Policy Privacy

This privacy policy applies to any type of information collected by us and is drawn up pursuant to art. 13 and art. 14 of EU Regulation nr 679/2016.
Our main priority is to offer you pleasant stays of the highest level; his complete satisfaction and trust are essential for us.
It is for this reason that, as part of our commitment to meet your needs, we have defined a privacy policy that formalizes our commitment to you and describes how your personal data is used by the data controller.
This document describes how your personal data is used and processed in a readable and transparent manner, also providing useful references on how to contact us.
The data controller, in the structure, may provide / provide the guest with privacy policies in addition to this privacy policy, which define the specifications of the collection and processing of data and form, together with this Privacy Policy, the basis on which the personal data of the guest will be processed by the owner.
Please read this Privacy Policy carefully. By providing your personal data and other information through our Services, you acknowledge that your personal data will be processed in accordance with the terms of this Privacy Policy. If any term of this Privacy Policy is unacceptable to you, please do not use the Services or provide any personal information.
This Privacy Policy is drafted in Italian and can be translated into other languages. In case of inconsistencies, the Italian version will prevail.


POLICY PRIVACY

1) DATA CONTROLLER
2) DATA PROTECTION OFFICER (DPO)
3) CONSENSUS
4) THE PRINCIPLES ADOPTED FOR THE PROTECTION OF PERSONAL DATA
5) TYPES OF PERSONAL DATA COLLECTED
6) SPECIAL DATA
7) WHEN PERSONAL DATA IS COLLECTED
8) PURPOSE OF THE PROCESSING
9) AUTOMATED DECISION-MAKING
10) PROFILAZIONE
11) MARKETING
12) LEGITIMATE INTEREST OF THE DATA CONTROLLER
13) METHODS OF PROCESSING THE COLLECTED DATA
14) LEGAL BASIS OF THE PROCESSING
15) MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO RETURN
16) CONDITIONS OF ACCESS TO PERSONAL DATA BY THIRD PARTIES
17) TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
18) DATA SECURITY
19) PLACE OF PROCESSING
20) DATA SHARING
21) THALASSO SPA & WELLNESS
22) SERVIZIO WI-FI
23) VIDEO SURVEILLANCE
24) MOBILE APP
25) DATA RETENTION
26) NAVIGATION DATA AND COOKIE POLICY
27) RIGHTS OF THE INTERESTED PARTY
28) ACCESS AND MODIFICATION
29) METHODS OF PROCESSING PERSONAL DATA
30) CLAIM
31) CONTATTACI
32) UPDATES


1) DATA CONTROLLER
Pursuant to art. 4 point 7) of the GDPR 2016/679, the Data Controller is;
Giubola 2000 Srl (in the person of its legal representative pro-tempore)
Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy
info@capovaticanoresort.it | giubola2000srl@pec.it | +39 0963 665760


2) DATA PROTECTION OFFICER (DPO)
Pursuant to art. 37 of the GDPR 2016/679 the data controller has appointed a Data Protection Officer (DPO). The DPO is the primary reference of the Data Controller for all relevant issues on privacy regulations, including the protection of the personal data of the interested party.
Pursuant to art. 38, § 4, data subjects may contact the Data Protection Officer for all matters relating to the processing of their personal data and the exercise of their rights.
The Data Protection Officer (DPO) can be reached at the following address:
Nicola Viscomi | infoviscomi@gmail.com
C/o Giubola 2000 Srl | Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy


3) CONSENSUS
“Personal data” means all information collected and recorded in a format that allows the personal identification of the data subject, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we invite you to read this document in which our privacy policy is described. This information on the protection of personal data is part of the general conditions applicable to all services offered by the data controller. By accepting these conditions, you expressly accept the provisions contained therein.


