Menu
close
Home // Credits // Privacy newsletter

Privacy newsletter

Statement on the Processing of Personal Data
(Art. 13 EU Regulation 2016/679)

The automated Terme Preistoriche Resort & Spa e-mail newsletter is sent free of charge after completion of the electronic request form on this page.
The Personal Data provided is processed on computer-aided software and other digital media, exclusively for the purpose of providing the requested service. Thus, Personal Data is stored only as long as said service is active.

1.- Data Controller and Data Protection Officer (DPO). 
The Data Controller is Terme Preistoriche Resort & Spa, represented by its legal representative pro tempore, with registered office in Montegrotto Terme (PD), Via Castello no. 5, tel. 049 793477, e-mail amministrazione@termepreistoriche.it.
The Data Controller has nominated a Data Protection Officer (DPO), whom you can contact by writing to privacy@studiolegalepozzato.com for any information regarding the processing of Personal Data by Terme Preistoriche Resort & Spa, including its list of Data Processors. 

2.- Types of Personal Data subject to processing.

BASIC PERSONAL DATA OF THE USER Name and surname, e-mail address, IP address.

The Data Controller will process Personal Data in compliance with applicable legislation, assuming that this Personal Data concerns you or third parties who have expressly authorised you to transmit their Personal Data with an appropriate legal basis which permits it to be processed. Should you transmit Personal Data of third parties, you act as independent Data Controller, thereby assuming all the obligations and liabilities set by law. In this sense, you release Terme Preistoriche Resort & Spa from any and all responsibilities and obligations with respect to any dispute, claim, compensation for damages arising from the Data Processing, etc. that may be received from third parties whose Personal Data has been processed through your use of the Website in violation of applicable data protection legislation.

3.- Purposes and legality of data processing.
Personal Data shall be processed for the following purposes: 

Purpose of data processing Legality Mandatory or voluntary nature of data provision Consequences of refusing to provide data
To send the newsletter containing information on activities, services and promotions of Terme Preistoriche Resort & Spa. Conclusion of a contract (Art. 6 (1)(b)). Voluntary. The newsletter will not be sent.
Verify, exercise or defend a right, including that of a third party, in court or when the judicial authorities carry out their legal functions. - Legitimate Data Processing in accordance with current legislation. Voluntary. The newsletter will not be sent.

4. Automated decision-making processes and personal profiling.
No automated decision-making processes are used when processing Personal Data for the purposes contained in this Statement.

5. Disclosure of Personal Data.
Your Personal Data may come to the attention of:
a. companies expressly appointed as Data Processors (e.g. for technical maintenance of the website, to create marketing campaigns, etc.)
b. persons authorised by the Data Controller who are bound to confidentiality or who have a legal obligation to maintain confidentiality (e.g. employees and partners of the Data Controller)
c. Judicial authorities in carrying out their legal functions when required by the applicable legislation
Your Personal Data is not subject to disclosure.

6. Transfer of Personal Data to third countries
Personal Data is stored on servers, located in the EU, of the Data Controller and/or third-party contractors appointed as external Data Processors. However, it should be noted that the Data Controller will, where deemed necessary, also be able to transfer servers outside the EU. In such cases, the Data Controller will guarantee that the transfer of Personal Data outside the EU will be carried out in compliance with the applicable legislation, where necessary concluding agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses of the European Commission. For further information, please contact the Data Controller or the DPO using the contact details provided in sec. 1 of this Statement. 

7. Periods of retention of Personal Data.
The contact details provided for the purpose of sending the newsletter will be processed for this purpose until the user decides to unsubscribe from the service using the appropriate link provided at the end of each e-mail sent..
In case of technical issues, you can send an e-mail to the Data Controller or DPO using the addresses provided in sec. 1 of this Statement.

8. Rights of the Data Subject.
As Data Subject, you have the following rights regarding the processing of your Personal Data:
- To access your Personal Data (Art. 15 GDPR)
- To obtain the rectification of inaccurate Personal Data and/or have incomplete Personal Data completed (Art. 16 GDPR)
- To obtain the erasure of your Personal Data (Art. 17 GDPR)
- To obtain restriction of processing (Art. 18 GDPR)
- To object, in whole or in part, for legitimate reasons, to the processing of your Personal Data, even if pertinent to the purpose of collection, and to oppose Data Processing carried out for the purpose of directly sending advertising or sales materials or carrying out market research or commercial communications (Art. 21 GDPR)
- To data portability, i.e. to receive Personal Data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format (Art. 20 GDPR)
In certain cases, your rights may be restricted in accordance with Art. 23 GDPR.
Requests must be submitted to the Data Controller or the DPO at the e-mail addresses provided in sec. 1 of this Statement.

9.- Complaints.
Should you believe that your Personal Data is being processed in a manner which does not comply with legislation, you have the right to lodge a complaint with the supervisory authority of the European Union member state in which you are usually resident or work, or of the location where the alleged violation took place. 
In Italy, the supervisory authority is the “Garante per la protezione dei dati personali” (Guarantor for the Protection of Personal Data; https://www.garanteprivacy.it/web/garante-privacy-en/home_en), with registered office in Rome,  Piazza Venezia no. 11, switchboard: (+39) 06.696771, e-mail: garante@gpdp.it.

 

Last updated March 2021