Data Controller and Data Protection Officer (RPD)Data Controller: EFFEVI S.A.S.di Frau Rosanna & C. (ITALIAN RESTAURANT GARDA) with registered office in Via della Pace, 12 - 37016 Garda.Tel .: 0456270288;Email: firstname.lastname@example.org;Pec: email@example.com.Responsible for data processing is: Viola Michele.Tel .: 0456270288;Email: firstname.lastname@example.org;Pec: email@example.com.
Type of data processed Navigation data The computer systems and software procedures used to operate them acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the user. The Data Controller uses this data for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, the data on web contacts persist for a time not exceeding that necessary for the purposes for which they are collected and subsequently treated.
Methods of data processing The collected data are processed with automated tools and for the time strictly necessary to achieve the purposes for which they were collected. Specific and suitable security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. Nature of the provision of data As for navigation data, the acquisition in anonymous form is necessary to allow access and consultation of the contents of the site. Use of the site by minors under the age of 18 The user who has not yet turned 18 can freely browse our site. What it cannot do is use the services that require the provision of data and information. Registration and use of the services made available through the site of the Data Controller is only allowed to people over the age of 18. No one under this age threshold must register on the site or use the services made available through it.
Data communication scope The navigation data may be disclosed to data processing companies for the provision and management of IT services, for example in the case of hosting activities entrusted to third parties and related to the use of our website. The data may then be known and processed within the company, by the personnel expressly designated as Person in Charge and / or Data Processor according to their respective authorization profiles. Appointees and Managers will be able to carry out the consultation, use, processing, comparison and any other appropriate operation, even automated, only in cases where they have been expressly authorized to do so. In the event of an express request and in the circumstances authorized by law, the data may be communicated by the Data Controller to the Public Security Authorities and to the Police forces. Information for users who use the services of the site Access to and use of the services offered by the HOTEL ITALIA GARDA website (www.hotelitaliagarda.com) (e.g. request for information, request for quotes, joining the mailing list for the receipt of advertising and / or promotional material, hotel reservations, etc. .) may request, sometimes, the compilation of web forms through the insertion by the interested party of some information, qualified as personal data by the European Regulation GDPR 2016/679. The Data Controller, below provides, pursuant to art. 13 of the European Regulation GDPR 2016/679, some useful information on how the data sent by the user will be processed and what the users' rights are. Type of data processed To access the services and content provided by the site, the user may be requested, depending on the type of service requested, for personal and identification data such as, for example, name, surname, e-mail etc. In order to access the services, interested parties are not required to release "particular categories of personal data" (so-called "sensitive data") (eg relating to revealing racial and ethnic origin, religious, philosophical, political beliefs, the state health, sexual life, etc.) or judicial (data relating to criminal records, or relating to the status of defendant or suspect, etc.).
The user can voluntarily provide their personal data in two main ways: Compilation of web forms: voluntary registration to services by filling in specific web forms, involves the acquisition by the data controller of all data entered voluntarily by the user and the consequent processing in accordance with what is reported in this information. E-mail: the spontaneous sending of e-mails to the e-mail addresses indicated on the site involves the acquisition by the Data Controller of the sender address necessary to respond to requests, as well as any other personal data, including attachments, included in the message. By sending e-mails to the e-mail addresses indicated on our site, the user declares to have read and accepted the processing conditions contained in this policy. Purpose of the processing The personal data released spontaneously by the user will be used exclusively for its own purpose and strictly relevant to each individual service requested and used. In all cases in which the Data Controller intends to use the data provided for purposes other than or different from those for which the data were specifically collected, he will inform the interested party asking him to give express and specific consent to further processing that will intend to carry out. In all cases of providing personal data through the site, the same may be used for the purpose of carrying out economic analyzes, statistics and market surveys. However, this processing is always carried out exclusively through the processing of data in anonymous form and on an aggregate basis, without ever relating the processed information with the individual personal data of the data subjects. Below is the list of services that can be made available through the site and the specific purposes of the processing of personal data related to each of them: · Specific requests for information or contact (eg. Request for information, contact requests, quotes, online reservations, etc.): the data released by the interested party will be used exclusively for the execution of the mandate received from the customer; sending advertising and / or promotional material (newsletter): the data released (email address) can be used for the purpose of sending advertising and / or promotional communications to the interested parties through the e-mail service. None of the services made available through the site binds the interested party to the necessary and mandatory acceptance of this specific purpose of processing the data provided. Furthermore, at any time, the interested party can change their choice and oppose the processing by writing to firstname.lastname@example.org. We point out that the European Regulation 2016/679 (Recital 47) states that "it may be considered legitimate interest to process personal data for direct marketing purposes".
The booking service is supported by the Simple BookingTM platform. If you decide to book through this portal, read the information at the following link: https://www.simplebooking.it/ibe/hotelbooking/search?hid=4519&lang=EN. Consent to treatment In all cases where the consent of the interested party is necessary in order to proceed with the processing and to fulfill the purposes provided for by the same, we will collect it in advance and specifically in relation to the individual purposes, in an express, free, and unconditional form. We inform you, however, that for certain specific purposes the European Regulation GDPR 2016/679 allows the Data Controller to proceed with the processing without having to acquire the consent of the interested party. This happens, for example, when the processing of data is necessary to fulfill a legal obligation or, to execute contractual obligations undertaken towards the interested party. Methods of processing The data will be processed through paper, magnetic, IT or telematic tools and supports; the data will be stored both on computer media and on paper or magnetic media and on any other type of support that can guarantee its security and confidentiality. The custody of the databases is carried out in protected environments, access to which is controlled and managed in compliance with the provisions in force on privacy. The data will be entered in the relevant databases which can be accessed, and therefore become aware of, by the employees expressly designated by the Data Controller as Data Processors and / or Data Processors, according to the respective authorization profiles assigned. Appointees and Managers will be able to carry out the consultation, use, processing, comparison and any other appropriate operation, even automated, only in cases where they have been expressly authorized to do so. Nature of the provision of data The communication of personal data freely provided by the user by filling in the web forms is optional. The interested party is therefore free to provide the requested data or not. However, with specific reference to those indispensable to execute the requests forwarded, failure or incorrect provision may make it impossible to execute the forwarded request. Communication and dissemination Without prejudice to communications made in execution of legal obligations, personal data may be brought to the attention of: - persons in charge of processing appointed with a specific deed; - subjects whose right of access to such data is recognized by virtue of regulatory provisions; - collaborators and / or employees in the context of their duties; - natural and / or legal persons, public and / or private when the communication is necessary or functional to the fulfillment of the purposes envisaged by the processing; - third-party companies appointed to fulfill the purposes envisaged by the processing; - companies that provide Ristorante Italia Garda with specific supply services, such as, for example, companies and firms providing services and consultancy that the Data Controller uses. The data are not normally subject to disclosure. Transfers to third countries and / or international organizations Personal data are not transferred to third countries and / or international organizations.
Withdrawal of consentUsers are granted the right to withdraw consent to the processing of personal data through the following channels:registered letter with return receipt to the following address: Via della Pace, 12 - 37016 Garda.Email: email@example.com;PEC: firstname.lastname@example.org.A copy of the identity document must be attached to the request.Exercise of rightsUsers can obtain more information on the processing of personal data, or exercise the rights referred to in the "rights of the interested party" through the following channels: registered A / R to the following address: Via della Pace, 12 - 37016 Garda.Email: email@example.com;PEC: firstname.lastname@example.org.The communication must specify which right the user intends to exercise.Complaint to the supervisory authorityWe remind you that you can always contact the supervisory authority to lodge a complaint on the website www.garanteprivacy.it