- DATA CONTROLLER
Pursuant to Article 4 of the GDPR, the Data Controller is:
SAIT Società Adriatica Investimenti Turistici S.r.l. – Via Vettor Pisani 56 – 30013 Cavallino Treporti (Italy)
Controller’s email: firstname.lastname@example.org
- COLLECTION AND PROCESSING OF PERSONAL DATA
The methods for collecting and processing Personal Data acquired by SAIT are illustrated below.
A – Navigation data
The following section has the purpose of illustrating the Data types collected by SAIT in relation to the User navigating the Site.
The IT systems and software procedures that form part of the Website’s functioning acquire, in the course of normal use, certain Personal Data the transmission of which is implicit in the use of Internet communication protocols. This is information not collected to be associated with identified Users, but which, by its nature, could, through elaboration and association with data kept by third parties, allow for the identification of the User. The following, for example, are included in this data category – IP addresses, Domain names, the types of devices used by the User who connects to the Website, URI (Uniform Resource Identifier) notation addresses of the requested resources, the request time, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server response (e.g. completed, error etc.) and other parameters relating to the operating system of the IT environment of the User.
For the purpose of technical administration SAIT will process the User’s Personal Data in order to gather anonymous statistical information on the use of the website and to check its correct functioning, and will erase these Data immediately after their use. In any case, navigation Data will be kept for a maximum period of 12 months after which they will be automatically erased.
B – Data relating to a reservation at Park Gallanti Holiday Village using the e-commerce platform booking.parkgallanti.com
The following section intends to illustrate the purposes behind the processing of Data collected by SAIT during the User’s interaction with the e-commerce platform booking.parkgallanti.com.
Whenever the User carries out a booking with Park Gallanti Holiday Village using the Website’s e-commerce platform, the Personal Data supplied will be processed by SAIT, as Data Controller, for the following purposes:
a) to process the booking;
b) to verify that the information supplied for the transaction is complete, valid, correct and not fraudulent;
c) to manage the contractual relationship with the User and manage the SAIT service, not least in the provision of technical support to the User in order to complete a booking and/or after the conclusion of a booking;
d) to comply with legal obligations in relation to tax and accounting regulations, as well as with any other regulations that SAIT must comply;
e) to perform profiling activities.
For purposes a and c, the processing of Data is necessary in order to conclude or execute the contract, to which the User is party, with SAIT (Article 6 (1), letter b), GDPR).
The purpose indicated by letter d. requires the processing of Data to fulfill any legal obligations to which the Data Controller is subject (Article 6 (1), letter c), GDPR).
With reference to purpose b., on the basis of recital 47 of the GDPR, the processing takes place on the basis of the legitimate interest of SAIT in ascertaining the security of payments received.
In terms of the purpose indicated by letter e., the legal basis of the processing is the consent of the User, which is not necessary for the conclusion of the booking.
SAIT asks the User to check that their Data is correct and that, whenever the Personal Data supplied are subject to change, the User is invited to contact the Controller as soon as possible in order to update it.
Booking Data will be retained by SAIT for the period necessary to respond to the requests of the User, as well as in order to comply with its obligations in civil and tax law, and in any case, for a period not more than ten years from the conclusion of the purchase, after which they will be erased.
The User has the right to request from SAIT, upon identification, access to their booking Data, including its correction or cancellation, where conditions are met. The user also has the right to request a copy of their data from SAIT and to ask for limits upon its processing, where conditions are met.
C – Data supplied voluntarily by the User
The following section illustrates the processing of Personal Data supplied voluntarily by the User and carried out by SAIT in the site www.parkgallanti.com.
SAIT collects and processes Personal Data supplied directly and knowingly by the User through the Website upon making an online booking through the site www.parkgallanti.com, upon subscribing to the newsletter service, upon making a request to SAIT operators. Such Data include, for example, name and surname, email address, postal address, date of birth, telephone contact details. The legal basis of the processing is the consent of the user.
The Data supplied by the User can be used, for example, for:
- sending newsletters and information and promotional communications, even of a commercial nature, of advertising material;
- carrying out profiling activities on the basis of information supplied by the User, which may include, for example, age and geographic provenance;
- replying to and satisfying every request by the User and, therefore, managing the relationship between the User and SAIT.
D – Cookies
Cookies are text files containing small portions of information that are archived on the User’s device (computer, tablet, smartphone) when visiting a website. Cookies allow the site to ‘remember’ the User’s computer, but not specifically who is using it, and to make the navigational experience more pleasant.