4) THE PRINCIPLES ADOPTED FOR THE PROTECTION OF PERSONAL DATA
The principles set out below are applicable within the business of the data controller.
> Transparency: when collecting and processing your personal data, we will communicate all the necessary information and inform you about the purposes and recipients of the data.
> Legitimacy: we will collect and process your personal data for the purposes described in this statement.
> Relevance and accuracy: We will collect only the personal data necessary for its processing and will take all reasonable steps to ensure that the personal data in our possession is accurate and up-to-date.
> Storage: we will keep your personal data for the time necessary for the processing of your personal data in accordance with the legal provisions.
> Access, rectification, opposition: you have the right to access your data, as well as modify, correct or delete it. In addition, you have the right to object to the use of your personal data, in particular to avoid receiving commercial information (marketing).
> Confidentiality and Security: We will ensure that reasonable technical and organizational measures are taken to protect your personal data from accidental or unlawful modification or loss or from unauthorized use, disclosure or access.
> International Sharing and Transfer: We reserve the right to share your personal data with third parties (for example, business partners and/or service providers) for the purposes set out in this policy and will take appropriate measures to ensure security when sharing or transferring such data.


5) TYPES OF PERSONAL DATA COLLECTED
On various occasions we will be required to request information about you and/or your family members or members or careers, such as:
> contact details (e.g. surname, first name, telephone number, e-mail address);
> personal information (e.g. date of birth, nationality);
> information about any children (e.g. name, date of birth, age);
> date of arrival and departure;
> credit card number or other payment account number, billing address, and other payment and billing information;
> data necessary to meet special requests (e.g. health conditions requiring specific accommodation);
The data controller may collect personal identification data from other third-party sources:
> via social media
> through affiliated organizations or other third parties
If the user voluntarily provides us with identification data concerning, by way of example, his health, such data will be used exclusively as necessary to satisfy special requests (always by way of example health conditions such as to require specific accommodation in the structure, or even special requests regarding food products to be avoided for any pathologies, allergies or eating disorders.
By providing such data the user expressly consents to the collection, use, processing and storage by the data controller in accordance with this policy.
The information collected in relation to persons under the age of 18 is limited to the name and surname, nationality and date of birth and such information may only be provided to us by an adult or by those who have parental responsibility. We will be grateful if you would ensure that your children do not provide us with any personal information, in particular via the Internet, without your consent. If this happens, you can contact us and provide us with the necessary instructions for deleting such information.
We do not voluntarily collect information of a particular nature concerning, for example, race, ethnicity, political opinions, religious and philosophical beliefs, membership of trade unions, nor information relating to health status or sexual orientation. The data controller may need to collect this information to meet your needs or to provide you with an adequate service, as in the case of specific diets. In this case, your prior consent may be required with reference to the collection of confidential information.


6) SPECIAL DATA
The term “particular data” means your information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person. We generally do not collect any particular information, unless it is provided voluntarily by you or if we are required to do so in compliance with applicable laws or provisions.
With regard to the personal data that fall into this category (defined by Article 9 of the GDPR) communicated by you, we inform you that the same will be processed by authorized personnel with the utmost confidentiality in compliance with the general authorization Nro 5/2016 of the Privacy Guarantor
Therefore we invite you to communicate any pathologies, allergies, intolerances, etc., to our reception staff and / or room staff, by filling out the appropriate form prepared.
This form will be kept and subsequently destroyed by authorized parties no later than three days from the date of its subscription in compliance with the provisions of the GDPR.


7) WHEN PERSONAL DATA IS COLLECTED
Personal data may be collected on various occasions, including:
a) Hotel activities and various services:
> request for quotes;
> reservations/purchase of services;
> management of payment services;
> quotation and sale of the package and / or tourist service;
> data processing activities for administrative and accounting purposes, customer assistance, etc.);
> check-in/check-out and payment;
> consumption of meals and drinks at the bar or restaurant during a stay;
> requests for information, complaints and / or disputes.
b) Commercial activity (marketing):
> promotional and marketing communications, through automated and non-automated tools;
> subscribe to newsletters, to receive offers and promotions by e-mail.
c) Profiling activities:
> Identification of preferences, tastes, habits, needs and consumption choices, in order to improve the services provided, meet the specific needs and address the commercial proposals of interest, processing personal data such as, by way of example and not exhaustive: personal data and residence / geographical area; family status; age; profession; data relating to any registration to our company websites and their use; goods or services purchased; consumption range; level of expenditure incurred; active services; frequency of use, etc .. This allows the creation and definition of your profile, useful for processing market analysis and statistics (aggregate or anonymous form); to improve the products and services offered and make them more responsive to your needs.
d) Reception/Transmission of information from third parties:
> tour operators, travel agencies, booking systems and so on.
e) Internet activity:
> connection to the websites of the data controller (IP address, cookies);
> information form, registration form, newsletter subscription, contact request, booking confirmation, for the insertion of comments, and so on;
> online data collection forms (request for quotes and / or online booking, pages of the owner on social networks, network access devices such as Facebook access data and so on).
f) Video surveillance system:
> Video shooting for the protection of the company assets of the data controller;
g) Wi-Fi service:
> Use of the free service in the structure through the registration of your social credentials, email and so on;
h) Mobile App
> Room reservation
> Check in online (in this case you will need to attach a scanned copy of a valid ID that will be deleted within 48 hours after acquisition)
> Room service order management;
> Management of reservations at a local restaurant;
> Special services such as wake-up service, late check-out or turndown service are available upon request.
> Processing of online check-out and opinion about the stay;
> Processing of requests submitted through the mobile app (eg: chat).


