I. Warnings and Children Protection
II. Reference standards and legal basis of processing.
III. - Nature of processed data.
(a). - Common personal data, identificative data.
(b). - Technical processing.
(c). - Cookies.
(d). - Special categories of personal data.
IV. - Nature of conferment, data sources.
IV.1. - Data to be conferred.
IV.1.2. - Data sources.
V. Purpose of Processing.
VI. - Processing modes of personal data.
VI.1. - Data security and storage.
VI.1.2 - Profiling, automatized decision-making process.
VII. – Data recipients and cross-border transfer.
VII.1. – Persons responsible for data processing.
VII.2. – Data diffusion (to determined external subjects).
VII.3. – Cross-border transfer of personal data.
VII.4. – Data diffusion (to undetermined external subjects).
VIII. - Rights of the data subject.
IX. - Revocation of Consent, Questions on Privacy. Access and Contact.
X. – Controller.
XI. – Person Responsible for Personal Data Protection.
XI.1. - Data Processors
INFORMATION ON PERSONAL DATA PROTECTION.
ART. 13 OF EU REGULATION 679 OF 27 APRIL 2016
For the purposes of this policy, it being understood that the definitions are those contained in art. 4 of the GDPR, the following definition shall apply:
www.losvevo.com domain: it is the domain that can be reached through the world wide web service of the Internet, at the address https://www.losvevo.com/, composed of data, applications, technological resources, human resources, organization rules and procedures for the acquisition, storage, processing, exchange, retrieval and transmission of the information.
I. WARNINGS AND CHILDREN PROTECTION
The processing of the personal data shall apply the principles of lawfulness, correctness and transparency. Personal data shall be collected for specified, explicit and legitimate purposes (restriction of purposes) and shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimization). Data shall be always updated and exact and kept for no longer than is necessary for the purpose of performing the Contract, subject to the fulfilment of legal and fiscal obligations that may provide for a longer period of time (storage limitation).
Personal data shall be processed using all security measures that are suitable for guaranteeing the integrity, the privacy and the unavailability by unauthorized third parties (integrity and confidentiality). When not expressly indicated, the conferment of the personal data through the collection points in the Website is reserved to users who have reached the lawful age.
II. REFERENCE STANDARDS AND LEGAL BASIS OF PROCESSING.
The processing operations, which are illustrated in detail below, have their legal basis in the norms that regulate the right to personal data protection, the privacy right and in the norms that allow for expressing or revoking, at any time, the informed consent to the processing operations, namely: the EU General Regulation 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; the informed consent, expressed in compliance with the current provisions of law.
In particular, in addition to the fulfilment of obligations or orders imposed on the Controller by law or order of the Authority (Art. 6 GDPR), the fact that, Art. 6 paragraph b) of the GDPR, the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
III. - NATURE OF PROCESSED DATA.
(A). - COMMON PERSONAL DATA, IDENTIFICATIVE DATA.
For instance, Name and Surname, Place of Birth, Year of Birth, Sex, Address, Town, Province, e-mail address, Telephone Number, Post Code, credit card number or other data that may be necessary for booking.
(B). - TECHNICAL PROCESSING.
The IP number and the type of browser used for connecting to the domain https://www.losvevo.it/ (non-identificative data), which are automatically recorded by the logic devices used for protecting and controlling the accesses to the domain, are subject to processing. This personal data is exclusively used for controlling the network traffic towards the domain losvevo.it. This information is not collected to be associated with identified subjects. For its intrinsic nature, this information may allow for identifying the users through processing operations and associations with data that is held by third parties. This data is used for the sole purpose of obtaining anonymous statistic information on the use of the Website and controlling the correct operation and it is immediately deleted after processing.
(C). - COOKIES.
Moreover, the Controller anonymously processes and analyzes the data relative to the pages of the https://www.losvevo.it/ domain that are visited by the user, which is acknowledged by means of cookies. By means of these technologies (which allow for understanding the navigation preferences, verifying the areas of the https://www.losvevo.it/ domain that have been already visited by the user), the Controller may personalize the service according to the user requirements, without performing any unnecessary registrations. A cookie is a set of data that is sent to the browser by the Website.
The aforementioned data can also be stored in the computer by means of an anonymous Tag that identifies the computer, but not the user.
Some pages use the cookies sent by the losvevo.it Website or by third parties, and other technologies to offer a better navigation of the Website. The browser can be set in such a way to receive a warning message before the reception of a cookie, thus offering the user the possibility to accept or refuse the cookie. Cookies can be also completely deactivated. By deactivating the cookies, some Websites may not operate correctly. For more information on the usage of cookies in https://www.losvevo.it/ please refer to our Cookies Policy.
(D). - SPECIAL CATEGORIES OF PERSONAL DATA.
If special categories of personal data are collected through the LO SVEVO domain under art. 9 of Reg. EU 679/2016, the data subject shall be previously informed and put in a condition to express his/her consent, if necessary, according to the law.
IV. - NATURE OF CONFERMENT, DATA SOURCES.
IV.1. - Data to be conferred.
The conferment of some identificative personal data is necessary, and therefore mandatory, to execute specific requests of the data subject, for example, the booking request for dimora storica LO SVEVO. The data subject is always free not to provide his/her personal data, however, in such a case, it might be impossible for the Controller to satisfy the requests or meet the requirements of the data subject, who might be unable to use all functions of the Website.
This identificative data shall be processed with paper and electronic supports, and shall be exclusively stored by the Controller for the necessary period of time. When such a storage period has elapsed, the identificative personal data shall be automatically deleted.
