Pursuant to Articles 4 and 24 of the GDPR, the Data Controller is SAGI Holding s.p.a., Via Treviso 22/E - 10144, Turin (TO).
E-mail address: email@example.com
Phone: 011 0867430
Type of data collected
The data processed are those directly provided by you and those that may be acquired, through the website.
Specifically, the data processed through the site are:
a) navigation data. The computer systems and software procedures used to operate this website may acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This category of data may include IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file got in response, the numerical code indicating the status of the response to the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are processed for the sole purpose of receiving anonymous statistical information on the use of the site and to check its correct functioning and they are immediately deleted after processing;
b) common data directly provided by you through the "Book online" section (name, surname, address, postcode, location, country, telephone, e-mail, date of birth and any other data spontaneously provided through the "Notes" section). These data are used exclusively to proceed with the booking and to process any requests;
c) any "special" data, identified in accordance with art. 9 of EU Regulation 679/2016, relating for example to the status of disabled person, which may be communicated at the time of the booking request through the "Notes" section;
d) data collected after the user has sent an e-mail to the e-mail address indicated on the site in order to receive information or ask for a specific service. In this case, the sender's address is acquired, as it is necessary to reply to the request, as well as any other personal data included in the message. These data are used exclusively for the purpose of processing your requests.
Purpose and legal basis of processing
The data provided will be processed in accordance with the conditions of lawfulness under Article 6 of the GDPR for the following purposes:
- to implement all contractual and pre-contractual measures (booking and provision of the requested service) and all related operational and management needs. The legal basis in this case is the need to execute the contractual agreement or to implement pre-contractual measures (Article 6, letter b, of the GDPR);
- to comply with the legal obligations imposed on the Data Controller (e.g. administrative, tax, accounting, etc.). In the latter case, the legal basis is the need to comply with legal obligations requiring the Data Controller to collect and/or further process certain types of personal data (Article 6, letter c, of the GDPR);
- to execute your requests and answer your questions through the e-mail address indicated. In this case, the processing of the data collected and stored has as its legal basis the legitimate interest of the Data Controller (Article 6, letter f, of the GDPR) to be more efficient and to give information about the services offered. The processing of your "special" data is also aimed at guaranteeing you a personalised service based on your expressed needs;
- to send you advertising material and news regarding initiatives and activities promoted by the Data Controller by telephone, e-mail or newsletter. In this case, the legal basis is the acquisition of your express consent (Article 6, letter a, of the GDPR).
Nature of data provision - "Book Online" section
The provision of personal data marked with an asterisk (*) – i.e. name, surname, address, location, country, telephone, e-mail and date of birth - is required to proceed with the booking, use the service and to comply with legal obligations. Any refusal to provide them means that it would be impossible to forward them and obtain the desired service. The provision of further data is fully optional.
Processing requiring your express consent
With your express consent, personal data may be processed by the Data Controller for commercial and promotional purposes. If you decide to give your consent, you will receive commercial communications, even through automated contact tools (for example, SMS and e-mail).
Place of processing
The data are processed at the legal and operational headquarters of the Data Controller, at the residence in Borgaro Torinese (TO), Via Lanzo 116-118, in any other place where the parties involved in the processing are located, as well as at the host servers, under the responsibility of the suppliers of bandwidth and domain. For further information, please contact the Data Controller.
Methods of processing
The Data Controller carries out the necessary processing in accordance with national privacy legislation and in compliance with the GDPR. Personal data will be processed by automated and telematic means and with logics strictly related to the purposes mentioned above, ensuring the confidentiality of the same through special processing and storage software. The Data Controller will process personal data in accordance with current security regulations, in order to minimize the risks of destruction and loss, even accidental, of data, unauthorized access, processing not allowed or not in accordance with the purposes of data collection and illicit or incorrect use of data.
The data will be stored in a special database (both on paper and in electronic form) and will be processed for the time strictly necessary for the execution of your requests or - in general - to achieve the purpose for which they were collected. They will also be kept for the entire duration of the commercial and contractual relationship and also afterwards for the fulfilment of legal obligations and/or for administrative, commercial and fiscal purposes. The data collected for marketing purposes will be kept for a maximum of 24 months after the date of last contact. In any case, you can always ask for the interruption of the treatment or the deletion of data.
Communication and disclosure
Your data will not be disclosed, divulged or communicated by us to indeterminate persons in any way, including through their provision. For purposes related to the provision of the requested service, the data may be communicated and/or made available to the following parties:
- to subjects authorized to process data, always according to the instructions given by the Data Controller;
- subjects who have the right to access the data pursuant to provisions of law, regulation or European legislation, as limited and for the purposes provided for by these rules;
- to other companies providing services, as independent Data Controllers or Data Processors, duly appointed;
- banks, credit institutions, debt collection companies, insurance agencies.
Your personal data will not be transferred abroad to non-EU countries. If necessary to provide you with the services or to conclude a contract, we guarantee that the transfer of personal data to non-EU countries will be carried out in accordance with Articles 44 et seq. of EU Regulation 679/2016.
Pursuant to Articles 5 et seq. of EU Regulation 679/2016, with reference to the data processed by the Data Controller, you have the right to:
- revoke at any time your consent to the processing of your data previously expressed;
- access the data processed by the Data Controller, obtain information on specific aspects of the processing and receive a copy of the data processed (Article 15 of the GDPR, right of access);
- verify the correctness of your data and request that it be updated or corrected (Article 16 of the GDPR, right of rectification);
- obtain the deletion or removal of your personal data by the Data Controller (Article 17 of the GDPR, right to deletion);
- obtain the limitation of the processing of your data, when certain conditions are met (Article 18 of the GDPR, right to the limitation of the processing);
- receive your data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain the transfer without obstacles to another Data Controller (Article 20 of the GDPR, right to portability);
- oppose the processing of your data when it takes place on a legal basis other than consent (Article 21 of the GDPR, right to object). When personal data are processed in the public interest, in the exercise of public functions assigned to the Data Controller or in pursuit of a legitimate interest of the Data Controller, you have the right to opt out from processing for reasons related to your particular situation;
- lodge a complaint with the competent personal data protection supervisory authority (for Italy, Garante per la privacy, https://www.garanteprivacy.it) or take legal action if you believe that the processing of your personal data is in violation of current legislation.
To exercise these rights, you can address a request to the contact details of the Data Controller indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible.