Customer Information
This information is provided to customers, whether natural persons or natural persons acting in the name and on behalf of legal entity customers, of Bed & Breakfast Corte dei Sarti, pursuant to Article 13 of Legislative Decree No. 196 of June 30, 2003 – “Personal Data Protection Code” and Article 13 of GDPR 679/2016 – “European General Data Protection Regulation.”
Identity of the Data Controller
The Data Controller of the data of natural persons customers, or natural persons acting in the name and on behalf of legal entity customers, is Maristella Santaca of Bed & Breakfast Corte dei Sarti, based in Molina, Italy.
A DPO has not been designated.
Data Source
The personal data processed are those provided by the interested party during:
– Visits to our offices;
– Interactions via the website;
– Requests for information, including via email;
– Previous transactions.
Purpose of Processing
Tax compliance, organizational management, and bureaucratic compliance for requested services. Management of pre-contractual and post-contractual negotiations and relationships. Management of commercial activities related to the business activity.
Finally, all personal data of the aforementioned data subjects will be entered into the Data Controller’s archives and used (pursuant to Article 130, paragraph 4, of Legislative Decree 196/2003 and the General Provision of the Italian Data Protection Authority, Official Journal No. 188/C, paragraph 6, points a, b, and c), to send communications regarding products, services, news, and promotions.
Legal Basis
The legal basis is the performance of a contract to which the data subject is a party or the implementation of pre-contractual measures adopted at the data subject’s request. Some processing is carried out for the Data Controller’s legitimate interest (promotion of its commercial activities and pursuit of statutory purposes).
Data Recipients
The personal data processed by the Data Controller will not be disseminated, or disclosed to unspecified parties, in any form, including making them available or simply consulting them. However, they may be disclosed to employees of the Data Controller and to certain external parties who collaborate with them. They may also be disclosed, to the extent strictly necessary, to parties who, for the purpose of fulfilling purchases or other requests or providing services related to the transaction or contractual relationship with the Data Controller, must supply goods and/or perform tasks or services. Finally, they may be disclosed to parties authorized to access them pursuant to provisions of law, regulations, and EU legislation. In particular, based on their roles and work duties, some workers have been authorized to process personal data, within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations. However, it reserves the right to use cloud services; in this case, service providers will be selected from those providing adequate guarantees, as required by Article 46 of GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, the personal data will be retained, and not further processed, for the period established by applicable civil and tax provisions.
Rights of the Data Subject
With reference to Article 7 of Legislative Decree 196/2003 and Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making pursuant to GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Art. 23 of Legislative Decree 196/2003 and Art. 6 of GDPR 679/16, the data subject may withdraw any consent given at any time. However, the processing covered by this policy is lawful and permitted, even without consent, as it is necessary for the performance of a contract to which the data subject is a party (the supply relationship) or to process their requests.
Filing a complaint
The data subject has the right to lodge a complaint with the supervisory authority of their country of residence.
Refusal to provide data
Customers who are natural persons cannot refuse to provide the Data Controller with the personal data necessary to comply with the laws governing commercial transactions and taxation. Providing additional personal data may be necessary to improve the quality and efficiency of the transaction. Therefore, refusal to provide the data required by law will prevent orders from being processed; while failure to provide additional data may compromise, in whole or in part, the processing of other requests and the quality and efficiency of the transaction itself.
Individuals acting on behalf of legal entity clients may refuse to provide their personal data to the Data Controller. However, providing personal data is necessary for the proper and efficient management of the contractual relationship. Therefore, any refusal to provide such data may compromise the contractual relationship in whole or in part.
Automated Decision-Making Processes
The Data Controller does not perform automated decision-making processes on the data of individual customers or of individuals acting in the name and on behalf of legal entity customers.
Supplier Notice
This notice is provided to individuals acting in the name and on behalf of Bed & Breakfast Corte dei Sarti’s suppliers pursuant to Article 13 of Legislative Decree No. 196 of June 30, 2003 – “Personal Data Protection Code” and Article 13 of GDPR 679/16 – “European General Data Protection Regulation”.
