TERME PREISTORICHE RESORT & SPA is the Data Controller of your Personal Data in accordance with applicable legislation. This Statement is intended to inform you that your Personal Data will be processed based on principles of lawfulness, fairness, transparency, limitation of purpose and retention, data minimisation, accuracy, integrity and confidentiality. Your Personal Data will be processed in accordance with the provisions of the applicable legislation and the confidentiality obligations contained therein.
1.- Data Controller and Data Protection Officer (DPO). The Data Controller is Terme Preistoriche Resort & Spa, represented by its legal representative pro tempore, with registered office in Montegrotto Terme (PD), Via Castello no. 5, tel. 049 793477, e-mail firstname.lastname@example.org.
The Data Controller has nominated a Data Protection Officer (DPO), whom you can contact by writing to email@example.com for any information regarding the processing of Personal Data by Terme Preistoriche Resort & Spa, including its list of Data Processors.
2.- Types of Personal Data subject to processing.
|BASIC PERSONAL DATA OF THE USER||E.g. name and surname, e-mail address, IP address.|
|DATA OF THIRD PARTIES||E.g. details of previous employers|
Your Personal Data will be processed in hard copy or digitally, solely for the purposes strictly necessary for fulfilling legal obligations and for providing the services you have requested.
If Personal Data of third parties is contained in the CV you send us, you guarantee that you are authorised to transmit their Personal Data with an appropriate legal basis which permits it to be processed. Should you transmit Personal Data of third parties, you act as independent Data Controller, thereby assuming all the obligations and liabilities set by law. In this sense, you release Terme Preistoriche Resort & Spa from any and all responsibilities and obligations with respect to any dispute, claim, compensation for damages arising from the Data Processing, etc. that may be received from third parties whose Personal Data has been processed through your use of the Website in violation of applicable data protection legislation.
3.- Purposes of data processing. Personal Data shall be processed for the following purposes:
|Purpose of data processing||Legality||Type of data||Mandatory or voluntary nature of data provision||Consequences of refusing to provide data|
|Employee selection.||- Conclusion of a contract with the Data Subject (pre-contractual phase).||Basic personal data.||Voluntary.||Not possible to proceed with assessing the applicant.|
|Verify, exercise or defend a right, including that of a third party, in court or when the judicial authorities carry out their legal functions.||- Legitimate Data Processing in accordance with current legislation (Art. 6 (2)(f)) EU Reg. 2016/679).||Basic personal data.||Voluntary.||Not possible to proceed with assessing the applicant.|
4.- Communication, disclosure of Personal Data. Some of your Personal Data may come to the attention of employees or partners of the Data Controller who are expressly authorised to process said Personal Data and who are bound to confidentiality, to the extent expressly required for them to carry out their work.
Your Personal Data may come to the attention of:
- an intermediary when preparing or drawing up an employment contract on behalf of the Data Controller
- IT service providers engaged in operations such as web-hosting, e-mailing, software upgrades and general website maintenance
- judicial authorities and/or police services where required to ascertain the existence of or prosecute criminal offences
Your Personal Data is not subject to disclosure.
5.- Transfer of Personal Data to third countries. Personal Data is stored on servers, located in the EU, of the Data Controller and/or third-party contractors appointed as external Data Processors. However, it should be noted that the Data Controller will, where deemed necessary, also be able to transfer servers outside the EU. In such cases, the Data Controller will guarantee that the transfer of Personal Data outside the EU will be carried out in compliance with the applicable legislation, where necessary concluding agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses of the European Commission. For further information, please contact the Data Controller or the DPO using the contact details provided in sec. 1 of this Statement.
6.- Periods of retention. Your Personal Data will be processed for the period strictly necessary to achieve the purposes set forth in the above table.
For further information regarding the retention period for Personal Data and the criteria used to determine this period, please contact the Data Controller or DPO in writing using the contact details provided in sec. 1 of this Statement.
7.- Automated decision-making processes. No automated decision-making processes are used when processing Personal Data for the purposes contained in this Statement.
8.- Rights of the Data Subject. As Data Subject, you have the following rights regarding the processing of your Personal Data:
- To access your Personal Data (Art. 15 GDPR)
- To obtain the rectification of inaccurate Personal Data and/or have incomplete Personal Data completed (Art. 16 GDPR)
- To obtain the erasure of your Personal Data (Art. 17 GDPR)
- To obtain restriction of processing (Art. 18 GDPR)
- To object, in whole or in part, for legitimate reasons, to the processing of your Personal Data, even if pertinent to the purpose of collection, and to oppose Data Processing carried out for the purpose of directly sending advertising or sales materials or carrying out market research or commercial communications (Art. 21 GDPR)
- To data portability, i.e. to receive Personal Data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format (Art. 20 GDPR)
In certain cases, your rights may be restricted in accordance with Art. 23 GDPR.
Requests must be submitted to the Data Controller or the DPO at the e-mail addresses provided in sec. 1 of this Statement.
9.- Complaints. Should you believe that your Personal Data is being processed in a manner which does not comply with legislation, you have the right to lodge a complaint with the supervisory authority of the European Union member state in which you are usually resident or work, or of the location where the alleged violation took place.
In Italy, the supervisory authority is the “Garante per la protezione dei dati personali” (Guarantor for the Protection of Personal Data; https://www.garanteprivacy.it/web/garante-privacy-en/home_en), with registered office in Rome, Piazza Venezia no. 11, switchboard: (+39) 06.696771, e-mail: firstname.lastname@example.org.
Last updated March 2021