Customer Information EU regulation no. 679/16 GDPR
The lodge – P.I. ? (hereinafter, “Data Controller”) , as data controller, informs you pursuant to art. 13 D.Lgs. 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:
Object of processing
The Data Controller processes personal, identifying and non-sensitive data (in particular, name, surname, tax code, p. vat, email, telephone number – subsequently, “personal data” or “data”) communicated by you during registration during employment relationships, contracts and other exchanged between you and the Data Controller.
Purpose of the processing:
Your personal data are processed: A) without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes: to conclude contracts for the Data Controller’s services to fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships with you; to fulfil the obligations provided by law, by a regulation, by Community legislation or by an order of the Authority (such as on anti-money laundering); exercise the rights of the Data Controller, such as the right of defence in court; B) Only with your specific and distinct consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing Purposes: sending them by e-mail, post and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and detection of the degree of satisfaction on the quality of services; send them by e-mail, post and/or SMS and/or telephone contacts commercial and/or promotional communications from third parties (for example, business partners, insurance companies, other companies of the Group).
Please note that if you are already our customer, we may send you commercial communications related to services and products of the Data Controller similar to those you have already used, unless you disagree (art. 130 c. 4 Privacy Code).
Methods of Processing
The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for the time necessary to fulfil the above purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for the Marketing Purposes.
The legitimate interests pursued by the Data Controller in the processing of data is given by having to respect and honour the contractual obligations entered into between the parties. Pursuant to art. 6, the lawfulness of the processing is based on the consent clearly expressed by the interested party, documented in writing.
Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
– to employees and collaborators of the Data Controller, in their capacity as internal data processors and/or system administrators;
– to companies of which the Data Controller could be part (for example, for support activities in the study of the feasibility of the customer’s project, for technical project management activities, for the storage of personal data, etc.) or to third parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
Without your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is mandatory by law for the fulfilment of the aforementioned purposes. Your data will not be disclosed
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/ or third parties appointed and duly appointed as Data Processors. The data will not be transferred outside the European Union. It remains in any case understood that the Data Controller, if it becomes necessary, will have the right to move the location of servers in Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses established by the European Commission.
Nature of data provision and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we will not be able to guarantee either the registration on the site or the Services of art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you may not receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. In any case will continue to be entitled to the Services referred to in art. 2.A)
Rights of the data subject
In your capacity as data subject, you have the rights referred to in art. 7 Privacy Code and art. 15 GDPR and precisely the rights to:
obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in the case of processing carried out with the help of electronic tools; d) of the identification details of the data controller, the responsible persons and the appointed representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom personal data may be disclosed or who may become aware of it as a designated representative in the territory of the State, of responsible persons or persons in charge;
obtain: a) the updating, the rectification or, when you have interest, the integration of the data; b) the cancellation, the transformation in anonymous form or the block of the data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) proof that the operations referred to in paragraphs a) and b) those to whom the data have been communicated or disseminated have been brought to the attention of, including as regards their content, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right;
oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if relevant to the purpose of the collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for the performance of market research or commercial communication, by the use of automated call systems without the intervention of an operator by email and/or by traditional marketing methods by telephone and/or paper mail. Please note that the data subject’s right of objection, set out in paragraph b above), for purposes of direct marketing by automated means extends to traditional ones and that however remains subject to the possibility for the data subject to exercise the right of opposition even in part. Therefore, the interested party can decide to receive only traditional communications or only automated communications or neither of the two types of communication.Where applicable, also has the rights referred to in art. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.
How to exercise your rights
You may at any time exercise your rights by sending:
– an e-mail to firstname.lastname@example.org
Without prejudice to any other administrative or judicial recourse, we inform you that, if you believe that the processing concerning you infringes this regulation, you have the right to lodge a complaint with a supervisory authority (Data Protection Authority)in particular in the Member State of habitual residence, employment or the place where the alleged infringement occurred.
Owner, manager and appointees
The Data Controller is Luxor Chianti Village
The updated list of data processors and data processors is kept at the headquarters of the Data Controller.
Amendments to this Policy
This Policy may change. We therefore recommend that you regularly check this Policy and refer to the most up-to-date version.