This page describes how the site is managed with reference to personal data processing of users who consult it. Pursuant to Art.13 of EU Regulation 2016/679 on matters of personal data protection, this is a circular letter to those who interact with the services and web pages of the site accessible electronically starting from the address: www.carestombnb.com, corresponding to the initial page of the site.
The information is provided exclusively in relation to the site in question and its parts. This is not extendable to other sites or pages not belonging to the site itself, as consulted by the user through links.
Following the simple consultation of this site or interaction with it, data relating to identified or identifiable persons may be processed.
The Data Processing Controller is Ca' Restom Di Castagnetti Gloria E C. S.N.C., a Company, based in Via Giambattista Morgagni 3/5, 42123 Reggio Emilia (RE) Italy and with VAT Number: 02821020357.
Processing operations connected to the web services of this site may take place at the aforementioned headquarters or at the premises of the Data Processor(if present), and are handled only by designated technical and/or commercial personnel or by eventual persons charged with occasional maintenance operations.
PURPOSE OF DATA PROCESSING AND LEGAL BASIS
The data is collected directly from the data subject for the following purposes:
1) Navigation Data:
- to guarantee the correct functioning of the website;
- to guarantee the information security of the site protecting the Data Controller and other users from potential cyberattacks. The legal basis of processing lies in a legitimate interest of the Data Controller who is consistent in protecting the web site from computer attacks and allowing it to be operational as well as in promoting his/her own activity to third parties, visiting the site.
2) Data communicated by User:
- to manage commercial and information requests received through the contact forms or other communication channels with the Data Controller present on the site;
- to fulfil contractual obligations and satisfy the user's pre-contractual needs;
The legal basis is represented by contractual and pre-contractual requirements, and the legitimate interest of the Data Controller consisting of management of communication with data subjects to satisfy specific forwarded requests.
TYPE OF DATA PROCESSED
1) NAVIGATION DATA
The computer systems and software procedures responsible for the functioning of this website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified Data Subjects, but by their very nature could allow users to be identified through processing and association with data held by third parties.
This category of data includes:
- IP addresses or domain names of computers utilized by users connecting to the site;
- the URI (Uniform Resource Identifier) addresses of the requested resources;
- the time of request;
- the method used in submitting the request to the server;
- the size of file obtained in response;
- the numeric code indicating the status of response given by the server (good result, error, etc.),
- other parameters relating to the operating system and the user's IT environment.
This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning, and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes that damage the site.
2) DATA COMMUNICATED BY USER
The optional, explicit and voluntary sending of data to this site entails the subsequent acquisition of contact details of the sender concerned, which is necessary to respond to requests as well as any other personal data sent spontaneously by the latter.
Here below are the methods used by the website to collect personal data and not through third-party users.
a) Contact Form
Through the contact form present on the website, the user is required to provide personal identification data and contact details as well as other information that may be specifically requested by the Data Subject.
Data is entered and sent spontaneously by the user who wishes to be contacted by the site owner, as well as the Data Controller, to receive information related to specific requests.
Data collected will be exclusively used to respond to requests forwarded and will be processed further only if a business relationship is established between the user and Data Controller.
Data collected can be processed by third-party subjects, should this be necessary to achieve the aforementioned purposes. The categories of recipients can be represented by:
- private persons that provide services for maintenance and development of the website;
- persons managing data centres, databases and applications provided in SaaS;
- companies involved in maintenance/repair of company IT equipment;
For a complete list of nominated responsible individuals for data processing and other eventual recipients, it is possible to contact the Data Controller. The processed personal data shall not be disseminated and cannot be further communicated to third parties except for communications to judicial or public security authorities in the face of a specific request or following the commission of offenses.
Personal data collected during navigation is processed by automated tools, and not on IT support systems, using logics strictly related to the purposes indicated and with methods suitable to guarantee security and confidentiality in accordance with the provisions of Article 32 GDPR. Processing shall be carried out by our staff designated for this purpose, or by third parties subject to the communication of the data.
NATURE OF PROVISION
Provision of Data is mandatory with regard to navigation data (as per Point 1 of the Type of processed data) as they are necessary for the website to be available to the user.
Failure to disclose this data may not allow the user to access the site or parts of it.
Provision of data communicated by the user (referred to in Point 2 of the Type of data processed ) is optional as this data is transmitted spontaneously by the user to satisfy specific exigencies or to establish a business relationship with the Data Controller.
Failure to provide this data may prevent the user from forwarding direct requests to the website’s Data Controller.
DATA STORAGE PERIOD
The data storage period varies according to the type of data processed:
1. NAVIGATION DATA
Navigation data shall be processed for the time strictly necessary to achieve the goals for which it was collected and subsequently automatically deleted. As regards cookies, the storage time is indicated in the appropriate lists, if present.
2. DATA COMMUNICATED BY USER
Data communicated directly by the user shall be stored as follows:
- the data collected to respond to specific requests of data subject shall be processed for the time necessary upon breakout of such requests for a period not exceeding 1 year from the completion of the request unless commercial deals or other orders are established with the interested user;
RIGHTS OF DATA SUBJECT, MODE OF EXERCISE AND COMPLAINTS TO THE DATA PROTECTION AUTHORITY
You are informed of the existence of your right to request access to your personal data, rectify and cancel the same, restrict the processing of data concerning yourself, object to their processing, data portability (Articles 15 to 22 of the EU Regulations 2016/679 GDPR);
You can exercise your rights and know the third parties to whom data may be communicated by writing to the e-mail address: email@example.com the DPO or lodging a complaint to the competent data protection authority.
Further details and specifications regarding the aforementioned processing are made available by the Data Controller upon specific request of the data subjects.
You are entitled to lodge a complaint with a control entity through Personal Data Protection Authority by sending a certified e-mail message to firstname.lastname@example.org, or at the competent control authority of another European Union country.
This circular letter was updated on 06/05/2019.