8) PURPOSE OF THE PROCESSING
The Data concerning the User is collected to allow the Owner to provide the requested Service, comply with legal obligations, respond to enforcement requests or actions, protect its rights and interests, detect any malicious or fraudulent activity, etc. Specifically, we collect your personal data in order to:
> Comply with our obligations to customers.
> Acceptance of your request to take advantage of the guarantee referred to in art. 50 of Legislative Decree no. 79/2011 (Tourism Code);
> Fulfill current administrative, accounting and tax obligations.
> Fulfill the legal obligations in general, including the obligation provided for by the “Consolidated Law on Public Security Laws” (Art. 109 R.D. 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for public security purposes, the personal details of the customers accommodated in the manner established by the Ministry of the Interior (Decree of 7 January 2013).
> Fulfill the obligations provided for by the residence tax (Article 4 of Legislative Decree no. 23 of 14 March 2011).
> Manage the request for quotes, various information.
> Manage the required services:
> Reservations and organization of the stay
> underwriting of the insurance policy (mandatory and / or voluntary)
> Manage the booking of rooms and accommodation requests: e.g. creation and storage of legal documents
> Manage the stay of customers at our facilities: eg: monitoring of the use of services (eg: telephone, bar, pay TV and so on), management of access to the rooms, internal management of lists of customers who behaved inappropriately during the stay at the structure (aggressive and antisocial behavior, non-compliance with the contractual terms of the structure, non-compliance with security regulations, theft, damage and vandalism or problems with payment). Improve our services, in particular: processing of your personal data for commercial activities (marketing and / or profiling); adaptation of our products and services in order to better meet your needs; Manage the relationship with customers before, during and after the stay: provision of data for the customer database; sending newsletters, promotions and tourist, hotel or service offers; management of requests to unsubscribe from newsletters, promotions, tourist offers; assessment of the right to object and other rights provided for by the GDPR; use of a dedicated telephone service to search for people staying at the facilities of the data controller, in the event that events occur that affect the structures in question (natural disasters, terrorist attacks and so on).
> Improve the services of the data controller, in particular: conducting surveys and analysis of questionnaires and customer comments (also anonymously); management of claims/complaints.
> Protect and improve the use of the data controller’s website, in particular: improvement of navigation; adoption of security measures and fraud prevention.
> Comply with local legislation, such as on the retention of accounting documents.
It is possible to have more information, on request, by contacting the Data Controller at the contacts indicated in this statement.


9) AUTOMATED DECISION-MAKING
You may be subjected to a decision based on partially automated processing, including profiling. In that case, you will have the right to obtain human intervention, to express your opinion and to contest the decision.


