Pursuant to EU Regulation no. 679/2016 (the General Data Protection Regulation, “GDPR”), this page describes the methods for processing personal data of users who visit the Villasanpaolo Hotel website (hereinafter “Villasanpaolo Hotel site”) accessible by electronic means at the following addresses www.villasanpaolo.com.
This information does not apply to other websites, pages or online services accessible via hypertext links that may be published on sites and which refer to resources that are external to the villasanpaolo domain.
1. THE DATA CONTROLLER
The Data Controller of your personal data is SABATINI – VOLPINI & C. s.n.c. , VAT number & Fiscal code number 00367450525, with registered office in San Gimignano, in Loc. Pancole 10/B, legally represented by Remo Squarcia.
2. TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operating functions, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties; however, due to its very nature it could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present, the data on web contacts does not last for more than seven days.
Data provider by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on the Villasanpaolo, as well as filling in and forwarding the forms found on the www.villasanpaolo.com site or the booking engine managed by QNT S.r.l., entail the acquisition of the sender’s contact data, which is needed to respond, as well as all personal data included in notifications (including data entered in the forms and forwarded through the Villasanpaolo website to book a stay).
3 .PURPOSE OF THE PROCESSING
Datas will be processed with the purpose of sending information requested by the user, till its opposition.
4. DATA PROCESSING – DATA RETENTION PERIOD
Personal Data will be processed using manual, computerized or telematic tools that are suitable for ensuring security and confidentiality. The data provided will be processed for the time strictly necessary to give feedback to requests and notifications sent voluntarily by clients.
5. DATA RECIPIENTS
No data deriving from the web service is circulated. The data will not be disclosed to third parties except to third parties who, in fulfilling the contract and limited to the purposes indicated above, collaborate with the Data Controller (professionals/companies providing consultancy work of a legal, tax and accounting nature, competent authorities for ‘fulfilling legal obligations’, subjects providing services for managing computer systems and assistance to the website)The parties involved are designated in written manner as authorized persons and operate according to the Owner’s operative instructions.
The list of designated persons is constantly updated and available at Owner’s operative offices.
6. OPTIONALITY TO PROVIDE DATA
Apart from what has been specified with regard to browsing data, the user is free to provide personal data listed in the application forms or indicated in contacting the Office to request to receive informative material or other notifications. Failure to provide such data may make it impossible to fulfil requests.
7. RIGHTS OF THE INTERESTED PARTIES
Based on current legislation and the provisions established in the GDPR, you have the right to access, rectify, delete data; moreover you have the right to obtain data portability and to revoke your consent at any time.
Hereinabove rights can be exercised by contacting our offices at +390577955100 or firstname.lastname@example.org.
Complaints to the supervisory authority can be addressed to the Guarantor for the protection of personal data, according to Art. 77 of GDPR.
Latest update: 30.11.2018
Sabatini – Volpini & C. snc