NOTICE REGARDING THE PROCESSING OF PERSONAL DATA THROUGH THIS WEBSITE
Here below we provide information on the processing of personal data collected upon interaction with the website based on URL https://www.labottega.com.
Should you leave the https://www.labottega.com domain to visit other websites, links to which may be included in the web pages published on https://www.labottega.com, you should refer to the personal data protection information on those other websites.
The Data Controller is LA BOTTEGA DELL'ALBERGO S.P.A., registered office VIA MARCO POLO 2, TRECASTELLI (AN) – 60012, Telephone: 071 791191, certified email address [email protected]
Types of data collected
PERSONAL DATA GENERATED WHILE BROWSING ON THE WEBSITE
The computer systems and software employed for the functioning of the website are able to acquire personal data.
This data category includes: IP addresses; domain names of computers used by users connecting with the site; URI (Uniform Resource Identifier) addresses of requested resources; time of the request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the server response (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
Cookies are computer files or partial data comprising text strings that can be saved on your computer (or on other devices enabled to browse the Internet) when you visit a website.
A cookie usually contains the name of the website that it originates from, its duration (how long it will remain on your device) and a value, which is usually a randomly generated unique number.
Some cookies are strictly necessary for the website to function, others optimize its performance and offer a better user experience, and yet others are used to collect data relating to the user's website browsing behaviour.
Cookies have a precise duration, and on this basis are categorised into:
- persistent: when the browser is closed they are not destroyed but remain up to a pre-set expiry date;
- session: they are destroyed each time the browser is closed.
Technical cookies are needed for the correct operation of some areas of the site or to improve the user browsing experience.
In the absence of these cookies, the site or some parts of it might not function as envisaged.
Analytical cookies are used to collect information on use of the site and gather aggregated data on the number and browsing behaviour of users who have visited the site.
Third-party cookies are used to integrate software products and functions from third-parties, such as third-party domains, and from partner sites offering functionality within the pages of the site.
The various web browsers can be set to not accept third-party cookies; to do this please read your browser’s instructions, for example by clicking on “Guide” or “Help” in the relevant menu.
The majority of Internet browsers are initially set to automatically accept cookies.
This website has implemented the cookies guidelines and other tracking tools of 10 June 2021 (Gazzetta Ufficiale No 163, July 9, 2021) by implementing an external service called "Cookiebot".
PERSONAL DATA PROVIDED DIRECTLY BY THE DATA SUBJECT
Visitors to the website have the right to provide their personal data directly: email, first name, surname, tax code, company details such as company name and VAT number, telephone number, address, city, province, post code.
Users accept responsibility for the Personal Data of third parties published or shared via email or contact form and guarantee that they have the right to communicate or disseminate these, freeing the Owner of any liability to third parties.
Data processing for the purposes of access to, registration on and purchasing from the website.
The processing of personal data must be legitimised by one of the legal bases of the legislation in force regarding the protection of personal data as described below.
a) Follow up the request of the data subject, the establishment and execution of contractual relationships and consequent obligations, including communications regarding to services (for example to proceed with after-sales services)
The Company may process your contact details to pursue the possible setting up and execution of contractual relationships, to provide the services requested and to respond to notifications and complaints.
The Company may also use your contact details, and your email address in particular, to provide information regarding the service.
Basis for processing: follow up the request of the data subject and the fulfilment of contractual obligations.
The provision of data is obligatory to be able to manage the contractual relationship; without this we will not be able to proceed.
b) Operations management and purposes closely related to this for access to the website, in particular to its restricted areas.
The Company collects your contact details and website usage data to enable you to access your Personal Area in order to: (i) download documents regarding services you have purchased from your Personal Area; (ii) proceed with other requests made through the website.
Basis for processing: the fulfilment of contractual obligations.
The provision of data is obligatory to be able to respond to your requests; without this we will not be able to proceed.
c) Customer Satisfaction surveys
The Company may use your Contact Data to conduct surveys measuring the level of satisfaction (so-called customer satisfaction studies) with the service provided.
Basis for processing: consent; failure to provide this does not have consequences for contractual relationships.
Your consent may be revoked at any time by clicking on the following link, by downloading the form and sending it, completed in all its parts, to data controller.
d) Marketing to respond to your needs and to provide you with promotional offers.
The Company may process your contact data for the purposes of marketing and advertising to inform you about promotional sales initiatives, performed using automated contact methods (emails, text messages and other mass-messaging tools, etc.) and traditional contact methods (for example phone calls by an operator), or for market research and statistical surveys, should you give us your consent.
Basis for processing: consent; failure to provide this does not have consequences for contractual relationships.
Consent may be revoked at any time by clicking the following link (ed.: it is necessary to keep track of any consent granted to allow the data subject to easily exercise his/her right to opt-out, as well as for proof of consent according to the different formulae for consent shown at the foot of this document).
e) Compliance with legally-binding requests to fulfil legal obligations, regulations or provisions of the judicial authorities, as well as to defend rights by judicial means.
The Company collects your contact details to fulfil legal obligations and/or to defend its rights by judicial means.
Basis for processing: legal obligations that the Company is obliged to comply with.
f) Personal, identification and CV data, as well as any sensitive data collected following the upload of the data subject's CV, is processed and used to proceed with the request of the data subject and, more precisely, to proceed with assessment of the bases for recruitment and/or beginning a working relationship. The collection process will regard only common data; therefore the candidate will not be required to provide particular sensitive data as defined in art. 9 of Regulation 2016/679 or data regarding his/her state of health.
An exception to this is in the event that the data in question must be known for a working relationship in the course of being established, with particular reference to the data subject’s possible membership of protected categories and any pre-employment medical examinations.
The provision of data is optional and is deferred to the candidate's desire to present his/her CV.
