Valledoria - Sardinia - Hotel and Local Area discovering
(pursuant to Article 13 of Regulation (EU) 2016/679)
Protecting personal data is our top priority. For this reason, the company has implemented adequate security measures to preserve the confidentiality, integrity, and availability of such data. We would like to inform you that, in light of the significant changes introduced by Regulation (EU) No. 679/2016, also known as the “GDPR," we have updated our Privacy Policy regarding the processing of your personal data, which is available on the website www.hotel-tartarugabianca-sardegna.it.
Data Controller
The data controller for your personal data is Solevacanze Srl, VAT and tax code 02105010900, with its registered office at Via Colombo 43, I-07039 – Valledoria – Sassari – Sardinia/Italy. Solevacanze Srl safeguards the confidentiality of personal data and ensures their protection from any events that may put them at risk of violation. As provided by Regulation (EU) No. 2016/679 (“GDPR"), and specifically by Article 13, we provide you (the “Data Subject") with information regarding the processing of your personal data.
The personal data of the customer will be processed for:
I) purposes related to the fulfillment of tax, accounting, and legal obligations and for contract and customer management purposes (reservation, customer management and administration, invoicing).
Location of Data Processing
The processing related to the web services of this site takes place at the hotel’s headquarters and is handled by technical personnel of the office responsible for processing or by third parties in charge of occasional maintenance operations. Processing may also take place at external companies that collect data related to access and navigation on the site to enable the operation of services and sections that require user identification. Personal data provided by users who submit reservation requests or requests for information (catalogs, responses to queries, contact requests) are used solely for the purpose of providing the requested service or performance and are disclosed to third parties only when necessary for this purpose (e.g., the shipping service for the above-mentioned material).
Security
To ensure the security of personal data and information collected via the internet, we use protection systems designed to prevent third parties from accessing and/or intercepting private communications.
Cookies
No personal data of users is acquired by the site. No persistent cookies of any kind are used, nor are tracking systems used to collect personal user data. The use of session cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient navigation of the site. Session cookies used on this site avoid the use of other computer techniques potentially prejudicial to the confidentiality of user navigation and do not allow the acquisition of personal user identification data.
Optional Provision of Data
Apart from what is specified for navigation data, users are free to provide personal data requested in request forms or indicated in contacts with Solevacanze to book a stay or request the sending of informational material or other communications. The collection and processing of personal data are necessary to fulfill the requested services and the provision of the requested service. If the Data Subject does not provide the personal data expressly required in the order form or registration form, the Data Controller will not be able to carry out the processing related to the management of the requested services and/or the contract and related services, nor comply with the obligations arising from them. If the Data Subject does not consent to the processing of personal data for these purposes, such processing will not occur for the same purposes, without affecting the provision of the requested services or those for which the Data Subject has already given consent, if required.
Methods of Data Processing
Personal data are processed in paper, electronic, and automated modes for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use, and unauthorized access.
Website Security Measures
Specific security measures have been adopted for the management of the site, aimed at ensuring the user’s secure access and protecting the information contained therein from the risk of loss or accidental destruction. The antivirus software used in site management is regularly updated to prevent data loss due to the action of computer viruses. Additionally, while ensuring the adoption of suitable antivirus systems internally, as well as being a legal requirement, it is advisable for the user to equip their workstation with a prevention and scanning system against computer virus attacks.
Purposes of Data Processing and Legal Basis for Processing:
The personal information we collect is used for online booking requests, which is the primary purpose of our company! In no case does the company sell the Data Subject’s personal data to third parties or use it for undisclosed purposes. The processing of the Data Subject’s personal data is carried out to carry out the activities resulting from the registration request, the management of information and contact requests, as well as to fulfill any other obligations arising from them and to comply with specific legal obligations.
