itdeen
(+39) 0431 81210 - WhatsApp (+39) 328 0248448 Viale delle Pleiadi 11, Grado - ITALIA

Privacy Policy

PRIVACY POLICY

In accordance with the provisions of EU Regulation 2016/679 (European Regulation for the protection of personal data), we hereby provide the necessary information regarding the processing of personal data provided by the data subject.

This information is provided in accordance with Article 13 of EU Regulation 2016/679 and Article 13 of Legislative Decree 30.6.2003, no. 196 (Privacy Code).

1. DATA CONTROLLER

Pursuant to Articles 4 and 24 of EU Regulation 2016/679, the data controller is the company Sodomaco s.n.c.
Viale delle Pleiadi, 3 – Grado (GO), Italy, with the qualification of data controller and legal representative.

2. DATA SUBJECT TO PROCESSING

The Data Controller processes identifying personal data (e.g., name, surname, company name, address, phone, email, banking and payment details) provided by the data subject when concluding contracts for services offered by the Data Controller.

3. PURPOSE AND LAWFULNESS OF PROCESSING

The provided personal data will be processed in compliance with the lawfulness conditions under Article 6, letter b, of EU Regulation 2016/679, i.e., for the execution of a contract to which the data subject is a party or for the execution of a pre-contractual agreement or pre-contractual arrangements, and specifically for:

  • Navigating the same website;
  • Possible completion of data collection forms for sending an information request to the data controller;
  • Fulfilling pre-contractual, contractual, and tax obligations arising from existing relationships with the data subject;
  • Administrative-accounting purposes (organizational, administrative, financial, and accounting, regardless of the nature of the data processed);
  • Fulfilling obligations provided by law, regulations, European legislation, or orders from authorities (such as anti-money laundering regulations);
  • Exercising the rights of the Data Controller, such as the right to defend in court;

Only with specific and separate consent of the data subject, pursuant to Article 7 GDPR of EU Regulation 2016/679, for the following Marketing Purposes:

  • Sending via email, mail, and/or SMS and/or phone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and surveying satisfaction on service quality;
  • Sending via email, mail, and/or SMS and/or phone contacts commercial and/or promotional communications from third parties (e.g., business partners, insurance companies).

4. RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS

Provided personal data may be communicated to recipients, designated under Article 28 of EU Regulation 2016/679, who will process the data as controllers and/or as individuals acting under the authority of the Data Controller and Data Processor, in order to comply with contracts or related purposes. Specifically, the data may be communicated to recipients belonging to the following categories:

  • Entities providing services for the management of the information system and communication networks of Sodomaco s.n.c. (including email);
  • Studies or companies in the context of assistance and consultancy relationships;
  • Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request;
  • Commercial information companies for assessing solvency and payment habits and/or to entities for debt recovery purposes.
    Subjects belonging to the aforementioned categories act as Data Processors or operate autonomously as distinct Data Controllers.

5. TRANSFER OF DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION

The personal data provided by the data subject will not be transferred abroad, either inside or outside the European Union.

6. PROCESSING METHODS

The processing of the data subject’s personal data is carried out through operations specified in Article 4, No. 2) of EU Regulation 2016/679, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Personal data is subject to processing both in paper and electronic and/or automated form.

7. DATA RETENTION PERIOD

Processing will be carried out both manually and/or by automated means, with methods and tools aimed at ensuring maximum security and confidentiality by subjects specifically appointed for this purpose.

In compliance with Article 5(1)(e) of EU Regulation 2016/679, personal data collected will be stored in a form that allows the identification of data subjects for a period not exceeding the achievement of the purposes for which the personal data is processed.

8. NATURE OF DATA PROVISION AND REFUSAL

The provision of personal data for the purposes outlined in point 3 of this informative document is necessary to fulfill the contract and benefit from the services offered by the Data Controller. Failure to provide personal data may result in the impossibility of obtaining the requested service or benefiting from the services offered by the Data Processor.

9. RIGHTS OF DATA SUBJECTS

The data subject may exercise their rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller via the email address info@hoteladriaco.com.

The data subject has the right, at any time, to:

  • Obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form;
  • Obtain: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller, Data Processors, and the designated representative under Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representatives in the territory of the State, Data Processors, or Data Processors;
  • Obtain: a) updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated or disseminated, except in the case where such fulfillment is impossible or involves the use of means manifestly disproportionate to the protected right;
  • Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of collection; b) to the processing of personal data concerning them for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication, using automated calling systems without the intervention of an operator via email and/or traditional marketing methods by phone and/or mail.

Where applicable, the data subject also has the rights referred to in Articles 16-21 GDPR (Right to rectification, Right to be forgotten, Right to restriction of processing, Right to data portability, Right to object).

Without prejudice to any other administrative or judicial remedy, if the data subject believes that the processing of data concerning them violates what is provided for by EU Regulation 2016/679, under Article 15 letter f) of the aforementioned EU Regulation 2016/679, they have the right to lodge a complaint with the Guarantor for the protection of personal data and, with reference to Article 6, paragraph 1, letter a) and Article 9, paragraph 2, letter a), they have the right to withdraw consent at any time.

In the case of a request for data portability by the data subject, the Data Controller will provide the personal data concerning them in a commonly used and readable format, subject to paragraphs 3 and 4 of Article 20 of EU Regulation 2016/679.

For contacts and further information:

Sodomaco s.n.c.
Viale delle Pleiadi, 3 – 34073 Grado (GO)
P.IVA 01261960312
info@hoteladriaco.com