http://www.gardentoscanaresort.com/ informs that the “request form” (the data collected by the same) conforms with principles of legitimacy, secularity, and transparency, and protects your privacy and your rights. Your data will be processed as follows:
1) Collection and purpose of processing:
The collection and processing of data are carried out by ERREDICI S.R.L. solely to provide the requested information.
2) Processing methods – Distributors
The processing of data for the aforementioned purposes is conducted using IT tools, in compliance with the rules of confidentiality and security stipulated by law. The data may be processed, on behalf of Erredici, by persons in charge of managing customers / suppliers or persons in charge of maintaining the IT system. The person responsible for personal data is Pietro Ravazzani.
3) Purpose of the collected data
The collected data will be used to provide requested services. They are of an informative nature and for the provision of ancillary services. The data collected through the request form will be used exclusively to provide the requested service or to answer questions asked by the user.
Where consent is given to be sent updates on the www.gardentoscanaresort.com site, the data may be uploaded to third-party databases in order to provide the newsletter service (this will be indicated at the time of subscription and will require specific consent).
Where the portal collects this data, approval will be requested through the appearance of a confirmation flag. In no case will the user be registered without explicit confirmation of approval of registration to a specific service (e.g. the information collected via the contact form cannot be used for sending newsletters: this will need separate and explicit consent).
For e-commerce services, the portal may eventually utilize the user’s browsing data to customize a service according to preferences previously expressed by the user. Such data will in no way be communicated to third parties and will only serve to improve the user’s experience.
4) Provision of data
The user is free to provide the personal data requested in the form or not. If the necessary data is not provided, it will not be possible to provide the service requested by the user.
5) Data communication
No data deriving from the web service is communicated or disclosed to third parties. In the event of subscription to gardentoscanaresort.com newsletters or communication services (currently not enabled), the platform pertinent to these services will be indicated at the time. This platform is chosen in compliance with European GDPR regulations. The data collected on this third party service is protected by high standards of security and will be used by gardentoscanaresort.com to improve the services to which the customer has freely subscribed. At any time, the user can request a copy and / or cancellation of their data collected through this service by writing to Erredici s.r.l., email@example.com. In no case will Erredici s.r.l. provide this information to third parties for information, market analysis, advertising, or for other purposes.
6) Data retention security
The data on the website is stored on Register.it platforms which meet high security standards. All that is collected is anonymous data that is utilized to offer the user a better browsing service. This anonymous data is also processed through Google Analytics in order to assess the trends of services. In no case will this anonymous data be shared with third parties.
In case of subscription to continued services such as newsletters, data will be stored through third-party services chosen in compliance with GDPR regulations. The user will have the opportunity to view the regulation of these services by going to the portal of the third-party service indicated in this document. In case of changes in data processing, the user will be notified by gardentoscanaresort.com and will have the right to request cancellation of the service and related collected data.
In case of registration with username and password, data collected for registration will be stored securely on the platform and will not be disclosed to third parties.
For services such as e-commerce, data communicated to Erredici s.r.l. will be stored securely. Payment methods have a gateway such that no sensitive payment data is communicated to Erredici s.r.l .; Erredici s.r.l. will only be informed of confirmation of payment by the external certified circuit to which the user was sent at the time of payment.
7) Duration of data retention
Given their anonymous nature, there is no automatic cancellation of services directly connected to navigation. In line with regulations, the user can, in any case, request the verification and cancellation of their data from the site server by writing to firstname.lastname@example.org. The user must provide information to enable their data to be traced, and to request a copy or cancellation of it, in order to avoid obtaining the data of other users.
In regards to continuing services, such as newsletters, it is possible to request a copy of the collected data and / or the cancellation of the same at any time.
In regards to information given, for example, through request forms, data will be kept for the time needed to provide the requested service. When necessary, data may be kept in order to maintain contact with the user in case of further requests, and to comprehensively respond to queries in light of previous requests. The user can request a copy of the collected data and / or their cancellation by writing to email@example.com at any time.
Regarding registration to both the portal and to e-commerce services (if the platform has been provided for them), the retention period is subject to the user’s presence on the portal, and data is kept exclusively for users to utilize services and for them to be able to make purchases through the portal.
The user can request a copy of collected data and / or its cancellation by writing to firstname.lastname@example.org at any time. In the case of registration services (newsletter, a reserved area of the site, e-commerce) the user will be able to cancel the service at any time via the portal (or by e-mail received in the case of a newsletter).
8) Rights of the interested party
In accordance with GDPR regulations, Erredici s.r.l. now undertakes to communicate to the guarantor and user any breach of security systems and loss of sensitive user data, and to communicate all the procedures put in place to resolve the problem and prevent it from happening again.
9) Holder and process manager
The data manager is ERREDICI S.R.L., represented by Pietro Ravazzani
10) By submitting the form from the page “work with us”, or by sending an e-mail to email@example.com, you give your consent to the processing of personal data and the use of your curriculum, attached if necessary, for operations to do with selection of personnel. You also give your consent for the conservation of your curriculum for future selections, if the latter is of interest to the company. Conservation will be used for future selections if a new job appears. All other specifications of this document remain valid for the request for data conservation and any request for cancellation, by writing to firstname.lastname@example.org. We inform you that your data, as per regulations, will not be transferred to third parties.
11) Booking system
The www.gardentoscanaresort.com site uses GP DATI HOTEL SERVICE SPA to manage third party bookings.
Those in charge of bookings are applications consultants, systems operators and employees tasked with analysis, development, quality control and managing help desks. GP DATI Hotel Service SpA email@example.com, is in charge of processing, and is represented by Data Protection Manager (DPO) Mario Brocca Ufficio.firstname.lastname@example.org.
The GP DATI (Scrigno and Hoasys) Property Management Systems (PMS) are strongly vertically integrated and, focused on hotel industry management. These systems process hotel guests’ personal data, including dates of stay, services used and products consumed. The PMS interact with their own or third-party transversal functions to conduct upstream and downstream processes. The PMS have a Data Base (DB) on which they operate and upon which the processed data is stored.
Collected data is stored in the GP Data Hotel Service SPA Data Base. Identification data needed for the completion of the reservation procedures include personal and credit card details, and data on consumption and services purchased during a stay.
DATA WILL BE COMMUNICATED TO: P.S., ISTAT, intermediary subcontractors of interfaced third party systems.
Data will not be transferred abroad.
TERMS FOR DATA CANCELLATION: Data stored at the Datacenter GP DATA will be kept for the duration of the contract and for 90 days following its termination. It will be stored on backup media for the next 12 months.
The reservation system is provided on cloud at Erredici s.r.l., which only has access to data in order to perform customer service operations. In the event the user wishes to exercise the right to have a copy of their data or the cancellation of the same, please write to email@example.com with the details necessary for the data to be traced.
Non-sensitive collected data may be used statistically in order to improve the service offered. Physical security: the designed hardware / software platform makes use of all management facility services. Both Data centres have a no. 4 Rating, and have the most reliable 24/7 active anti-intrusion, smoke detection, fire alarm, and anti-flood systems.