INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to Art. 13 of the EU Regulation 2016/679
This page describes the processing of personal data carried out to provide services to Users/Clients following consultation of the website https://www.aguaresort.it. Respecting the privacy of our Users/Clients and Visitors (and in general of the Interested Parties) is a priority for us.
This Privacy Policy applies to all data processing carried out to provide the services rendered by AGUA BEACH, AGUA RESORT, and AGUA RESIDENCE.
Our main objectives are:
• To ensure that our Users/Clients understand what personal data we collect, for what purposes, and for how long;
• To clearly and transparently explain how we use the personal data that our Users/Clients provide to us and with whom we share it, in order to offer an increasingly efficient Service;
• To illustrate to our Users/Clients their rights (including new ones introduced by the GDPR) and their possible choices regarding the processing of personal data, ensuring, on the one hand, greater control over them and, on the other hand, greater protection.
Who is the Data Controller?
SAN LORENZO VACANZE S.R.L. with its registered office in Pescara, Via Ragazzi Del ’99 7, VAT number 01732150683, is the Data Controller (hereinafter the “Controller” or “we”).
The Controller’s website is: https://www.aguaresort.it/
You can contact the Controller at the following email address: info@aguaresort.it
SAN LORENZO VACANZE S.R.L. and AGUA GREEN SOCIETA’ AGRICOLA S.R.L. with its registered office in Silvi Marina (TE), Via Roma 308, VAT number 01914370687, due to a constant business relationship through which they jointly provide various services at their respective accommodation facilities, have signed a joint controllership agreement under Art. 26 GDPR. Therefore, both parties are Data Controllers, with whom rights can be exercised.
Dear User/Client,
before communicating any personal data while browsing the website, we invite you to read this privacy policy (“Privacy Policy”) carefully, as it contains important information on the protection of personal data and the security measures adopted to ensure their confidentiality in full compliance with the applicable legislation.
We inform you that the processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
What is meant by personal data and WHAT DATA do we process??
“Personal data” means any information suitable to identify, directly or indirectly, a natural person, in this case, the User/Client (the so-called Data Subject), who uses the services offered through the website.
In particular, we collect and process the following personal data necessary to fulfill the obligations arising from the hospitality services offered, including contractual or pre-contractual relationships established with Clients:
• Personal and identification data (name, surname, date and place of birth, tax code, gender);
• Residence address, phone number, and email address;
• “Health data,” that is, “personal data related to the physical or mental health of a natural person, including the provision of health care services revealing information about their health status” (Art. 4, No. 15, EU Regulation), necessary to meet any requests from Users/Clients regarding disabilities or special dietary regimes to follow.
• In general, any other data and information necessary for the conclusion and execution of the contract (e.g., VAT number, bank account details, credit card details).
Types of Processing
The data processing activities are defined in Art. 4 No. 2 of the EU Reg. 2016/679, which we report below for ease of reference: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.
Among the Personal Data collected by this website are:
Navigation data
The website’s computer systems collect some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow you to be identified. This category of data includes IP addresses or domain names of the devices used to connect to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to your operating system and computer environment. These data are used to obtain anonymous statistical information on the use of the Site and to check its correct functioning; to allow – given the architecture of the systems used – the correct provision of the various functionalities you requested, for security reasons, and to ascertain responsibility in the event of hypothetical computer crimes against the Site or third parties and are deleted after 7 days.
WHY do we process personal data?
a) Responding to User Requests
– The Data will also be processed to respond to requests that Users/Clients may send to the contacts available on the Site: for this purpose, it is necessary for Users/Clients to provide their contact details (name, email, phone number, etc.) as, without them, it will not be possible to respond to them. The legal basis for this processing is the necessity to carry out pre-contractual and contractual measures adopted at the User’s request and to comply with related legal obligations.
b) Managing Services Provided
First of all, we collect and process the personal data that are strictly necessary to follow up on the requested hospitality services, i.e., for purposes necessary both for pre-contractual activities (e.g., online booking management, creditworthiness verification, credit card pre-authorization), and for the management and execution of the established contractual relationship (administrative and accounting activities, customer assistance, complaint management, debt collection), and for the provision of services strictly connected and instrumental to them, requested from time to time through the website (Art. 6 letter b) of the Regulation);
Providing personal data for the above purposes is essential to regularize the presence of clients at our accommodation facilities and is therefore mandatory. Refusal to provide the above data, although legitimate, would compromise the ability to provide the requested hospitality service.
