Privacy Statement EU Regulation 2016/679 and Legislative Decree 196/2003 for the website lacasotavegan.it
Mrs. Tiziana Alberti, with registered office in Via di Coize, 10 – 38069 Torbole sul Garda, TN – Italy, as Data Controller (hereafter “Owner”), informs, pursuant to art. 13 D. Lgs. 196/2003 (hereinafter, “Privacy Code”) and art. 13 EU Regulation 2016/679 (hereinafter, “GDPR”), which will process user data (hereinafter “User” and / or “Users”) collected through the website (hereinafter, also “Site”) with the methods and for the following purposes.
1. Type of data processed through the Site
The Data Controller processes the following types of personal data (hereinafter “data”) provided by the Users of the Site when they are consulted and browsed and in particular:
1. Data obtained while browsing a User on the Site
The computer systems, cookie technology and software procedures used to operate the Website acquire, during their normal operation, some data whose transmission is implicit in the use of the Internet. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified as navigators.
This category of data includes, for example, the IP addresses or the domain names of the computers used by the Users who connect to the Site, the pages visited by Users within it, the domain names and the addresses of the websites by the which the User has accessed (via referral) to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numeric code indicating the status of the response given by the web server, and other parameters relating to the type of browser (eg Internet Explorer, Chrome, Firefox …), operating system (eg Macintosh, Windows) and all User’s computer environment. This data is collected by first-party technical cookies and third-party analytical cookies. For more information on browsing data, Users are invited to consult the Website Cookie Information, to be able to disable them if necessary.
2. Personal data provided by Users
The Site is accessible to the User without needing to be identified for the purpose of consultation. However, the User has the option, if he wishes, to provide the holder with his own identification data including for example name and surname, e-mail, in order to receive information on the structure and commercial offers on the products / services present on the site and this either directly, or by filling in the contact form (absent at the time the site was created) or newsletter registration form (absent at the time the site was created).
2. Purpose of the processing
The data provided by the User will be processed without the prior consent of the User pursuant to art. 24 lett. b) Privacy Code and art. 6 lett. b) GDPR, for the following Service purposes:
- for the management and processing of statistical surveys on the use of the Site (absent at the time the site was created);
- to carry out the maintenance and technical assistance necessary to ensure the correct functioning of the Site and the services connected to it;
- to improve the quality and structure of the Site, as well as to create new services, features and / or characteristics of the same;
- to allow the User to find the information to increase his knowledge on the topics present on the site and on the products and services offered by it;
- to process any request for contact forwarded by the User by filling in the specific reservation form or by email;
- to allow the holder to exercise his rights in court and repress unlawful conduct;
- to fulfill legal or regulatory obligations.
Nature of the provision: mandatory
Consequences refusal to provide data: Failure to provide the data will prevent the Data Controller from performing the activity from the requested user.
Data protection measures:
The data held by the site owner (e-mails and names of any contacts) are accessible to the owner and the collaborators of the structure for the sole purpose of booking and customer service
The sole responsible for the personal data of customers and their management is the owner of the Site.
The data provided by the User will be processed, subject to the User’s consent pursuant to art. 23 Privacy Code and art. 6 lett. a) GDPR, for the following commercial purposes:
– to allow the sending of commercial communications to the User by electronic mail on products, initiatives and / or services offered through the website and / or newsletter (absent at the time the site was created) containing information on the services offered by the structure .
3. Nature of Data Provision
The provision of data by the User is obligatory for the purposes of Service referred to in point 1 of the previous paragraph and optional for the purposes of service referred to in point 2.
Any refusal to provide such data may make it impossible to provide the services.
4. Method, Place and Duration of Treatment
The processing of user data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and in particular: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, access, use, interconnection, blocking, communication, cancellation and destruction of data.
The Data Controller processes Users’ Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out using IT and / or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Owner, in some cases, external Data (such as third party technical service providers, hosting providers, IT companies, communication agencies) may also have access to the Data, also appointed, if necessary, Data Processors by the Owner. The updated list of Data Processors may always be requested from the Data Controller.
The Data is processed at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located. For more information, contact the owner. Duration of Treatment: for the only time strictly necessary to achieve the purposes for which they were collected and, in any case, no later than 5 years from their collection for the purposes of the Service referred to in point 1 paragraph II and no later than 2 years from they are collected for the Commercial purposes referred to in point 2 of paragraph II.
Details on the processing of personal data:
To be able to contact the User
Contact by phone
Users who have provided their telephone number may be contacted to provide more information on the requested service or, following consent, for commercial or promotional purposes related to this activity, as well as to satisfy support requests. Personal Data collected: telephone number.