Legitimate Interests Pursued by the Data Controller: Data Retention Period
The processing of data will not last longer than necessary to achieve the purposes for which they were collected. Data will be retained in accordance with the rules for the retention of documentation, unless the Data Subject expressly requests their removal. The personal data of the Data Subject will be kept until they are necessary for the legitimate purposes for which they were collected, and in any case, no longer than a maximum of 10 (ten) years of inactivity. Regardless of the Data Subject’s determination to delete them, personal data will in any case be kept in compliance with the terms provided by current regulations and/or national regulations, for the sole purpose of ensuring compliance with specific legal obligations. In addition, personal data will be kept in any case to fulfill obligations (e.g., tax and accounting) that persist even after the termination of the contract (Article 2220 of the Civil Code); for these purposes, the Data Controller will only keep the data necessary for their pursuit. Except in cases where the rights arising from the contract and/or registration must be exercised, in which case the Data Subject’s personal data, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.
Recipient or Categories of Recipients of Personal Data
Data will be processed exclusively by personnel and collaborators or companies expressly appointed as external data processors. Outside of these cases, data will not be communicated to third parties or disclosed unless specifically provided for by national or European Union law. The communication of the Data Subject’s personal data primarily takes place to third parties and/or recipients whose activity is necessary to carry out activities related to the established relationship and to meet certain legal obligations.
Purposes Compliance with administrative, accounting, and contractual obligations. Provision of services (assistance, provision of additional services, providers of electronic communication networks and services) related to the requested service. Management of collections, payments, and refunds related to the contractual performance. Compliance with legal obligations, exercise of rights, protection of contractual rights, debt recovery. Compliance with legal obligations, defense of rights; lists and registers kept by public Authorities or similar entities under specific regulations, in relation to the contractual performance.
The Data Subject’s Consent
In cases where the Data Subject has given consent and subsequently revokes it or objects to the processing, their
data will no longer be processed for those activities, without this having detrimental consequences or effects for the Data Subject.
Automated Decision-Making
The Data Subject’s personal data may also be processed for profiling purposes (such as analysis of the transmitted data and selected services/products, sending of advertising messages and/or commercial proposals in line with the choices made by users) only if the Data Subject has given explicit and informed consent. The legal basis for these processing activities is the consent previously given by the Data Subject, which can be freely and at any time revoked. Any profiling activity will be carried out only with the prior consent of the Data Subject and every effort will be made to ensure that all the data on which it is based is accurate.
Data Subject Rights
In certain circumstances, the law grants the right to:
• Ask us if we have personal information about the user and, if so, what that information is and why we process/use it.
• Request access to their own personal information (commonly known as a “data access request"). This allows the user to receive a copy of their personal information in our possession and verify its correct processing.
• Request the correction of the personal information in our possession. This allows the correction of any incomplete or inaccurate information.
• Request the deletion of personal information. This allows us to request the deletion or removal of personal information unless there are valid reasons to continue processing it. The user also has the right to ask us to delete or remove their personal information if they have exercised their right to object to the processing (see below).
• Object to the processing of their personal data when a legitimate interest (or that of third parties) is invoked, and there are elements related to a specific personal situation that lead to objecting to the processing. The user also has the right to object to the processing when their personal information is used for direct marketing purposes.
• Object to automated decision-making, including profiling, which must not be subject to any automatic decision-making process by us using personal information or user profiling.
• Request the restriction of the processing of their personal information. This allows us to request the suspension of the processing of their personal data, for example, if the user wishes to verify its accuracy or the reasons.
• Request the transfer of their personal information in electronic and structured format to the user or another party (commonly known as the right to “data portability"). This allows retrieving personal data in our possession in an electronically usable format and transferring it to another party in an electronically usable format.
• Revoke consent. In the limited circumstances where consent may have been given for the collection, processing, and transfer of personal information for specific purposes, the right to revoke it for that specific processing at any time.
Once we receive notice of the revocation of consent, we will no longer process the user’s information for the purpose or purposes originally agreed upon unless there is another legitimate basis.
Right to Lodge a Complaint with the Supervisory Authority
In certain circumstances and under certain conditions, data subjects also have the right to lodge a complaint with the competent supervisory authority in accordance with the established procedures.