IV.2. - Data Sources.
We shall collect data, directly conferred by the data subject, through your interactions with the www.losvevo.it Website or through the platform used to manage the booking procedure, which can be reached on the Internet from www.wubook.net.
V. PURPOSE OF PROCESSING.
In addition to the processing operations that are necessary in relation to obligations of the law and of regulations or arising from orders issued by the Authority, exclusively for the purpose of the consent, if necessary, the Controller shall perform the operations that are necessary for the data subject to use the booking services and the functionalities available in https://www.losvevo.com.
V.2. - SPECIFIC REQUESTS OF THE DATA SUBJECT.
The optional, explicit and voluntary transmission of e-mails to the addresses indicated in this Website shall result in the successive acquisition of the sender’s address, which is necessary to reply to the requests, and of the other personal data contained in the message. Specific synthetic information shall be progressively reported or displayed in the pages of the Website for special on-demand services. In any case - whenever provided for by the law - your consent to the processing of your personal data shall be required from time to time.
V.3. - NOTICES RELATIVE TO SERVICES.
Under art. 130 of the Privacy Code (Leg. Decree 30 June 2003 no. 196) the Controller may send information on the activities and/or the initiatives of Dimora Storica Lo Svevo to the email address used for booking.
VI. - PROCESSING MODES OF PERSONAL DATA.
In relation to the purposes indicated in the preceding paragraphs, the personal data shall be processed in hardcopy and electronic format by means of specific procedures in order to personalize the services offered by the Controller. Data shall be processed in such a way to guarantee the logical and physical security and the privacy, and processing may be performed with manual, electronic and computerized tools suitable for storing, transmitting and sharing the data. The processing logics shall be strictly related with the purposes.
VI.1. - DATA SECURITY AND STORAGE.
The personal data shall be kept within the European Union, and the relevant security policies are reviewed in compliance with the Best Practices on this matter. WUBOOK S.r.l. shall be responsible for the processing operations that are necessary to guarantee the security of payment operations with credit cards.
VI.2. - PROFILING, AUTOMATIZED DECISION-MAKING PROCESS.
VII. - DATA RECIPIENTS AND CROSS-BORDER TRANSFER
The personal data can be disclosed to the following subjects, acting as processors, each one of them in a limited way according to their skills and tasks and based on the assigned instructions; third-party subjects, who are specifically identified as Processors, or System Administrators, who are used by the Controller to perform such services, each one of them in a limited way according to their skills and tasks and based on the assigned instructions.
VII.2. – DATA DIFFUSION (TO DETERMINED EXTERNAL SUBJECTS).
The Controller shall have the faculty to disclose the personal data to third-party service suppliers, for managerial, accounting and administrative activities, after the acquisition of the consent according to the provisions of law, if any, in compliance with the security measures, for the sole purpose of performing the requested service, such as: - mail service companies, - lawyers and public notary firms, - consultants, also in associated form, - other service companies, and additional subjects in compliance with legal obligations (such as insurance companies, police force, judicial authorities, etc.).
VII.3. - CROSS-BORDER TRANSFER OF PERSONAL DATA.
The Controller does not perform cross-border transfers of personal data on his/her own initiative. However, some third-parties and service suppliers may have their servers installed physically abroad, such as in the case of electronic mail providers or the host of the site of the supplier who provides booking services. In such an instance, the cross-border transfer of personal data shall be exclusively carried out in compliance with Reg. EU 679/2016 Art. 44 and following articles.
VIII. - RIGHTS OF THE DATA SUBJECT.
Articles 15 to 22 of the GDPR confer the exercise of specific rights to the data subject, such as the right to access his/her personal data and obtain a copy of such data, to obtain from the Controller the confirmation as to whether or not personal data concerning him or her are being processed, the right to obtain the rectification of the inaccurate personal data and the right to have incomplete personal data completed, the right to obtain the erasure (right to be forgotten) under the terms and conditions of art. 17 GDPR, the right to restriction of processing, the right to revoke the consent, the right to data portability, and the right to object, at any time and without being obliged to advance justifications, to processing of personal data for direct marketing purposes. The rights can be exerted by sending an e-mail to the Controller’s address or an ordinary mail to the address indicated below. The Controller may need to identify the Data Subject, asking to provide a copy of his/her identity document. The data subject who may consider that his/her personal data have been processed by infringing the provisions of the GDPR or of the internal rules on personal data protection shall have the right to lodge a complaint with the Supervisory Authority for Personal Data Protection with office in Rome under art. 77 GDPR and/or to have recourse to the law. For the exercise of said rights, or to obtain any other information on said rights and, generally speaking, on the processing of personal data, the requests must be addressed by e-mail to: email@example.com.
IX. - REVOCATION OF CONSENT, QUESTIONS ON PRIVACY, ACCESS AND CONTACT.
If you have a question or if you wish to receive more information on the processing of your personal data, or if you want to exert the rights under art. VIII, you can send an e-mail to the administrator of the losvevo.it Website, using the following address: firstname.lastname@example.org. You can use the same address to contact us and ask questions about the way the information is managed by the Controller. Before the information is provided and/or amended by the Controller, it may be necessary to verify the identity of the Applicant. We will reply as soon as possible.
The Controller is Ing. Studio Baldi S.r.l., Viale Cavallotti 13 - 60035 JESI (AN): email@example.com .
The Processor is WUBOOK S.r.l. with registered office in Fano, Italy, VAT NO.: 02340220413.
This mandatory information shall be subject to update according to the amendments of the applicable provisions of law.