In compliance with the EU Regulation 2016/679 (European Regulation for the protection of personal data) we provide you with the necessary information regarding the processing of personal data supplied.
The present information notice must not be deemed valid for other websites that may be consulted through links on the websites of the domain’s owner, who shall not in any way be held liable for third-party websites. This is an information notice which is provided pursuant to art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data) to all those who visit the Website https://www.hotelcatullo.it (the “Site”) with reference to the processing of personal data of the surfers (“Users” ) who use it and is also applicable under the provisions of Directive 2002/58 / EC, as amended by Directive 2009/136 / EC, on Cookies as well as the provisions of the Data Protection Authority of 08.05.2014 regarding cookies.
Data controller, pursuant to articles 4 and 24 of EU Reg. 2016/679 is Hotel Catullo srl., hereinafter referred to as “Data Controller”, with registered office in Sirmione (BS), Piazza Flaminia 7 Fiscal Code 02943080172 and VAT number 00708750989 in the person of the legal representative who can be contacted at the following email address: email@example.com
The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 EU Regulation 2016/679 without the need for express consent for the following purposes:
a) Management of data processing relating to:
– navigation data:
The IT systems and software procedures used to run the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
They are information that is not gathered to be associated with identified individuals, but which by their very nature could allow users to be identified.
This category includes (i) the IP addresses or the domain names of the computers employed by the users who connect to the Website, (ii) the URI (Uniform Resource Identifier) notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response provided by the server (successful, error) and (vii) other parameters related to the operating system and the user’s IT environment.
Legal basis of the processing: execution of the requested service and correct performance of the contractual relationship related to access to the site
The services contained in this section allow the Data Controller to monitor and analyze adequately anonymized traffic data and are used to keep track of User behavior
Legal basis of the processing: our legitimate interests to monitor traffic data on the present site for the purpose of analyzing statistical data for market research
– personal data:
personal data and contact details such as name, surname, e-mail and telephone number may be requested to compilation of:
. data collection form to forward a request for a quote or other information
b) Possibly for direct Marketing by the Data Controller through Newsletter.
Processing is carried out pursuant to art. 6 letter a) of the GDPR in the event that the provision of data and consent are expressed through the completion of the contact form / request for a quote with the selection of the appropriate flag or by filling out one of the various application forms for subscription to the newsletter on the site (“unequivocal positive action” pursuant to art. 4 paragraph 11 GDPR). Personal data will be processed by the Data Controller and the Data Processors for commercial promotional activities carried out by e-mail.
Legal basis of processing: your consent
The personal data provided may be disclosed to recipients, appointed pursuant to art. 28 of EU Reg. 2016/679, who will process data as managers and / or as natural persons acting under the authority of the Data Controller and the Data processor, in order to comply with contracts or related purposes. Namely, the data may be disclosed to recipients belonging to the following categories:
– Subjects providing services for the management of the information system and communication networks of the Data Controller (such as suppliers of third party technical services, hosting providers, IT companies, communication agencies, including the one provided via e-mail);
The subjects belonging to the aforesaid categories perform the function of Data Processors, or operate in complete autonomy as separate Data Controllers.
The list of appointed Data processors is constantly updated and available at the Data Controller registered office.
This is in any case without prejudice to the disclosure of the information requested, in accordance with the law, by police, judicial authorities, intelligence and security agencies or other public entities for purposes of State defense or security as well as for the prevention, detection and prosecution of crimes.
Notably the database may be provided to the Public Administration upon a simple request made to the subject who is legally entitled to have judicial and extrajudicial relations with the Public Administration.
The personal and special data provided may be transferred abroad within or outside the European Union (United States entity adhering to the Privacy Shield) exclusively upon your express consent and only if this is necessary for the attainment of the proper purposes referred to in letters a) and b).
The processing of data takes place at the office of the Data Controller and in any other place where the parties legitimately involved in the processing are located.
The Data Controller processes the personal data of Users by adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.
Processing is carried out using IT and non-IT tools, and / or telematic ones with organizational methods and with logic strictly related to the purposes indicated, guaranteeing an adequate level of personal data protection.
In compliance with the provisions of art. 5 paragraph 1 letter e) of Reg. UE 2016/679 the personal data collected will be retained in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. For information on the criteria for the data retention period, please write to the address referred to in point 1 of information notice.
Apart from what specified for navigation data, the user is free to provide personal data in dedicated areas on the site.
