Privacy Policy

PRIVACY POLICY IN ACCORDANCE WITH EUROPEAN REGULATION NO. 2016/679 (GENERAL DATA PROTECTION REGULATION - GDPR)

DATA CONTROLLER

Marco Ghirello, Piazza Catullo n. 3, 37016 – Garda (VR), e-mail: info@baiadelgarda.it, telephone: 351 8272411 in accordance with Article 4 GDPR is the Data Controller (hereinafter: 'Controller').

1. PURPOSE OF DATA PROCESSING

  • 1.1 View the web pages and use the services that may be offered on www.baiadelgarda.it (hereinafter: the Site).
  • 1.2 Fulfil obligations under applicable national and international regulations and legislation.
  • 1.3 If necessary, to ascertain, exercise or defend the Controller's rights in legal proceedings.
  • 1.4 The computer systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified users but, by its own nature, could, through processing and association with data held by the Data Controller or by third parties, make it possible to identify the users of the website.

The processing of personal data is carried out by means of the operations of: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subject to both paper and electronic and/or automated processing by authorised persons in compliance with the principles of lawfulness, purpose limitation and data minimisation.

2. LEGAL BASIS FOR PROCESSING

  • 2.1 Contractual purpose: performance of a contract to which you are a party.
  • 2.2 Legal obligations: the need to fulfil legal obligations.
  • 2.3 Rights of the holder: legitimate interest.
  • 2.4 Website operation: legitimate interest.

3. PERSONAL DATA RETENTION PERIOD

  • 3.1 Contractual purpose, legal obligations: for the entire contractual term and, after termination, for 10 years.
  • 3.2 Rights of the Controller: in the event of litigation, for the duration of the litigation itself, until the time limits for appeal have been exhausted.
  • 3.3 Operation of the website: for the duration of your browsing session on the website. Once the aforementioned retention periods have expired, your personal data will be destroyed, deleted or anonymised, in accordance with technical deletion and backup procedures.

4. TYPE OF PERSONAL DATA PROCESSED

  • 4.1 Personal data processed for contractual purposes - legal obligations - controller's rights - credit retrieval: Personal data, contact details.
  • 4.2 Personal data processed for the operation of the Website: the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), other parameters relating to the user's operating system and computer environment, information relating to the user's behaviour on the Website, the pages that have been visited or searched, in order to select and make specific announcements to the user. ), other parameters relating to the user's operating system and computer environment, information relating to the user's behaviour on the Website, to the pages that have been visited or searched, in order to select and make specific announcements to the user of the Website, and data relating to the user's browsing behaviour on the Website using, for example, cookies.

5. OBLIGATION TO PROVIDE DATA

The provision of the personal data referred to in point 4.1 for the purposes referred to in point 1.1 is mandatory. Therefore, refusal to provide such personal data does not allow the possibility of using the services/content offered by the Website. The provision of personal data as per point 4.2 is compulsory as regards technical cookies and optional as regards analytical and profiling cookies if installed. In all cases, please refer to the cookie acceptance form.

6. DATA RECEIVERS

The data may be processed by external parties acting as data controllers such as, by way of example, authorities and supervisory institutions, whether public or private, entitled to request the data, as well as persons, companies, associations or professional firms providing assistance and consulting services. The data may also be processed, on behalf of the Data Controller, by external subjects designated as data processors pursuant to Article 28 of the GDPR, who are given appropriate operating instructions. These subjects are essentially included in the following categories:


  • a. companies offering website and information system maintenance services;
  • b. companies performing management and maintenance services for the Controller's database;

Your data may be processed, if you give your explicit consent, by third parties to whom the data is disclosed. Personal data will not be disclosed, but may possibly be transmitted to the Public Authorities that expressly request it to the Data Controller for administrative or institutional purposes, in accordance with the provisions of current national and European legislation.

7. SUBJECTS AUTHORISED TO DATA PROCESSING

Your data may be processed by the Controller's company employees assigned to the pursuit of the purposes indicated above, who have been expressly authorised to process the data and have received adequate operating instructions. The data referred to in point 4.2 collected when you browse the Website may be processed by employees, collaborators of the Data Controller or external subjects, in their capacity as persons in charge of and responsible for processing, who perform tasks of a technical and organisational nature on behalf of the Data Controller.

8. PERSONAL DATA TRANSFER

In order to achieve the above-mentioned purpose, the Data Controller may use providers of software solutions, web applications and storage services provided also through cloud computing systems on servers that may be located in non-EU countries. Any transfers of Personal Data to such countries, in the absence of an adequacy decision by the European Commission, will only be possible if adequate contractual guarantees, including binding corporate rules and contractual data protection clauses, are provided by the Controller and the Processors involved. The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will only be carried out where you have explicitly consented or in the cases provided by the GDPR and will in any case be processed in your interest.

9. YOUR RIGHTS AS A DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY

Under certain conditions you have the right to ask the Controller:

  • access to your personal data,
  • a copy of the personal data you have provided to us (so-called portability),
  • rectification of the data in our possession,
  • the deletion of any data for which we no longer have any legal basis for processing,
  • opposition to processing where required by the applicable legislation,
  • revocation of your consent, if the processing is based on consent,
  • the restriction of the way we process your personal data, within the limits provided by data protection legislation.

If you wish to submit a complaint under Article 77 of the GDPR to the competent supervisory authority based on your usual place of residence, place of work or the place where your rights have been infringed; for Italy, the competent authority is the Garante per la protezione dei dati personali, which can be contacted using the contact details given on this website www.garanteprivacy.it. The exercise of these rights is subject to certain exceptions aimed at safeguarding the public interest (e.g. prevention or identification of crimes) and our interests (e.g. maintaining professional secrecy). In the event that you exercise any of the above-mentioned rights, it will be our duty to verify that you are entitled to exercise them and we will notify you accordingly.

10. DATA SECURITY

Your personal data will be processed by automated tools for as long as is strictly necessary to achieve the purposes for which it was collected and in accordance with the principle of necessity and proportionality, avoiding processing of personal data where operations can be carried out by using anonymous data or by other means. We have adopted specific security measures to prevent the loss of personal data, unlawful or improper use and unauthorised access, but please remember that it is essential for the security of your data that your device is equipped with tools such as constantly updated antivirus software and that the provider providing the Internet connection guarantees the secure transmission of data through firewalls, spam filters and similar devices.

11. CONTROLLER CONTACTS

To exercise your rights under Section 9, you may contact the controller at the following addresses: Marco Ghirello, Piazza Catullo n. 3, 37016 - Garda (VR), e-mail: info@baiadelgarda.it.