Nabuisson Bed & Breakfast, Via Aubert 50/11100 Aosta [AO] - Italy
Tel. +39 339 609 0332 E-mail: firstname.lastname@example.org
According to the art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter, "Privacy Code") and art. 13 EU Regulation n. 2016/679 (hereinafter "GDPR") that your data will be processed in the following manner and for the following purposes:
Subject of processing
The Data Controller processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, address, telephone number, e-mail address, etc. - hereinafter "personal data" or "data") communicated by you at the time of registering on the stopdown.it website (hereinafter, "Site") or on the form for requesting the Holder's newsletter, filling in and sending a contact form to the Owner or, in any case, for any request to the Owner ( eg of Demo, etc).
Purpose of the processing
Your personal data is processed:
A. Without your prior express consent (art. 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
fulfill the pre-contractual, contractual and fiscal obligations deriving from existing relationships with you;
process a contact request;
fulfill the obligations provided by the law, by a regulation, by the community legislation or by an order of the Authority;
preventing or detecting fraudulent activities or abuses harmful to the Site;
exercise the rights of the Holder, for example the right to defend in court.
B. Only with your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:
send you e-mail newsletters, commercial communications and / or advertising material about the owner's products or services.
We inform you that if you are already a customer of ours, we will be able to send you commercial communications relating to the owner's services and products similar to those you have already received, unless you disagree (Article 130, paragraph 4 of the Privacy Code).
The processing of your personal data is carried out by means of the operations indicated in the art. 4 Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subjected to electronic and / or automated processing (website and management of Mailpoet).
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for not more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for Marketing Purposes.
Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
to employees and collaborators of the Data Controller, in their capacity as appointees and / or internal processors and / or system administrators;
to third-party companies or other subjects (as an indication, web site provider, e-payment service provider, suppliers, hardware and software support technicians, credit institutions, professional offices, etc.) that perform outsourcing activities on behalf of Owner, in their capacity as external processors.
Without your express consent (pursuant to art. 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Owner may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities where required by law. Your data will not be disclosed.
The management and storage of personal data will take place on servers located within the European Union. The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers in Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller now ensures that the extra-EU data transfer will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the European Commission.
Nature of data provision and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we will not be able to provide you with the services of the art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is instead optional. You can then decide not to give any data or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the products, or services offered by the Data Controller. You will however continue to be entitled to the Services referred to in art. 2.A).
Rights of the interested party
In your quality as interested, you have the rights referred to in art. 7 Privacy Code and art. 15 GDPR and precisely the rights of:
obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
get the indication:
a) the origin of personal data;
b) the purposes and methods of processing;
c) the logic applied in the case of processing carried out with the aid of electronic instruments;
d) of the identification data concerning the data controller, data processors and the representative designated pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR;
e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or appointees;
a) updating, rectification or, when interested, integration of data;
b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the event that such fulfillment occurs it proves impossible or involves a manifestly disproportionate use of resources with respect to the protected right;
object, in whole or in part:
a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of your personal data for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by phone and / or mail. Please note that the right of opposition of the interested party, exposed to the previous point
b), for direct marketing purposes through automated methods, it extends to traditional ones and in any case the possibility remains open for the interested party to exercise the right to object even in part. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, you also have the rights set forth in articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to portability of contractual and raw navigation data, right to object), as well as the right to complain to the Guarantor Authority.
Mode of exercise of rights
You can exercise your rights at any time:
sending a registered letter a.r. to the address of the owner;
sending an email to email@example.com;
by calling +393396090332
Owner, manager and appointees
The Data Controller is
Nabuisson Bed & Breakfast
Via Aubert, 50 11100 Aosta - Italy
The updated list of data processors and data processors is kept at the headquarters of the Data Controller.