GUIDELINES AS PER ART. 13 AND 14 – EU REGULATION 2016/679

Personal data processing

The methods of managing the www.bacialupo.it service whose owner is Bacialupo B&B are described below. The information is provided pursuant to art.13 of the 2016/679 Regulation of the European Parliament and of the Council of 27 April 2016 relating to the protection of individuals with regard to the processing of personal data. The information is provided only for the Bacialupo B&B website and not for other websites that may be consulted by the user through links.

Data controller

Following consultation of this site, data relating to identified or identifiable persons may be processed.

Data controller: Bacialupo B&B – Casa Galotti, 2 – Frazione Crocetta – Montecalvo Versiggia (Pavia) – Italy – email: info@bacialupo.it

Place of data and recipient processing

The treatments connected to the web services of Bacialupo B&B take place in ITALY at the Serverplan Srl server located in Via G.Leopardi, 22 – 03043 Cassino (FR). Website maintenance and management operations are carried out independently.

Type of data processed

Browsing data

The software applications used to operate the Bacialupo B&B website acquire some personal data transmitted through secure protocols. This information is not collected to be associated with identified interested parties, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, browser identification (user agent), addresses in URI (Uniform Resource Identifier) ‚Äč‚Äčnotation of the requested resources, the time of the request, the method used in submitting the request to the server, the code numeric indicating the status of the response given by the server (for example, success, error) and other parameters relating to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

Data voluntarily supplied by the user

For access to some services provided through the Bacialupo B&B website – optional and voluntary insertion of certain identification data may be required (email, name, contact details, and information necessary to provide the requested service).

Purposes and lawful basis

Service provision

The personal data provided by users who make use of the services rendered by Bacialupo B&B; (e.g. by browsing the site, filling out forms for various requests) are used for the sole purpose of performing the service or provision requested. The legal basis of the processing is the execution of pre-contractual measures in order to respond to your requests.

Further communication following a stay

After purchasing a stay, Bacialupo B&B will be able to forward further communications to the user, including those of a commercial nature regarding its services. The legal basis of the processing described above is the legitimate interest of the data controller (cons. 47 GDPR).

Direct marketing

In case of specific consent (by registering for the newsletter) Bacialupo B&B may send by e-mail information on new products, promotions and special offers. The user has the right to disable the service at any time through the appropriate procedure and / or the methods indicated subsequently for the exercise of his rights. The legal basis of the above treatment is the consent of the interested party. Specific summary information, if necessary, if necessary, will be reported or displayed on the pages of the site prepared for particular additional services on request.

Data storage period

The data retention period is that necessary for the purposes deriving from the services requested. If the information requested is the subject of an online transaction, this data may be kept for economic and tax reporting purposes, for a period of 10 years. As regards the technical data managed by the site, such as cookies, the retention period is defined by the technical characteristics of the cookies themselves and specified in the “Site cookie” table. The data retention period is considered renewed for a further period of 36 months each time a new consent is given to the data processing.

Optionality of data provision

Apart from that specified for navigation data, the user is free to provide Bacialupo B&B with the personal data required to use the services provided through the site. Failure to provide data relating to fields marked with an asterisk (mandatory) makes it impossible to use the service offered.

Processing procedures and safety

The processing of personal data takes place through IT tools suitable for guaranteeing the security and confidentiality of the data and in any case in compliance with the appropriate security measures as required by art. 32 GDPR, through secure communication protocols with SSL encryption algorithms. Your personal data will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations therein. Provision is considered “good practice”. of the Italian Privacy Guarantor “Guidelines on promotional activity and spam prevention of – 4 July 2013 (Published in the Official Gazette no. 174 of 26 July 2013), the Guidelines on the processing of personal data for online profiling – March 19, 2015, and the Guidelines on automated decision-making processes and profiling – WP251, defined on the basis of the provisions of Regulation (EU) 2016/679.

Data transfer to non-EU countries and guarantees of adequacy

It is possible to do this due to the use of Facebook, Google and other possible social services or external suppliers of the treatment, located in the USA. This data processing is guaranteed by the “Privacy Shield” agreements signed by the individual companies.

Recipients

For the performance and to provide support for the operation and organization of the activity, some data may be brought to the knowledge or communicated to recipients. These subjects are divided into: Third Parties, Managers and sub-managers of the treatment, and personnel authorized under the authority of the owner or manager.

Third Parties

They are defined as natural or legal persons, public authorities, services or other bodies other than the interested party, the data controller, the controller and the authorized persons responsible for the processing.

For data processing relating to administrative, accounting, legal obligations, customer management, contracts, the data can be communicated to:

– Companies that manage traditional or computerized postal services.

– Companies registering domain names

– Any other subjects whose data communication is necessary for the achievement of the aforementioned purposes, or for a legal obligation;

Data processors and sub-processors

are defined as natural or legal persons, the public authority, the service or other body that processes personal data on behalf of the data controller

– Service providers for technological infrastructure, connectivity, and hosting services: Serverplan srl – Cassino (FR).

– Any other IT service providers necessary for the provision of the service possibly located in the USA with guarantee of the “Privacy Shield” adequacy agreement.

Inside our company

your data will be processed only by personnel expressly authorized by the Data Controller, with assurance of the adoption of suitable instructions, training, confidentiality agreement and, in particular, by the following categories of employees:
– Company management.

Data publishing

Your data will not be published in any way.

Rights of data subjects

Data subject (subjects which the data are referring to) can in any moment exercise the rights stated in the Regulation through a dedicated personal area. It is possible to access said area by requesting the link via the dedicated procedure in the footnote of this information note. A further procedure for the exercise of the Regulation rights, in case the user subscribed to the newsletter, can be used via the dedicated link appearing in the footnote of the email received. Specifically, users will be entitled to enforce rights pursuant to art. 15 through art. 23, and in particular: 1.Erasure of all data. 2.rectification/alteration 3.Restriction. 4.Portability. 5.Right to object to automated decision-making (profiling). If needed, report any other request in the note field. The data subjects, should the requirements be met, have the right to issue a claim to the Data Protection Authority in accordance with the necessary procedures. For further information and to exercise these rights recognised by the European regulation you can address the data controller following the aforementioned references.

The requests can also be sent using the following contacts:

Data controller: Bacialupo B&B – Casa Galotti, 2 – Frazione Crocetta – Montecalvo Versiggia (Pavia) – Italy – email: info@bacialupo.it

Having read the information note and acquisition of the data subject’s consent

The undersigned data subject, having received the information provided by the data controller as per art. 13 and 14 of the GDPR, states he has read the present information note on data processing for service provision and to allow Bacialupo B&B to correctly manage and duly process data.

Consent

As evidence of your explicit and unambiguous consent we will register time, date, IP address and your e-mail. We remind you that you can exercise the aforementioned rights in any moment by clicking on the link located on the footnote of the received messages or by contacting us through our communication channels.

Last revision: 15/01/2020