Information for the processing of personal data ACQUIRED

In compliance with the provisions of the GDPR Reg. UE 2016/679 (European Regulation for the protection of personal data) we provide the necessary information regarding the processing of the personal data provided. The information is not to be considered valid for other websites that may be consulted via links present on the websites in the domain of the owner, who is not to be considered in any way responsible for the websites of third parties.

Processable personal data : «personal data»: any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 EU Reg. 2016/679).

Contact information

Data Controller: Hotel Villa Miravalle
Email address of the Owner to which all requests should be sent: info@hotelvillamiravalle.com

Personal data collected

On this site we acquire personal data through the behavioral data entry forms during normal content consultation. The data is processed for the following purposes and using the following services, in the respective places of storage and processing:

Contacting the User / fulfilling orders and requests

Mailing List or Newsletter Personal data acquired: name, surname, email, language. Place of processing: Italy, Europe
Contact form Personal data acquired: name, surname, email, address, postcode, nation, province, telephone, Place of processing: Italy, Europe

Interaction with social networks and external platforms

Social share buttons, add-this plugin, other plugins Personal data collected: anonymous, cookies and usage data. Place of processing: USA, Europe

Registration and authentication

Direct registration Personal data acquired: name, surname, email, address, postcode, country, province, telephone and various types of data also in multiple forms (billing, shipping, gift option), Place of processing: Italy, Europe

Remarketing and behavioral targeting

AdWords Remarketing, Facebook Remarketing and Remarketing with Google Analytics for Display Advertising Personal data acquired: Cookies and anonymous usage data Place of processing: USA

Statistics

Google Analytics and Google Analytics with anonymized IP Personal data acquired: Cookies and anonymous usage data. Place of processing: USA.
Newsletter Stats. Personal data acquired: Behavioural data of use, even non-anonymous. Place of processing: Italy.

Viewing content from external platforms

Widgets and Embed Content such as: Vimeo, Youtube, TripAdvisor, Trust You, Google Map, Personal data acquired: Cookies and Usage data. Place of processing: USA
Google Fonts Personal data acquired: Usage data and various types of data as specified in the privacy policy of the Google Fonts service. Place of processing: USA
Web services Content automatically imported from external data sources Personal data acquired: none
Plugins/widgets of integrated tools (booking for reservations) Personal data acquired: Cookies and Usage data as specified in the plugin's privacy policy. Place of processing: Italy, Europe

User rights

Users may exercise certain rights in relation to the Data processed by the Owner.

In particular, the User has the right to:

• revoke consent at any time. The User may revoke consent to the processing of their Personal Data previously expressed.
• object to the processing of your Data. The User may object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
• access their Data. The User has the right to obtain information on the Data processed by the Owner, on certain aspects of the processing and to receive a copy of the Data processed.
• verify and request rectification. The User can verify the accuracy of their Data and request its updating or correction.
• obtain the limitation of the processing. When certain conditions apply, the User can request the limitation of the processing of their Data. In this case, the Owner will not process the Data for any purpose other than their conservation.
• obtain the deletion or removal of their Personal Data. When certain conditions apply, the User may request the deletion of their Data by the Owner.
• receive your Data or have it transferred to another owner. The User has the right to receive his/her Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain the transfer without hindrance to another owner. This provision is applicable when the Data is processed with automated tools and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it.
• lodge a complaint. The User may lodge a complaint with the competent data protection supervisory authority or take legal action.

Details on the right to object

When Personal Data is processed in the public interest, in the exercise of public authority vested in the Owner or to pursue a legitimate interest of the Owner, Users have the right to object to the processing for reasons related to their particular situation.
Users are hereby informed that, if their Data is processed for direct marketing purposes, they may object to the processing without providing any justification. To find out whether the Data Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.

How to exercise your rights

To exercise User rights, Users may direct a request to the Owner's contact details indicated in this document. Requests are filed free of charge and processed by the Owner as soon as possible, in any case within one month. Some editing functions can be exercised independently by the user, as reported in the next section.

Cookie Policy

This Application uses Cookies. To learn more and view the detailed information, the User can consult the Cookie Policy.

Recipients and sharing of data with third parties

We will never sell your personal information to third parties. We do not trade, share or transfer your personal information to third parties except in the following limited circumstances.

The personal data provided may be communicated to recipients, who will process the data as managers and/or as natural persons acting under the authority of the Owner and the Manager, in order to comply with contracts or related purposes.

