In accordance with the provisions of EU Regulation no. 679/2016 (hereinafter the “Regulation”), article 13 - Information to be provided if personal data are collected from the data subject Apartments Praverd & Apartments P19 having its registered office in Via Cisles, 169, 39047 S. Cristina BZ (hereinafter the “Company”), provides the following information on the processing of personal data of its customers (hereinafter the “Data”) performed by Apartments Praverd & Apartments P19, as Data Controller.
1. Identity of the Data Controller and contact details
In accordance with article 4 of the Regulation, the Company is the Data Controller of its customers and website visitors personal data.
For communications or requests, the Company can be reached by e-mail at the address: info@praverd.it
2. Categories and types of Data collected and processed
The Data processed by the Company may include personal data, not belonging to particular categories (Article 9 of the Regulation) collected for the purpose of the conclusion of the contract and
in the context of its execution and/or stipulation.
Furthermore, it is possible to process personal data belonging to third parties communicated to the Company by customers, suppliers, employees and outside staff. With respect to this hypothesis,
the Customer stands as an independent Data Controller and assumes the consequent legal obligations and responsibilities, relieving the Company from any objection, claim and/or request for
compensation for the damage caused by treatment that should reach the Company from third parties concerned.
3. Purpose and legal basis of the processing and nature of the provision of Data
In compliance with current regulations regarding the protection of personal data and without the need for a specific consent by the data subject, the Data will be stored, collected and processed
by the Company for the following purposes:
a) fulfilment of contractual obligations, execution and/or conclusion of the contract and/or management of any pre-contractual measures for purchasing a product from the online shop or completing
an online booking;
b) compliance with legal requirements, with tax and fiscal provisions deriving from the performance of the business activity and from obligations related to the administrative and accounting
activities;
c) sending, directly or through third-party providers of marketing and communication services, newsletters and communications for the purpose of direct marketing through email, sms, mms, push
notifications, fax, paper mail, telephone with operator, in relation to the products supplied;
d) communication of Data to third-party companies for the sending of newsletters and communications for marketing purposes through e-mail, sms, mms, push notifications, fax, paper mail, telephone
with operator.
The legal bases of processing for the purposes a) and b) above mentioned are the articles. 6.1.b) and 6.1.c) of the Regulation. The provision of Data for the aforementioned purposes is optional,
but any failure in providing them and the refusal to supply them would make it impossible for the Company to execute and/or stipulate the contract and grant the services requested by the
same.
The legal basis for processing personal data for purposes c) and d) is art. 6.1.a) of the Regulation, since the treatments are based on consent; it is specified that the Data Controller can
collect a single consent for the marketing purposes described herein, in accordance with the General Measures issued by the Italian Data Protection Authority for the protection of personal data
“Guidelines on promotional activities and the fight against spam” dated July 4th 2013. The provision of consent to use ones’ Data for marketing purposes is optional and if the Data subject wishes
to object to the processing of his Data for marketing purposes performed with the means indicated herein, as well as revoke the consent given, he may at any time do so without any consequences
(except for the fact that he will no longer receive marketing communications) by following the instructions in the “Data Subject’s Rights” section of this Notice.
4. Methods of data processing
In relation to the aforementioned purposes, the Data are processed using manual, information technology and telematic tools with logics strictly related to the purposes themselves and, in any
case, in such a way as to guarantee the security and confidentiality of the Data, in addition to the compliance with the specific obligations established by the legislation. The Data will be
processed in compliance with the principle of lawfulness, correctness, relevance and non-excess, in accordance with the provisions on the protection of personal data. The treatment will be
carried out by staff who are formally appointed and adequately trained.
5. Transmission and diffusion of Data, recipients, Data transfer and Data Processors
For the aforesaid purposes, the Data may be disclosed to other Group companies and to third parties appointed as data processors in accordance with Article 28 of the Rules and in particular to
banking institutions, insurance companies, to providers of services strictly necessary to the carrying out of the business activity, or to consultants of the company, where this proves to be
necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations.
Furthermore, the other Group companies will be able to access the Data for administrative and / or accounting purposes, in accordance to recitals 47 and 48 and to Article 6 of the
Regulation.
Finally, the Data may be shared with authorities, entities and / or subjects to whom the Data must be communicated pursuant to legal provisions or orders of authority. These authorities, bodies
and / or subjects will act as independent data controllers.
Data will not be disclosed.
A periodically updated and complete list of data processors appointed for data processing may be requested by sending an e-mail to the Data Controller at the addresses indicated above.
6. Transfer of Data to international organizations and / or countries outside the EEA (European Economic Area):
Any transfer of Data to international organizations and / or non-EEA countries will take place according to one of the methods permitted by current legislation, such as the consent of the
interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data (i.e. EU-USA
Privacy Shield) or operating in countries considered safe by the European Commission.
On request, it is possible to have more information from the Company to the above-mentioned contacts.
7. Data Retention
The Data will be stored on paper and / or computer only for the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and
minimization according to Article 5, paragraph 1, letters c) and e) of the Regulation.
The Data will be kept to comply with the Regulation and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance.
The Company may retain the Data after the end of the contractual relationship to fulfil regulatory and / or post-contractual obligations; subsequently, when the aforementioned reasons for the
processing no longer exist, the Data will be deleted, destroyed or simply stored anonymously.
On request, it is possible to have more information from the Company to the above-mentioned contacts.
8. Data subject’s rights
In relation to the aforementioned processing, each data subject can exercise the rights referred to in articles 15 to 22 of the Regulation.
In particular, the data subject has the right to ask the Company for access to its Data, correction or cancellation of the same, he has the right to oppose the processing or to require the
limitation of processing in the cases contemplated by Article 18 of the Regulation and to obtain, in a structured format, in common use and readable by an automatic device, its own Data, in the
cases contemplated by Article 20 of the Regulation.
The data subject may also revoke at any time the consent granted in accordance to Article 7 of the Regulation, as well as propose a claim by the Privacy Authority for the protection of personal
data according to Article 77 of the Regulation, in case he considers the processing of his own Data to be contrary to the current regulation.
In case of opposition to the processing of Data according to Article 21 of the Regulation, the Company reserves the right to assess the request, which will not be accepted if there are legitimate
reasons to proceed to the processing that prevail over the interests, rights and freedom of the Data Subject. Requests should be sent in writing to the Company at the above addresses.
SÜDTIROL ALTO ADIGE GUEST PASS