For site statistics management – Cookies
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
To view content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this site and to interact with them. In the event that a service of this type is installed, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages in which it is installed. Google Maps widget (Google Inc.) (absent at
5. Access to data
The data may be made accessible only for the aforementioned purposes to the following subjects: Data controller (owner of the site) in his capacity as appointee / authorized and / or internal manager of the treatment and / or system administrator and any additional employees / authorized representatives specifically indicated by the Data Controller. Third party companies or other subjects that carry out outsourced activities on behalf of the owner, (eg e-mail service manager, web agency, advertising agency, webmaster) in their capacity as external data processors pursuant to Article 29 of the Code regarding protection of personal data.
6. Data communication
Without the express consent of the User (as per article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate the data of the User for the purposes of Service pursuant to art. II.1) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is obligatory by law for the accomplishment of the said purposes, as autonomous data controllers. Users’ data will not be disclosed.
7. Data transfer
The personal data provided by the User can be used only to allow the sending of communications related to the requested service, by e-mail or telephone for initiatives and / or services offered by the site and / or, in case of specific consent, newsletter containing in-depth information with respect to the main topics related to the services offered (absent at the time the site was created).
Outside of this case, the management and storage of data will take place on servers located within the European Union or U.S.A. The data acquired with the consent of the user based on point 2 on the Purpose of the Treatment, will not be object of transfer outside the European Union.
8. Third-party websites
It should be noted that if the Site contains links to websites of third parties, the Data Controller cannot exercise any control over the content of these websites or have any access to the personal data of the users visiting them . The owners of the aforementioned websites will therefore remain the sole and exclusive owners and managers of data processing personal data of its users, the Data Controller remaining unaffected by such activity and any liability, prejudice, cost, which may arise from its non-fulfillment or incorrect completion.
9. Users’ Rights
The User will have the right to exercise the rights referred to in art. 7 Privacy Code and art. 15 GDPR. In particular, the User has the right at any time to obtain from the Data Controller confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in intelligible form.
In relation to the treatments described in this Notice, the interested party may, under the conditions provided by the GDPR, exercise the rights sanctioned by articles 15 to 21 of the GDPR and, in particular, the following rights:
• right of access – article 15 GDPR: the right to obtain confirmation that a processing of personal data concerning him is being carried out and, in this case, to gain access to your personal data, including a copy of the same.
• right of rectification – article 16 GDPR: the right to obtain, without unjustified delay, the correction of inaccurate personal data concerning him and / or the integration of incomplete personal data;
• right to cancellation (right to oblivion) - article 17 GDPR: the right to obtain, without unjustified delay, the deletion of personal data concerning him.
• right to limitation of treatment – article 18 GDPR: right to obtain the limitation of the processing, when: 1. the interested party disputes the accuracy of the personal data, for the period necessary for the owner to verify the accuracy of such data; 2. the processing is unlawful and the data subject opposes the deletion of personal data and requests instead that its use be limited; 3. personal data
are necessary for the interested party to ascertain, exercise or defend a right in court; 4. the data subject has opposed the processing pursuant to art. 21 GDPR, in the period of waiting for the verification regarding the possible prevalence of legitimate reasons of the data controller with respect to those of the interested party.
• right to data portability – article 20 GDPR: the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the Owner and the right to transmit them to another holder without impediment , if the treatment is based on consent and is carried out by automated means.
• right to object – Article 21 GDPR: the right to object, at any time for reasons connected to his particular situation, to the processing of personal data concerning him based on the legitimacy of legitimate interest or the execution of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate reasons for
the Data Controller to continue the processing that prevails over the interests, rights and freedoms of the data subject or for the ascertainment, exercise or defense of a right in court. In addition, the right to object to processing at any time if personal data is processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing.
The above rights may be exercised, against the Owner, by contacting the references described above.
The exercise of rights as an interested party is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge a reasonable fee, in light of the administrative costs incurred to handle the request, or deny the satisfaction of his request.
• RIGHT OF WITHDRAWAL:
The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to revocation.
The interested party has the right to request cancellation from the site owner, who is the only person responsible for the personal data of his clients at any time, by sending an e-mail to the following address: firstname.lastname@example.org.
If the cancellation request is not sent, the management will be considered tacitly approved.
10. Procedures for exercising the rights
To exercise the rights referred to in the previous article, the User may, at any time, contact the owner of the site via Email email@example.com. The interested party has the right to lodge a complaint with the Data Protection Authority personal, Piazza di Montecitorio n. 121, 00186, Rome (RM).
11. Data Controller and Data Processor
The data controller is Mrs. Tiziana Alberti, with offices in Via di Coize, 10 – 38069 Torbole sul Garda, TN – Italy Email: firstname.lastname@example.org
12. Information Updates
We inform you that this information will be subject to periodic updates which will be highlighted on this page.
Date of last revision: 1st September 2019