This policy describes the information we process to provide our services or to ensure maximum service to our customers
PREMISE
As required by the European Union Regulation no. 679/2016 (“GDPR”) below is provided to the user (“User”) the information required by the law regarding the processing of your personal data
1. WHO WE ARE
The Data Holder and the Data Processing Manager
The Data Holder and the Data processing manager is Casa Vacanze La Morosa di Bonelli Manuela | P.I. 02529160547
E-mail: info@lamorosa.com
Telephone: +39 075845330 / +39 3483352464
Who can see the data
Third parties delegated by us to manage some of our activities may have access and see the data on the website. These subjects are people inside agencies and companies that have the task of carrying out some activities on our behalf (eg web agency or free lance or ecommerce managers)
These subjects can not, however, process this data except in the presence of a precise written mandate from us
2. WHAT DATA WE TRACK
Personal data
Name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, social security number, address / s e-mail, contacts social networks
Data of companies, associations, public bodies, freelancers
Company Name, VAT Number, Fiscal Code, administrative office, name and surname of the contact persons, address (s), contact details, telephone number (s), social network
Trackable traffic data
Log, IP address of origin, generic statistical data, social network connection data
The Data Holder does not require the subject to provide sensible data, that is, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, data biometrics designed to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation.
3. WHY WE NEED YOUR DATA
Follow the request for registration and the contract for the provision of the selected service and / or the purchased product
The processing of personal data of the User serves us, in this case, to register on our list of customers and to comply with the legal obligations to which we must abide.
These data will also be used for sending invoices or other documents necessary for the proper performance of our task of service providers or products.
These data will be included in our management database and will be used only and exclusively to follow up on our relationship with the interested party
Manage and execute contact requests forwarded by the interested party and provide assistance
The processing of such data takes place on your explicit request and consent to answer your questions. These are data that are processed only as a result of solicitation of the User
The legal basis of these treatments is the fulfillment of the services inherent to the request for registration, information and contact and / or sending of informative material and compliance with legal obligations.
Provide suggestions on further activities regarding the services / products similar or complementary to those purchased by the Interested Party (art.47 GDPR)
The Data Holder, even without the explicit consent of the User, may use the contact data communicated only for services / products similar to those of the sale, unless the User’s explicitly objects.
Provide suggestions on activities that are different from the services / products purchased
In this case the data will be processed only and exclusively if the user has provided the consent.
Processing can be done through automatic systems for sending emails, text messages or telephone contact
The data provided by the user will not be disclosed to third parties
Identification data not provided (Art. 13 GDPR)
If the user does not provide the identification data required to process the requests received or following the completed form, the Data Holder will not be able to process the processing of the requested services and / or the contract and the services / products connected to it, nor to the obligations that depend on them.
Consent denied for other uses than those related to the management of the contractual relationship
If the interested party does not give his consent to the use of data in order to receive information or specifications on promotional activities, the consent remains for the performance of those activities necessary for the management of the contractual relationship
4. HOW WE COLLECT THE DATA
Through automatic data collection systems we track information on the navigation of our Internet site in an aggregate way.
We need this to make statistics and analysis on all those who is interested in our services. This information can also be collected through software or plugins external to our website
(so-called “Cookies” –> See point 9. of this text)
Through the forms that the user of the site can freely decide to complete to be contacted or informed
Through the necessary forms of our ecommerce in order to best accomplish our online sales activity
Through one-to-one meetings in fairs, events, initiatives or contacts
In all these modalities, explicit consent is requested. In the case of offline data retrieval, the consent will be countersigned; in case of online data retrieval, the consent occurs when the “Send” button is clicked.
5. WHERE DATA ARE STORED
The data objects of the treatment are stored in two ways:
The data collected through our website will be included in a database on the Internet site and on servers provided by Aruba Business srl (read the privacy policy of Aruba Business here https://business.aruba.it/informativa_arubabusiness.pdf )
The data collected offline will be kept in special folders kept in the legal or operational headquarters of our company
6. HOW DATA ARE PROTECTED
Data collected from the website
The data collected by us on the Internet site are protected by access with passwords of the administrators of the website.
The website has two systems of protection.
The first is an encryption system of the Internet site through the https protocol. The certificate of protection is provided by Let’s Encript, provided by the company Aruba Business Spa.
The second is a system of protection of the Internet site inserted in it, which:
- Prevents entry to any unauthorized person
- Block access when using “banned” passwords because they are considered “hacked”
The data are all stored on the servers of Aruba Business Spa
Data collected offline
The data collected offline are all located within special folders located within the company headquarters.
The company is always manned during special working hours, while during closing hours it remains closed and accessible only through an access key. The folder in which the data is stored is anonymized
7. HOW MUCH TIME WE STORE THE DATA
In general, the personal data of the User will be kept until they are necessary with respect to the legitimate purposes for which they were collected, unless legitimate and specific requests for cancellation.
