Information on the processing of personal data of the users visiting the websites (hereafter “website”) of Villa Stella (hereafter “Company”)
WHY ARE WE SUPPLYING YOU WITH THIS INFORMATION? According to article 13 of EU Regulation 2016/679 (hereafter “Regulation”), this information describes the processing operations performed on the personal dataof the users visiting Company’s website accessed electronically on the address: https://www.villaasteriapaxos.com/index_en.html, admitted into or gathered through the social media pages of the Company. The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the Company 's domain.DATA CONTROLLER
Maria Domenica De Donno
Viale Gallipoli, 22 B
DATA PROTECTION OFFICER
The Data Protection Officer (DPO), who may have been designated by the company, is responsible for monitoring how personal data is processed
and to inform and advise employees who process personal data about their obligations.
The DPO also cooperates with the Data Protection Authority (DPA), serving as a contact point towards the DPA and individuals.
You can find them at the following address:
Maria Domenica De Donno
Viale Gallipoli, 22 B
LEGAL BASIS FOR THE PROCESSING The processing of personal data will be based on a legal basis. According to the article 6 of Regulation, “processing shall be lawful only if and to the extent that at least one of the following applies: ᛫ the data subject has given consent to the processing of his or her personal data for one or more specific purposes; ᛫ processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; ᛫ processing is necessary for compliance with a legal obligation to which the controller is subject; ᛫ processing is necessary in order to protect the vital interests of the data subject or of another natural person; ᛫ processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; ᛫ processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”. So the legal basis depends on the purposes for which personal data are processed. Sometimes (as for requests received through the contact section) the Company use personal data to respond to the visitors’ request (in this case legal base is “(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”); sometimes the Company use personal data to implement specific obligations imposed by rules and regulations (in this case legal base is “(c) processing is necessary for compliance with a legal obligation to which the controller is subject”). When the consent is mandatory, specific consent will be required by Company.
CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PROCESSING Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Visiting the website, calling to the phone number quoted on the Website, writing mail, compilating the form of contact section of the Website, using social network plug-ins on the Website, visitor can communicate personal data that can be classified as follows.
BROWSING DATA The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment. These data are necessary to use web-based services and are also processed in order to ᛫ extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.); ᛫ check functioning of the services; ᛫ identify anomalies and/or abuse Browsing data are kept for no longer than seven days (except where judicial authorities need such data for establishing the commission of criminal offences).
DATA COMMUNICATED BY USERS Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the Company’s contact addresses, or sending private messages to the Company’s social media pages and profiles (where this option is available), and filling in and sending the forms made available on the Company’s websites entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner. Specific information notices will be displayed on the pages of the Company's websites that are used for providing certain services.
CONSEQUENCES IN CASE OF INCOMPLETE DATA ASSIGNMENT The Company will inform, from case to case, the user whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data. Specifically, the mandatory or optional nature of the communication of data will be highlighted by means of a notice or a special character placed next to the mandatory information required.
The recipient of the data are Company personnel acting on the basis of specific instructions provided in relation to the purposes and methods of the processing itself.
Where processing is to be carried out on behalf of Company, the Company will appoint the processor as data processors by the Company pursuant to Article 28 of the Regulation.
In any case, the personal data processed will not be disclosed.
The communication or disclosure of data requested by the Police Forces, the Judicial Authority, information or security organisations or by other public entities for defence or security purposes of the State or for prevention, detection or repression of crimes, is subject to compliance with the provisions of the law.
METHOD AND SECURITY OF DATA PROCESSING
The data will be processed:
᛫ through manual, computer and telematic tools and in order to guarantee the availability, integrity and confidentiality of the data;
᛫ with organizational methods and logic strictly related to the purposes indicated, in compliance with the principle of minimization;
᛫ by subjects specifically appointed, identified and authorized, appropriately educated and made aware of the constraints imposed by all applicable legislation;
᛫ with the use of technical and organizational security measures to prevent and / or reduce the risks of illegal access and destruction or loss of data.
PLACE OF PROCESSING The management and storage of personal data will take place in Italy and, in any case, within the European Union. Currently the servers used by the Company are placed within Europe The data will not be transferred outside of the European Union In any case it is understood that, where it deems it necessary and / or appropriate, the Company will have the right to change the location of servers in Italy and / or the European Union and / or non-EU countries. In such a case the Company assures that the transferral of data outside of the EU will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection, and / or adopting the standard contractual clauses provided by the European Commission, and / or, in any case, satisfying the conditions set by the applicable legislation.
STORAGE TIME The data gathered during the registration by the Website will be used exclusively for the indicated purposes and will be stored only for the strictly necessary time needed to carry out the activities of the Company. The data will not be stored for a period of time longer than the necessary time to meet the purpose for which they were processed. To determine the appropriate time of storage, the Company takes the quantity, the nature and the sensibility of the personal data, the purpose for which it was processed and the possibility to fulfil those purposes by other means, into consideration. The data gathered by the Website will thus be stored for the entire duration necessary to meet the requests and, even after the termination, to manage all the possible contractual, pre-contractual, administrative, or legal obligations, connected or deriving from them, or for the time allowed by Italian law while protecting the legitimate interests of the Company.
DATA SUBJECTS' RIGHTS Data subjects have the right to obtain from the Company, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them or to object to the processing and to transmit data (pursuant to Articles 15 to 22 of the Regulation). As well, data subjects have the right to revoke the consent given (see Articles 15 and following of the Regulation). Please contact the Company at the addresses indicated above to lodge all requests to exercise these rights.If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Garante pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Company pursuant to Article 79 of the Regulation.