Privacy Policy
In compliance with the requirements of the national regulation (Italian Legislative Decree no. 196 of 30 June 2003, Code on the protection of personal data) and EU regulation (General Data Protection Regulation (GDPR) Reg. 196/2016) as amended, this page contains details on how the website visitpuntaala.bike (henceforth, “Site”) is managed and how the personal data of those using it is processed.
The information is
intended for anyone who accesses, through the internet, the web services available
at the address visitpuntaala.bike (henceforth, “Site”), pursuant to articles 13
and 14 of EU Reg. 2016/679 (General Data Protection Regulation) on the
protection of personal data.
The present policy
concerns all data that Campeggio Puntala S.r.l. (henceforth, “Campeggio” or
“Company”) collects and processes through the Site, except by the use of
cookies. For details on the use of cookies, please refer to the specific,
extended policy on cookies (Cookie Policy, in accordance with EU Reg. 2016/679)
by clicking the link.
This policy only covers
the Site visitpuntaala.bike. It does not cover any other websites that you, as
a user, may access from the Site via links.
By visiting the
Site, you provide your consent to the practices described in the present
Privacy Policy.
Navigation data
The IT systems and software procedures
designed to enable to Site to function may, in their normal course of exercise,
acquire personal data. The transfer of such data is implicit in the use of
internet communication protocols. The data is not collected in order to be
linked to identifiable data subjects but, by its very nature and in the course
of it being processed and merged with data held by third parties, it may be
possible to identify you.
This type of data includes the IP address
or computer domain name with which you connect to the Site, the URI (Uniform
Resource Identifier) addresses of the resources you request, the time at which
the request is made, the method by which you place the request on the server,
the size of the files received in response to the request, the numerical code
indicating the server response status (successful, error, etc.) and other
parameters relating to your operating and IT systems.
Such data is only used to gather
anonymous statistical data on how the Site is being used and to ensure the Site
functions correctly. It is erased immediately after it is processed.
The data may be used to establish
liability in the event of a cybercrime that causes damage to the Site.
Voluntarily provided data
The Data Controller processes personal
identification particulars (e.g. one’s name, surname, business name, address,
telephone number, e-mail address, bank and payment details) which you
communicate when contracts are entered into for the Data Controller’s services.
After the optional, explicit and voluntary sending of electronic mail to the addresses listed on the Site, the Site acquires your email address, as the sender of such mail, for the purpose of responding to the request, as well as any other data included in the message sent.
Purposes of data processing, communication and access to
data
The personal data which you provide will
be processed in accordance with the legality conditions of Article 6 of
Regulation (EU) 2016/679 for the following purposes:
1. without your express consent (Article
24(a), (b), (c) of the Personal Data Protection Code, as amended (provisions
adapting domestic legislation to the provisions of the EU Regulation 2016/679)
and Article 6(b) and (e) of the General Data Protection Regulation (GDPR), for
the following Service Purposes:
a) for technical Site administration
purposes;
b) to perform the service or performance
requested, to enter into contracts for the Data Controller’s services;
c) to fulfil pre-contractual, contractual
and tax obligations associated with ongoing dealings with you;
b) to fulfil obligations associated with
applicable legislative and regulatory provisions, EU rules or an order of the
Italian Data Protection Authority (e.g. on anti-money laundering);
e) to exercise the rights of Data
Controller, such as the right to defence in court.
Your data may, for the aforementioned
purposes, be communicated to the judicial authorities and to those in respect
of whom the communication is required by law in order to carry out those
purposes. These persons/entities will process the data in their capacity as
independent data controllers. Your information will not be disseminated.
2. without your express consent in advance,
as provided by Article 130 paragraph IV of the Personal Data Protection Code,
as amended (provisions adapting domestic legislation to the provisions of the
EU regulation 2016/679), for the following Marketing Purposes:
f) to process the e-mail addresses which
you provide when purchasing a product and/or service offered and sold on the
Website directly from Campeggio Puntala, to enable the latter to engage in
direct sales of similar products or services (and therefore to send the user by
email promotional communications for those products and/or services), on condition
that you do not exercise your right of objection in accordance with the
procedures indicated below (“soft-spam”).