10) PROFILAZIONE
> The profiling purpose carried out by the Data Controller, both with human intervention and / or in partially automated mode, serves to define the profile of the interested party subject to explicit consent. The logic used by the owner is to acquire data provided directly by the interested party (e.g. through forms, questionnaires, registration forms, etc.) or on information relating to the stay experience, purchases made, services used, tastes and preferences in general, in order to formulate through electronic processing, your specific behaviors and consumption habits in order to improve, also from the point of view of quality, the services provided, meet your needs and address the commercial proposals of interest, adequate, relevant and personalized. The information, therefore, will be used to identify your behavior and consumption habits, in order to improve the services provided and send you advertising communications, relating to our products and services, in line with your interests. Communications may also take place electronically with the aid of automated tools. On the other hand, the possibility remains for the data controller to process the aforementioned data in aggregate form, in compliance with the measures prescribed by the Privacy Guarantor and by virtue of the specific exemption from consent on the basis of a legitimate interest of the data controller provided for by the same Authority, and / or by the impact assessments on data protection that the data controller has previously carried out. These treatments in aggregate form are carried out in order to carry out electronic analysis and processing (eg .: classification of the entire clientele in homogeneous categories for levels of services, consumption, possible needs, satisfaction of the service, etc.) aimed at periodically monitoring the development and economic performance of the activities of the data controller, orienting the related commercial processes, improving services and tariff plans, design and implement commercial communication campaigns through targeted and qualitatively more satisfactory offers. In addition, after anonymization, the aforementioned data may be used for processing with the sole purpose of producing statistical analysis, without any direct effect on individual customers. The processing for this purpose will be carried out directly by the data controller and / or through authorized persons and / or through external specialized subjects appointed as Data Processors. Personal data will be processed both in single and aggregate form and may be enriched, compared, crossed and / or integrated over time with the additional data in the legitimate possession of the Data Controller. The provision of data as indicated in this paragraph is optional and therefore you must therefore provide us with your explicit consent, accessing our Wi-Fi service and signing the relative consent in the registration form.


11) MARKETING
> The Purpose of Marketing, will be carried out to guide the activity of sending promotional and marketing communications, including sending newsletters and market research, through automated tools (sms, mms, email, push notifications, fax) and not (paper mail, telephone with operator); it should be noted that the Data Controller collects a single consent for the marketing purposes described herein, pursuant to the General Provision of the Guarantor for the Protection of Personal Data “Guidelines on promotional activities and combating spam” of 4 July 2013; if, in any case, you wish to oppose the processing of your data for marketing purposes carried out with the means indicated herein, as well as revoke the consent given; you may do so at any time by contacting the Data Controller at the addresses indicated in this statement, without prejudice to the lawfulness of the processing based on the consent given before the revocation. The processing for this purpose will be carried out directly by the data controller and / or through authorized persons and / or through external specialized subjects appointed as Data Processors. The provision of data as indicated in this paragraph is optional and therefore you must therefore provide us with your explicit consent, accessing our Wi-Fi service and signing the relative consent in the registration form. In order to proceed with your subscription to our “newsletters” from our site, you must issue the relative consent by ticking the appropriate box. Failure to provide consent will not affect any obligations already assumed or to be assumed. The legal basis of the processing as provided for in Article 6 of Reg (EU) 679/2016 is paragraph a): the interested party has expressed consent to the processing of their personal data for one or more specific purposes. The interested party has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.


12) LEGITIMATE INTEREST OF THE DATA CONTROLLER
> You may receive the sending of commercial offers relating to products and / or services offered by the Data Controller and similar to those previously purchased (cd. “soft-spam” – “soft spam marketing”).
> You may receive, even after your stay, the sending of a questionnaire to liking the services by e-mail, etc. (customer care questionnaires).
The processing for the purposes listed will be carried out directly by the data controller and / or through authorized persons and / or through external specialized subjects appointed as Data Processors. Personal data will be processed both in single and aggregate form and may be enriched, compared, crossed and / or integrated over time with the additional data in the legitimate possession of the Data Controller.
The provision of data as indicated in this paragraph is optional for the purposes described. The processing is carried out on the basis of the legitimate interest of the data controller to manage complaints, detect customer satisfaction, ensure a fixed and constant information reference for the guest, identify solutions and areas for improvement. At any time the interested party may oppose such processing. The legal basis that legitimizes the sending of promotional communications is found in the legitimate interest of the owner [art. 6, par. 1 letter f) GDPR.]


13) METHODS OF PROCESSING THE COLLECTED DATA
The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The processing is carried out using paper, computer and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.


