleted when the browser is closed.
When you access the site, several cookies will be set up to save access information and options. Access cookies stay two days only. If you log out, access cookies will be removed.
A.3 THIRD-PARTY COOKIES
The following third-party cookies could be enabled on the website.
– Google Analytics (anonymised)
As for a specific agreement with Google, which is responsible for processing data, the same commits to process data according to the Data Controller's requests (see below), issued by the software setting. According to such setting, advertising and sharing data options are disabled.
Further information on Google Analytics cookies may be found at Google Analytics Cookie Usage on Websites.
The users can selectively disable Google Analytics data collection, installing the specific component provided by Google on their browsers (opt out).
– Conversion Tracking
– Google Fonts
– Embed contents
For further information on Google data usage and processing please see the specific Google page and the page on how Google uses information from sites or apps that use their services. Google Policies privacy.
Content incorporated by other websites
A.4 HOW TO DISABLE COOKIES IN YOUR BROWSER
Instructions on how to disable cookies can be found in the following pages :
Updating and amendments
The data controller reserves the right to regularly change, integrate or update the Policy according to the applicable legislation and provisions adopted by the Data Protection Authority.