In this context, moreover, the processing of personal data might be necessary to enable the use of personalized Services, to manage our clientele and their satisfaction level, as well as to handle any complaints.
The processing of personal data may also be justified by compliance with legal obligations (administrative, accounting, fiscal) and requests from Authorities or other binding regulations.
c) Additional Purposes
Newsletter
With consent (and subscription), always revocable following a simple request addressed to the Controller at the references indicated here, sending via email, post and/or SMS and/or phone contacts the newsletter of SAN LORENZO VACANZE S.R.L.
Marketing and Commercial Purposes
With consent, always revocable following a simple request addressed to the Controller at the references indicated here, the Client / Data Subject:
Sending via email, post and/or SMS and/or phone contacts commercial communications and/or advertising material on products or services offered by the Controller and/or customer satisfaction surveys;
Sending via email, post and/or SMS and/or phone contacts commercial and/or promotional communications from third parties (e.g., business partners, etc.);
The legal basis for the processing is the Data Subject’s consent.
LEGAL BASES OF PROCESSING
We process personal data lawfully, where processing:
• is necessary for the performance and execution of the services offered (Art. 6 para. 1 letter b GDPR);
• is necessary to comply with a legal obligation incumbent on the company (Art. 6 para. 1 letter c GDPR);
• is based on explicit consent for sending informational and commercial communications, including promotional ones, as well as advertising material (Art. 7 GDPR).
The data collected will be recorded and stored only to meet the purposes related to managing the current relationship.
Consent to Processing
The collection of consent from the Data Subject for the purposes mentioned in points a) and b) is not necessary, as provided by Art. 6 letters b), e), f) of the EU Regulation 2016/679. Conversely, it is necessary to document (traceability) the acquisition of consent (Art. 7 EU Reg. 2016/679), collected specifically and separately, for the purposes of newsletters, marketing, and commercial activities mentioned in point c). In any case, it is always possible to express dissent towards the processing mentioned above at the Controller’s premises, but we inform that providing data for the purposes mentioned in art. a) and b) is mandatory. Without them, we will not be able to respond to the requests of Users/Clients nor provide our services through the website, while still needing to process to comply with specific regulatory requests and/or from Authorities.
Users with doubts about which Data are mandatory are encouraged to contact the Controller at the following email address: privacy@aguaresort.it
Cookies
Cookies are information entered on your browser when you visit a website or use a social network with your PC, smartphone, or tablet.
Each cookie contains different data such as, for example, the name of the server it comes from, a numerical identifier, etc.
Cookies can remain in the system for the duration of a session (i.e., until you close the browser used for web browsing) or for long periods and can contain a unique identifier. For more information on the use of cookies, read the Cookie Policy that you will find below.
HOW and WHERE do we process personal data?
We collect personal data directly, through our website, or through the various online booking systems that we use.
In any case, we process personal data in accordance with the principles of lawfulness and correctness and always operate in such a way as to guarantee the confidentiality and security of the information.
We also undertake to ensure that the information and data collected and used are adequate, relevant, and limited to what is necessary in relation to the purposes described above, and that personal data are processed in such a way as to guarantee their security, also through appropriate and effective technical and organizational measures implemented by the Data Controller, in compliance with the principle of Accountability (cd. Accountability) prescribed by the new EU Regulation.
These measures guarantee, in any case, that access to personal data is granted only to persons authorized by the Data Controller, as well as to third parties who are in any case appointed as external Data Processors
WHO do we communicate the data to?
