Statement on the Processing of Personal Data
(Art. 13 EU Regulation 2016/679)
Terme Preistoriche Resort & Spa, as Data Controller of your Personal Data in accordance with Italian State Legislative Decree 196/2003 and subsequent amendments – “Personal Data Protection Code”, and EU Regulation 679/2016 (GDPR), recognises the importance of Personal Data protection and considers this one of its main operational objectives.
Terme Preistoriche Resort & Spa will process your Personal Data based on principles of lawfulness, fairness, transparency, limitation of purpose and retention, data minimisation, accuracy, integrity and confidentiality. Your Personal Data will therefore be processed in accordance with the provisions of the applicable legislation and the confidentiality obligations contained therein.
This Privacy Statement is limited to the www.termepreistoriche.it website and does not extend to any other websites that may be accessed via external links.
TABLE OF CONTENTS
1. Data Controller and Data Protection Officer (DPO)
2. Types of Personal Data subject to processing
3. Purposes and legality of data processing
4. Automated decision-making processes and profiling
5. Disclosure of Personal Data
6. Transfer of Personal Data to third countries
7. Periods of retention of Personal Data
8. Rights of the Data Subject
1.- Data Controller and Data Protection Officer (DPO). The Data Controller is Terme Preistoriche Resort & Spa, represented by its legal representative pro tempore, with registered office in Montegrotto Terme (PD), Via Castello no. 5, tel. 049 793477, e-mail firstname.lastname@example.org.
The Data Controller has nominated a Data Protection Officer (DPO), whom you can contact by writing to email@example.com for any information regarding the processing of Personal Data by Terme Preistoriche Resort & Spa, including its list of Data Processors.
2.- Types of Personal Data subject to processing.
|BROWSING DATA||E.g. IP addresses, domain names, computers used by users to connect to the site, URIs (Uniform Resource Identifiers), requested resources, time of request, method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.)|
|BASIC PERSONAL DATA OF THE USER||Personal information and contact details (e.g. name and surname, e-mail address, telephone number).|
Your Personal Data will be processed in hard copy or digitally, solely for the purposes strictly necessary for fulfilling legal obligations and for providing requested services. Appropriate measures will always be applied to safeguard privacy of Personal Data.
Terme Preistoriche Resort & Spa will process Personal Data in compliance with applicable legislation, assuming that this Personal Data concerns you or third parties who have expressly authorised you to transmit their Personal Data with an appropriate legal basis which permits it to be processed. Should you transmit Personal Data of third parties, you act as independent Data Controller, thereby assuming all the obligations and liabilities set by law. In this sense, you release Terme Preistoriche Resort & Spa from any and all responsibilities and obligations with respect to any dispute, claim, compensation for damages arising from the Data Processing, etc. that may be received from third parties whose Personal Data has been processed through your use of the Website in violation of applicable data protection legislation.
3.- Purposes and legality of data processing. Personal Data shall be processed for the following purposes:
|Purpose of data processing||Legality||Type of data||Consequences of refusing to provide data and/or the processing of such data|
|Response to an enquiry sent by filling out the form in the “Enquiry” section.||- Conclusion of a contract with the Data Subject or of precontractual measures intended for this purpose.||Basic personal data (personal information and contact details).||Not possible to respond to the request.|
|Browsing data||- Legitimate interest of the Data Controller to monitor the proper functioning of their website.||Basic personal data||Website browsing not possible.|
|Verify, exercise or defend a right, including that of a third party, in court or when the judicial authorities carry out their legal functions.||- Legitimate Data Processing in accordance with current legislation.||Basic personal data.||Not possible to provide the requested services.|
4.- Automated decision-making processes and personal profiling. No automated decision-making processes are used when processing Personal Data for the purposes contained in this Statement.
5.- Disclosure of Personal Data. Your Personal Data shall be processed by the Data Controller and its authorised employees and/or partners who are bound to confidentiality.
Your Personal Data may be communicated to and/or come to the attention of: *
- Parties whose action is required for the provision of services offered by the website, such as for analysing the functioning of the site, who act in the capacity of Data Processor for Terme Preistoriche Resort & Spa
- Business administration and management professionals and companies acting on behalf of our company, and external service providers of the Data Controller acting in the capacity of Data Processor for the Data Controller
- Judicial authorities in carrying out their legal functions when required by the applicable legislation.
Your Personal Data is not subject to disclosure.
6.- Transfer of Personal Data to third countries. Personal Data is stored on servers, located in the EU, of the Data Controller and/or third-party contractors appointed as external Data Processors. However, it should be noted that the Data Controller will, where deemed necessary, also be able to transfer servers outside the EU. In such cases, the Data Controller will guarantee that the transfer of Personal Data outside the EU will be carried out in compliance with the applicable legislation, where necessary concluding agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses of the European Commission. For further information, please contact the Data Controller or the DPO using the contact details provided in sec. 1 of this Statement.
7.- Periods of retention of Personal Data. Personal Data collected while you browse the www.termepreistoriche.it website will be kept only for as long as strictly necessary to achieve the purposes indicated above.
For further information, please write to the Data Controller or DPO via the contact details provided above.
8.- Rights of the Data Subject. As Data Subject, you have the following rights regarding the processing of your Personal Data:
- To access your Personal Data (Art. 15 GDPR)
- To obtain the rectification of inaccurate Personal Data and/or have incomplete Personal Data completed (Art. 16 GDPR)
- To obtain the erasure of your Personal Data (Art. 17 GDPR)
- To obtain restriction of processing (Art. 18 GDPR)
- To object, in whole or in part, for legitimate reasons, to the processing of your Personal Data, even if pertinent to the purpose of collection, and to oppose Data Processing carried out for the purpose of directly sending advertising or sales materials or carrying out market research or commercial communications (Art. 21 GDPR)
- To data portability, i.e. to receive Personal Data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format (Art. 20 GDPR)
Requests must be submitted to the Data Controller or the DPO at the e-mail addresses provided in sec. 1 of this Statement.
In certain cases, your rights may be restricted in accordance with Art. 23 GDPR.
9.- Complaints. Should you believe that your Personal Data is being processed in a manner which does not comply with legislation, you have the right to lodge a complaint with the supervisory authority of the European Union member state in which you are usually resident or work, or of the location where the alleged violation took place.
In Italy, the supervisory authority is the “Garante per la protezione dei dati personali” (Guarantor for the Protection of Personal Data; https://www.garanteprivacy.it/web/garante-privacy-en/home_en), with registered office in Rome, Piazza Venezia no. 11, switchboard: (+39) 06.696771, e-mail: firstname.lastname@example.org.
Last updated: March 2021