14) LEGAL BASIS OF THE PROCESSING
The Data Controller processes Personal Data relating to the User if one of the following conditions exists:
> the User has given consent for one or more specific purposes;
> the processing is necessary for the execution of a contract with the User and / or the execution of pre-contractual measures;
> the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
> the processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Data Controller;
> the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.
However, it is always possible to request the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the processing is based on the law, provided for by a contract or necessary to conclude a contract.


15) MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO RETURN
The provision of data relating to the execution of the contract, preventive request and / or information and to the fulfillment of legal, fiscal, accounting, administrative obligations, etc., is mandatory and any failure to provide your data will make it impossible for the owner to perform the requested services.
The provision of data for the performance of marketing and / or profiling activities is always free and optional. Failure to provide it will have no consequence on your ability to access the features offered by the Site and / or the request for info / reservations / ….
Interested parties who have doubts about which Data are mandatory, are encouraged to contact the Data Controller.


16) CONDITIONS OF ACCESS TO PERSONAL DATA BY THIRD PARTIES
To guarantee you the right of access and modification, we are required to share your personal data with internal and external recipients, subject to the following conditions.
Within the company, in order to provide you with the best service, we reserve the right to share your personal data, allowing access to authorized personnel, including:
> staff and hotel partners;
> booking staff using booking tools;
> departments IT;
> Company rental services means of transport, shuttles etc.
> business partners and marketing services;
> medical services, if applicable;
> legal services, if applicable;
> in general, any subject (internal / external) in charge / authorized of the processing of specific categories of personal data.
Regarding service providers and partners: your personal data may be sent to third parties for the purpose of providing you with services and improving your stay and our services.
These suppliers and partners include, but are not limited to:
> External service providers: ITC companies, call centers, banks, credit card issuing institutions, lawyers, couriers, postal services, hosting providers, IT companies, communication agencies.
Our service providers contractually undertake to protect your personal data and not to use or share it except as required by law.
Third parties are designated, if necessary, as Data Processors by the Data Controller.
The updated list of Data Processors can always be requested from the Data Controller
Local authorities: The controller may also be required to send your information to local authorities if required by law or as part of an investigation and in accordance with local regulations.
In the event of any corporate reorganization, (merger, sale, assignment, or other transfer of ownership of all or part of the business, including in connection with bankruptcy proceedings, the owner may transfer all data collected in accordance with this Policy.
In addition, the data controller may make available web services (for example, they can be forums and blogs) through which the User / Guest / interested party can publish information and material on the Site. In this case, please pay attention to the possibility that any data made known through these services becomes public access as it is available to visitors to the site and the general public who could use them for any purpose.
In all this it is advisable to use discretion when disclosing personal identification data or any other information through such web services.


17) TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
Currently your personal data are processed by the data controller within the territory of the European Union and are not subject to disclosure. Any future transfer of data to non-European countries will be allowed only to: 1) non-EU countries “whose level of data protection has been deemed adequate by the European Commission pursuant to art. 45 of the GDPR”. 2) Non-EU countries other than those referred to in the previous point “after signing the standard contractual clauses (Standard Contractual Clauses) adopted / approved by the European Commission pursuant to art. 46, 2, lett.c) and d)”. On any occasion in which it will therefore be necessary to transfer the data to third countries or international organizations, it will be the responsibility of the Data Controller to take the required measures so that such processing complies with the law and subject to relative specific information to the interested party. A copy of the aforementioned guarantees can be obtained by addressing a specific request to the Data Controller in the manner provided for in the paragraph Rights of the interested party.


18) DATA SECURITY
The data controller takes appropriate technical and organizational measures, in accordance with the applicable legal provisions, to protect his personal data from unlawful or accidental destruction, accidental loss or modification, as well as from unauthorized disclosure or access. To this end, we have taken technical (e.g. firewall) and organisational (e.g. a user id/password access system, physical protection solutions, etc.). When you send your credit card information to make a hotel reservation, the security of the transaction is guaranteed by SSL (Secure Socket Layer) encryption technology. The security of e-mail communications cannot be guaranteed, so in their correspondence via e-mail to the data controller, the data subject must not include any payment data or data of a particular nature.