Given the inherent complexity of the technology based on cookies, the User is invited to review the specific information on cookie use by means of this Site.
- ADDRESSEES OR CATEGORIES OF DATA ADDRESSEES
The Personal Data of the User will be processed by employees and collaborators of SAIT duly instructed by the Company for these tasks.
The Personal Data supplied by the User will be processed by trusted persons that carry out tasks of a technical and organisational nature on behalf of SAIT for the purposes indicated in paragraph 2. Such persons process Data in their quality as Data Processors or as Data Controllers, and put in place appropriate security measures to ensure that the treatment is in conformity with the GDPR, guaranteeing in this way the protection of the User’s rights.
The Data may be transmitted to the operators appointed by the Data Controller in order to carry out any related Information Technology service.
Personal Data will not in any case be subject to indiscriminate dissemination and/or to the public.
- DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION
The User’s Personal Data can be transferred abroad in accordance with the provisions of applicable law, even to Countries outside the European Union, where the Company pursues its interests, adopting security measures and necessary precautions in order to guarantee an adequate level of Data security.
The transfer of the User’s Personal Data from Italy to third Countries includes the involvement of the United States of America (the use of Mail Up for sending newsletters), a country which is not subject to the decision of adequacy by the European Commission. To guarantee that the protection of the User’s Personal Data conforms to applicable law, the transfer outside Italy is carried out under EU-US Privacy Shield certification and adopting other legal instruments a copy of which may be requested by the User using the address email@example.com. Furthermore, pursuant to Article 46 of the GDPR, Mail Up supplies adequate guarantees in relation to the security of the transferred Data when processed.
- RETENTION PERIOD AND RETENTION CRITERIA
In compliance with the provisions of Article 13 (2), letter a), GDPR, the approach of the Controller is aimed at the retention of the User’s Personal Data only for such time as is required for the pursuit of the purposes for which it was collected. In general, Personal Data are retained by the Controller for ten years from the conclusion of the relationship with the User. In some cases, however, the Controller retains the Personal Data for longer periods, for example when such retention has been requested in compliance with legal, tax and accounting obligations.
When the processing is based on the User’s consent, the Controller retains the Personal Data for ten years and, in any case, until the moment in which the given consent is revoked.
At the end of the retention period the Personal Data will be erased. As such, once having reached this end point, the right of access, erasure, rectification and the right to Data portability can no longer be exercised.
- RIGHTS OF THE INTERESTED PARTY
The User can exercise their rights as recognised by Articles 15 and by those of the following GDPR with reference to Data processed by the Controller.
In particular, the User has the right to:
- revoke their consent at any moment. The User can revoke their previously expressed consent to the processing of their Personal Data;
- oppose the processing of their Data. When the Personal Data are processed in the public interest, in the exercise of public powers held by the Controller or in order to pursue a legitimate interest of the Controller, the User has the right to oppose such processing for reasons connected to their particular situation. Where the Personal Data are processed for marketing purposes, the User can oppose such processing without supplying any reason;
- access their data. The User has the right to obtain information on the Data processed by the Controller and on specific aspects of its processing, as well as receive a copy of the processed Data;
- verify and request rectification. The User can verify the correctness of their Personal Data and request an update or correction;
- obtain limitations on processing. If one of the conditions of Article 18 is met, the User can request the limitation of processing of their Data. In such a case the Controller shall not process the Data for any purpose other than its retention;
- receive their Data or have them transferred to another Controller. The User has the right to receive their Data in a structured format, for common and legible use by an automatic device and, where technically possible, to obtain its transfer without hindrance to other Controllers. Such a right can be exercised when the Data is processed through automated means and the processing is based on the consent of the User, on a contract that the User is party to or on contractual measures connected to it;
- lodge a complaint. The User can lodge a complaint to the relevant data protection controlling Authority or refer the matter to court.
Such rights can be exercised by sending a request to the Controller using the email address:
or by ordinary post at the following address:
SAIT Società Adriatica Investimenti Turistici S.r.l. – Via Vettor Pisani 56 – 30013 Cavallino Treporti (Italy).
The requests are dealt with free of charge by the Data Controller as soon as possible.
- REGULATORY REFERENCES
The complete text of the GDPR and the latest relevant national data protection regulations can be found by consulting the Information Commissioner’s website at www.garanteprivacy.it
- MODIFICATIONS TO THE PRESENT POLICY ON DATA PROCESSING
Lido di Pomposa, Comacchio (FE), 24th September 2018