The data controller under the laws in force is Spina Pierangelo, who can be contacted via the CONTACTS section (link at the bottom of the page).
Legal basis of processing
The provision of data and therefore consent to the collection and processing of data is optional, the User may deny consent, and may revoke consent already provided at any time (via the banner at the bottom of the page or the browser settings for cookies, or the Contact Us link). However, denial of consent may result in the inability to provide certain services and your browsing experience on the site would be impaired.
Data for site security and prevention of abuse and SPAM, as well as data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Data Controller in the protection of the site and the users themselves. In such cases, the user always has the right to object to the processing of the data (see section on User Rights).
Data provided for consultancy or professional assignments are processed on the basis of the fulfilment of a contract and the fulfilment of a legal obligation. In such cases, a separate notice is provided.
Purpose of processing
The processing of data collected by the site, in addition to the purposes connected, instrumental and necessary to the provision of the service, is aimed at the following purposes:
– Statistics (analysis)
Collection of data and information in an exclusively aggregate and anonymous form in order to verify the correct functioning of the site. None of this information is related to the physical person-user of the site, and do not allow in any way their identification. Consent is not required.
– Security Policy
Collection of data and information in order to protect the security of the site (spam filters, firewalls, virus detection) and of the Users and to prevent or unmask fraud or abuse to the detriment of the website. The data is recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with the laws in force on the subject, to block attempts to damage the site itself or to cause damage to other users, or in any case harmful or criminal activities. Such data are never used to identify or profile the User and are deleted periodically. Consent is not required.
– Ancillary activities
Communicate data to third parties who perform functions necessary or instrumental to the operation of the service (e.g. comment box), and to allow third parties to perform technical, logistical and other activities on our behalf. Suppliers only have access to personal data that is necessary to perform their tasks, and agree not to use the data for any other purpose, and are required to process personal data in accordance with applicable regulations.
This site collects data from users in two ways.
– Data collected in an automated manner
The following information may be collected during the Users’ navigation and is stored in the log files of the site’s server (hosting):
– internet protocol (IP) address;
– browser type;
– parameters of the device used to connect to the site;
– name of the internet service provider (ISP);
– date and time of the visit;
– the visitor’s source (referral) and exit web pages;
– possibly the number of clicks.
This data is used for statistical and analysis purposes, in aggregate form only. The IP address is used solely for security purposes and is not cross-referenced with any other data.
– Data provided voluntarily
The site may collect other data in the event of voluntary use of services by users, such as comment services, communication (contact forms, comment box), booking and will be used exclusively for the provision of the requested service:
– identification data (Name, surname, CF);
– email address;
– any further data sent spontaneously by the user.
Place of processing
Period of data retention
The data collected by the site during its operation are kept for the time strictly necessary to carry out the specified activities. On expiry, the data will be deleted or anonymized, unless there is no further purpose for retaining the data.
Data (IP address) used for site security purposes (blocking attempts to damage the site) is stored for 30 days.
Data for analytics purposes (statistics) are stored in aggregate form for 24 months.
Transfer of collected data to third parties
The data collected by the site are generally not provided to third parties, except in specific cases: legitimate request by judicial authorities and only in cases provided for by law; when it is necessary for the provision of a specific service requested by the User; for carrying out security checks or site optimisation.
Transfer of data to non-EU countries
This site may share some of the data collected with services located outside the European Union. In particular with Google, Facebook and Microsoft (LinkedIn) via social plug-ins and the Google Analytics service. The transfer is authorised on the basis of specific decisions of the European Union and the Italian Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), so no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
We process the data of visitors/users lawfully and correctly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. We are committed to protecting the security of your personal data during transmission, using Secure Sockets Layer (SSL) software, which encrypts information in transit. The processing is carried out using computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the data may be accessed by categories of employees involved in the organisation of the site or by external parties (such as third-party technical service providers, hosting providers).
This site makes use of the following categories of cookies:
– analysis cookies, used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site. They are assimilated to technical cookies if the service is anonymised.
– profiling and marketing cookies, used exclusively by third parties other than the owner of this site to collect information on users’ browsing behaviour, interests and consumption habits, also in order to provide personalised advertising.
DISABLING COOKIES MAY PREVENT THE CORRECT USE OF CERTAIN FUNCTIONS OF THE SITE, in particular, services provided by third parties may not be accessible, and therefore may not be viewable:
videos from YouTube or other video sharing services;
- social network buttons;
- room reservations;
- Google maps.
Instructions for disabling cookies can be found on the following web pages:
This site also acts as an intermediary for third party cookies (such as social network buttons), which are used to provide additional services and functionality to visitors and to simplify the use of the site itself, or to provide personalised advertising. This site has no control over their cookies which are entirely managed by third parties and has no access to the information collected through these cookies. Information on the use of these cookies and their purposes, as well as on how to disable them, is provided directly by the third parties on the pages indicated below.
It should be noted that user tracking does not generally involve user identification, unless the User has already subscribed to the service and is also already logged in, in which case it is understood that the User has already given his/her consent directly to the third party at the time of subscribing to the relevant service (e.g. Facebook).
– Google Ireland ltd
– Google Analytics: used to analyse how users use the site, to compile reports on site activity and user behaviour, to see how often users visit the site, how the site is tracked and which pages are visited most frequently. The information is combined with information collected from other sites in order to create a comparative picture of the use of the site in relation to other sites in the same category.