19) PLACE OF PROCESSING
The processing operations connected to the services of the data controller take place at the offices of the same and are handled by internal data processors who work with the collaboration of third parties designated as external data processors. No data is disseminated. The personal data provided by users who access the web services present in the interactive areas of the site (e.g. requests for quotes, reservations, newsletter subscription), will be used only for the purposes previously indicated.


20) DATA SHARING
https://www.blastnessbooking.com/reser…… browsing our website, using the “book your stay” service your information will also be shared with them and their possible affiliates. This information may include personal data such as your name, your contact details, your payment details, the names of guests traveling with you, and the preferences you specified when booking. For more information please visit their website.
Other service providers: We use service companies to manage your data on our behalf. This management serves for the purposes described in this statement, for example the management of the reservation, payments, sending marketing material, etc. These service providers are bound by confidentiality agreements and do not have permission to use your personal data for other purposes.


21) THALASSO SPA & WELLNESS
The guest accessing our premises and requesting our services, is aware of declaring under his personal responsibility, to be in good health, not to have any type of psychophysical contraindications to attend the thalassotherapy pools and the premises of the steam bath and sauna, to undergo aesthetic treatments, physiotherapy in general and to be aware that staying in such environments, given the particular microclimate it can be contraindicated in some pathological situations. In this regard, the guest is aware of always declaring under his personal responsibility not to be affected by cardio-vascular pathologies of any kind, not to be affected by hypotensive or hypertensive crises more or less serious, not to be affected by chronic hypotension, not to be affected by respiratory diseases;
not to have febrile pathologies in progress, not to be in chemotherapy treatment or not to have undergone such treatment for more than 2 months, not to present skin wounds in the healing phase and to have read the internal regulations, this privacy policy and to accept them.
We recommend our Mr. Guests to report in any case to the employees any doubt that may be related to the use of our services. It is mandatory and charged to the Guest to report the presence of a state of pregnancy and in any case even in the absence of contraindications and in good health we invite all Mr. Guests not to stay longer than the time expressly indicated for each environment. We are not responsible for any physical damage reported by Mr. Guests throughout the Center and in the Gym, including falls due to slippery floors. It is forbidden to access the Center and the Gym to children under 16 years.
The guest by accessing our premises and requesting / using our services declares that the data relating to their personal information, expressly requested by the authorized person for the purpose of assessing the actual compatibility with our wellness services, correspond to the truth. Therefore the guest relieves the employee and our structure from any responsibility related to any problems attributable to an omission, voluntary or involuntary, of information regarding any pathological, allergic, inflammatory or other states, which may compromise the state of health of the same. Finally, the guest declares to be aware of the fact that he is requesting wellness services and not medical / physiotherapy treatments of any kind, to be aware of the general conditions of sale received and to fully accept what is reported in this form. The guest received the necessary information on the processing of his personal data in accordance with current legislation consents to the processing of data and / or personal information of a particular nature. Any refusal may make it impossible to fulfill, in whole or in part, the performance of the requested services. The interested party has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.


22) SERVIZIO WI-FI
The data controller has provided pursuant to art. 28 of the GDPR 2016/679 to designate as Data Processor for the Wi-Fi service: AETHERNA SRL with legal and operational headquarters: Polo Scientifico Tecnologico ComoNExT | COMO | Via Cavour 2 Lomazzo | 22074 | info@aetherna.com | pec@pec.aetherna.com | T: 02.8936781 | customercare@aetherna.com | supporto@aetherna.com
Access to the WI-FI service is free and allowed only to users who have reached the age of 18.
The user can access the WiFi service by selecting the “guest” WiFi network from their device and choosing to log in to “Self Service” by entering their email or “Social” by entering their login credentials.
For more information, please refer to the specific information of the service.