You may object to receiving soft-spam
communications:
- by contacting Campeggio Puntala S.r.l. at: info@campingpuntala.it;
- using the link provided in any promotional communication sent
by Campeggio Puntala S.r.l.
3. only if you specifically consent
(Articles 23 and 130 of the Personal Data Protection Code, as amended –
provisions adapting national legislation to the provisions of EU regulation
2016/679 – and Article 7 of the GDPR), for the following Marketing Purposes:
g) to send you – using communications
means that are automated (e.g. email and/or sms and/or instant messaging) as
well as traditional (e.g. normal postal services and/or telephone contact using
an operator) – newsletters, commercial communications and/or advertising
material for products or services offered by the Data Controller which are
different from products or services for whose supply the data were gathered, and
customer satisfaction surveys on the quality of the services provided;
h) to send you (by email, normal post
and/or sms and/or instant messaging and/or telephone contact) newsletters,
commercial and/or promotional communications of third parties (e.g. business
partners);
i) to analyse consumer choices and habits
in order to improve the offer of services during subsequent stays, in order to
send you personalised commercial communications/perform targeted promotions,
business intelligence;
l) to implement bonus transactions and
customer loyalty programs.
4. only if you specifically consent
(Articles 23 and 130 of the Personal Data Protection Code, as amended –
provisions for the adaptation of national legislation to the provisions of EU
regulation 2016/679 – and Article 7 of the GDPR), for the following Marketing
Purposes:
m) the communication of your personal
data for their promotional purposes to the companies Ma.To S.r.l. (VAT No. –
Tax Code 01467010532), Cla.To S.r.l. (VAT No. – Tax Code 01468080534), Centro
Velico Punta Ala A.s.d. (VAT No. – Tax Code 01356920536), I-MTB Asd (VAT No. –
Tax Code 01454330539), all based in Punta Ala – c/o Campeggio Puntala – 58043
Castiglione della Pescaia (GR); GRAVITY di Giorgia Volta, based in Via degli
Affitti 9 – 57021 Venturina (Li), VAT No. 01783740499; Silverfield S.r.l., with
offices in Via Fra Silvestro Maruffi, 3 – 50132 Florence, VAT No. 0648800484
and, as necessary, to suppliers of catering and recreational services hosted in
the territory where our structure is located.
Your data may be made accessible for the
purposes referred to in 1., 2., 3. and 4.:
– to employees and collaborators of the
Data Controller or of partner companies and/or entities in Italy and abroad, in
their capacity as data processing operators (i.e. the persons in charge of the
processing) and/or internal data processors and/or system administrators;
– to third-party companies or other subjects (e.g. credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, acting as external data processors.
Legal basis of data
processing
The provision of data for the purposes
indicated in subsection 1. is mandatory. Without such data, we cannot
guarantee the Services referred to in subsection 1. The legal basis of
the processing of such data is the execution of a contract to which you are
party or the requirement to comply with specific legal obligations.
The legal basis of the processing of data
for the purposes referred to in subsection 2 above is Article 130
paragraph IV of the Personal Data Protection Code, as amended (provisions to
adapt domestic legislation to the provisions of the EU regulation 2016/679),
which specifically permits the data processing in question.
The provision of data for the purposes
indicated in subsections 3. and 4. above is, by contrast, optional. You
may therefore decide not to provide any data or subsequently revoke your consent
to the processing of data already provided: in this case, you will not receive
newsletters, commercial communications and advertising material related to the
Services offered by the Data Controller. However, you will continue to be
entitled to the Services referred to in point 1. The legal basis for
such data processing is the data subject’s consent (which is optional and
revocable at any time).
The personal data are not, however,
processed for more than 10 years from the termination of the relationship for
the Service Purposes.
Personal data processed for Marketing
Purposes will be retained until the data subject’s consent is revoked.
The Site processes
some personal data for the Data Controller’s legitimate interests.
