Privacy
PERSONAL DATA PROCESSING POLICY
Pursuant to EU Regulation 2016/679 (GDPR)
Terme Preistoriche Srl, the Data Processor, hereby informs you that the processing of your data will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality. Your personal data will be processed in accordance with applicable regulations and the confidentiality obligations therein.
TABLE OF CONTENTS
1. The Data Controller. The Data Protection Officer (DPO).
2. Type of data processed.
3. Purposes and legal basis of processing.
4. Automated decision making, profiling.
5. Disclosure, dissemination of data.
6. Transfer of data outside the European Economic Area (EEA).
7. Data retention periods.
8. The Data Subject's rights.
9. Claims.
1. The Data Controller. The Data Protection Officer (DPO).
The data controller is the company Terme Preistoriche Srl, in the person of the legal representative pro tempore, with registered office in Montegrotto Terme (PD), Via Castello, 5, tel. 049 793477, e-mail address amministrazione@no-spam.termepreistoriche.no-spam.it.
The Data Controller has appointed a Data Protection Officer (“DPO”) who can be contacted at: privacy@no-spam.studiolegalepozzato.no-spam.com for any information pertaining to the processing of personal data carried out by Terme Preistoriche Resort & Spa.
2. Type of data processed.
BROWSING DATA | For example IP addresses, domain names, of computers used to connect to the website, URI type (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.). |
COMMON USER PERSONAL DATA | Personal and contact information: first and last name, e-mail address, date of arrival and departure, age, mailing address, country of residence, telephone number, date of arrival and departure, services requested. Gift voucher recipient data. |
DATA COLLECTED THROUGH COOKIES | For more information on the use of cookies and related technologies see the “cookie setting” section. |
The data is processed both manually and electronically, only to the extent necessary to meet legal obligations and provide the requested services. We will adopt all necessary measures to ensure its confidentiality. Terme Preistoriche Resort & Spa will handle this data in compliance with applicable regulations, under the assumption that it pertains to you or third parties who have explicitly authorised you to disclose the data based on a valid legal basis that legitimises the processing of the data.
Regarding scenarios where data is provided by third parties, you act as an independent data controller and assume all legal obligations and responsibilities. Accordingly, you agree to fully indemnify Terme Preistoriche Resort & Spa against any disputes, claims, or requests for damages related to processing that may arise from third parties whose personal data have been processed through your use of the website, should this be in violation of applicable regulations.
3. Purposes and legal basis of processing.
The data is processed for the following purposes:
Processing purpose | Legal basis | Type of data | Consequences of refusal to provide and/or process data |
Response to an information or reservation request sent by filling out the required data collection forms. | - Execution of a contract with the data subject or pre-contractual measures for this purpose.
| Common personal data: - mandatory: full name, e-mail address, date of arrival and departure; - optional: age, mailing address, country of residence, phone number), date of arrival and departure, services requested, beneficiary data ( if purchasing a gift voucher). | Being unable to fulfil the request. |
Browsing data. | - Legitimate interest of the Data Controller in monitoring the proper functioning of its website. | Common personal data. | Being unable to browse the website. |
Sending, via e-mail, commercial communications about services, promotions/offers, etc., including the sending of newsletters | - Consent of the data subject; if the data subject has already purchased services from Terme Preistoriche Resort & Spa, the processing occurs pursuant to Article 130 paragraph 4 of Legislative Decree 196/03 (so-called soft spam) and does not require the consent of the data subject. | Common personal data: first name, last name, e-mail address. You will still be able to browse the website and use its services. |
|
Ascertain, exercise or defend a right, including that of a third party, in court, or when judicial authorities perform their jurisdictional functions. | - Legitimate processing of data in accordance with current regulations. | Common personal data. | Being unable to provide the requested service. |
With regard to processing based on your consent, we inform you that consent is revocable at any time; revocation of consent does not affect the lawfulness of the processing carried out up to the time of revocation. With regard to processing for marketing purposes not based on consent (pursuant to Article 130 paragraph 4 of Legislative Decree 196/03 as amended (so-called soft-spam), the data subject may at any time request the cessation of the sending of commercial communications by contacting the Data Controller.
4. Automated decision making, profiling.
No automated decision-making processes are applied in the processing of personal data carried out for the purposes set out in this policy.
5. Recipients of personal data.
Your data will be processed by the Data Controller and its employees and/or collaborators, specially authorised to do so and bound to confidentiality. Your data may be communicated to and/or come to the attention of the following parties:
- individuals or entities involved in providing the services offered by the website including, by way of example, analysing the operation of the website and receiving and managing bookings made through the website, acting as data controllers;
- professionals and Business Administration and Management Service Companies acting on behalf of our company, and by the Data Controller's external third-party consultants who typically act as data controllers for the Data Controller;
- Judicial authorities when exercising their functions when requested by applicable regulations. The data is not subject to dissemination.
6. Transfer of data to third countries.
Personal data processed for the purposes outlined in this privacy policy may be transferred outside the European Economic Area. In this case, the transfer is alternatively based on an adequacy decision or the Standard Model Clauses approved by the European Commission.
7. Data retention periods.
The personal data collected when browsing the website www.termepreistoriche.it will be kept for the time strictly necessary for the pursuit of the purposes indicated above. Contact data provided for the sending of newsletters and commercial communications will be processed for these purposes until the user decides to unsubscribe from the service using the appropriate link at the bottom of each e-mail sent or by writing to the Data Controller.
With regard to the data collected through cookies, please refer to the appropriate "cookies settings" section accessible through the link at the bottom of each page of the website. For more information, we invite you to write to the Data Controller or the DPO using the contact details given in section 1.
8. The Data Subject's rights.
In your capacity as a data subject with regard to the processing of your personal data, you have the right to:
- right of access to the personal data (Article 15 GDPR);
- right to rectification of inaccurate personal data, supplementation of incomplete personal data (Article 16 GDPR);
- right to erasure of data (Article 17 GDPR);
- right to erasure of data (Article 18 GDPR);
- right to object, in whole or in part, for legitimate reasons, to the processing of the personal data, even if pertinent to the purpose of collection, and to object to processing carried out for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication (Article 21 GDPR);
- right to data portability, i.e. to receive in a structured, commonly used and machine-readable format the personal data provided to the Data Controller (Article 20 GDPR).
Requests should be addressed to the Data Controller or DPO by e-mail to the addresses indicated in point 1 of this policy. In some cases, the exercise of rights may be restricted in accordance with Article 23 GDPR.
9. Claims.
If you believe that your personal data has been processed in a way that does not comply with the regulations, you have the right to lodge a complaint with the Supervisory Authority of the EU member state where you normally reside or work or of the place where the alleged violation occurred. In Italy the supervisory authority is the Data Protection Authority (Garante per la protezione dei dati personali) (www.garanteprivacy.it) with registered office in Rome, Piazza Venezia, 11, Switchboard (+39) 06.696771, e-mail: garante@no-spam.gpdp.no-spam.it.
Last update: February 2024