Identity of the Data Controller
The Data Controller of the data of individuals acting in the name and on behalf of suppliers is Maristella Santaca, owner of Bed & Breakfast Corte dei Sarti. Breakfast Corte dei Sarti – Molina – Italy, is its legal representative pro tempore, Maristella Santaca.
A DPO has not been designated.
Data Source
The personal data processed are those provided by the data subject during:
– Visits or telephone calls;
– Direct contact for participation in exhibitions, shows, etc.;
– Proposals for offers;
– Subsequent transmissions and transactions.
Purpose of Processing
The personal data of natural persons acting in the name and on behalf of suppliers are processed for:
– Forwarding communications of various kinds and by various means of communication (telephone, mobile phone, text message, email, fax, postal mail);
– Making requests or fulfilling requests;
– Exchanging information for the purpose of executing the contractual relationship, including pre- and post-contractual activities.
Legal basis
The processing is necessary for the performance of a contract to which each supplier is a party or for the implementation of pre-contractual measures adopted at the request of the supplier.
Data recipients
The personal data processed by the Data Controller will not be disseminated, or disclosed to unspecified parties, in any form, including making them available or simply for consultation. However, they may be disclosed to the Data Controller’s employees and to certain external parties who collaborate with them. They may also be disclosed, to the extent strictly necessary, to parties who, for the purposes of issuing our orders or requests for information and quotes, must supply goods and/or perform tasks or services on our behalf. Finally, they may be disclosed to parties entitled to access them pursuant to legal provisions, regulations, and EU legislation.
Specifically, based on their roles and job duties, some workers have been authorized to process personal data, within the limits of their responsibilities and in accordance with the instructions given to them by the Data Controller.
Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations.
However, it reserves the right to use cloud services; in this case, service providers will be selected from those who provide adequate guarantees, as required by Article 46 of GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, the personal data will be retained, and not further processed, for the period established by applicable civil and tax provisions.
Rights of the Data Subject
With reference to Article 46 of GDPR 679/16, 7 of Legislative Decree 196/2003 and Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making pursuant to GDPR 679/16, the interested party exercises his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Article 23 of Legislative Decree 196/2003 and Article 6 of GDPR 679/16, the data subject may withdraw any consent given at any time.
However, the processing covered by this policy is lawful and permissible, even in the absence of consent, as it is necessary for the performance of a contract to which the data subject is a party (the relationship for the supply of products and services).
Lodging a complaint
The data subject has the right to lodge a complaint with the supervisory authority of the country of residence.
Refusal to provide data
The data subject may refuse to provide the Data Controller with his or her personal data.
However, the provision of personal data is necessary for the correct and efficient management of the contractual relationship. Therefore, any refusal to provide such data may compromise the contractual relationship in whole or in part.
Automated decision-making processes
The Data Controller does not carry out processing consisting of automated decision-making processes.
Cookies and website navigation information (with traffic analyzers)
This information is provided to natural persons who access and consult the Bed & Breakfast Corte dei Sarti website pursuant to Article 13 of Legislative Decree No. 196 of 30 June 2003 – “Personal Data Protection Code” and Article 13 of GDPR 679/16 – “European General Data Protection Regulation.”
Identity of the Data Controller
This website is managed by Maristella Santaca, Data Controller of Bed & Breakfast Corte dei Sarti, based in Molina, Italy. The Data Controller guarantees the security, confidentiality, and protection of the personal data in its possession, at any stage of the processing. The personal data collected is used in compliance with Legislative Decree 196/2003 and GDPR 679/16.
A Data Protection Officer (DPO) has not been designated.
Purpose of Processing
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. This data is used solely to obtain anonymous statistical information on site usage and to verify its proper functioning and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the site.
Legal basis for processing
The use of technical cookies is a processing carried out in the legitimate interest of the Data Controller; the use of analytical cookies is carried out with the consent of the interested party.
