Informativa ex Art. 13

Information pursuant to Art. 13 EU Regulation 2016/679
(“GDPR Regulation”)

PREMISE

  • What is this document? This document is the information on the processing of personal data relating to the LESPIAGGERIMINI.IT sites
  • Who is this document for? The information is intended for all customers, potential customers and suppliers (hereinafter referred to as “interested”) who interact with the LESPIAGGERIMINI.IT site.
  • Why this document? The GDPR (EU Regulation 2016/679), in article 13, requires that you (the interested party) be informed about the personal data that are being processed and about who will process them, in order to guarantee that the processing is correct and transparent. You will therefore see clearly listed below:
  1. who will process your data (Data Controller and Data Processors)
  2. which personal data will be processed
  3. the purposes for which the personal data will be processed
  4. for how long the data will be processed
  5. what are your rights

What laws does this document refer to? The information is provided taking into account the combined provisions of:

  1. European Regulation for the Protection of Personal Data (GDPR) EU 2016/679
  2. 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018 and subsequent amendments

INFORMATIVE

The GDPR (EU Regulation 2016/679), in article 13, requires that you (the interested party) be informed about the personal data that are being processed and about who will process them, in order to guarantee that the processing is correct and transparent.

1) HOLDER OF THE TREATMENT

The Data Controller of Personal Data is: Le Spiagge Srl, Via delle officine 24, 147921 Rimini (RN)., Tel. 0541 178 8169, VAT number: 04197380407, in the person of the pro tempore Administrator Mrs. L. Piscaglia .

The e-mail address you can contact to exercise your rights is: info@lespiaggerimini.it

2) PURPOSE, LEGAL BASIS, NATURE OF TREATMENT AND STORAGE TIMES

Your personal data are collected for the following purposes:

  1. Fulfillment of legal obligations, regulations, secondary legislation:
    • the legal basis of this treatment is the need to fulfill a legal obligation to which the Data Controller is subject;
    • the retention period of the data processed for this purpose is the contractual duration and, after termination, for a further 10 years and, in the case of legal disputes, for the entire duration of the same, until the terms for the execution of the actions are exhausted. appeal;
    • the provision of personal data is mandatory as there is a legal obligation and any refusal will make it impossible to proceed with any contractual relationships.
  2. Execution of the contract:
    • the legal basis of this processing is the need to execute a contract of which the interested party is a party or to carry out pre-contractual measures adopted at the request of the interested party;
    • the retention period of the data processed for this purpose is the contractual duration and, after termination, for a further 2 years;
    • the provision of personal data is mandatory as there is a contractual obligation and any refusal will make it impossible to carry out any contractual relationships.
  1. Respond to requests for information:
    • the legal basis of this treatment is the consent expressed by the interested party through a request for information
    • the retention period of the data processed for this purpose is 2 years from the response to the request for information;
  1. Sending information and promotional material on the activities of the Data Controller (newsletters, offers, …) similar to services already rendered previously, market research also in anonymous form (surveys and analysis of customer satisfaction, …)
    • the legal basis of this processing is the pursuit of the legitimate interest of the Data Controller, of which you as an interested party are party to a contract;
    • the retention period of the data processed for this purpose is as long as you as an interested party do not ask to be removed from the promotional communication / newsletter sending service.
  2. Sending information and promotional material on the Data Controller’s activities (newsletters, offers, …), market research, including in anonymous form (surveys and analyzes of customer satisfaction, …):
    • the legal basis of this treatment is the consent freely given to you as an interested party;
    • the retention period of the data processed for this purpose is as long as you, as an interested party, do not withdraw your consent to the promotional communication / newsletter sending service.

3) PERSONAL DATA PROCESSED

By processing of personal data we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

Qualifiable data could also be processed, pursuant to art. 9 of the GDPR, as “particular categories of personal data” and that is data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data relating to health or sexual life or the sexual orientation of the person, if such data are provided directly by you via a message or in the contact form. The spontaneous and unsolicited provision of such data authorizes us to process them in order to respond to the request with which you gave them to us.

The personal data processed are the following:

  • Data for the fulfillment of legal obligations, execution of the contract and request for information

The personal data processed are the following: Name, Surname, Email, address, any tax data, any personal data (including particular ones) contained in the message you send us.

  • Navigation data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by users, URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

These data, necessary for the use of web services, are also processed for the purpose of:

  1. obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
  2. check the correct functioning of the services offered.

The navigation data do not persist for more than 365 days and are deleted immediately after their aggregation (except for any need to ascertain crimes by the judicial authority).

  • Data communicated by the user

The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller entail the acquisition of the sender’s contact data, necessary to reply, as well as all personal data included in the communications.

  • Cookies and other tracking systems

Please refer to the detailed information available at the following link: https://www.lespiaggerimini.it/cookie

4) RECIPIENTS OF PERSONAL DATA

Your personal data may be shared, for the aforementioned purposes, with:

  1. subjects who typically act as data processors, i.e. people, companies or professionals who provide assistance and advice to the Data Controller in accounting, administrative, legal, tax, financial and credit recovery matters relating to the provision of services;
  2. subjects with whom it is necessary to interact for the provision of services;
  3. subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities;
  4. personnel expressly authorized by the Data Controller, necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or have an adequate legal obligation of confidentiality and who have received adequate operating instructions;
  5. The complete list of data processors is available by sending a written request to the Data Controller.

5) TRANSFER OF PERSONAL DATA

Some of your personal data is shared with recipients who may be located outside the European Union. The Data Controller ensures that the processing of your personal data by these recipients takes place in compliance with the GDPR. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. More information is available from the Data Controller.

6) EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING

The Data Controller does not adopt an automated decision-making process on the processing of personal data, including profiling, referred to in Article 22 of the GDPR.

7) RIGHTS OF THE INTERESTED PARTIES

The interested parties have the right to obtain from the Data Controller, in the cases provided for, access to personal data and the correction or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (articles 15-22 GDPR ). You, as an interested party, can submit an application to the Data Controller by contacting the email in charge to reply to the interested party.

8) RIGHT OF COMPLAINT TO THE SUPERVISORY AUTHORITY

Interested parties who believe that the processing of personal data referred to them occurs in violation of the provisions of the GDPR, have the right to lodge a complaint with the Authority for the Protection of Personal Data (www.gpdp.it), as required by art. 77 of the GDPR itself, or to take the appropriate judicial offices (Article 79 of the GDPR).

9) MODIFICATIONS

The Data Controller reserves the right to make changes to this information at any time. The current version is published at the following link: https://www.lespiaggerimini.it/privacy