1. Data Controller
The Data Controller is Roses S.r.l. - via Archimede 18/B, Ragusa (RG) - C.F. and P.IVA 01607130885 -
Phone +39 0932 220065 Email info@locandadonserafino.it.
2. Types of Data collected - Purposes - Legal basis
2.1. INFORMATION REQUEST’ FORM
Data provided directly by the interested party through the completion and sending of contact forms. The explicit and voluntary sending of messages to the contact addresses, as well as the completion and forwarding of the forms on the site, entail the acquisition of the sender's contact data, as well as all the personal data included in the communications.
This data is processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which it was collected and processed.
2.1.1. Purpose: to respond to requests sent by the data subject.
Legal basis: legitimate interest, processing is necessary to respond to requests; for the execution of pre-contractual measures taken at the request of the data subject.
2.1.2. Purpose: to send promotional information aimed at marketing activities.
Such communications may take place by e-mail (such as the sending of newsletters) or through other channels such as telephone calls, ordinary mail, fax, sms and social. Legal basis: consent of the data subject.
2.2. NEWSLETTER MODULE
Data provided directly by the data subject by filling in and sending the newsletter subscription form. The optional, explicit and voluntary subscription to the newsletter on this site involves the acquisition of the sender's contact data.
These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.
2.2.1. Purpose: to send promotional information aimed at marketing activities.
Legal basis: consent of the person concerned - Opt out: Possibility of revoking consent in each newsletter communication or by writing to the person responsible.
2.3. ‘ONLINE BOOKING’ MODULE
Data provided directly by the data subject through the completion and submission of registration forms or authentication for the purchase of goods and/or services offered by the website. The explicit and voluntary completion of the registration form or the sending of the form for authentication for the purchase of goods and/or services, involves the acquisition of the sender's contact details and identification of the same, to enable the desired purchases, as well as data for the payment selected, information on orders placed, to pre-fill the checkout information, for shipping and invoicing. This data is processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which it was collected and processed.
2.3.1. Purpose: to provide the service of purchasing the goods and/or services offered on the website.
Legal basis: performance of a contract.
2.3.2. Purpose: to send promotional information aimed at the performance of marketing activities.
Such communications may take place by e-mail (such as the sending of newsletters) or through other channels such as telephone calls, ordinary mail, fax, sms and social. Legal basis: consent of the data subject.
2.4. Website navigation data
In order to function properly, this site acquires certain personal data during normal navigation, including IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. Navigation data are acquired not for the purpose of identifying users, but for the sole purpose of collecting, in an anonymous form, statistical information on the use of the site and its services.
3. Consent of the child in relation to information society services
Pursuant to art. 2 - quinquies of Legislative Decree no. 101 of 10 August 2018, minors who have reached the age of fourteen may express their consent to the processing of their personal data in relation to the direct offer of information society services. With regard to such services, the processing of personal data of a child under the age of fourteen, based on Article 6(1)(a) , of the Regulation, is lawful provided that it is given by the person exercising parental responsibility.
4. Sharing Website Content via Social Networks
In the event that the user decides to share some content of the Website through one or more social networks (Facebook, Twitter, Google+, Pinterest, Linkedin, Istagram, WhatsApp) and if the user has activated the sharing of his account data with third party applications, this Website may collect and communicate some of his account information to the social networks with which the sharing is carried out. You may disable the sharing of your account information with third party applications by accessing your account settings. For more information, you can consult the website of the social network(s) with which you are registered (www.facebook.com, www.twitter.com., www.google.com, www.pinterest.com, www.linkedin.com, www.instagram.com).
5. Categories of recipients of personal data
The following categories of subjects may become aware of your data: The Data Controller and the subjects authorised to process data, appointed in writing by the undersigned company such as partners, accounting and invoicing staff, sales staff as well as consultants, in their capacity as external data processors, to the extent necessary to carry out their duties in our organisation, subject to a letter of appointment and/or contract stipulation imposing a duty of confidentiality and security, as well as subjects who need access to the data for legal consultancy purposes, with purposes auxiliary to the relationship that exists between the parties, such as the execution of contracts in place, to the extent strictly necessary to carry out the auxiliary tasks entrusted to them.
In addition to the Data Controller, in some cases, other subjects involved in the organisation of this Web Site (administrative, sales, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller, may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.
6. Processing methods
Data is processed using instruments and procedures that guarantee security and confidentiality and may be carried out either on paper or with the aid of automated computerised means designed to store, manage and transmit the data. The Data shall be processed by the Data Controller, either at its own premises or within the territory of the European Union and the European Economic Area. Should it become necessary for technical, organisational and/or operational reasons to make use of subjects (among those indicated in the list above) located outside the European Union or the European Economic Area, please note that the Company will ensure that the processing of data by these subjects takes place in compliance with applicable regulations. Therefore, transfers will be carried out by means of appropriate safeguards, such as adequacy decisions, model Standard Contractual Clauses approved by the European Commission or other safeguards considered adequate. The data subject may request further information by writing to the following e-mail address:
7. Communication and dissemination
The data shall not be disclosed to unspecified parties by making them available or consulting them.
The data may be communicated, as far as their respective and specific competence is concerned, to Bodies and in general to any public or private subject with respect to whom there is an obligation (or a faculty recognised by rules of law or secondary or EU regulations) or a need for communication.
8. Rights of the interested parties
Articles 15 to 22 of the GDPR EU 2016/679 grant data subjects specific rights. In particular, the right to obtain confirmation of the existence or non-existence of personal data, access to personal data and rectification or erasure of personal data or restriction of processing concerning them or to object to their processing, as well as the right to data portability, communication of such data and the purposes on which the processing is based. In addition, data subjects have the right to obtain the withdrawal of consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal, the transformation into anonymous form or the blocking of data processed in violation of the law, as well as the updating or, if there is an interest therein, the integration of data. Data subjects have the right to object, for legitimate reasons, to the processing itself. Notifications of any changes in personal data must be received promptly by the Data Processor in order to comply with Article 16 of the aforementioned legislation, which requires that the data collected be accurate and, therefore, up-to-date. Interested parties who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the Regulation have the right to lodge a complaint with a supervisory authority (for Italy: Garante per la protezione dei dati personali www.garanteprivacy.it), as provided for by art. 77 of the Regulation itself, or to take legal action (art. 79 of the Regulation).