Privacy Policy

This Website collects some Personal Data from its Users.

Privacy Policy pursuant to art. 13 and 14 of the GDPR (EU Reg. 679/2016 on the Treatment of Personal Data)

Pursuant to the law and in relation to Personal Data of which Hotel La Perla srl, its collaborators and employees will come into possession, we advise you about the following information.

The „Data Controller“ is Hotel La Perla srl, represented by its legal representative pro-tempore, hereinafter also more briefly identified with the term „Company“, VAT no. 01231580216, based in Corvara in Badia (BZ), Str. Col Alt n. 105, tel. +39 0471 831000, fax +39 0471 836568, e-mail info@hotel-laperla.it, which will use your data.

The „Data Processor“ is any natural, legal person, Public Administration and any Entity that, where necessary and within the limits pertinent to the purposes of the Processing, uses Personal Data on behalf of the Owner.

  1. Type of data collected. All the data necessary for: the correct carrying out of the tourist-receptive and catering activity, spa, promotional activity, advertising, evaluation of the service and relating to human resources.
  2. Use of Data. The Data will be processed in accordance with the principles in accordance with art. 5 of the GDPR, including: lawfulness, correctness, transparency, limitation, confidentiality, etc.
  3. Purpose of the Processing. The Treatment is finalized solely for the purposes indicated in the preceding paragraph 1.
  4. Legal basis of the Treatment. The acquisition of the data takes place in relation to the contract between the owner and the interested party or eventually through consent.
  5. Refusal to provide Data. Any refusal by the Interested party to provide Data necessary for the performance of the activity may make it impossible to provide the services, carry out the activities and / or manage the reports indicated in Chapter 1 above.
  6. Data source. The personal data in which Hotel La Perla srl is in possession is collected in compliance with the provisions of Article 13 of the GDPR directly with the interested party or pursuant to art. 14 of the GDPR.
  7. Data processing methods. The Treatment in the respect of the art. 5, paragraph 1, lett. „F“ of the GDPR is carried out by means of the operations or set of operations summarized as follows: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The operations can be carried out with or without the aid of electronic or digital or automated means.
  8. Data communication. Personal Data, for the purposes of the current contract, may be communicated for the purposes referred to in point 1 to internal and external Collaborators, Data Processors, subjects operating in the sector including the Albergo Posta Marcucci based in Bagno Vignoni (Tuscany), subjects aimed at assessing the quality of the services provided and managing loyalty programs.
  9. Dissemination of Data. Your Data will not be disseminated in any way, except for the cases indicated in the preceding paragraph.
  10. Data transfer abroad. Personal data may be transferred to countries of the European Union and to countries outside the European Union for the purposes of the processing reported in point 3. Any transfer of data to a country outside the European Union will occur in compliance with articles 45 and following of EU Reg. n. 679/2016. In the absence of a decision on the adequacy of the protection level, the transfer can take place only in the cases provided by art. 49 of the mentioned Regulation.
  11. Data retention. The Data is kept for the period necessary for the performance of the activity and in any case for a period not exceeding ten years.
  12. Rights of the interested party. The law gives the interested party the exercise of specific rights, including:
    • obtain from the Data Controller access to your Personal Data and information in an intelligible manner;
    • have knowledge of the origin of the Data, the purposes and methods of the Processing;
    • rectify and cancel (right to oblivion) ​​the Data;
    • limit the Treatment or have the possibility to oppose it;
    • request data portability;
    • withdraw consent to the Processing without prejudice to the lawfulness of the Treatment based on the previous consent;
    • lodge a complaint pursuant to art. 77 GDPR to the Guarantor for the Protection of Personal Data.
  13. Changes to this privacy policy. The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within this Website and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
  14. System logs and maintenance. For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.
  15. Information not contained in this policy. More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
  16. Cookie Policy. This website uses cookies. To find out more and view the detailed information, the user can consult the Cookie Policy.
  17. Third-party subjects. Google Analytics with anonymized IP (Google Inc., United States)
    Google Analytics is a web analytics service provided by Google Inc. („Google“). Google uses the Personal Data collected for the purpose of tracking and examining the use of this site, compiling reports and sharing them with other services developed by Google.
    Google may use Personal Data to contextualize and personalize the ads of its advertising network.
    This Google Analytics integration anonymizes your IP address. Anonymization works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries adhering to the Agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google servers and shortened within the USA. Place of processing: United States – tool for deactivating Google Analytics (opt out). Subject adhering to the Privacy Shield.
  18. Non-continuous geolocation (this website). This website may collect, use and share data relating to the user’s geographic location in order to provide location-based services. Most browsers and devices provide tools to deny geographic tracking by default. If the user has expressly authorized this possibility, this website may receive information on its actual geographical position. The geographical localization of the user occurs in a non-continuous manner, upon specific request of the user or when the user does not indicate in the appropriate field the place where he is located and allows the application to automatically detect the position. Personal data collected: geographical location.

Registration and authentication

By registering or authenticating the user allows the application to identify him and give him access to dedicated services. Depending on the following, registration and authentication services may be provided with the help of third parties. If this happens, this application will be able to access some data stored by the third-party service used for registration or identification.

Facebook Authentication (Facebook, Inc.).Facebook Authentication is a registration and authentication service provided by Facebook, Inc. and connected to the social network Facebook. Personal data collected: various types of data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Subject adhering to the Privacy Shield.

Google OAuth (Google Inc.). Google OAuth is a registration and authentication service provided by Google Inc. and connected to the Google network. Personal data collected: various types of data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy. Subject adhering to the Privacy Shield.

Statistics. The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to keep track of user behavior.

Google Analytics (Google Inc.). Google Analytics is a web analytics service provided by Google Inc. („Google“). Google uses the personal data collected for the purpose of tracking and examining the use of this website, compiling reports and sharing them with other services developed by Google. Google may use personal data to contextualize and personalize the ads of its advertising network. Personal data collected: Cookies and usage data. Place of processing: United States – Privacy PolicyOpt Out. Subject adhering to the Privacy Shield.

Definitions and legal references

Personal Data. Any information that directly, indirectly, or in connection with other information – including a personal identification number – allows for the identification or identifiability of a natural person.

Usage Data. Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

User. The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

Data Subject. The natural person to whom the Personal Data refers.

Data Processor. The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller. The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

This Website. The means by which the Personal Data of the User is collected and processed.

Service. he service provided by this Website as described in the relative terms (if available) and on this site/application.

European Union (or EU). Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookie. Small sets of data stored in the User’s device.

Legal information. This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Website, if not stated otherwise within this document.