Data collected: browser identification, date and time of interaction with the site, page of origin, IP address.
Place of data processing: European Union as the anonymisation of the service is active.
The data collected do not allow personal identification of users, and are not cross-referenced with other information relating to the same person. They are processed in aggregate form and anonymised (truncated to the last octet). On the basis of a specific agreement (DPA), Google Inc. (data controller) is prohibited from cross-referencing this data with data from other services.
Further information on Google Analytics cookies can be found on the page Google Analytics Cookie Usage on Websites.
The user can selectively disable (opt out) the collection of data by Google Analytics by installing the appropriate component provided by Google on his browser (opt out).
– Youtube: platform, owned by Google, for sharing videos. The cookies are set when the page containing the embed is accessed, and when the video is started, and do not allow the User to be identified unless he or she is already logged into the Google profile.
For the videos present on the site, the “advanced privacy (no cookies)” option has been activated, which ensures that YouTube does not store information about visitors unless they voluntarily play the video.
Data collected: number and behaviour of users of the service, IP address, information linking visits to the site to the Google account for logged in users, video viewing preferences.
Place of data processing: USA.
– Beddy: channel manager for managing online bookings. Data collected: customer details, booking period, number of persons, payment data. Place of data processing: Italy.
Social Network Plugins
This website also incorporates plugins and/or buttons to enable easy sharing of content on your favourite social networks. When you visit a page on our website that contains a plugin, your browser connects directly to the servers of the social network from which the plugin is loaded, which server can track your visit to our website and, if appropriate, associate it with your social network account, particularly if you are logged in at the time of your visit or if you have recently browsed one of the websites containing social plugins. If you do not wish the social network to record data relating to your visit to our website, you must log out of your social network account and, probably, delete the cookies that the social network has installed in your browser.
Plugins are installed on this website with advanced privacy protection features for Users, which do not send cookies or access cookies on the User’s browser when the page is opened but only after the plugin is clicked.
The collection and use of information by these third parties is governed by their own privacy policies, which you should refer to.
Pursuant to European Regulation 679/2016 (GDPR), the User may, in the manner and within the limits provided by current legislation, exercise the following rights:
- oppose in whole or in part, for legitimate reasons, the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
- request confirmation of the existence of personal data concerning him/her (right of access);
- to know its origin
- receive intelligible communication of such data
- obtain information on the logic, methods and purposes of the processing;
- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary to achieve the purposes for which they were collected;
- in cases of processing based on consent, to receive, at the sole cost of any support, your data provided to the data controller, in a structured and machine-readable form and in a format commonly used by an electronic device;
- the right to lodge a complaint with the supervisory authority;
- as well as, more generally, to exercise all the rights recognised to him/her by the laws in force.
Requests should be addressed to the Data Controller.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
The user’s personal data are used by Thermen Chalet, which is the data controller, in compliance with the principles of personal data protection established by the GDPR 2016/679 Regulation and the national legislation in force.
SOURCE OF PERSONAL DATA
The collection of personal data is carried out by Thermen Chalet by registering the data:
collected directly from the interested party, at the time of the initial contact or subsequent communications
METHODS AND PURPOSES OF DATA PROCESSING
We inform you that the data will be processed with the support of the following means:
with the following purposes
- Management of overnight reservations
- Fulfilment of fiscal or accounting obligations
- Customer management (contracts, orders, invoices)
The provision of data is compulsory for all that is required by legal and contractual obligations and therefore the refusal to provide them in whole or in part may make it impossible to provide the services requested.
The legal bases on which the processing for common data is based, according to Art.6 of the GDPR Regulations, are:
The legal basis on which processing for special categories of personal data is based, according to Art.9 of the GDPR Regulation, is:
CATEGORIES OF RECIPIENTS
Without prejudice to communications carried out in fulfilment of legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of recipients:
- Banks and credit institutions;
- Authorised persons;
In the management of your data, the following categories of authorised persons and/or internal and external managers identified in writing and to whom specific written instructions on the processing of data have been provided may also become aware of the same:
- Pierangelo Spina – Administrator of Thermen Chalet, VAT no. ATU76052147, Maibrunnenweg 8 A-9546 – Bad Kleinkirchheim (Spittal/Drau), Austria
- Daily Creative Studio, VAT no. 02284260037 – Website manager
PERIOD OF CONSERVATION
The data retention period is: 10 years
RIGHTS OF THE INTERESTED PARTY
Pursuant to European Regulation 679/2016 (GDPR) and the national legislation in force, the data subject may, in accordance with the procedures and within the limits provided for by the legislation in force, exercise the following rights:
- request confirmation of the existence of personal data concerning him/her (data subject’s right of access – Article 15 of Regulation 679/2016);
- know its origin
- receive intelligible communication of it;
- have information about the logic, methods and purposes of the processing;
- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including data no longer necessary to achieve the purposes for which they were collected (right of rectification and cancellation – Articles 16 and 17 of Regulation 679/2016);
- right to restrict and/or object to the processing of data concerning him/her (Art. 18 of Regulation 679/2016);
- right of revocation;
- the right to lodge a complaint with the Supervisory Authority (data subject’s right of access – Article 15 of Regulation 679/2016).
The data controller of your personal data is Pierangelo Spina
Thermen Chalet, in the person of Legal Representative Pierangelo Spina