in accordance with article 13 and in compliance with GDPR 679/2016 we want to inform you about the treatment of your and your relatives’ personal data, including minors, acquired from us according to contractual relations and which allow us to carry out properly our activity according to the current legislation. The procedures for processing personal data, both on paper and computerised, meet the security guarantees required by the new legislation.
- IDENTITY AND CONTACT OF THE OWNER
The data controller is: CORTE ALMA SPA AND LUXURY HOME di Tramaglino Maria, via Anguilla 9, 25084 Gargnano (Brescia) – Italy. Codice Fiscale / Tax code: TRMMRA62S47H717F. Partita IVA / VAT Number: 04113790986. Phone: +39 0365 1870323, mobile: +39 380 466 1772 – E-mail: firstname.lastname@example.org
- PURPOSE OF PROCESSING AND LEGAL BASE
Data are processed for carrying out the following activities:
• Acquisition of contract/pre-contract information and fulfillment of obligations resulting from the contract of stay and ancillary contracts connected to it.
• Fulfillment of guests’ data reporting obligations to the Police Authorities to meet the obligations required by “Testo unico delle leggi di pubblica sicurezza” (Law on public security), Article 109 R.D. 18.6.1931 n°773.
• Direct marketing through newsletter and/or advertising material and/or promotional communications relating to the products, services or events attributable to the activity of our firm.
• Administrative and accounting management of guests, in particular: manage of contractual relations, billing and fiscal obligations. The disclosure of personal data by the person concerned, although not mandatory, is necessary to achieve the aforementioned purposes. Failure to provide data, makes the contractual relation underlying the treatment impossible of execution.
- SCOPE OF COMMUNICATION AND RECIPIENTS OF PROCESSING
Your data, except Police Authority statutory disclosure obligation, may be communicated by us exclusively to below mentioned third parties:
• Forensic accountant, tax and legal consultant and booking software managers.
• Health, legal and financial authorities and other institutions if required under laws, regulations and European Union Directives.
The aforementioned subjects become external responsible for processing of the data provided.
- DATA RETENTION PERIOD
Except for legal obligations, collected data will be stored throughout the period of the contractual relation as well as for an additional 5 years after the end of the contract, in relation to profiling and direct marketing purposes. If data are provided only in the pre-contractual stage they will be stored for the period of 12 months. In the case of a dispute data will be treated and stored until the settlement of the litigation. After the storing period, as described above, the complete elimination of your data will take place.
- RIGHTS OF THE DATA SUBJECT
The European regulation n° 679/2016 recognizes to the interested certain rights and to allow their exercise the interested will need to address to the right holder:
• Right of access to collected and treated data – art. 15
• Right to obtain the rectification of the data – art. 16
• Right to obtain the deletion of data and right to oblivion – art. 17
• Right to obtain the restriction of processing – art. 18
• Right to data portability to another data controller – art. 20
• Right to opposition to the processing – art. 21
• Right to not undergoing automatic treatments – art. 22
• Right to file complaints to the supervisory authorities – art. 77
• Right to initiate judicial proceedings towards supervisory authorities (art. 78) and against the holder and/or responsible of the treatment (art. 79).
• Right to withdraw consent at any time, without prejudice to the lawfulness of the treatment based on the consent prior to withdrawal.
- COMPLAINT WITH THE SUPERVISORY AUTHORITY
The person concerned is entitled to lodge a complaint at the supervisory authority in the event that his/her demands as well as requests to exercise the rights given in the previous paragraph 5. have not met the expectation.
The reference authority is the Authority for the Protection of Personal Data (Garante per la protezione dei dati personali).