INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA ( in accordance with Art. 13 – EU Regulation 2016/679 – GDPR )

As a consequence of the application of the General Regulation on Data Protection (GDPR), EU Regulation
2016/679, we want to remind you that the personal data you have transmitted to us will continue to be treated in full compliance with this new legislation.
Personal data processing means any operation performed with or without the use of automated processes and applied to personal data, even if not recorded in a database, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, comparison or interconnection, limitation, cancellation or destruction.
We hereby supply you all due information:

a) Data Controller

Our data controller is: Nore Dreissigacker
registered office:
phone:
e-mail:

The Data Controller processes personal data, such as name, surname, company name, address, telephone number, e-mail address, bank and payment details (hereinafter “data”) that you have communicated on the conclusion of contracts for services of the data controller.

b) Purpose of the processing

The data relating to you and requested to you during the stipulation of the booking contract concerning your stay at Bagno Sabbia d’Oro beach are processed in order to execute the task received (management of reservations) and to fulfill the obligations established by law, by the Community legislation or by an order of the Authority, and for all the accounting and tax obligations deriving.

The data will be processed on magnetic and paper support by persons authorized to perform these tasks, constantly identified, appropriately educated and made aware of the constraints imposed by the relevant legislation, with the use of security measures to ensure the confidentiality of the interested party and to avoid undue access to third parties or unauthorized personnel;

The data will not be processed by: internal employees, external suppliers, and / or collaborators in general; The data will not be diffused;
Such data a) and b) are therefore indispensable for the correct execution of the operations deriving from
the contractual relationship and therefore the relative conferment is obligatory as the eventual refusal to communicate such information would make it impossible to establish the relationship.

c) Data retention

The retention of data can only be done if the purposes of the processing are not reasonably achievable by other means and for a time not exceeding the purposes for which they were collected and subsequently processed. Therefore they are canceled as soon as the purpose of their use is exhausted or until the revocation of the specific consent by the interested party occurs;

d) Customer rights

Pursuant to the 15, 16, 17, 18, 19, 20 and 21 of the EU Regulation, the interested parties are informed that they have the right to ask the Data Controller:

1) the access to their personal data
2) to update and/or integrate them
3) the correction of data when they are incorrectly transcribed
4) to transform them into an anonymous form or to block them
5) the cancellation or the oblivion according to the cases
6) the limitation of the treatment because, for ex. some data are in excess
7) the portability, t.i. transferring data to another owner without costs at their expense
8) to oppose the processing for legitimate reasons
9) to withdraw consent at any time without prejudicing the lawfulness of the treatment based on the consent given before
10) to present a formal complaint to the Privacy Guarantor following the procedures and indications published in the Authority’s official website http://www.garanteprivacy.it
11) to present a judicial appeal against the decision of the Supervisory Authority
12) to present a judicial appeal against the Data Controller or the Data Processor in the event of infringement of the protected rights. The exercise of rights is not subject to any form constraint and is free.

The parties may exercise the rights set out in points 1 to 9 at any time by sending a registered letter or a certified e-mail to the Data Controller address, as set out at point a).