Data Recipients
The Data Controller does not disclose any personally identifiable data or information to third parties except, where necessary and to the extent strictly necessary, to those acting as suppliers for the provision of services related to the management of the website and the subsequent management of the contractual relationship and related administrative obligations.
Data Transfer
The Data Controller does not transfer personal data to third countries or to international organizations.
Data Retention
The Data Controller retains the data for the time necessary to obtain anonymous statistical information on the use of the website and to verify its proper functioning. The data is deleted immediately after processing.
Rights of the Data Subject
With reference to Article 7 of Legislative Decree 196/2003 and Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, and 22 – Right to object to automated decision-making under GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Article 23 of Legislative Decree 196/2003 and Article 15 of GDPR 6 of GDPR 679/16, the data subject may withdraw consent at any time.
Filing a complaint
The data subject has the right to lodge a complaint with the supervisory authority of the country of residence.
Refusal to provide data
The data subject may refuse to provide the Data Controller with his or her browsing data. To do so, he or she must disable cookies by following the instructions provided by the browser in use. Disabling cookies may impair navigation and the use of the website’s features.
Automated decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes.
Types of Cookies
Cookies are pieces of information placed on the user’s browser when they visit a website or use a social network with their PC, smartphone, or tablet. Each cookie contains various data, such as the name of the server from which it originates, a numerical identifier, etc. Cookies can remain in the system for the duration of a session (i.e., until the browser used for web browsing is closed) or for longer periods and may contain a unique identifier.
Technical Cookies
Some cookies are used to perform computer authentication, monitor sessions, and store specific information about users who access a web page. These so-called technical cookies are often useful because they can speed up web browsing and use. For example, they facilitate certain procedures when you shop online, log in to restricted areas, or when a website automatically recognizes your preferred language. A particular type of cookie, called analytics, is used by website managers to collect information, in aggregate form, on the number of users and how they visit the site, and therefore compile general statistics on the service and its use.
Profiling Cookies
Other cookies can be used to monitor and profile users while browsing, study their movements and web browsing or consumption habits (what they buy, what they read, etc.), including for the purpose of sending targeted and personalized advertising (so-called behavioral advertising). These are called profiling cookies. A web page may contain cookies from other sites and contained in various elements hosted on the page itself, such as advertising banners, images, videos, etc. These are so-called third-party cookies, which are usually used for profiling purposes. Given the particularly invasive nature of profiling cookies (especially third-party cookies) on users’ privacy, European and Italian legislation require users to be adequately informed about their use and to express their valid consent to the placement of cookies on their device.
Cookies Used
The website www.bbcortedeisarti.it uses cookies to make the website’s services simpler and more efficient for users viewing its web pages. Users accessing the website will receive very small amounts of information on their devices, whether computers or mobile devices, in the form of small text files (cookies) stored in the directories used by their browser. The cookies used by www.bbcortedeisarti.it allow us to:
– Store browsing preferences;
– Avoid re-entering the same information multiple times;
– Analyze use of the services and content provided by the website to optimize the browsing experience.
The website www.bbcortedeisarti.it uses Google Analytics or Shinystat. In this case, the information generated by the cookie about your use of the website is transmitted to Google Inc. or Triboo Data Analytics srl and stored on its servers. These data recipients use this information to produce reports on website activity for the Data Controller or its designated third parties. You can refuse the provision of browsing data by selecting the appropriate settings on your browser. In this regard, please refer to the information published on the Google website: https://www.google.it/intl/it/policies/privacy/ and to the browser add-on for deactivating Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=it or https://www.shinystat.com/it/informativa_privacy_generale_app.html. However, this choice may prevent you from using all the site’s features. Conversely, by accepting the use of cookies as described above and continuing to browse, the user freely and unconditionally consents to the processing of personal data by the Committee and Google or Inc. Triboo Data Analytics srl in the manner and for the purposes indicated above. When the user clicks on the Facebook, Twitter, YouTube, Instagram, etc. icons, they are directed to the respective sites and receive cookies from them that are not under the Data Controller’s control. Finally, if the user arrives on the site after clicking on a banner published on another site, they should be aware that the advertising network operator has assigned cookies necessary for measuring throughput and the amount of any purchases made. Responsibility for managing these cookies lies with the advertising network operator, whose privacy policy is typically available on their institutional website.
