Pursuant to and in accordance with Articles 13 and 14 of (EU) Regulation 2016/679 regarding the protection of individuals with regard to the processing of personal data, and pursuant to Legislative Decree. 196/2003, as per the request for information, request for a reservation or to use the services offered by the company Anco S.a.s. di Galli Moreno E C., we provide you with the following information:
The Data Controller is ANCO Srl., with headquarters in Livigno (SO), Via Plan, 247/H, tax code 92016930148 (hereinafter “the Data Controller”), who can be contacted by email email@example.com
Data processing is carried out by the Data Controller in order to perform its activities. Specifically, the data provided by the Interested Parties will be processed, by computer and other means, for the following purposes:
(a) responding to requests for information, managing reservations, providing requested services. The legal basis for the processing is the necessity to process the information for the performance of a contract to which the Data Subject is a party or to the execution of pre-contractual measures taken at the request of the Data Subject (art. 6, c. 1, lett. b) UE Reg. 2016/679);
(b) fulfilment of Public Safety, tax and accounting obligations. The legal basis for the processing is the need for the processing to fulfil a legal obligation to which the Data Controller is subject (Art. 6, c. 1, lett. c) EU Reg. 2016/679;
(c) marketing promotional activities for the sale of company products or services and customer loyalty. The legal basis for the processing is the legitimate interest of the Data Controller for direct marketing and customer loyalty (Art. 6, c. 1, lett. f) EU Reg. 2016/679 and 130, c. 4 Legislative Decree 196/03).
(d) the defence of a right or interest before any competent authority or body, therein expressly including for the purpose of debt recovery. The legal basis for the processing is the pursuit of a legitimate interest of the Data Controller consisting in the protection of the company in relation to the contractual relationship with customers (Art. 6, c. 1, lett. f) EU Reg. 2016/679).
3.1. For the described purposes of processing, the Data Controller may process the following types of data provided by the Data Subject:
– last name, first name, date of arrival and departure, gender, date of birth; place of birth; type, number and place of issuance of the identification document; e-mail address; telephone number; car license plate number;
– Company name or name, Tax code and other identification numbers, bank details/credit card number, address, E-mail and/or Secure e-mail address
3.2. The data may come from booking services or information requests that you made through o.t.a. channels. (Ex: Local Tourism Promotion Company; Booking.com; Expedia; Tripadvisor; Homeaway; Trivago; Airbnb etc.) or by means of various tourism portals including local portals, as well as from social media (Facebook, Twitter, Instagram, WhatsApp, Pinterest etc.).
4.1. The Data will be processed by the Company with electronic and manual systems in accordance with the principles of fairness, loyalty and transparency regulated by the applicable legislation on the protection of personal data and protecting the confidentiality of the Data Subject through technical and organisational security measures, to ensure an adequate level of security.
4.2. The provision of data for the purposes identified in (a) and (b) above is to be considered mandatory to the extent that failure to provide such data will result in the inability of the company to respond to requests for information or reservations, as well as to provide the services requested. The data provided for the purposes identified in (c) is to be considered optional and a condition for receiving communications from us.
In case of refusal to consent to the processing of data in the manner described in the purposes under c) “marketing”, in the absence of automated systems to request cancellation, you may send a request to the Data Controller by e-mail to firstname.lastname@example.org
The data will be processed, to the extent necessary, by collaborators and/or employees who are authorised and instructed by the Data Controller, as well as by the staff of third party autonomous processors who provide services to the Data Controller and carry out data processing on behalf of and at the instruction of the Data Controller as data processors. Specifically, for the above purposes, data may be disclosed to:
– consultants and freelancers whether individuals or associates, service companies, or trade associations, that provide the Company with assistance or advice for financial, administrative, accounting, tax, and legal protection purposes;
– companies, entities, persons who provide assistance in marketing and communications related to the provision of services;
– insurance companies and credit institutions;
– associations of local governments;
– subjects, Entities or Authorities to which it is mandatory to communicate your personal data by virtue of legal provisions or orders of the Authorities;
– technical staff and IT companies involved in the management and care of the Owner’s website and computer network and any cloud and management software providers in order to manage the booking, availability check, confirmation and payment of the stay.
the Data Controller does not transfer personal data to third countries, although it reserves the option of using cloud services, and in that case the service providers will be selected from among those who provide adequate guarantees, as provided by Art. 46 EU Reg. 2016/679.
Personal data processed for the purposes under (a) and (d) will be kept for as long as it is strictly necessary to achieve those purposes. In any case, since the processing is carried out for the provision of services and for possible subsequent contractual protection, the Data Controller will process the data for as long as permitted by Italian law to protect its interests or for the period of prescription of the rights that can be acted upon by the Data Controller (art. 2946 et seq. Civil Code), subject to litigation.
Personal data processed for the purposes set forth in (b) will be
retained in connection with the retention obligations stipulated in the specific regulations under the law.
Personal data processed for the purposes of (c) above may be retained until the Data Subject revokes the consent or requests the data to be deleted.
The Data Subject may exercise, in connection with the data processing described therein, the rights provided by EU Reg. 2016/679 (Arts. 15-21), including:
To exercise these rights, the Data Subject may contact the Data Controller via: e-mail email@example.com; registered mail to the registered office of the Data Controller.
By voluntarily subscribing to the Newsletter service, you will be able to receive information via e-mail regarding offers, promotions, events and news regarding our business. To the extent possible, our company is committed to ensuring quality and continuity of service, but we reserve the right to begin and/or suspend service at any time, even without prior notice or communication.
Pursuant to Article 13 of EU Regulation 2016/679, we provide you with the following information:
The Data Controller is Anco S.r.l., with headquarters in Via Plan, 347/H – 23041 Livigno (SO) ITALY, tax code 92016930148, e-mail: firstname.lastname@example.org; tel. +39 0342 970523.
With the newsletter service we may e-mail information regarding offers and promotions and news regarding our business, for promotional purposes as part of direct marketing and customer retention campaigns. The legal basis for processing is the legitimate interest of the Data Controller, for direct marketing and customer loyalty (Art. 6, c.1(f) EU Reg. 679/2016 and 130, c. 4 Legislative Decree. 196/2003). However, the service will be provided only upon the user’s enrollment in the service.
Data will be processed by contractors and/or employees assigned by the Data Controller, as well as by companies/businesses appointed as data processors (e.g., companies offering functions and tools for creating, sending and tracking newsletters; web hosting for site maintenance).
The Data Controller does not transfer personal data to third countries outside the European Union. However, if there is a need to use IT services, including cloud-based services located in third countries or even through the use of data processors, these providers will be selected from those who provide adequate guarantees, as regulated by Art. 46 EU Reg. 2016/679.
Failure to provide data will result in the inability to subscribe to the newsletter service and, therefore, you will not be able to receive the newsletter .
Data may be retained until revoked or until it is requested to be deleted by the Data Subjects.
Data Subjects have the right to obtain, in the cases provided for, access to and rectification or deletion of personal data or restriction of the processing concerning the data, or to object to the data processing (Articles 15 et seq. of EU Regulation 2016/679). Data Subjects are also granted the right to data portability as well as the right to lodge a complaint to the Supervisory Authority (Data Protection Authority – www.garanteprivacy.it) should they believe that the processing of their data through this service takes place in violation of the data protection regulations.
The request to unsubscribe from the newsletter newsletter can be exercised either by e-mail request (email@example.com) or by using the appropriate link at the bottom of each newsletter.