Methods of processing
The data in question shall be processed:
–
in any type of paper and electronic format;
–
by subjects authorised for the purpose, who shall always be identified,
suitably trained and made aware of the relevant legal obligations and
implications;
–
for the period of time strictly necessary to fulfil the purposes for which the
data was collected;
–
with a commitment to always keep the data up-to-date, including the removal of
any data that is obsolete, not necessary or not relevant;
– with a commitment to adopting all legally required organisational and security measures, in order to preserve the data subject’s confidentiality and avoid the data being accessed unnecessarily by third parties or at all by unauthorised persons.
Duration of processing
The
personal data collected shall be stored, within the limitations of art. 5,
paragraph 1, letter e) of EU Reg.
2016/679, in a format that allows the data subject to be identified for a
period of time no longer than necessary for the fulfilment of the purposes for
which the data is being processed, however not for more than 10 years from the
termination of the relationship for the Service Purposes.
Personal
data processed for Marketing Purposes will be retained until the data subject’s
consent is revoked.
Data Controller, data processors operators,
data processor
The Data Controller for the personal data in
question is Campeggio PuntAla S.r.l., Tax Code 01233070539, headquartered in
58043 Punta Ala, Castiglione della Pescaia, Grosseto, Italy tel. +390564922254 fax.
+390564920379, e-mail: info@campingpuntala.it.
The data processors are Campeggio PuntAla S.r.l. employees and/or
partners. Data may be processed by employees and/or
non-company collaborators of company departments responsible for fulfilling the
purposes indicated above, who have been expressly authorised to process the
data and who have received adequate operating instructions.
GP Dati Hotel Service S.p.a., Tax Code 01560290270, headquartered
in Via Paganello, 22/A, 30172 – Venezia, Italy is Data Processor, which
processes personal data on behalf of the Controller.
The updated list of data processors and data processing operators
is kept at the Data Controller’s registered office.
Rights of the data subject
Pursuant
to EU regulation 196/2016 (GDPR) and the national regulation you, as a user,
may, by the methods and within the limitations set forth in the regulations in
force, exercise the following rights:
–
to request from the controller confirmation as to whether or not personal data
concerning you are being processed (right of access);
–
to know what the data source is;
–
to receive intelligible communications;
–
to receive information concerning the logic, methods and purposes by or for
which the data is being processed;
–
to update, rectify, erase or pseudonymise your personal data; to block the
processing of personal data being processed in breach of the Law, including
where the processing of such data is not necessary for the purpose for which it
was collected;
–
where the basis for processing is your consent, to receive the personal data
you have provided to the Data Controller in a structured, commonly used and
machine-readable format, without prejudice to paragraphs 3 and 4 of art. 20 of
EU Reg. 2016/679), at no more than the cost price for this to be done;
–
if you believe that the processing of your personal data breaches the
provisions of EU Reg. 2016/679, pursuant to art. 15, letter f) of the same
regulation, to lodge a complaint with the Garante Privacy (Italian Data
Protection Authority) pursuant to art. 6, paragraph 1, letter a) and art. 9,
paragraph 2, letter a), as well as the right to withdraw your consent at any
time;
–
should the data processing have for a legal basis legitimate interests, your
legitimate interests as the data subject are guaranteed (with the exception of
the right to data portability, for which the regulations do not provide), with
particular regards to your right to object which may be exercised by sending a
request to the Data Controller.
– the data
subject’s right to object to the processing of his/her personal data for
marketing purposes through automated means of contact, extends to traditional
contact means and, in any case, the data subject can still exercise said right
also in part, by e.g. objecting only to the transmission of promotional
communications by automated means;
–
as well as, more generally, to exercise any rights awarded to you under the
Laws in force.
As
a user, you may exercise your rights pursuant to articles 15, 16, 17, 18, 19,
20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller
(Campeggio Puntala S.r.l.) with your request, by telephone (+390564922254), fax
(+390564920379) or email (info@campingpuntala.it). You have a right to receive
a response regarding the decision reached in processing such a request.