23) VIDEO SURVEILLANCE
The personal data collected and processed through the video surveillance system are the images of people and things that are within range of the cameras. These images are processed exclusively for the pursuit of the institutional purposes of the Data Controller and, in particular, in order to protect the company’s assets by preventing and pursuing the fulfillment of any unlawful acts.
The video surveillance activity is based on the pursuit of the legitimate interest (Article 6, paragraph 1, letter f) of the GDPR) to carry out the processing for the purposes highlighted above.
Only the Data Controller may access your data with the presence of the workers’ safety representative and the same may be communicated to public subjects entitled to request the data, such as the judicial and / or public security authority; the data acquired will not be transferred abroad, neither inside nor outside the European Union.
The video surveillance system is equipped with cameras located in strategic points within the area pertaining to the Data Controller and allow the vision of images in real time (“live”), as well as the relative recording of images. The video surveillance system is in operation 24 hours a day, 7 days a week. The visualization and management of the images taken through the video surveillance system are reserved to the data controller. The data are stored with the use of appropriate security measures to prevent access by unauthorized personnel and to guarantee the confidentiality and integrity of the same.
The data subject (i.e. the person who believes he has been taken back), may exercise all the rights provided for in Article 15 et seq. of the European Regulation towards the Data Controller. In particular, you can ask the owner for access to the images, oppose the processing and request the limitation of processing and / or cancellation where applicable. The right of updating or integration, as well as the right of rectification referred to in Article 16 of the GDPR in consideration of the intrinsic nature of the data processed (images collected in real time concerning an objective fact) cannot be exercised. The right to data portability referred to in Article 20 of the GDPR cannot be exercised as the images acquired with the video surveillance system – except in the cases provided for in this information – cannot be transferred to other subjects. You may request to view the images in which you believe you have been filmed by exhibiting, or attaching to the request, suitable identification documents. The response to a request for access may not include any data referring to third parties, unless the breakdown of the data processed or the deprivation of certain elements makes the personal data relating to the interested party incomprehensible. Once the above retention periods have elapsed, it will be impossible to satisfy the access request. It is possible to exercise the rights of the interested party by requesting the data controller the appropriate form prepared.
To exercise the rights described above, the interested parties may contact the data controller and the data protection officer. The request will be answered as soon as possible. The Regulation, in this regard, provides that the response is in any case provided within one month of the request, extendable up to three months in case of particular complexity.
The provision of data is mandatory and is strictly instrumental to access to the premises of the Data Controller. In case of non-conferment, it is not possible to access the premises of the Data Controller.


24) MOBILE APP
To assist our guests in booking and / or planning their stay and to ensure its pleasant development you can use our MOBILE APP downloadable through online app stores, including the Apple App Store or the Google Play store.
Depending on how you use our mobile app, your Personal Data may be processed for the following purposes: (a) to enable you to book a room in the hotel of your choice; (b) process your online check-in; (c) manage your room service order; (d) at your request, make reservations at a local restaurant; (e) at your request, provide special services such as wake-up service, late check-out or turndown service; (f) process your online check-out and your opinion regarding the stay; (g) process requests submitted by you through the mobile app, including chat.
Notifications are disabled by default and to enable them (or subsequently disable them) the user must perform the operation directly from the application by going to the appropriate “app settings” section.
If you don’t want to receive any more push notifications through one of our mobile apps, you can opt out of push notifications in your device’s operating system settings.
For more information, please refer to the GDPR information specific to the Mobile App.


25) DATA RETENTION
We will keep your personal data only for the period necessary to fulfill the purposes indicated in this privacy policy or in accordance with the provisions of applicable law.
Your Personal Data will be kept only for the time necessary for the purposes for which they are collected, respecting the principle
minimization referred to in Article 5, paragraph 1, letter c) of the GDPR, namely:
> The data processed for the execution of a contract will be kept for a period of 10 years following the conclusion of the contract itself, unless the need for further storage arises, to allow the data controller to defend its rights.
> The data processed for the pursuit of a legitimate interest of the data controller will be kept for a period of 5 years.
> The data processed for the fulfillment of legal obligations will be kept by the data controller within the limits established by law and as long as the need for processing persists to fulfill these legal obligations.
> The digital receipt of dispatch (article 109 R.D. 18.6.1931 n. 773 and Decree 7 January 2013) will be kept – in digital and / or paper format – for 5 years.
> The data will be processed for marketing purposes for a period of 24 months and until any revocation of the consent given for the use of the same for this purpose; following this revocation, the owner will cease the processing in question and will not keep the data acquired exclusively for this purpose.
> The data will be processed for profiling purposes for a period of 12 months and until any revocation of the consent given for the use of the same for this purpose; after this period or following this revocation, the owner will cease the processing in question, delete or make anonymous the personal data resulting from this profiling activity, as well as the data acquired exclusively for this purpose.
> The images contained in the video recordings will be kept, ordinarily, for a maximum of 48 hours from the detection, without prejudice to special needs of further conservation in relation to holidays or closure of the activity of the Data Controller, as well as in the event that it is necessary to adhere to a specific investigative request of the judicial authority or police bodies. After this deadline, the images will be automatically overwritten.
Once the retention periods indicated above have elapsed, the data will be deleted, destroyed or made anonymous, compatibly with the technical procedures of backup and cancellation. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised. In any case, the further conservation provided for by the applicable legislation, including that provided for by art. 2946 of the Italian Civil Code.


