Information and request consent to the processing of personal data

Information and request consent to the processing of personal data



Information and request consent to the processing of personal data  Information document according and for the effect to the article 13, D. Lgs. June 30, 2003, No. 196
Privacy Policy
In compliance with D.Lgs. June 30, 2003, No. 196 (Privacy Consolidation Act) and subsequent changes, we hereby supply you all due information concerning the purposes and methods for your personal and sensitive data processing in our possession.
This information is not valid for other web sites which might be visited through links contained on all the web sites  of data controller’s domain name. The data controller shall not be considered responsible for third parties’ web sites. When accessing the Site it is also possible to distinguish the data deriving from the user’s navigation only, from those provided voluntarily by the user in relation to certain purposes.
Data deriving from the user’s navigation
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of internet communication protocols. These pieces of information are not collected to be associated with identified interested parties, but by their very nature could allow to identify users through elaborations and associations with data held by third parties. These processing activities and data binding are never carried out by the data controller. This data category shall cover: IP addresses or domain names of computers used by users who connect to the Site, the URI-mapped addresses (URI stands for Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, and so on) and other parameters relating to the operating system and to the computing environment of the user.
These data are exclusively used in anonymous  form and for statistical purposes related to the use of the site and its correct functioning.  The data could be used and stored in case of suspected cyber-crimes against the Site, for which the data controller reserves the right to place the matter before the competent authorities to ascertain any liability.
Data provided voluntarily by the user
The personal data provided by the users who voluntarily interact with the Site and give their personal information to obtain certain services (such as requests for information, e-mail messages and so on) are only used to perform the requested service or provision and are communicated to third parties just in case this is strictly necessary for the execution of the service (shipment of material, provision of assistance and so on).
Specific summaries of information are reported or displayed in the pages of the Site dedicated to on-demand services, so that they can draw the data subject’s attention on the processing of his/her own personal data. 
With the exception of what above specified concerning navigation data, the provision of personal data is optional and discretionary, although it might be necessary for some specific services, where the non-submittal of one’s personal data could jeopardize or even make it impossible to get the required service.
Cookies
The software applications used may contain “cookie” technology. Cookies are primarily used to facilitate the navigation. Cookies may provide pieces of information regarding the navigation within the Site as well as enable the functioning of some services which require the identification of the user’s path through different pages of the Site.
The Cookies of the software applications are anonymous and not linked to the user’s personal data. Regardless of cookies, any portal access records the type of browser (e.g. Internet Explorer, Netscape),  the operating system (e.g. Macintosh, Windows) the host and the visitor’s URL (Uniform Resource Locator), in addition to the data on the requested page. The user can set the browser to notify him/her when a cookie is received and then he/she can decide to delete it.
More information on cookies can be found on the websites of the browser providers.
Different types of cookies
“Cookies are divided into “session cookies” and “persistent cookies”. Session cookies are temporarily stored in the computer memory only during a user’s browsing session and are automatically deleted from the user’s computer when the browser is closed.  On the contrary, persistent cookies are stored on the computer hard drive of the visiting user until they expire. Persistent cookies are used primarily to facilitate the navigation of the site, to understand which site sections have created a number of pages and users and to supply advertising formats. Session cookies make the interaction between users and web sites faster and easier. They do not collect any information from the user’s computer and/or user’s personal data, neither keep they track of the user’s session habits.  Persistent cookies are used on this website at time of booking, in order to increase the speed of data entry in the following reservations. In any case, we will retain only the data related to Name, address, postcode, town, province, Country, Telephone, E-mail and date of birth. In no way will be kept data on your credit card.
First-party cookies are only associated with the domain that has created them;
Third-party cookies are created by a Web site other than the one you are currently visiting, such as, for example, by Google Analytics.
The software used for site and platform creates a user cookie for statistical purposes related to the user’s surfing habits. These data are then stored in Google Inc.
For more information about Google Analytics cookies please refer to Google’s official documentation by visiting following url: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html

Purposes of data processing for which you grant consent where required (Section 23, D. Lgs. 196/03.)
Voluntarily-provided personal and sensible data shall be processed for following purposes, unless otherwise notified:
- to surf the current internet site;  
- provision of hotel services and for the fulfillment of your booking at our Hotel and for the protection of credit positions arising therefrom;
- For activities that are strictly connected and critical to customer care relationships (e.g. acquisition of preliminary data at the conclusion of a contract, performance of operations according to the commitments included in the contract stipulated with the customers, etc.);
- for the management of insurance for liability and third parties;
- to carry out information activities, to process your requests for information on services, to draw up offers and quotations;

Methods of data processing - Data Retention
The personal data will be carried out by electronic, automated and / or manual, with methods and tools to ensure maximum security and confidentiality, by persons authorized to do so in compliance with the requirements of Art. 31 and following D. Lgs 196/03. The data will be kept for a period not exceeding the purposes for which the data were collected and subsequently processed.

Ambit of communication and diffusion
All personal data obtained will be treated confidentially and will not be disclosed. Your data may be shared with any company doing business with Villa D’Este Spa  in order to comply with contractual obligations or related purposes. Furthermore, these data may also be disclosed to following third parties:
- entities that provide services for the management of the information system used by Villa D’Este Spa  and the telecommunications networks (including e-mail) example Elever Srl Milan.
- company that is responsible for collecting the reservation data: AEC Advertising and Electronic Commerce srl;
- firms or companies which provide assistance and advice;
- Insurance Company  in case of civil liability and third parties;
- Credit institutions for the management of receipts and payments, financial institutions, insurance and audit
- competent authorities who enforce the law and/or regulations promulgated by public bodies, on request.
The above mentioned entities shall act as Responsible for the Data Processing or may perform their tasks fully independently, as if they were the Data Controllers. The list of data processors is constantly updated and it is available at Villa D’Este Spa’s headquarters. Any further communication or dissemination shall be possible only with your explicit prior consent.

Nature of underwriting
The disclosure of your personal data is discretionary but necessary in order to be contacted and/or to sign up for the current web site. You shall exercise your rights in accordance with Legislative Decree No. 196 dated June, 30th 2003  Sections 7, 8, 9 and 10, by contacting the Data Controller, t.i. our Company, in the person of its legal representative, who appointed Mr. Robert Webber as corporate Data Processor, in accordance with Article 29 of the Privacy Law concerning the processing of personal data.  Pursuant to Legislative Decree No. 196/2003, Section 7 you can exercise your rights by contacting the above appointed Data Processor at our headquarters, either by sending us an email at info@hotelbarchetta.it.

Section 7. (Right to Access Personal Data and Other Rights)
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form. 2. A data subject shall have the right to be informed a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing. 3. A data subject shall have the right to obtain  a) updating, rectification or, where interested therein, integration of the data; b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. 4. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

If you do not want to be contacted any more, the processing of your personal data will cease immediately. When contacting the data controller, please provide your e-mail, your name, your full address and/or your phone number, to enable the correct handling of your request.

Changes to the Privacy Statement
The data controller reserves the right to modify, update, add or remove portions of the current Privacy Statement at his discretion and at any time. We encourage you to periodically review this page for the latest information on our privacy practices. To make this review easier for you, our privacy statement will contain the date of the publication on the website. Any use of the site following the posting of changes will constitute your agreement to the same.

The data processing titular is: Villa D’Este Spa, legal representative pro tempore Danilo Zucchetti
Via Regina, 40 – 22012 - Cernobbio (CO)

Cernobbio, March 15 2013

The titular
Villa D’Este Spa