Borgo Sicelle

Borgo Sicelle

AVAILABILITY REQUEST

"AVAILABILITY REQUEST" Privacy Notice

Borgo Sicelle (hereinafter, "Borgo Sicelle" or the "Company"), as Data Controller and in compliance with European legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679) and Italian legislation (https://www.garanteprivacy.it/) on the matter, and drawing on both the recommendations of the Working Party established under Art. 29 of Directive 95/46/EC and the documentation and measures published by the Italian Data Protection Authority, hereby informs that the personal data collected and processed will be handled in compliance with personal data protection law.

With regard to the management procedures and the processing of data for the purposes set out in this notice, pursuant to Article 13 of EU Regulation No. 679/2016 and Article 13 of Legislative Decree 196/2003, Borgo Sicelle provides the following information:

1. Types of data collected

This notice concerns the personal data voluntarily provided by natural and legal persons by filling in the "AVAILABILITY REQUEST form" (hereinafter the "form"):

The persons appointed by Borgo Sicelle, in carrying out their activity, may collect the following data of natural and legal persons:

  • identification data;
  • check-in/check-out data;
  • data relating to the potential booking;
  • contact data;
  • browsing data;
  • further data and attachments entered by the user in the free-text field.

Data subjects are asked not to enter or send, through the tools available on the website, "special categories of data", "biometric data", "genetic data", "data concerning health", "sensitive data" or "judicial data" as defined by applicable law. Such data, if provided by the data subject, will be deleted immediately.

2. Purposes and legal basis of the processing

The data provided by natural and legal persons and collected by Borgo Sicelle will be processed for one or more of the following purposes:

  1. to handle any requests contained in the message, including through follow-up activities; the legal basis legitimising the processing of personal data for this purpose is found in the case provided for by Art. 6(1)(b) of EU Regulation No. 679/2016, i.e. as the requested service is provided to the user;
  2. to comply with legal obligations or requests from the judicial Authority. The legal basis legitimising the processing of personal data for this purpose is found in the case provided for by Art. 6(1)(c) of EU Regulation No. 679/2016, i.e. as the processing is necessary to comply with a legal obligation to which the data controller is subject.

3. Data retention period

The personal data provided will be retained for the period strictly necessary to achieve the purposes for which they were collected and, in any case, in compliance with the principles of minimisation and storage limitation set out in Art. 5 of EU Regulation No. 679/2016 (GDPR). In particular:

  1. To handle any requests contained in the message, including through follow-up activities: the data will be retained for the time necessary to satisfy users' requests and manage any related follow-up activities, and subsequently for a period not exceeding 12 months, unless retention is necessary for defence purposes or to comply with legal obligations.
  2. To comply with legal obligations or requests from the judicial Authority: the data will be retained for the time provided for by the specific applicable regulations.

At the end of the retention periods indicated above, the personal data will be deleted, anonymised or aggregated in anonymous form for statistical purposes.

4. Processing methods

The data collected will be processed, stored and handled using electronic tools and will be stored both on electronic media and on paper media, organised in databases, and on any other suitable medium.

Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access.

The data processing carried out by Borgo Sicelle does not involve automated decision-making processes.

5. Disclosure and/or provision of data

Users' personal data may be disclosed to third parties for the purposes indicated and in accordance with EU Regulation No. 679/2016 (GDPR). In particular:

  1. To handle any requests contained in the message, including through follow-up activities: the data may be disclosed to collaborators, employees and external service providers that support Borgo Sicelle in managing requests and follow-up activities, always in compliance with applicable law and confidentiality agreements.
  2. To comply with legal obligations or requests from the judicial Authority: the data may be disclosed to public bodies, judicial authorities, supervisory and control bodies and other parties to whom disclosure is mandatory by law, in order to comply with legal or regulatory obligations.

Under no circumstances will users' personal data be disseminated to the public. Borgo Sicelle adopts adequate technical and organisational measures to ensure the security of personal data and to prevent unauthorised access, accidental loss, destruction or damage to the data.

6. Parties to whom the data may be disclosed

The data collected will not be disseminated and may be disclosed, in addition to parties recognised as having the right and interest to access your personal data under laws or secondary and/or EU regulations, to staff internal to the Controller, as well as to companies, associations or professional firms that provide services and activities on behalf of the Controller as Data Processors for the fulfilment of legal obligations, as well as for any organisational and administrative need required to provide the requested services. The names of the further parties who may come to know your data as "Data Processors" are listed in an updated register available at Borgo Sicelle.

7. Transfer of data abroad or to international organisations

The Company does not intend to transfer data of natural and legal persons processed for the purposes indicated in this notice outside the countries of the European Union, except to those for which an adequacy decision of the European Commission exists.

8. Rights of the data subject

In relation to the aforementioned data processing, the data subject is entitled to exercise at any time the rights referred to in Art. 7 (Right of access to personal data and other rights) of Legislative Decree No. 196/2003 and those provided for by EU Regulation No. 679/2016, including, for example, obtaining information on:

  • the origin of the data;
  • the purposes and methods of processing;
  • the logic applied in the case of processing carried out with the aid of electronic tools;
  • the identification details of the Controller, of the processors and of the representative designated pursuant to Article 5(2) of Legislative Decree No. 196/2003.

The data subject has the right to obtain:

  • access, updating, rectification or, where there is an interest, integration of the data;
  • the erasure, transformation into anonymous form or blocking of data processed in breach of the law;
  • the restriction of the processing of data concerning them.

The data subject may also request a copy of their data in a standard format (so-called "Right to data portability").

The data subject also has the right to object, in whole or in part:

  • on legitimate grounds, to the processing of data concerning them, even if relevant to the purpose of the collection;
  • to the processing of personal data concerning them for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication.

Finally, the data subject has the right to withdraw their consent to the processing, where this is based on the case provided for by Art. 6(1)(a) (where "the data subject has given consent to the processing of their personal data for one or more specific purposes"), or by Article 9(2)(a) (where "the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract") of EU Regulation 679/2016, at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal. In particular, the data subject, in order to no longer receive E-mail communications relating to the request, may at any time request free of charge to be removed from the service by sending a message to the contact details indicated in point 9 of this notice. The request to delete one's own data is always free of charge. The objection to the processing of one's own data for these purposes, carried out through automated means of contact, also extends to traditional means; in any case, the data subject retains the possibility to exercise this right in part, pursuant to Art. 7(4)(b) of the Code, i.e., in such a case, objecting, where appropriate, only to the sending of promotional communications carried out through automated tools.

Should the data subject consider that the processing concerning them infringes the legislation in force, they have the right to lodge a complaint with a supervisory authority, in particular in the Member State where they habitually reside, work or where the alleged infringement occurred. The Italian supervisory Authority can be reached at the contact details available at www.garanteprivacy.it.

9. Data Controller – Contact details

The Data Controller is Borgo Sicelle, Registered Office Località  Sicelle - 59 - 53011, 53011 Castellina in Chianti, Siena, in the person of its legal representative pro tempore. The Company may also be contacted at its certified e-mail address (PEC).

To exercise the rights listed above, the data subject may submit a request by contacting the Company at the address info@borgosicelle.it or by sending a written communication to the address of the company's operating office, indicating "Data Protection Borgo Sicelle" as the reference.

Borgo Sicelle reserves the right to update this Privacy Notice on the processing of personal data.