Privacy

PRIVACY POLICY - BOOKING / BOOKING ENGINE

Information document pursuant to article 13 of EU Reg. 2016/679 (GDPR) - Information on the processing of personal data collected from the interested party.

In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide the necessary information regarding the processing of personal data provided.

Definitions: the art. 4 of EU Reg. 2016/679 defines "personal data" any information concerning an identified or identifiable natural person ("concerned"); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.

  1. HOLDER OF THE TREATMENT

    pursuant to art. 4 of EU Reg. 2016/679, is Arena Immobiliare Turistica di Sica Francesco Unipersonale with offices in Via Adriatica n. 46, Zip Code 33054 City Lignano Sabbiadoro (UD), [email] with exclusive reference to the role of owner of the business called “Agenzia Arena”.

  2. PURPOSE OF TREATMENT

    The personal data provided will be processed for the following purposes:

    • to acquire and confirm your booking of accommodation and ancillary services and to provide the requested services. Since these are treatments necessary for the definition of the contractual agreement and for its subsequent implementation, the provision is mandatory. In case of refusal to provide personal data, we will not be able to confirm the reservation or provide you with the requested services. The processing will cease after your departure, but some of your personal data may or must continue to be processed for the purposes and in the manner indicated in the following points; This procedure is managed by the booking software and the related data are processed by the company Mercurio Sistemi Srl which acts as Data Processor on behalf of the Data Controller and guarantees the protection and conservation of data.
    • to fulfill the obligation set forth in the "Consolidated Law on Public Security Laws" (Article 109 RD 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for purposes of public security, the details of the clients accommodated in the manner established by the Ministry of the Interior (Decree of 7 January 2013). The provision of data is mandatory, and in case of refusal to provide them we will not be able to host you in our structure. The data acquired for this purpose are not stored by us.
    • to fulfill current administrative, accounting and tax obligations. For these purposes, the processing is carried out without the need to acquire your consent. The data are processed by us and by our authorized employees and are disclosed externally only in compliance with legal obligations. In case of refusal to provide the data necessary for the aforementioned obligations, we will not be able to provide you with the requested services.
  3. LEGAL BASIS OF THE PROCESSING

    The legal basis applicable to the processing of your personal data for the purposes indicated is:

    • the execution of the contract referred to in Article 6, paragraph 1, letter b) of EU Reg. 2016/679, if the booking is successfully defined, as the processing of the guest's personal data is necessary for the purpose of concluding of the rental contract for the accommodation.
    • the fulfillment of a legal obligation to which the Data Controller is subject referred to in Article 6, paragraph 1, letter c) of EU Reg. 2016/679.
  4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA

    The personal data provided will be communicated to recipients who will process the data as managers (Article 28 of EU Reg. 2016/679) and / or as natural persons acting under the authority of the Data Controller and the Data Processor and who operate as employees or collaborators with specific appointments of authorized to process (Article 29 of EU Reg. 2016/679), for the purposes listed above in point 2.

    By way of example and not limited to, the data will be communicated to:

    • subjects that provide services for the management of the information system used by the Data Controller and the related telecommunications networks, including e-mail and website management.
    • professionals and consultants in the field of assistance and consultancy relationships.
    • competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request.

    The subjects belonging to the aforementioned categories perform the function of Data Processor, or operate in total autonomy as separate Data Controllers.

    The list of data processors is constantly updated and available at the registered office of the data controller.

    Any further communication will take place only with your explicit consent, in accordance with and within the limits of the GDPR.

    Your data, object of the treatment, will not be disclosed.

  5. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES

    Personal data is stored on servers located within the European Union.

    In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU.

    In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission and the user will be informed.

  6. DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD

    The processing will be carried out in an automated and manual form, with methods and tools aimed at ensuring maximum security and confidentiality, by the Data Controller and / or subjects specifically authorized to do so.

    In compliance with the provisions of art. 5 paragraph 1 letter. e) of EU Reg. 2016/679, the personal data provided for booking the accommodation will be kept for the rental of the accommodation, for the minimum period required by law in relation to the accounting / tax regime adopted by the Data Controller and in any case no later than the following [duration_years] years, in order to verify any pending, including accounting documents (for example invoices).

  7. RIGHTS OF THE INTERESTED PARTIES

    The interested party may assert their rights as expressed by the EU Regulation 2016/679, by contacting the Data Controller, by sending an e-mail to [company_email] or by writing to the headquarters of the Data Controller indicated above.

    The interested party has the right, at any time, to ask the Data Controller:

    1. access to your personal data (Article 15);
    2. rectification (Article 16);
    3. the cancellation (Article 17) of the same;
    4. the limitation of processing (Article 18);
    5. the transfer of your data to another holder (Article 20);
    6. the interested party also has the right, if it is not possible to request the cancellation of the data, to oppose the processing when this is justified by reasons related to his particular situation (art. 21).
  8. POSSIBILITY OF CLAIM TO THE GUARANTOR

    Without prejudice to any other administrative and judicial appeal, if he believes that the processing of data violates the provisions of EU Reg. 2016/679, the interested party has the right to lodge a complaint with the supervisory authority (Guarantor for the protection of personal data) pursuant to art. 15 letter f) of EU Reg. 2016/679.

  9. NATURE OF DATA PROVISION AND CONSEQUENCES OF THE REFUSAL TO PROVIDE THE DATA

    • Since these are treatments necessary for the definition of the contractual agreement and for its subsequent implementation, the provision is mandatory. In case of refusal to provide personal data, the booking cannot be confirmed or the requested services provided.
  10. AUTOMATED DECISION-MAKING PROCESSES

    There is no existence of an automated decision-making process.