As regards any data subsequently requested by the Data Controller, failure to provide this will make it impossible to proceed with an assessment of the conditions for recruitment and/or the start of the working relationship and, therefore, any possible establishment of a relationship with the Data Controller.
Basis for processing: the consent of the data subject.
g) Contacts from mailing lists or newsletters: by registering with the mailing list or newsletter, the User's email address is automatically included in a list of contacts to whom email messages containing information relating to our activities - including commercial and promotional - may be sent. The User’s email address might also be added to this list as a result of a contact by post or through a previous job or working relationship.
Personal Data collected with a form through the website or telephone contact: email, first name, surname, company data, telephone number, address, city, province, post code, company name, website.
Basis for processing: the consent of the data subject who subscribes to the newsletter and the legitimate interest of the data controller to proceed with the service, given evidence that the recipient of the newsletter interacts with the content of the message.
HOW WE KEEP PERSONAL DATA SECURE
The Company uses a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of your personal data.
All your personal data is stored on our secure servers (or on secure printed copies) or on those of our suppliers or commercial partners, and is accessible and usable based on our standards and security policies (or equivalent standards of our suppliers or commercial partners).
Among others, we adopt measures such as:
- rigorous restriction of access to your personal data, according to need and solely for the purposes communicated;
- perimeter security systems to prevent unauthorized access from externally;
- permanent monitoring of access to IT systems to identify and halt the abuse of personal data;
- transactions on our websites requiring your personal data to be entered are encrypted using Secure Socket Layer (SSL) technology
Wherever we have supplied you (or you have chosen) a password enabling you to access our website or the applications or services we provide, you will be responsible for the secrecy of this password and for compliance with any other security procedure that we inform you of. Please do not share your password with anybody.
HOW LONG WE STORE YOUR INFORMATION
We store your personal data only for the time needed to achieve the purposes for which it was collected or for any other related, legitimate purpose. If personal data is processed for two different purposes, therefore, we will store this data until the purpose with the longest term ceases, but we will no longer process personal data for the purpose for which the storage period has already ceased.
We limit access to your personal data solely to those parties needing to use it for relevant purposes.
When your personal data is no longer needed, or when there is no longer a legal requirement for its storage, it is irreversibly anonymized (and can be stored in this way) or securely destroyed.
Here below are the periods of storage relating to the different purposes listed above:
a) and e) Fulfilment of contractual and legal obligations: data processed to fulfil any contractual obligation may be stored for the entire duration of the contract and in any event no longer than the following 10 years, in order to verify any outstanding accounts including accounting documents (for example invoices) . In the event of disputes: in the event that we defend ourselves or act or make claims against you or third parties, we may store personal data that we regard as reasonably necessary to process for such purposes, for the period in which this claim can be pursued.
b) Operational management and purposes strictly connected with these for access to the website: data processed for this purpose may be stored for the duration of the contract and in any event no longer than for the following 10 years.
c) For purposes of customer satisfaction surveys: data processed for this purpose may be stored for 24 months from the date on which we received your most recent consent for this purpose (unless objection is expressed to receiving further communications). To be coordinated with letter c) of the previous paragraph
d) For marketing purposes, and also profiled marketing: data processed for marketing purposes may be stored for 24 months from the date on which we received your most recent consent for this purpose (unless objection is expressed to receiving further communications).
f) The processing of personal data relating to the purpose of verifying the conditions for recruitment and/or the start of a working relationship is carried out while storing the data for a period of not more than 12 months from its receipt.
g) Contacts from mailing lists or newsletters: these may be stored for 24 months from the date of subscription to the service or from the last date on which we obtained evidence of usership of the content of the service.
Method of processing
The Data Controller processes Users’ Personal Data while employing the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the Personal Data.
The processing is carried out using IT and/or telematic tools, and using organizational methods and a logic that are strictly correlated to the purposes indicated. As well as the Data Controller, access to the Data may in some cases be given to categories of appointees involved in the organisation of the website (administrative, commercial, marketing or legal personnel, system administrators) or external persons (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, advertising agencies) that are also, if necessary, appointed as Data Processors by the Data Controller (Article 28 of Regulation (EU) 2016/679). The up-to-date list of Data Processors can always be requested from the Data Controller.
Data is processed at the operational premises of the Data Controller and in any other place in which the parties involved in the processing are located.
The User's Personal Data may be used by the Data Controller by judicial means or in the stages preparatory to their possible use in defence against the abuse of this website or its related services by the User.
The User declares that he/she is aware that the Data Controller may be required to disclose Data by the public authorities.
Exercising of rights by Users
LA BOTTEGA DELL'ALBERGO S.P.A. guarantees that it can exercise the rights pursuant to article 12 of the GDPR at any moment. In particular you have the right:
- to know whether the Data Controller holds and/or processes your personal data and to access it in full while also obtaining a copy (Article 15, Right of access),
- to correct any incorrect personal data or to supplement incomplete personal data (Article 16, Right to rectification);
- to erase personal data held by the data controller if one of the grounds provided for by the GDPR applies (Right to erasure, Article 17);
- to ask the data controller to restrict processing only to certain personal data, if one of the reasons provided for by the Regulation applies (Article 18, Right to restriction of processing);
- to request and receive all your personal data processed by the data controller in a structured, commonly used and machine-readable format or to request transmission to another data controller without hindrance (Article 20, Right to portability);
- to object, wholly or in part, to the processing of data for the purpose of sending advertising material and for market research (combined provisions with Consent) (Article 21, Right to object)
- to object, wholly or in part, to the automated or semi-automated processing of data for purposes of profiling (combined provisions with Consent)
These rights may be exercised by contacting the data controller using the contact details shown in the appropriate section of this notice.