26) NAVIGATION DATA AND COOKIE POLICY
The computer systems and software procedures used to operate this website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This would be information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data, for example, includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not currently persist for a time longer than that allowed by the law.
The site uses ‘Cookie’ technology to improve the possibility of using the services offered, by associating a ‘Cookie’ with the connected visitor.
This website uses cookies. To learn more and to read the detailed information, the User can consult the Cookie Policy.


27) RIGHTS OF THE INTERESTED PARTY
The interested party has the right to ask the data controller and / or the data protection officer, access to personal data concerning him, the correction or cancellation of the same, the limitation of processing, data portability, he has the right to oppose the processing, he has the right to oppose profiling, to lodge a complaint with a supervisory authority. The interested party has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
For the complete and exhaustive list of rights exercisable by the interested party, please refer to Articles. 15 et seq. of the GDPR 2016/679.
You can exercise the rights of the interested party by writing:
> Giubola 2000 Srl (data controller)
Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy
info@capovaticanoresort.it | giubola2000srl@pec.it | +39 0963 665760
Nicola Viscomi | > infoviscomi@gmail.com (Data Protection Officer)
C/o Giubola 2000 Srl | Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy
It is possible to request the appropriate form prepared by the owner to exercise his rights.


28) ACCESS AND MODIFICATION
You have the right to access your personal data collected by the data controller and to modify them, without prejudice to the applicable legal provisions; he can also exercise the right to object. To exercise your rights, you can write to:
> Giubola 2000 Srl (data controller)
Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy
info@capovaticanoresort.it | giubola2000srl@pec.it | +39 0963 665760
Nicola Viscomi | > infoviscomi@gmail.com (Data Protection Officer)
C/o Giubola 2000 Srl | Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy
In the event that your personal data are not correct, complete or updated, we invite you to notify us in the manner identified above. All requests will be processed as soon as possible and in accordance with applicable law. You may also exercise your rights in relation to personal data stored and processed following a stay.


29) METHODS OF PROCESSING PERSONAL DATA
The processing of your personal data will take place, in compliance with the provisions of the GDPR, using paper, computer and telematic tools, with logic strictly related to the purposes indicated and, in any case, with suitable methods to guarantee security and confidentiality in accordance with the provisions of Article 32 GDPR.


30) CLAIM
Pursuant to Regulation (EU) 2016/679, you have the right both to lodge a formal complaint with the Guarantor authority (art. 77) in the manner indicated on the Authority’s website at:
> https://www.garanteprivacy.it/home/modulistica-e-servizi-online
and to bring an action before the courts (Article 79).


31) CONTATTACI
If you have any questions about our Policy or how the data controller handles your personal data, please contact the data controller
Giubola 2000 Srl (in the person of its legal representative pro-tempore)
Contrada Tono, snc | 89866 Fraz. St. Nicholas | Ricadi (VV) – Italy
info@capovaticanoresort.it | giubola2000srl@pec.it | +39 0963 665760


32) UPDATES
We reserve the right to change this policy from time to time; accordingly, we invite you to consult it regularly. Any changes to this Policy will become effective upon posting.
The use of the Site after the last publication of these changes implies the acceptance by the user of the new version.
(Policy Privacy updated: 19/07/2022)