Who is the Data Controller?
The data controller regarding all personal data processing operations carried out through the Website is RESORT HOTELS (“data controller”), with registered offices at Casanova Pansarine 53041 Asciano (SI).
For any information regarding the processing of Personal Data processors, please contact: firstname.lastname@example.org
What are the personal data processed?
The data controller regarding all personal data processing operations carried out through the Website may collect and process information related to you as an individual and which allows you to be identified (either directly, or together with additional information), or which is related to other individuals (“Personal Data”).
Personal Data which may be processed through the Website are as follows:
- Browsing Data: This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
- Common data: data such as name, contact details, addresses;
- Special data: in the reservation, in the specific section of the site, there could be a conferment of its Personal Data falling within the category of the Special Data categories referred to in art. 9 of the GDPR: “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”;
What is the purpose and legal basis of the processing?
Data controller intends to use your Personal Data, collected through the Website, for the following purposes:
• To provide Services you request. Processing for these purposes is necessary to provide the Services and, therefore, the applicable legal basis is the necessity of the processing for the performance of a contract with you, as well as to take steps at your request prior to entering into a contract with you – Art. 6.1b) of the Regulation;
• To send you promotional and marketing communications, which includes sending you newsletters and market research, through automated tools - purposes of marketing, is based on the issuance of your consent pursuant to art. 6.1.a).
The provision of your personal data for the aforementioned purposes is optional but failure to provide such data would make it impossible to display the services indicated by the Site or the impossibility of receiving promotional communications.
Which is the personal data’s retention?
Personal data will be kept for the time strictly necessary to achieve those same purpose, respecting the minimization principle referred to article 5.1.c) of the GDPR. More information is available to the data controller.
Who are the personal data’s recipients?
Your personal data may be shared with:
• subjects that typically act as data processing supervisors pursuant to art. 28 of the Regulation;
• subjects that typically act as data processing supervisors pursuant to art. 29 of the Regulation;
• persons, entities or authorities who require the communication of your personal information as mandated.
A complete list of data processing supervisors is available by sending a written request to the Data Controller at the addresses indicated
Are my personal data transferred?
Some of your personal data could be shared with Recipients that may be situated outside the European Economic Area. The Data Controller ensures that these Recipients process your personal data in compliance with articles 43 and 44 of the Code, as well as articles 44 - 49 of the Regulation. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission.
More information is available by sending a written request to the Data Controller at the addresses indicated.
Which are data subject's rights?
Pursuant to art. 7 of the Code, at any time, the data subject have the right to obtain confirmation of the existence or otherwise of your personal data and to know its content and origin, verify its accuracy or request its integration, updating, or rectification; the data subject have the right to request the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, and to oppose, in any event, and for legitimate reasons, its processing. the data subject have also have the right to request access to your data, to oppose its processing, to request the limitation of its processing in the cases provided for by art. 18 of the Regulation, where technically possible, as well as obtaining the data concerning yourself in a structured common-use format that is readable via an automatic device, in the cases provided for by art. 20 of the Regulation.
Requests should be sent in writing to the Data Controller at the addresses indicated.
In any case, the data subject is always entitled to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), pursuant to art. 77 of the Regulation, if consider the processing of data to be in violation of the law in force.