The provision of personal data for the purposes referred to in point a) of this information document is necessary to refine the specific features and enjoy the services offered to the Data Controller, for example to receive feedback to the request for information forwarded. Failure to provide personal data may render it impossible to obtain the requested service or to use the services offered by the site.
In case the data are used for direct marketing, denying consent to the purposes referred to in point b) does not in any way preclude the browsing experience on the site.
You can assert your rights as set down in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, writing to the e-mail address referred to in point 1 of the present information notice. You have the right, at any time, to ask the Data Controller to access your personal data, to rectify, to erase them, to restrict the processing thereof.
Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, eg profiling) and to the portability of your data.
Whithout prejudice to any administrative and judicial redress appeal, if you believe that the processing of
data concerning you, breaches the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the
aforementioned EU Reg. 2016/679 you have the right to lodge a complaint with the Data Protection
Authority and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), you have the right to withdraw the consent supplied at any time.
In the case of a data portability request, the Data Controller will provide you with a structured, commonly used and machine-readable format about the personal data concerning you, without prejudice to paragraphs 3 and 4 of the art. 20 of the EU Reg. 2016/679.
The Data Controller may process the personal data of users to pursue their legitimate interest, consisting in ensuring the safety of the Site and the information exchanged therein, i.e. the ability of such Site to resist, at a given level of security, unforeseen events or to unlawful or malicious actions compromising the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the relative services offered or made accessible.
If the User deems that his rights have been violated you have the right to lodge a complaint with the Data Protection Authority and/or another lawfully competent supervisory authority. More information is available at the following link https://www.garanteprivacy.it/en/home_en
Cookies are short text fragments (letters and / or numbers) that allow the web server to store on the client (the browser) information to be reused during the same visit to the site (session cookies) or later, even at a distance of days (persistent cookies). Cookies are stored, according to user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for instance, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to gather information on user behavior and on the use of services. In the following of this document we will refer to cookies and all similar technologies simply by using the term “cookies”.
Strictly necessary cookies. These cookies are essential for the proper functioning of the site and are used to manage the login and access to the reserved functions of the site. The duration of cookies is strictly limited to the work session (once the browser is closed, they are deleted).
Analysis and performance cookies. These cookies are used to gather and analyze the traffic and use of the site anonymously. These cookies, even without identifying the user, allow, for example, to detect if the same user returns to connect at different times. They also allow you to monitor the system and improve its performance and usability. The deactivation of these cookies can be performed without any loss of functionality. Profiling cookies. These are permanent cookies used to identify (anonymously or not) user preferences and improve his browsing experience. This site does not use this type of cookies.
Visiting a website you can receive cookies both from the visited site (“owner ones”), and from sites managed by other organizations (“third parties ones “). A notable example is the presence of “social plugins” for Facebook, Twitter, Google+ and LinkedIn. These are parts of the page visited generated directly by the aforementioned sites and integrated into the page of the host site. The most common use of social plugins is aimed at sharing content on social networks. The presence on the site of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of information gathered by “third parties” is governed by the relevant information notice to which it is recommended to refer. In order to ensure greater transparency and convenience, the following are the web addresses of the various information notices also displaying how to manage cookies:
Facebook – information notice: https://www.facebook.com/policies/cookies/
Facebook – configuration: log in to your account. Privacy section.
Twitter – information notice: https://help.twitter.com/en/rules-and-policies/twitter-cookies
Twitter – configuration: https://twitter.com/settings/security
Linkedin – information notice: https://www.linkedin.com/legal/cookie-policy
Linkedin – configuration: https://www.linkedin.com/psettings/
Google+, Google Maps, YouTube, Analytics – information notice: https://policies.google.com/technologies/types?hl=en
Google+, Google Maps, Analytics – configuration: https://policies.google.com/technologies/managing?hl=en
YouTube – configuration: https://support.google.com/youtube/answer/32050?co=GENIE.Platform%3DDesktop&hl=en
Hotjar – information notice: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies
LiveChat – information notice: https://www.livechatinc.com/legal/gdpr-faq/
Some cookies (session cookies) remain active only until the browser is closed or when the logout command is executed. Other cookies “survive” when the browser is closed and are also available in subsequent visits by the user. These cookies are called persistent and their duration is set by the server when they are created. In some cases a deadline is provided, in other cases the duration is unlimited.
Google Analytics with anonymised IP
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behaviour.
Google Analytics with anonymised IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.
This integration of Google Analytics makes your IP address anonymous. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened within the United States.
Personal Data collected: Cookies and Usage Data.