The personal data provided by you (hereinafter “Data Subject”) while browsing this website (hereinafter, “Website”) will be processed fairly and in a transparent manner for legal purposes and in full respect of your privacy and rights in compliance with the Community legislation governing the protection of personal data (EU REG. 2016/679).
This document does not apply to any other websites the Data Subject may access by clicking on the related link found on the Website.
Data will be processed for the following purposes in the following ways:
1. Data Controller.
Pursuant to the aforementioned legislation, the Data Controller is the company Ducato Srl with registered office in Cannaregio 4438, 30121 Venezia and operational headquarter in San Marco 4283, 30124 Venezia, mail: email@example.com
2. The object of the data processing.
Data Controller will process the personal data provided by the Data Subject in filling in the Website forms (name, surname, address, fiscal identification code, email, phone and/or mobile, payment data) for the purposes indicated herein only.
3. Purposes of and legal basis for the processing.
The purposes of the processing generally pursued by the Data Controller may be summarized as follows:
a) enabling the Data Controller to reply to any messages submitted by the Data Subject (“Contacts”); legal basis: Data Subject’s consent;
b) enabling the Data Controller to fulfill a room reservation request made by the Data Subject; legal basis: performance of the contract of which the Data Subject is a party;
c) enabling the Data Controller, with the Data Subject’s prior specific consent, to send him/her newsletters and/or commercial offers; legal basis: Data Subject’s consent…
4. Categories of personal data.
The data processed will be those data – described in point 2 – strictly necessary for the requested and/or agreed purposes.
5. Recipients or categories of recipients of personal data.
The data provided by the Data Subject will be made available to:
Data Controller’s employees and collaborators;
public offices and credit institutions;
companies in charge of providing IT assistance (computer network, website, etc.) to the Data Controller;
professional firms the Data Controller deals with to fulfill it’s administrative, accounting, tax, legal, etc. obligations company managing electronic payment.
The list of the aforementioned subjects, who will be identified as external processors, is kept constantly updated by the Data Controller and will be made available to any Data Subject asking for it.
Data will not be disclosed and will be processed using organizational and logical methods related to the aforementioned purposes.
6. Data processing methods.
Data will be processed using appropriate tools that ensure its security and confidentiality, including both analog and automated (IT or telematic) devices for storing, managing and transmitting data.
Data will be managed and stored in servers belonging to the Data Controller and/or authorized third-party companies; such servers are located within the EU and the Data Subject’s data will not be transferred outside the European Union.
7. Retention period.
The Data Controller will keep processing the personal data provided by the Data Subject as long as necessary for the above-said purposes. More specifically:
– the name, surname and email address given in online forms (“Contacts”) will be kept, with the Data Subject’s prior specific consent, for no more than 36 months for the purpose of sending newsletters and/or commercial offers to the Data Subject;
– the data provided while booking a room (name, surname, address, fiscal identification code, phone and/or mobile, payment data) will be stored as follows:
a) email, phone and/or mobile number will be deleted after ten days from the end of stay thus enabling the Data Controller to check if the room was left in good condition and to contact the Data Subject in case of need;
b) fiscal data (name, surname, address, fiscal identification code) will be kept for 10 years in accordance with the law;
c) payment data will be stored for as long as strictly necessary for the purposes explained above and in compliance with the law.
8. Data Subject’s rights.
The Data Subject has the following rights:
a) the right to obtain access to his/her personal data (after being informed that his/her data was processed by the Data Controller);
b) the right to obtain rectification and integration of his/her personal data;
c) the right to obtain the erasure of his/her personal data;
d) the right to obtain restriction of the processing of his/her personal data;
e) the right to receive the personal data provided to the Data Controller in a structured and commonly used format and to be allowed to transmit them to another controller;
f) the right to object to the processing of his/her personal data if there are reasons related to his/her personal situation;
g) the right not to be subjected to any automated decision-making process – including profiling – that produces legal effects affecting him/her;
h) the right to obtain notification of any serious breach of his/her personal data;
i) the right to withdraw consent to the processing at any time;
l) the right to lodge a complaint with a supervisory authority.
The Data Subject may exercise the aforementioned rights by sending a communication to the Data Controller to the address indicated in the previous art.
9. Nature of data provision and the consequences of refusal. Providing data (name, surname, address, fiscal identification code, email address, telephone and/or mobile phone, payment data) for the purposes indicated above in point 3b) is necessary and mandatory. Failing this, the Data Controller will not be able to provide the requested services to the Data.