The company La Bottega dell’Albergo SpA wishes to provide the following information regarding the treatment of collected personal data.
The Controller is La Bottega dell’Albergo SpA, legally registered in VIA MARCO POLO 2, TRECASTELLI (AN) – 60012, contact number: +39.071791191, and certified e-mail address [email protected]
Legal basis for data treatment
The controller treats personal identifiable informations, for example name, surname, personal email address, personal phone number - hereinafter referred to as “PII” or “data”.
PII are treated without given consent for the following service purposes:
a) purposes deriving from the legitimate interest of the Controller (art. 6(1) GDPR), through automated (SMS, e-mail and instant messaging) and traditional contact (phone calls and traditional mailing), to send advertising material, newsletters, promotional and commercial notices regarding products of the Controller akin to the ones already bought, unless differently agreed at any time through specific cancellation or withdrawal options present in the communication or by contacting the Controller.
Prior to specific and distinct consent (art.7 GDPR) of the PII subject, discretionary and revocable at any time, the treatment is conducted for the following purposes:
b) marketing, through automated (SMS, e-mail and instant messaging) and traditional contact (phone calls and traditional mailing), to send advertising material, newsletters, promotional and commercial notices regarding any kind of products sold by the Controller and addressed to recipients who are not customers too;
c) mailing list for the use of newsletter services to which the interested party expresses his / her own, which may also contain information of a commercial and promotional nature, relating to the activity of the Controller;
The treatment of PII is conducted by means of: collection, registration, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, utilization, interconnection, communication, cancellation and PII elimination.
PII is subject to paper and electronic and/or automated treatment.
The treatment of PII, having regard to purposes including mailing list and marketing/promotional activities, will have a duration of 24 months, becoming effective from the date the consent is provided or from the date of the last purchase of a Controller’s product or services.
You can express your disagreement at any time using the appropriate cancellation option in electronic communications or following the instruction in text messages, instant messaging, paper or by contacting the Controller.
Recipient or categories of recipients of personal data
Without the necessity of expressed consent, the Controller can communicate your PII to supervisory bodies, legal authorities, insurance companies for the provision of insurance services, other firms of the group and/or linked to the Controller, as well as to those subjects to which the communication of data is mandatory in order to execute of above-mentioned purposes.
The aforementioned subjects will treat the PII as autonomous Controllers of PII treatment or Data Processors of PII, who will not be able to distribute them.
The complete list of designated autonomous Controllers or Data Processors is kept by the Controller.
It is not in the Controller’s intention to transfer PII to a third party country (meaning outside the EU) or to an international organisation; PII are exclusively treated within member states of the European Union.
Rights of the data subject
This paragraph grants the data subjects the right to exert the rights provided for in art. 12 of the GDPR at any moment.
In particular, the subject has the right to:
- know if the Controller has or treats personal data relative to your person and to have full access to them and therefore obtaining the provisions of art. 15 regarding the Right of access of the data subject;
- the rectification of incorrect personal data or to the integration of incomplete personal data (art.16, “Right to rectification”);
- erasure of personal data in possession of the Controller in the event one of the reasons provided for in the GDPR subsist (art. 17, “Right to erasure” or “right to be forgotten”);
- to ask the Controller to limit the treatment to just some personal data, in the event one of the reasons provided by Regulations subsist (art. 18, “Right to restriction of processing”);
- ask and receive all your personal data treated by the Controller, in a structured format, of common use and and legible from automatic devices or ask for a transmission to another Controller without hindrance (art. 20, “Right to data portability”);
- object the data treatment fully or partially to the submission of advertising material and market research (c.p. Consensus) (art. 21, “Right to object”);
- object the data treatment fully or partially for automatic or semiautomatic modalities for profile creating purposes (c.p. Consensus).
The exertion of these rights can be carried out by means of a communication to the Controller of data treatment, whose contact information is written in the specific section of this report.