Privacy policy

Personal Data Policy – Statement pursuant to and in accordance with the provisions of Art. 13, Legislative Decree No. 196 of 30 June 2003 

Pursuant to Legislative Decree No. 196 of 30 June 2003 (Data Protection Act) and following amendments, we are providing all the relevant information concerning the processing of the personally identifiable information submitted by you. This policy shall not apply to other websites linked to the sites with the Controller’s domain name, who shall not be responsible for the content of third party websites. This policy further complies with the provisions of Art. 13 of Leg. Dec No. 196/2003 – Code for Personal Data Protection  and draws on Recommendation No. 2/2001 that the EU Data Protection Authorities – gathered in the Working Party set up under Art. 29 of Directive 95/46/EC – implemented on 17 May 2001 to identify a set of guidelines for the on-line collection of personal data and, in particular, the procedures to follow, time frame requirements and the nature of the information that Data Controllers have to provide users when they visit web pages, regardless of the purpose of their visit, as well as on Directive 2002/58/EC, subsequently updated by Directive 2009/136/EC regulating the use of Cookies, and on the Decision of the Italian Data Protection Authority aimed to Identifying simplified procedures for the Personal Data Policy and the approval for use of Cookies of 8 May 2014.

1. Pursuant to the provisions of Art. 28 of the Code on Personal Data Protection, the “DATA CONTROLLER” is identified as DESA SAS DI CARAMIA ALESSANDRA & C. in the person of its legal representative pro tempore, having its registered office in Loc. Campetto 1, 11021 Breuil – Cervinia (AO).

Pursuant to the provisions of Art. 29 of the Code on Personal Data Protection, the DATA PROCESSOR, responsible for the internal processing of personal data, is identified as Alessandra Caramia.

2. TYPES OF DATA COLLECTED AND PROCESSED

Personal and Identification Data
Personal Data is data relating to a natural person, who is – or can be – identified, also indirectly, by reference to any other information, including a personal identification number. Identification Data is personal data allowing for the identification of the party involved (i.e., name, surname, date of birth, postal address, e-mail address, telephone number, etc.).

Browsing Data
During their normal operation, the IT systems and software procedures needed for the running of this website gather personal data. The use of Internet communications protocols implicitly involves the transmission of such information, which is not gathered to be associated with any identified subjects, rather it is information which by its very nature may, through processing and associations with third party data, enable users to be identified.
This data category includes IP addresses or domain names of the computers used by visitors of the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time when the request was made, the procedure they followed when submitting the request to the web server, the size of the file they receive, the numerical code indicating the status of the message sent by the server (successful, error, etc.) and other parameters concerning the user’s server and IT equipment.

Difesa in giudizio
Users’ Personal Data can be used by the Data Controller for defense purposes during a trial, or in the stages leading to it, from any abuse concerning it or any related services by the User. The data may be used to ascertain responsibility in the event of possible computer crimes against the website.

Maintenance
Users’ Personal Data may be processed with different procedures and for different purposes due to IT systems maintenance.

Personal data submitted voluntarily by users
The optional, explicit and voluntary sending of emails to the addresses as indicated on this website and/or the filling of personal data forms entail the subsequent acquisition of the applicant’s e-mail address, that is needed to fulfill applicant’s requests, as well as of the applicant’s personal information submitted by the applicant.

Individual policies
Individual policies may be included in the website when specific services are being supplied and, if necessary, user’s consent will be requested. Please refer to individual policies if you wish to use such services and/or are required to submit data.

Cookies
See Cookies Policy here.

3. PURPOSES OF THE PROCESSING OF THE DATA SUBJECT TO USER’S CONSENT, WHERE REQUESTED (Art. 23 of Leg. Decree No. 196/03)

Personal and sensitive data provided to us voluntarily and willingly shall be processed for the sole purposes set out below until the subject no longer consents to its processing:
– browsing this site;
– sending contact requests, with provision of information requested by users;
– CVs submitted voluntarily by users – CVs sent to the addresses specified on the website;
– any access to restricted areas on the site;
– administrative-accounting purposes in general. For the purpose of implementing the provisions on personal data protection, data processing for administrative-accounting purposes means the processing of data required for the smooth performance of organizational, administrative, financial and accounting tasks, regardless of the nature of the processed data. In particular, internal organizational tasks, as well as functional tasks conducive to meeting contractual and pre-contractual obligations, and informative tasks, contribute to the fulfillment of such objectives.

4. MODE OF DATA PROCESSING – DATA STORAGE

Processing is carried out using electronic or paper files. The measures we apply and the tools we use ensure that we store personal data with the utmost safety and confidentiality, thanks to a team of dedicated people and in line with the requirements of Art. 31 and following of Legislative Decree No. 196/03. The data shall be kept for no longer than is deemed absolutely necessary to achieve the objectives for which it was collected and processed. Data processing concerning the web services offered by this website will be physically hosted by third companies

5. SCOPE OF DISCLOSURE

Your data, which we have collected for processing purposes, shall not be disclosed to third parties, and shall be disclosed to the Data Controller’s business partners solely for the purposes as indicated above. The personal data may be disclosed to the following third parties:
– third parties providing services for the management of the website and of the operating system used by the Data Controller, as well as for WiFi networks (including email messages);
– consultancy firms and organizations;
– authorities responsible for compliance with legal obligations and/or decisions issued by public bodies, on request.
The subjects listed above act in their capacity as Data Processors, or independently as Data Controllers. The list of Data Processors is constantly updated and is available at the Controller’s premises. Further disclosures shall not be made without your prior consent.

6. NATURE OF DATA SUBMISSION AND REFUSAL

With the exception of what has been previously stated about browsing data, submitting your personal information is entirely voluntary.
However, if you choose not to submit any personal information, this may limit your ability to perform some operations, i.e., to send queries, to be contacted by the Data Controller and to access restricted areas on our website. If you elect not to provide such information, your enquiries may not be fulfilled, and some, or all of the services provided by the Data Controller may not be available for you.

7. RIGHTS OF DATA SUBJECTS

You may, at any time, exercise your rights as stated in Arts. 7, 8, 9 and 10 of Legislative Decree No. 196 of 30 June 2003, by contacting the Data Controller – DESA SAS DI CARAMIA ALESSANDRA & C. – or an appointed representative – by calling our Head Office at +39 0166 949914, or by emailing info@hotelbaitacretaz.com. You have the right, at any time, to know if your data has been stored, and to learn about its content and origin, to verify its accuracy or ask for it to be supplemented, updated or altered (Art. 7 of the Code on the protection of personal data). Pursuant to the provisions of said article, you have the right to ask for its removal, or for its transformation into anonymous format, or to block any data held in violation of the law, as well as to oppose its treatment for any and all legitimate reasons. Requests should be sent to the owner along with your email address, name, postal address and/or telephone numbers to allow for an effective and efficient management of your enquiry.

8. CHANGES TO THE PRIVACY POLICY

The Data Controller has the right to correct, update, add or delete parts of this privacy policy for any reason and at any time. It is the responsibility of users to regularly monitor and verify any such changes. To facilitate the verification process, the date on which the latest update was made is indicated in this policy. Use of the website after amendments have been posted on the website constitutes your acceptance of such amendments.

Data di aggiornamento: 30/06/2017
DESA sas di Caramia Alessandra & C.