PRIVACY NOTICE

PURSUANT TO ART. 13 REG. EU 2016/679 (GDPR)

 

Dear Data Subject,

 

With this sheet, the company Castello di Cafaggio dei Baroni Benci di Gabriella Gennaro provides information on the processing of personal data acquired, also verbally, directly or through third parties, relating to you, necessary for the performance of administrative, accounting, management and contractual related or deriving from the execution of the contract. This information is provided pursuant to the provisions of art. 13 of the REG. EU 2016/679 (so-called GDPR), as well as by Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

 

• IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

 

 

The Data Controller (hereinafter also the “Owner”) is the company Castello di Cafaggio dei Baroni Benci di Gabriella Gennaro, with registered office in Via del Ferrone 58, Impruneta (FI), VAT number: 06285960487 telephone: +39-055/2012196  e-mail : info@castellodicafaggio.com

 

2. PURPOSE OF DATA PROCESSING.

 

The personal data you provide will be processed for the following purposes:

1. a) to fulfill the legal obligation to register and communicate to the police headquarters the details of the clients accommodated;
2. b) for the management of all contractual and pre-contractual requirements relating to the activity carried out;
3. c) to fulfill the current administrative, accounting and tax obligations inherent and / or connected to the contract, as well as the obligations established by laws, regulations and national and / or EU regulations on contractual, accounting and tax matters and to achieve effective management commercial relationships;
4. d) For any sending of commercial information regarding the goods and/or services offered by the structure.

 

3. LEGAL BASIS OF THE PROCESSING.

 

3.1. Given that the data processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same, the legal basis of the processing is that provided for in art. 6 co. 1 letter b) GDPR and therefore the fulfillment of a contract, as well as art. 6, co. 1 letter b) GDPR regarding the fulfillment of legal obligations inherent in or deriving from the contract.

3.2. For the purposes in point d), the legal basis is consent.

 

4. METHODS OF DATA PROCESSING.

 

The data treatment will take place with electronic, computerized or automated tools as well as paper.

The processing is carried out by the Data Controller and by the Data Controller’s collaborators and/or employees as Authorized Subjects, as well as by the data processors specifically identified in writing, within the scope of their respective functions and in accordance with the instructions given by the Data Controller, ensuring the use of suitable measures for the security of the processed data and guaranteeing its confidentiality.

According to the rules of the regulation, the treatments carried out by the Data Controller will be based on the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality.

The data will always be processed with the utmost respect for the principle of confidentiality even in the case of management of the same by third parties expressly appointed by the Data Controller.

Your data is not subject to any automated decision-making process.

 

5. RECIPIENTS OF PERSONAL DATA.

 

The personal data you provide may come to the attention of the Data Controller, the Authorized Subjects and / or the Data Processors. The list of data processors is available on request.

Any additional categories of recipients who may become aware of your personal data during or after the execution of the contract are:

1. a) subjects who process data in execution of specific legal obligations (e.g. public administrations, for the performance of institutional functions, police headquarters, Istat, Veneto Region and, more generally, all public security bodies and supervisory bodies);
2. b) credit and insurance institutions that provide functional services to the aforementioned purposes;
3. c) external consultants who provide functional services, deriving from or connected to the indicated purposes, identified in writing and to whom specific written instructions have been given with reference to the processing of personal data;
4. d) companies or professionals for the judicial or extrajudicial protection of the rights of the owner;
5. e) in general, to all those public and private entities for which communication is necessary for the correct and complete fulfillment of the purposes indicated above.

 

6. COMMUNICATION OF DATA.

 

Your data may be disclosed to the subjects indicated in point 5 for the purposes referred to in point 2.

 

7. DISCLOSURE OF DATA.

 

Unless your specific written request, or specific order of the A.G./regulatory obligation, the personal data you provide are not subject to disclosure.

 

8. TRANSFER OF DATA ABROAD.

 

The collected data will not be transferred to third countries or international organizations.

 

9. PERIOD OF CONSERVATION.

 

The data you provide will be kept during the execution of the contract and for a period of ten years following its termination/completion, in order to fulfill tax and accounting obligations, as well as for judicial protection in the event of disputes arising from the contract itself.

The lists containing the digital data of the accommodated customers that are transmitted to the police headquarters and the hard copy of the same, will be kept for five years, as required by law.

With regard to the processing of data to carry out the function of receiving messages and telephone calls addressed to you during your stay, you can withdraw your consent at any time and, in any case, the processing will cease upon your departure.

This information will also be considered valid for subsequent contracts that you conclude with the Data Controller.

 

10. RIGHTS OF THE DATA SUBJECT

 

The legislation confers on the data subject the exercise of specific rights listed in Articles from 15 to 22 of the GDPR, including that of obtaining from the Data Controller the confirmation, or not, of the existence of your personal data (or access), their making available in an intelligible form, as well as the correction or cancellation of the same, or to limit their processing in whole or in part or to oppose the same for legitimate reasons and/or revoke the consent to the processing at any time (without prejudice to the consequences indicated), or to request the portability of their data as regards the data subject to specific consent, or even the update.

The data subject has the right to know the origin of the data, the purpose and methods of processing, the logic applied to the processing, the identity of the owner and the subjects to whom the data may be communicated.

The data subject also has the right to request the transformation into anonymous form, the limitation or blocking of data processed in violation of the law; they can also lodge a complaint regarding the unauthorized processing of the data given to the Guarantor for the Protection of Personal Data in the manner published on the website of the authority stated (http://www.garanteprivacy.it/).

Requests relating to the exercise of the aforementioned rights can be addressed to the Data Controller, at the addresses indicated above, without formalities or, alternatively, using the model provided by the Guarantor for the Protection of Personal Data available on the Website: http: // www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

The exercise of the aforementioned rights can be exercised by written communication to be sent by certified email or by registered letter with return receipt addressed to the aforementioned structure.

11. PROVISION OF DATA.

 

The provision of personal data is not mandatory, however it is necessary for the exact execution of contractual and pre-contractual obligations.

The Data Controller specifies that you will only be asked for the data strictly necessary for the conclusion of the contract and for the execution of the obligations or legal obligations deriving from it.

 

12. REFUSAL TO PROVIDE DATA.

 

Failure to provide the data by the data subject makes it impossible to enter into the contract as well as to carry out the required pre-contractual measures, and to carry out the fulfillment of contractual obligations in an exact manner, as well as the obligations (including legal) deriving from it. as well as the obligations (including legal) deriving from or connected to the contract and, more generally, the impossibility of fulfilling the purposes referred to in point 2.