""How we manage and collect your personal data""
Who is the Data Controller of this web-site?
L'Arco dei Sogni S.a.s.
Via Posta Vecchia 1
98030 Malvagna ME
P. Iva IT03221700838
Owner eMail address : firstname.lastname@example.org
Types of Data collected
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Website and ensure that he has the right to communicate or publish them, freeing the Owner from any liability to third subject.
How we collect and process personal datas
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is made through computer and/or digital tools, and when necessary on paper, with all security measures envisaged by the legislator.
In addition to the Data Controller, in some cases, other subjects, including employees and collaborators (administrative, commercial, marketing, legal, system administrators) or external subjects (suppliers of technical services, courier, hosting providers, communication agencies) may have access to the Data, and could be nominated by Data Controller as Data Processor. The updated list of Data Processors can always be requested at the Data Controller.
Legal basis of the processing
The Data Controller processes Personal Data of the User in order to the following conditions:
when the User has given consent for one or more specific purposes.
Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User's consent, until he opposed against data processing ("opt-out"). However, this is not applicable if the processing of Personal Data is regulated by European legislation;
when processing is necessary for the execution of a contract with the User and/or the execution of pre-contractual measures;
when processing is necessary to fulfill a legal obligation of the Data Controller;
when processing is necessary for public interest or for the exercise of public authority vested in the Data Controller;
when processing is necessary for the pursuit of a legitimate interest of the owner or third parties.
In any case, it's always possible to ask at the Data Controller extended explanations about the legal basis of data processing using the contacts at the beginning of this document.
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved are located.
The User's Personal Data may be transferred to other countries different with the User country.
The User have the right to obtain information regarding the legal basis for the transfer of Data outside the European Union.
For more information, the User can refer to the respective sections of this document or request specific information at the Data Controller.
The Data are processed and stored for the time required by the purposes for which they were collected. Therefore:
The Personal Data collected through forms on the website, will be stored for the time necessary to give feedback to the User's requests.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be stored until such interest is met.
When the process is based on the consent of the User, the Data Controller can stored the Personal Data for a longer time and until such consent is revoked, in any case the Data Controller will store the User's data for a maximum period of 36 months. Furthermore, the Data Controller may be obliged to store Personal Data for a longer time in compliance with a legal obligation or by order of an authority.
At the end of the storage time the Personal Data will be deleted, over this term the access, cancellation, rectification and portability right will be revocated.
Purposes of the data collect processing
The Personal and Navigation Data obtained automatically or voluntarily released by the Users, are collected by the Data Controller for the following purposes:
Contacting the User, Reservations, Reviews, Customer support, Interaction with social networks and external platforms, Protection from SPAM, Statistics, marketing activities such as: sending information material through: email, newsletters, text messages, or using new communication platforms such as WhatsApp, Facebook, Telegram, Skype.
Collect and process data is necessary to follow up the User's requests. Any additional purposes, for example: marketing campaigns or sharing the User's data with partners or other companies, will need an explicit consent of the User, optional and separate. For all marketing purposes, each User has the right to revoke his/her consent, without this having consequences in the contractual relationship and/or for the performance of services requested by the User.
More information on the purposes of data processing may be requested at any time to the Data Controller using the contacts at the beginning of this document.
Users may exercise some rights with reference to the Data processing. In particular, the User's rights are:
The right of access: the User can request the access at the own personal data and all information about how the Data Controller process them. Under request of the User, the Data Controller will provide an overview of the data processed, and a copy of the actual data collected and a description of the processing methods. The Data Controller will also provide the purposes of the processing, the way in which the data were acquired and the subjects with whom the data eventually shared.
The right of rectification: the User has the right to request the correction of personal data if they are inaccurate or incomplete.
The right to oppose: the User has the right to oppose at the processing of own Data when it occurs on a legal basis different than consent, may also oppose to the processing of Personal Data for profiling or automated processing purposes. When Personal Data is processed in the public interest, or to pursue a legitimate interest of the Data Controller, the User has the right to oppose at the processing only for particular reasons. The User must motivate of his opposition, unless the processing is carried out for direct marketing purposes. In the latter case, in fact, no motivation is required to exercise this right.
The right to data portability: the User has the right to obtain own personal data to transfer them somewhere else
The right to cancellation: the User has the right to request the cancellation of own data, when revoking the consent, or when they will no longer useful for the purposes for which they were collected. In this case, the Data Controller will carry out, as soon as possible, the cancellation. The Data Controller can deny the cancellation when the processing is done for a public interest or when the data will be necessary for the defense in court or to fulfill a legal obligation.
The right to limit the processing: When certain conditions are met, the User can request the limitation of the processing of own Data. In this case the Data Controller will not process the Data for any other purpose different by simple conservation.
The right to file a complaint: the User can file a complaint at the competent personal data protection authority or act in court.
How to exercise the rights
To exercise her/his rights the Users can send a request using the contact details of the Data Controller indicated in the beginning of this document. The requests are free and processed by the Data Controller as soon as possible, in any case within 30 days.
More information about data processing
Defense in court
The User's Personal Data may be used by the Owner in court to defense himself.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of the public authorities.
System logs and maintenance
For needs related to operation and maintenance, this Website and some third party services may collect System Logs, which are files that record the interactions and that may also contain Personal Data, such as the User IP address.
Information not contained in this policy
More information about the processing of Personal Data may be requested at any time at the Data Controller using the contact details at the beginning of this policy.
Response to "Do Not Track" requests
This Website doesn't support "Do Not Track" requests.
To know if the third-party services support them, the User can consult their respective privacy policies.
If the modifications concern the legal basis to process the datas, the Data Controller, if necessary, will collect the User's consent again.
Definitions and legal references
The personal data are any information that directly or indirectly, also in connection with other information, including a personal identification number, make identifiable a person.
The using datas are information collected automatically through this Website (also by third-party applications integrated into this Website), including: the language, the country, the device, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page), and details regarding the behavior followed within the site, with particular reference to the sequence of pages visited.
The person who uses this Website that, unless otherwise specified, coincides with the person concerned.
The Person concerned
The person to whom the Personal Data refers.
Owner of data processing
The physical or legal person, public authority or other subjcts that determines the purposes and means to process personal data and the tools adopted, including the security measures related to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.
The hardware or software tool through which the Personal Data are collected and processed.
The Service provided by this Website.
European Union (or EU)
Unless otherwise specified, any reference to the European Union contained in this document, refer at all current member states of the European Union and the European Economic Area.
Small portion of data stored in the User's device.
Last change: May 25 2018