We disclose data exclusively to the subjects (Joint Data Controller, Data Processors, appointed External Processors or recipients by law) of which we avail ourselves for the performance of activities necessary for the achievement of the purposes described in the previous paragraph 3, for the execution of the requested Hosting Services, or for purposes strictly connected and instrumental to the management of the pre-contractual relationship (booking phase), the execution of the contractual relationship, as well as the subsequent administrative and accounting management, in particular.
WHERE do we transfer data?
The Data are processed at the operating offices of the Data Controller and at any other place where the parties involved in the processing are located. For further information, contact the Data Controller. Some Personal Data is transferred to Recipients that may be found outside the European Economic Area. We assure that the electronic and paper processing of your Personal Data by the Recipients takes place in compliance with the Applicable Law. The transfer of data outside the European Union takes place on the basis of an adequacy decision or on the Standard Model Clauses approved by the European Commission.
HOW LONG and WHERE do we store personal data?
We store Personal Data only for the time necessary to process it for the purposes mentioned above.
In particular, the following are the main periods of use and storage of your personal data with reference to the different processing purposes:
a) we will process the data for the duration of the contract and as long as there are obligations or obligations related to the execution of the contract. After the termination of the contractual relationship we will keep them for 11 years to fulfill legal obligations or to defend our rights;
b) with regard to processing based on consent, for example for marketing purposes, the data will be processed for the duration of the contract and as long as there are obligations or obligations related to the execution of the contract, unless you object to the processing or withdraw your consent;
d) for the fulfillment of legal obligations, the data will be processed and stored as long as the need for processing persists to fulfill these legal obligations.
In any case, the aforementioned personal data will be stored both in the cloud and on suitable computer storage in a special room server or at the administrative office of the Data Controller, adequately secured, both on paper support by means of files kept at the administrative office of the Accommodation Facility, with suitable fireproof lockers locked and whose access is reserved only to subjects authorized by the Owner.
What are the RIGHTS as a Data Subject?
At any time you can exercise, pursuant to art. 15, 16, 17, 18, 19, 20, 21 and 22 of EU Regulation 2016/679, against the Data Controller, the following rights.
• Right of access: the right to obtain confirmation about the existence or not of a processing concerning your data and the right to receive any information relating to the same processing;
• Right to rectification: the right to obtain the rectification of your data, if they are incomplete or incorrect;
• Right to cancellation (c.d. “right to be forgotten”): in certain circumstances provided by the Regulation, you have the right to obtain the deletion of your data present in our archives if they are not relevant for the purposes of the continuation of the contractual relationship or are necessary by law;
• Right to limitation of processing: upon the occurrence of certain conditions, you have the right to obtain the limitation of processing, if not relevant for the purpose of the continuation of the contractual relationship or necessary for legal obligation;
• Right to data portability: the right to obtain the transfer of your data in favor of a different Data Controller;
• Right to withdraw consent: the right to withdraw consent to the processing of your data for commercial and/or advertising purposes, as well as the processing of health-related data in relation to the specific Hospitality Services requested, at any time, without prejudice to the lawfulness of processing based on consent prior to withdrawal;
• Right to lodge a complaint with the Supervisory Authority: at any time, you have the right to promote requests for the exercise of your rights. In any case, if you wish to make a complaint about the way your data is processed, or about the handling of a complaint you have made, you have the right to file a complaint directly with the Supervisory Authority
The above rights may be exercised against SAN LORENZO VACANZE S.R.L. as Data Controller, writing to the e-mail address: privacy@aguaresort.it or by calling: +39 0931 841684.
The exercise of your rights as a data subject is free of charge pursuant to Article 12 of EU Regulation 2016/679.
Changes to our Privacy Policy
The Data Controller reserves the right to modify and/or implement this privacy policy, also due to subsequent legislative changes after coming into contact with the Users/Customers of the website, or recommendations, general authorisations, guidelines, further guarantee measures indicated by the Italian or European Privacy Supervisor, but always in order to provide greater protection for the processing of personal data. The aforementioned changes will take place only after having informed you by means of communication on our website, or, if this is not technically possible, by sending you a written notification to one of the contact details held by the Data Controller.
If the changes affect processing operations whose legal basis is consent, the Data Controller will collect the consent again, if necessary.