Specifically, your personal information may be communicated to recipients belonging to the following categories:

• to our parent, subsidiary and affiliate companies;
• to third-party service providers to enable these individuals to provide services that help us with our business activities, which may include marketing assistance, customer support, data analysis, advertising our product or service offerings/services, maintaining and improving the features and functionality of our products and services. For example, we may provide personal data to our service providers to directly send you emails of our newsletters or notifications of our product/service offerings;
• to third parties generally when we believe in good faith that access, use, preservation or disclosure of such data is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or governmental request, (b) enforce a Customer Agreement, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public, as required or permitted by law;
• with third parties (including our service providers and government agencies) to detect, prevent, or otherwise address fraud or technical or security issues;
• with our business partners who offer you a service in collaboration with us, for example during a cross-promotion;
• with online and non-online banking institutions to process payments for services or goods (booking, e-commerce, services);

We may also share and/or transfer your personal data if we are involved in a merger, acquisition, bankruptcy, or any form of corporate transformation.
We may share your personal information with third parties (outside the categories set out above) if we have your explicit consent to do so.
We may also share aggregated or anonymized data with third parties for other purposes. This data does not identify you individually, but may include data about your usage, viewing, and behavior.

Security of your personal data

We use a variety of security technologies and procedures to protect your Personal Data from unauthorized access, use or disclosure. We protect the Personal Data you provide in the cloud and locally on servers in a controlled and secure environment, protected from unauthorized access, use or disclosure. When Personal Data is sensitive (such as credit card number and/or geolocation data) is collected on our Apps and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
This site is equipped with https certificate which makes it more secure especially for the processes of entering personal information.

User data control

Opt Out

For users about whom we maintain Personal Data, acquired in the past, we offer the opportunity to opt-out whereby the user has the possibility to remove themselves from the lists and opt out of our use of the Data. If you choose to opt-out, we may not be able to provide you with certain features or fulfill your requests.

OPT IN

For new users, an opt-in validation is mandatory and in particular a double opt-in which requires the validation of the data entered following an initial entry and the expression of consent to the processing of the Data. The user can always manage his/her profile and also renounce this consent.

Communication preferences

If you no longer wish to receive our newsletter and promotional communications, you may opt-out by following the instructions included in such communications or offers. Please note, however, that customers cannot opt-out of receiving transactional emails related to their account.

Block cookies

You can remove or block certain cookies using your browser settings, but some features may stop working properly if you do this. For more information, see the Cookie Policy at the link at the bottom of the page. Please note, however, that you may not be able to block certain service-related cookies.

Access to your personal area

Access and update your personal data

Newsletter: in each newsletter you will find access to the personal area where you can modify, correct the data if inaccurate or delete such data.

Reserved areas following registration: you can access, review, correct, update, modify your data at any time. Independently. If you have forgotten your credentials, you can recover them. To do so, please contact us at the address indicated by the Owner with your name and the data requested for access, correction or removal, or log in to your account, go to your profile and make the desired changes. We may refuse to process requests that are unreasonably repetitive or systematic.

Retention of personal data

We retain the Personal Data collected with the deadlines indicated below and as long as we believe they are potentially useful to contact you regarding the requested service, commercial information, subscription services, e-commerce and, if necessary, to comply with our legal obligations, resolve disputes and enforce our agreements: and then delete them.

The data retention period varies depending on the type of data as follows:

• navigation on this website (for the duration of the session), some cookies may have a longer duration as stated in the cookie policy at the link below;
• for contact requests, information and reservations (duration without expiry);
• newsletters or promotional communications in general via email (duration without expiry);
• fulfillment of contractual and legal obligations and administrative-accounting purposes (maximum 10 years, except for the longer or shorter term established by law);

Once the retention period has expired, the Personal Data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be exercised after the retention period has expired.

No minors under 18

The contents of the site are available to everyone and do not contain adult material. However, the information is not intended for use by minors and the Owner does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under the age of 18, you may not attempt to register for the services provided or submit any information about yourself, including your name, address, telephone number, or email address. In the event that we discover that we have collected personal data from minors without verification of parental consent, we will promptly delete such data. If you are a parent or legal guardian of a minor under the age of 18 and believe that we might have data from or about such minor, please contact us at the address provided at the end of this Privacy Policy.