Ochrana soukromí
Privacy
Information document pursuant to article 13 of EU Reg. 2016/679 (GDPR) - Information on the processing of personal data collected from the interested party.
In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide the necessary information regarding the processing of personal data provided.
Definitions: the art. 4 of EU Reg. 2016/679 defines "personal data" any information concerning an identified or identifiable natural person ("concerned"); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.
SPECIFIC INFORMATION
- Privacy information for completing the Booking Request Form.
- Privacy information for completing the Accommodation Reservation Form.
- Privacy information for completing the Online Payment Form.
- Privacy information for completing Web Check-In.
-
HOLDER OF THE TREATMENT
pursuant to art. 4 of EU Reg. 2016/679, is Agrituristica Lignano Srl with offices in Via Sabbiadoro n. 1, Zip Code 33054 City Lignano Sabbiadoro (UD), amministrazione@andretta.info with exclusive reference to the role of owner of the business called “Hotel Gloria”.
-
PURPOSE OF TREATMENT
The personal data provided will be processed for the following purposes:
- navigation on this website.
- filling out data collection forms for accommodation reservations.
- filling out data collection forms for online payments.
- filling out data collection forms for online check-in.
-
LEGAL BASIS OF THE PROCESSING
The legal basis applicable to the processing of your personal data for the purposes indicated is:
- consent (art. 6 paragraph 1 letter a)), as the legal basis for the processing.
- execution of pre-contractual measures/execution of the contract (art. 6 paragraph 1 letter b)) and legal obligations (art. 6 paragraph 1 letter c)) as legal bases for the processing.
- legal obligations (art. 6 paragraph 1 letter c)) as the legal basis for the processing.
- execution of pre-contractual measures/execution of the contract (art. 6 paragraph 1 letter b)) as the legal basis for the processing.
-
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
The personal data provided will be communicated to recipients who will process the data as managers (art. 28 of EU Reg. 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Manager and who operate as employees or collaborators with specific appointments of persons authorized to process data (art. 29 of EU Reg. 2016/679), for the purposes listed above in point 2.
By way of example and not limited to, the data will be communicated to:
- subjects who provide services for the management of the information system used by the Data Controller and the related telecommunications networks, including e-mail and website management.
- professionals and consultants in the context of assistance and consultancy relationships.
- competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
- companies or credit institutions that offer online payment services.
The subjects belonging to the aforementioned categories perform the function of Data Processor, or operate in total autonomy as separate Data Controllers.
The list of Data Processors is constantly updated and available at the registered office of the Data Controller.
Any further communication will take place only with your explicit consent, in compliance and within the limits of the GDPR.
Your data, subject to processing, will not be disclosed.
-
DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES
Personal data is stored on servers located within the European Union.
In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU.
In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission and the user will be informed.
-
DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD
The processing will be carried out in an automated and manual manner, with methods and tools aimed at guaranteeing maximum security and confidentiality, by the Data Controller and/or persons specifically authorized for this purpose.
In compliance with the provisions of the art. 5 paragraph 1 letter. e) of EU Regulation 2016/679, the personal data collected will be stored in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The storage of personal data provided depends on the purpose of the processing (the timing has been determined on the basis of criteria on which the interested party can receive information by writing an email to amministrazione@andretta.info ):
- navigation on this website: see the provisions of the cookie policy.
- accommodation reservation and possible possibility of online payment: for the minimum period required by law in relation to the accounting/tax regime adopted by the Owner and in any case no later than the following 10 years, in order to verify any pending issues including the documents accounting (e.g. invoices).
- online check-in: for the minimum period required by law no more than 48 hours.
-
RIGHTS OF INTERESTED PARTIES
The interested party may assert their rights as expressed by EU Regulation 2016/679 by contacting the Data Controller, sending an email to amministrazione@andretta.info or writing to the Data Controller's office indicated above.
The interested party has the right, at any time, to ask the Data Controller:
- access to your personal data (art. 15);
- rectification (art. 16);
- the cancellation (art. 17) of the same;
- the limitation of processing (art. 18);
- the transfer of your data to another owner (art. 20);
- the interested party also has the right, if it is not possible to request the deletion of the data, to oppose the processing when this is justified by reasons inherent to his particular situation (art. 21).
-
POSSIBILITY OF COMPLAINT TO THE GUARANTOR
Without prejudice to any other administrative and jurisdictional appeal, if the interested party believes that the processing of data violates the provisions of EU Regulation 2016/679, the interested party has the right to lodge a complaint with the supervisory authority (Guarantor for the protection of personal data) pursuant to art. 15 letter f) of EU Reg. 2016/679.
-
NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF THE REFUSAL TO PROVIDE THE DATA
The communication of personal data is not an obligation, as you are free to provide your personal data, but it is necessary for the purposes of browsing the pages of the website. The user can deny consent and can revoke a consent already given at any time (via the banner at the bottom of the page or the browser settings for cookies). However, denying consent may result in a reduced browsing experience on the site. Apart from what is specified for navigation data, the communication of personal data is not an obligation, as you are free to provide your personal data in the dedicated areas on the site, but it is necessary to fulfill the purposes of the processing; the consequence of failure to provide personal data makes it impossible to use the various services offered by the Data Controller.
-
AUTOMATED DECISION MAKING PROCESSES
There is no existence of an automated decision-making process.