Privacy report pursuant to the gdpr no. 679/2016 – website. This page describes how to manage our website in relation to the processing of personal data of Users who consult it. This statement was also adopted according to EU Regulation no. 2016/679 of the European Parliament and of the Council of the 27 April 2016 concerning personal data protection for those who interact with web services of Casa della Ludo B&B, accessible online from the address: www.casadellaludo.it
The information notice only refers to the site Casa della Ludo B&B and not to other websites that may be accessed by the User through links. The processing of personal data shall be regulated by the principles of correctness, lawfulness, transparency and protection of privacy and rights User (pursuant to Art. 5).
01. Data Controller
Pursuant to the laws in force, the data controller is Casa della Ludo Bed and Breakfast, Via Statutaria n° 152, Sant’Antonino, 42013 Casalgrande (RE), Italy, phone +39-333-7261603. The list of possible Data Processors is available from the Data Controller.
02. collected data
During the navigation of User can be collected the following information:
• internet protocol (IP) address;
• type of browser;
• parameters of the device used to connect to the website;
• internet service provider name (ISP);
• date and time of visit of the website;
• web page of origin of the visitor (referral) and exit;
• the number of clicks.
These data are used for statistical and analytical purposes only in aggregate form. The IP address is used exclusively for security purposes and is not cross-referenced with any other data.
The site may collect other data in case of voluntary use of communication services (contact forms, request information) by User, and will be used exclusively for the provision of the requested service:
• name and surname
• phone number
• any additional data sent spontaneously by the User.
03. Purpose of processing:
The data are collected in the following section: “contacts”. In this section the User can find a form that allows you to write to us, entering his required data. On receiving his specific consent, the processing of his personal data supplied by User, can also be carried out in order to promote the service through marketing activities, commercial initiatives, advertising communications, which are carried out through traditional (such as paper mail and telephone contact) and automated methods of contact, pursuant to Art. 130, paragraphs 1 and 2 of the Privacy Code (consisting in sending standardised communications through systems such as newsletters, text messages, social networks).
04. Processing method:
We collect/receive information about User in the following manner:
• when a User fills up the registration form or otherwise submits personal information
• interacts with the website
• from public sources
The tools used for the data processing are suitable to safeguard security and privacy; the processing may also make use of paper based instruments and IT tools. Data collected by the site is handled at the office of the Data Controller and allow you to provide its services, as well as for the following purposes: navigation statistics, contact to the user, for marketing and promotion purposes. The consent for such use is mandatory to provide the services; however, your refusal to respond may prevent us from continuing the contractual relationship.
05. Legal basis of processing
We process the data mainly on the basis of the User’s consent. The consent is given through the banner at the bottom of the page, or through the communication forms or request services specially prepared, with which are collected the consents relating to the specific purpose of the service. The provision of data and therefore consent to the collection and processing of data is optional, the User can deny consent, and can revoke at any time a consent already provided (via the button at the bottom of the page or the browser settings for cookies, or the link Contacts). However, denying consent may make it impossible to provide certain services and the experience of browsing the site may be reduced.
The Owner may process Personal Data relating to Users if one of the following applies:
• Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
• provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
• processing is necessary for compliance with a legal obligation to which the Owner is subject;
• processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
• processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
06. Retention time
• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The security of personal data of user is important to us and we use reasonable security measures to prevent your loss, misuse or alteration under our control. However, given the inherent risks, we cannot guarantee absolute security and, consequently, the user by transmitting his personal data assumes all possible risks.
08. PLACE OF DATA PROCESSING
09. SHARING AND COMMUNICATION OF DATA
The data collected may be transferred or communicated to other companies, specifically identified, for activities strictly related and instrumental to the operation of the service, such as the management of the site itself or its components. We require such other companies to use the personal information we transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling the said purpose.
Personal data may be transmitted to third parties, but only and exclusively in case:
• to comply with requests from the Judicial Authority or Public Security.
• to comply with applicable law, regulation, court order or other legal process;
• to respond to claims that your use of the Service violates any third-party rights.
If the Service or our company is merged or acquired with another company, information of user will be one of the assets that is transferred to the new owner. Residual anonymous information and aggregate information, neither of which identifies user (directly or indirectly), may be stored indefinitely.
11. Rights of the processing subject
In accordance with the aforementioned law, the User may send a written request to the Data Controller, for confirmation of whether or not personal data concerning him/her exists, even if not yet registered, and their provision in an intelligible form (Art. 15), correction and integration (Art. 16), limitation (Art. 18), the right to the removal of one’s own data, also referred to as right to be forgotten (Art. 17), the portability of their own data (Art. 20), right of objection (Art. 21) and may exercise the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or which significantly impacts this natural person (Art. 22). Furthermore, the data subject has the right to:
• withdraw his or her consent at any time
• lodge complaints with a supervisory authority
• know the consequences due to lack of consent
• know about the existence of their data profiling process
Without permission to collect or process the personal information requested or if consent to the processing of the same is withdrawn for the purposes requested, you may not be able to access or use the services for which your information has been requested.
12. How to exercise one’s own rights
The data subject has the right to exercise all his/her rights simply by sending a written request electronically, to the Data Controller, to the email firstname.lastname@example.org
Or by post to the following address: Casa della Ludo B&B, Via Statutaria n. 152, 42013 Sant’Antonino di Casalgrande (RE).
In compliance with the provisions of art. 15 letter f) of the GDPR no. 679/2016, the interested party has the right to lodge a complaint with the Guarantor for the protection of personal data.
If you have any queries or concerns about the processing of the User’s personal data at our disposal, it is possible to send a communication by post or by email to our Grievance Officer at: Casa della Ludo B&B, Via Statutaria n. 152, Sant’Antonino, 42013 Casalgrande (RE), email email@example.com. We will address the case submitted by the User in accordance with applicable law.
14. NORMATIVE REFERENCES
Effective Date 20/01/2022 · Last Updated on 20/01/2022