Brief Cookie Policy (with Analytics)
This site does not use profiling cookies, either its own or those of other sites. Technical cookies are used to allow easier use of certain features of the site, and Google Analytics (or ShinyStat, or other web traffic analyzers) to improve the site’s functionality. Detailed information on browsing this site can be found by clicking the “privacy policy” button. By following the links provided in the policy, you can learn how to disable Google Analytics (or ShinyStat, or other web traffic analyzers). Detailed information on browsing this site can be found by clicking the “privacy policy” button. To disable technical cookies, follow the instructions for your browser. By clicking the “OK” button, you explicitly consent to the use of the indicated cookies and to the disclosure of browsing data to third parties (Google, ShinyStat, or others).
Information for persons completing the “booking” form
This information is provided to natural persons who access and consult the Bed & Breakfast Corte dei Sarti website, pursuant to Article 13 of Legislative Decree No. 196 of June 30, 2003 – “Personal Data Protection Code” and Article 13 of GDPR 679/16 – “European General Data Protection Regulation.”
Identity of the Data Controller
This website is managed by Maristella Santaca, Data Controller of Bed & Breakfast Corte dei Sarti, based in Molina, Italy. The Data Controller guarantees the security, confidentiality, and protection of the personal data in its possession, at every stage of the processing. The personal data collected is used in compliance with Legislative Decree 196/2003 and GDPR 679/16.
A DPO has not been designated.
Data Subjects
This information is provided to natural persons who complete the “Booking” form on the website www.bbcortedeisarti.it of Bed & Breakfast Corte dei Sarti, located in Molina, Italy.
Data Source
The data is provided voluntarily by the data subject through the form on the website www.bbcortedeisarti.it.
Purpose of processing
The personal data of individuals who complete the “Booking” form are processed to fulfill their requests.
Legal basis for processing
The personal data of individuals who complete the “Booking” form are lawfully processed for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures adopted at the data subject’s request (the submitted request).
Data recipients
The personal data processed by the Data Controller will not be disseminated, or disclosed to unspecified parties, in any form, including making them available or simply for consultation. They may also be disclosed to Bed & Breakfast Corte dei Sarti employees and, to the extent strictly necessary, to parties who, for the purpose of fulfilling your request, must provide goods and/or perform services on our behalf. Finally, they may be communicated to those authorised to access them pursuant to provisions of law, regulations, and EU legislation.
Data Transfer
The Data Controller does not transfer personal data to third countries or international organizations.
However, it reserves the right to use cloud services; in this case, service providers will be selected from those who provide adequate guarantees, as required by Article 46 of GDPR 679/16.
Data Retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes.
Rights of the Data Subject
With reference to Article 7 of Legislative Decree 196/2003 and Articles 15 – Right of access, 16 – Right to rectification, 17 – Right to erasure, 18 – Right to restriction of processing, 20 – Right to data portability, 21 – Right to object, 22 – Right to object to automated decision-making pursuant to GDPR 679/16, the data subject may exercise his or her rights by writing to the Data Controller at the address above, or by email, specifying the subject of his or her request, the right he or she intends to exercise, and attaching a photocopy of an identity document certifying the legitimacy of the request.
Withdrawal of consent
With reference to Art. 23 of Legislative Decree 196/2003 and Art. 6 of GDPR 679/16, the data subject may withdraw consent at any time.
Filing a complaint
The data subject has the right to lodge a complaint with the supervisory authority of the country of residence.
Refusal to provide data
The data subject may refuse to provide the Data Controller with his or her personal data, as providing such data is optional.
However, completing the indicated fields is essential in order to process requests.
Automated decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes.
