This page provides users with information on how this website is managed with regards to the processing of personal data of users who visit it and use its services.
The Data Controller is OSPITALITÀ NATURA s.r.l., with registered office in Via Palù 23 – 31010 San Vendemiano (TV).
The Data Controller can be contacted via e-mail at email@example.com.
Types of data processed, purpose and legal basis for the processing
Below is a list of the data collected and processed through this website.
The computer systems and software procedures used to operate this Website acquire, during their normal operation, personal data whose transmission is implicit in the use of Internet communication protocols. This data is not collected in an identifiable manner but due to its nature, it could allow to identify users through the processing and grouping of data held by third parties. This type of data includes IP addresses or computer domain names of users who access the website, URIs of requested resources, the time of request, the method used to submit the request to the server, the size of the file received as a response, the number indicating the response status code issued by the server (successful, error, etc.) and other parameters regarding the User’s operating system and computer environment. This data is collected for the purposes of acquiring anonymous statistical information on how users use the website and monitoring its correct operation and is erased after its processing. The data may be used to ascertain liabilities in case of hypothetical computer crimes committed against the Website.
Personal data freely provided by the user
The personal data provided by the user who submits a request or chooses to use any services or products offered through this website as well as receive further specific content, is used for the purposes of responding to requests, providing the service requested (“Service Provision”) or fulfilling legal obligations, and it may be communicated to third parties if necessary for these purposes.
The legal basis of the aforementioned processing is the need to fulfil the User’s request or perform activities on the basis of agreements with the User (Article 6(1)(b) of the GDPR, performance of a contract).
With the specific consent of the user, the data may be used for marketing purposes to send commercial communications relating to additional services offered by the Data Controller (“Marketing”).
The legal basis of the aforementioned processing is the specific consent expressed by the user (Article 6(1)(b) of the GDPR, consent of the data subject for one or more specific purposes).
Voluntary transmission of personal data
In addition to what concerns browsing data, personal data can be voluntarily transmitted by the User to request the services provided by the website. The non-communication of this data may impede the fulfilment of the User’s request.
Where and how we process your data
The processing of personal data relating to the provision of web services is carried out by technical personnel of the office in charge of the processing and/or by technical personnel of the provider of IT services needed for its operation, or by any person responsible for occasional maintenance operations.
The data is stored on cloud storage according to the terms of the contracted supplier which provides the service.
Personal data is also processed by automated means for the time strictly necessary to fulfil the purposes for which it was collected. Appropriate security measures are taken to prevent data loss, illicit or improper use and unauthorised access.
Except when required by law, personal data shall not be communicated nor disclosed to third parties.
Transfer of personal data to non-EU countries
The User’s personal data may also be processed by IT service providers operating outside the European Union as Data processors.
If deemed necessary, in compliance with current regulations regarding the transfer of data to a non-EU country, the Data Controller shall enter into a contract which guarantees an adequate level of protection and/or sign standard contractual clauses as set forth in the annex to the decision (2010/87/EU) of the European Commission of 5 February 2010.
Data retention period
Your personal data needed for the provision of our services is retained only for the time strictly necessary for fulfilling the purposes indicated in this policy and is erased at the end of this period, unless the data must be kept to comply with legal obligations or to enforce a right in court.
For the purposes of sending commercial communications, the data will be processed in general until the User revokes consent, and in any case stored – taking into account the particular seasonal nature of the business of the Data Controller – for a maximum period of 60 months, after which the data shall be erased or anonymised, unless needed to comply with current regulations.
Except in the cases listed above, the user’s browsing data is kept for the time strictly necessary for the processing within the limits established by law.
Protection of minors
Although this website is aimed at a generic range of users, its services are only intended for persons aged 18 or over. The Data Controller does not request, collect or use nor it deliberately discloses personal data transmitted by persons under the age of 18, unless required by law. Any user who is not of the required age is not allowed to request the online services of the Company nor make online reservations and, instead, shall contact an adult (e.g., their parents or guardian) to carry out the necessary procedures.
Rights of the data subject
Pursuant to Article 15 et seq of the GDPR, the data subject, by sending an email to firstname.lastname@example.org or by writing at OSPITALITÀ NATURA s.r.l. – Via Palù 23 – 31010 San Vendemiano (TV), shall have the right to:
– be informed about the collection of their personal data, know the purposes of the processing or its dissemination, and access the content;
– request the updating, rectification and integration of personal data;
– request the erasure or anonymization of personal data, the blocking of data processed in violation of the law or the limitation of its processing;
– object to the processing of personal data on legitimate grounds, including profiling;
– object to the processing of personal data if processed for the purposes of carrying out market research, sending advertisements, direct sales material or commercial communications.
– withdraw consent, when given, without prejudice to the lawfulness of processing based on consent given before its withdrawal;
– obtain a copy of the data provided and request that such data be transmitted to another data controller.
In case of suspected infringement of any rights, the data subject can lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, without prejudice to any other judicial remedy (Article 79 of the GDPR)