This website collects some Personal Data of its Users.
TYPES OF COLLECTED DATA
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this website. The data requested by this website is essential to provide the service. In cases where this website indicates some data as optional, Users are free to refrain from communicating such data without any consequences on the availability or functioning of the service.
Users with doubts about which data are mandatory can contact the Data Controller for clarification.
Users are responsible for third-party Personal Data obtained, published, or shared through this website and guarantee that they have the right to communicate or disseminate them, releasing the Controller from any liability to third parties.
METHOD AND PLACE OF DATA PROCESSING
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data.
Processing is carried out using computers and/or IT-enabled tools, and when necessary, paper, with full assurance of the security measures provided by the legislator and with organizational and logic methods strictly related to the purposes indicated. In addition to the Controller, in some cases, other parties may have access to the Data, including employees and collaborators, as well as those involved in the organization of this website (administrative, commercial, marketing, legal, system administrators) or external parties (such as technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Controller. The updated list of Data Processors can always be requested from the Data Controller.
LEGAL BASIS OF PROCESSING
The Controller processes Personal Data relating to the User if one of the following conditions exists:
The User has given consent for one or more specific purposes.
The processing is necessary for the performance of a contract with the User and/or for pre-contractual measures.
The processing is necessary to fulfill a legal obligation to which the Controller is subject.
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
The processing is necessary for the purposes of the legitimate interests pursued by the Controller or third parties.
However, it is always possible to request the Controller to clarify the specific legal basis for each processing and, in particular, to specify whether the processing is based on the law.
The Data is processed at the operational headquarters of the Controller and in any other place where the parties involved in the processing are located.
The User's Personal Data may be transferred to a country other than the one in which the User is located.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union.
For more information, the User can refer to the respective sections of this document or ask for information from the Controller using the contact details provided.
The Data is processed and stored for the time required by the purposes for which it was collected. Therefore:
Personal Data collected concerning the User through forms will be retained for the time necessary to respond to User requests.
Personal Data collected for purposes related to the legitimate interests of the Controller will be retained until the satisfaction of such interests.
When processing is based on the User's consent, the Controller may retain Personal Data for a longer period until such consent is revoked. In any case, the Controller will retain the User's data for a maximum period of 36 months. Furthermore, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiration of this period, the right to access, delete, correct, and the right to data portability cannot be exercised.
PURPOSES OF DATA PROCESSING
Personal and navigation data obtained automatically or voluntarily entered by the User is collected by the Controller for the following purposes:
Contacting the User, managing contacts and sending messages, reservations, reviews, customer support, interaction with social networks and external platforms, spam protection, hosting services, statistics, and displaying content from external platforms, activities functional to marketing such as sending informational material; sending marketing material via email, newsletters, postal mail, SMS, and new communication platforms such as WhatsApp, Facebook, Telegram, qualitative surveys on customer satisfaction, and their perception of the services offered by the Controller.
The provision of data and consent to processing are necessary to respond to User requests.
Any additional purposes (such as marketing purposes or communication of User data to partner companies, for purposes following User requests, or for marketing purposes of third-party companies) will be the subject of explicit and motivated requests and specific, optional, and separate consent from that required to respond to User requests. Concerning all marketing purposes, each interested party has the right to revoke their consent to processing, without this affecting the contractual relationship and/or the performance of services requested by the User before the conclusion of the relationship.
More information on the purposes of data processing can be requested at any time from the Data Controller using the contact information.
Users can exercise certain rights concerning the Data processed by the Controller.
In particular, the User's rights include:
The right to access: Users can request the Controller to access their personal data and information about the processing methods. Upon User request, the Controller will provide an overview of the categories of data processed, a copy of the actual data collected, and a description of the processing methods. The Controller will also provide the purposes of processing, how the data was acquired, and the parties with whom the data was eventually shared.
The right to rectification: Users have the right to request the correction of personal data if it is inaccurate or incomplete.
The right to object: Users have the right to object to the processing of their Data when it occurs on a legal basis other than consent. Users can also object to the processing of Personal Data for profiling purposes or for automated processing. When Personal Data is processed in the public interest or to pursue a legitimate interest of the Controller, Users have the right to object to the processing for reasons related to their particular situation. Users must justify their objection to the Controller unless the processing is carried out for direct marketing purposes. In this latter case, no justification is required to exercise this right.
The right to data portability: Users have the right to obtain their personal data for the purpose of transferring it to another Controller. This provision includes both "provided" data by the user and "observed" data.
The right to erasure: Users have the right to request the erasure of their data from the Controller when they revoke consent, or when the data is no longer necessary for the purposes for which it was collected.