In particular, they will be stored for 20 years in the case of personal data collected for the purpose of carrying out activities linked or similar to services or products sold
Instead, in the case of data provided to the Data Holder for the purposes of commercial promotion for services other than those already acquired by the User, for which he initially consented, these will be retained for 48 months, always subject to revocation of the consent given.
Regardless of the determination of the interested party to their removal, the personal data will in any case be kept according to the terms established by current legislation and / or national regulations.
Furthermore, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will retain only the data necessary for the relative prosecution.
Except in cases where the rights deriving from the contract and / or registration, in which case the personal data of the User, exclusively those necessary for such purposes, will be processed for the time necessary to their pursuit.
8. THE RIGHTS OF THE USER
The User has the right to obtain from the Data Holder, if requested, the data available of the User (so-called “data portability” right)
In addition, the User may request to be deleted from any database or other place of data storage, or any correction of some of these data, at any time and without having to provide any justification for such request.
For any information or need, however, the User can directly contact the Data Holder at the addresses referred to in paragraph 1. of this document.
The maximum times established by law so that the holder can fulfill the requests in this direction are 1 month
The User can also lodge a complaint with the competent supervisory authority in Italy (the Personal Data Protection Authority) or the one carrying out its duties and exercising its powers in the Member State where the violation took place. of the GDPR.
9. COOKIES AND SERVICES PROVIDED BY THIRD PARTIES
Cookies are data that are sent from the website and stored by the Internet browser on the computer or other device (for example, tablet or mobile phone) of the user. The User can manage and disable the management of cookies directly from the browser he uses.
Below you can see how cookies are managed by the most popular web browsers:
- Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: https://support.apple.com/kb/PH19255
Technical cookies and third-party cookies may be installed on our website or by sub-domains.
In any case, the user can manage a general request of deactivation or cancellation of cookies, modifying the settings of his internet browser. This deactivation, however, may slow down or prevent access to some parts of the site.
Three types of cookies
Technical Cookies
Third-party cookies
Profiling cookies
Technical Cookies
It is all those cookies that allow the safe and efficient use of our site.
Technical cookies, in fact, are essential for the proper functioning of our website and are used to allow users normal browsing and the opportunity to take advantage of the advanced services available on our website.
The technical cookies used are distinguished in session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies that are saved in the user’s device memory until their expiration or cancellation by the user same.
Third-party cookies
Some of the services listed below collect statistics in aggregate form and may not require the consent of the User or could be managed directly by the Data Holder – depending on what is described – without the help of third parties.
If among the tools indicated below there were services managed by third parties, these could – in addition to what is specified and also without the knowledge of the owner – perform tracking activities of the User. For detailed information, it is advisable to consult the privacy policy of the services listed.
Button +1 e social widgets of Google+ (Google Inc.)
The +1 button and Google+ social widgets are services for interacting with the Google+ social network, provided by Google Inc.
Personal data collected: cookies and usage data.
Place of data processing: USA – Policy Google
Button I Like e Facebook social widgets (Facebook, Inc.)
The “Like” button and Facebook social widgets are services of interaction with the social network Facebook, provided by Facebook, Inc.
Personal data collected: cookies and usage data.
Place of data processing: USA – Policy Facebook
Tweet button and Twitter social widgets (Twitter, Inc.)
The Tweet button and Twitter social widgets are services of interaction with the Twitter social network, provided by Twitter, Inc.
Personal data collected: cookies and usage data.
Place of data processing: USA – Policy Twitter
Google Analytics (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.
Personal data collected: cookies and usage data.
Place of data processing: USA – Policy Google
The user can selectively disable the action of Google Analytics by installing on his browser the opt-out component provided by Google. To disable the action of Google Analytics, please refer to the link below Deactivation Analytics
Widget Google Maps (Google Inc.)
Google Maps is a map visualization service managed by Google Inc. that allows this application to integrate such contents within its pages.
Personal data collected: cookies and usage data.
Place of data processing: USA – Policy Google
YouTube (Google Inc)
YouTube is a map visualization service managed by Google Inc. that allows this application to integrate such contents within its own web pages
Personal data collected: cookies and usage data.
Place of data processing: USA – Policy YouTube
Link to manage or disable cookies: Deactivation of Cookies YouTube
Facebook Pixel (Facebook Ireland Limited)
The Facebook Pixel is a widget that allows the tracking of visits and activities carried out by the user on the Internet site, when access to the Facebook APP is open. This widget allows you to analyze data in an aggregate way and to carry out targeted advertising campaigns
Personal data collected: cookies and usage data.
Place of processing: Ireland
To set your privacy on Facebook differently, just click here Policy Facebook
Profiling cookies
They can be installed by the Data Holder, using software of c.d. web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports on information about: visitors to a website, search engines of origin, keywords used, language of use, most visited pages.
The same can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits.