logo logo
  2. Privacy

Privacy

PRIVACY INFORMATION - RESERVATION/BOOKING ENGINE

Information document pursuant to article 13 of EU Reg. 2016/679 (GDPR) - Information on the processing of personal data collected from the interested party.

In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide the necessary information regarding the processing of personal data provided.

Definitions: the art. 4 of EU Reg. 2016/679 defines "personal data" any information concerning an identified or identifiable natural person ("concerned"); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.

 

  1. HOLDER OF THE TREATMENT

pursuant to art. 4 of EU Reg. 2016/679, is Agenzia Casa Mare S.r.l. with offices in Corso del Sole n. 94, Zip Code 30028 City Bibione (VE), info@casa-mare.it with exclusive reference to the role of owner of the business called “Agenzia Casa Mare”.

 

  1. OBJECT AND PURPOSE OF TREATMENT

For the establishment of the relationship (pre-contractual/contractual phase), the Data Controller processes the common personal identification data of the concerned parties listed below and for the following purposes. Sensitive data is not processed as it is not relevant to the ongoing relationship, except in specific cases and with prior consent.

  • to acquire and confirm your booking of accommodation services and ancillary services and to provide the requested services, the Data Controller processes the common personal data identifying the interested parties, in particular: name, surname, tax code, VAT number (if any), residence address, e-mail, telephone number. Since these are treatments necessary for the definition of the contractual agreement and for its subsequent implementation, the conferment is mandatory. In case of refusal to provide personal data, we will not be able to confirm the reservation or provide you with the requested services. The processing will cease after your departure, but some of your personal data may or must continue to be processed for the purposes and in the manner indicated in the following points; this procedure is managed by the booking software and the relative data is processed by the company Mercurio Sistemi Srl which acts as Data Processor on behalf of the Data Controller and guarantees the protection and retention of data.
  • to fulfil the obligation established by the "Consolidated text of public safety laws" (article 109 RD 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for public safety purposes the Data Controller processes: common personal identification data, even in the case of minors: (first name, last name), personal information (date and place of birth), residence, gender, nationality, type of identification document, identification document number, place of issuance of the document (for family units, the collection of identity document data pertains to one member) according to the established procedures by the Ministry of the Interior (Decree of 7 January 2013). The provision of data is mandatory, and in case of refusal to provide them we will not be able to host you in our structure. The data acquired for this purpose is not stored by us.
  • To fulfil current administrative, accounting, and fiscal obligations, the Data Controller processes the above-mentioned personal identification data. For these purposes, the processing is carried out without the need to obtain your consent. The data is processed by us and by our authorized employees and is communicated externally only in fulfilment of legal obligations. In case of refusal to provide the data necessary for the above fulfilments, we will not be able to provide you with the requested services. The data acquired for these purposes are stored by us for the time required by law (10 years, and even longer in the case of tax assessments).
  • To send you our promotional messages and updates on rates and offers (marketing), the Data Controller processes your identification and contact data. This activity will only be carried out with your prior consent, which constitutes the legal basis for the processing. For this purpose, your data will be retained for a maximum period of 3 years and will not be disclosed to third parties. You may revoke your consent at any time. Failure to provide consent does not affect the conclusion or execution of the contract.

 

  1. LEGAL BASIS OF THE TREATMENT

The legal basis applicable to the processing of your personal data for the purposes indicated is:

  • the execution of the contract referred to in Article 6, paragraph 1, letter b) of EU Reg. 2016/679, if the booking is successfully defined, as the processing of the guest's personal data is necessary for the purpose of concluding of the accommodation rental contract.
  • the fulfilment of a legal obligation to which the Data Controller is subject pursuant to article 6, paragraph 1, letter c) of EU Reg. 2016/679.
  • for promotional purposes, the consent of the data subject is freely given and can be revoked at any time.

 

  1. RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS

The personal data provided will be communicated to recipients who will process the data as managers (Article 28 of EU Reg. 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Manager and who operate as employees or collaborators with specific appointments as authorized to process (art. 29 of EU Reg. 2016/679), for the purposes listed above in point 2.

By way of non-exhaustive example, the data will be communicated to:

  • subjects that provide services for the management of the information system used by the Data Controller and the related telecommunications networks, including e-mail and website management.
  • professionals and consultants in the field of assistance and consultancy relationships (including services for fulfilling accounting and fiscal obligations).
  • competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.

The subjects belonging to the aforementioned categories perform the function of data processing manager, or operate in total autonomy as separate data controllers.
The list of data processors is constantly updated and available at the registered office of the data controller.
Any further communication will take place only with your explicit consent, in accordance with and within the limits of the GDPR.
Your data, object of the treatment, will not be disclosed.

 

  1. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND WARRANTIES

Personal data is stored on servers located within the European Union.
In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU.
In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission and the user will be informed.

 

  1. METHOD OF PROCESSING

The processing will be carried out in an automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by the Data Controller and/or by persons specifically authorized to do so.

 

  1. RIGHTS OF INTERESTED PARTIES

The interested party may assert their rights as expressed by EU Regulation 2016/679 by contacting the Data Controller, sending an email to info@acenter.it or writing to the Data Controller's office indicated above.

The interested party has the right, at any time, to ask the Data Controller:

  • access to your personal data (art. 15);
  • rectification (art. 16);
  • The deletion (Article 17) of the same; the withdrawal of consent (Article 7).
  • the limitation of the treatment (art. 18);
  • the transfer of personal data to another owner (art. 20);
  • the interested party also has the right, if it is not possible to request the cancellation of the data, to oppose the treatment when this is justified by reasons relating to his particular situation (art. 21).

 

  1. POSSIBILITY OF COMPLAINT TO THE GUARANTOR

Without prejudice to any other administrative and judicial appeal, if the data subject believes that the processing of data violates the provisions of EU Reg. 2016/679, the interested party has the right to lodge a complaint with the supervisory authority (Guarantor for the protection of personal data) pursuant to art. 15 letter f) of EU Reg. 2016/679.

 

  1. AUTOMATED DECISION-MAKING PROCESSES

There is no automated decision-making process.