Play Music
Privacy Policy
INFORMATION FOR THE PROCESSING OF PERSONAL DATA
INFORMATION FOR THE PROCESSING OF PERSONAL DATA
Bellavista Exlusive Desenzano, as owner, informs you pursuant to art. 13/14 EU Regulation no. 679/2016 (hereinafter GDPR) that personal data will be processed in the manner and for the purposes indicated below.
Definitions
Personal data is "any information concerning an identified or identifiable natural person, this person is indicated with the term of Interested". The natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity is considered to be "identifiable. , physiological, genetic, psychological, economic, cultural or social "(art. 4 GDPR).
Treatment is any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data.
The data controller determines the purposes and means of the processing of personal data.
The data processor is the person who processes personal data on behalf of the data controller.
​
Purpose of the processing, legal basis and source of the data
The Data Controller processes personal data communicated to the same in the context of the exercise of its business as described in the Register of Companies (RI). The data are therefore communicated for the conclusion of contracts (written or oral) or for the execution of what has been agreed. The data communicated by the customer, even potential, which may be a company, may concern the legal representatives (or other operators) of the same customer company. The updating, verification and use of personal data relating to members of a company can also be a consequence of access to the public registers in which the company is registered (eg Business Register - Official Archive of the Chamber of Commerce).
Personal data is processed for the following reasons:
• carry out the agreed activity (pre-contractual measures or contract which can be written or oral, for example data processing to fulfill pre-contractual needs, processing activities necessary for the execution of the requested hotel or restaurant activity, so-called contractual and pre-contractual purposes );
• pursue a legitimate interest of the Data Controller: within the limits of what can reasonably be expected, the Data Controller has the right to effectively carry out its business, such as sending communications, responding to requests received, exercising a right or defending itself in court. It is possible that personal data are legitimately and freely communicated to the Data Controller without having been requested. In this case, the data are received by the Data Controller as part of its general activity and processed for legitimate interest (so-called legitimate interest purposes).
• With reference to the data freely provided by the interested party, without having been requested, they are lawfully processed also with the consent of the interested party.
• fulfill a legal obligation (for example fulfillment of tax obligations);
• only with the specific and distinct consent of the interested party to receive advertising communications from the Data Controller for other products and services (so-called indirect marketing purposes).
Data collected from the website
Browsing this website may involve the collection and subsequent further processing of your personal data as specified in the Cookie policy made available on it.
Any requests for information may involve the collection and subsequent further processing of your personal data (such as name, surname, e-mail, etc.). In particular, the collection of personal data can take place by filling in the contact form made available on the website or through a communication and for example by sending an e-mail from you.
In the event that the contact forms are used, the provision of data is necessary for the Data Controller to satisfy the related requests. Failure, partial or incorrect provision of personal data marked as mandatory does not make it possible to perform the requested service. In the event that it has been omitted to provide one or more mandatory personal data, an error message will appear.
​
What data is processed
For the purposes indicated in this information, the Data Controller processes common personal data (so-called ordinary) which are, for example, identification and address data (name, surname, tax code, address, telephone number, e-mail and other data contact). By booking specific services it is possible to receive information on special needs related for example to allergies or medical conditions, this information regarding health is used only to provide an adequate service, in this case the request for the service is covered by explicit consent.
​
Categories of recipients
Without prejudice to communications made in fulfillment of legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to external companies or professional firms that provide assistance for the fulfillment of legal obligations and '' exercise of the rights deriving from the business activity put in place (eg accountants, lawyers, work / safety consultants), credit institutions, public administrations for the performance of institutional functions within the limits established by law or regulations (eg. Revenue Agency, Police Headquarters, Ministry of the Interior, Territorial Bodies). Data recipients are also IT companies or IT operators that provide IT services or IT assistance (eg cloud storage services, hosting services, data traffic managers), subjects in charge of communication (eg Social Media Manager).
For the pursuit of the purposes described above, personal data are known by the subjects who operate as persons authorized by the Data Controller to process personal data, these subjects assist or work for the Data Controller in order to allow him to carry out his business efficiently (eg . collaborators, employees or similar personnel). The subjects belonging to the above categories operate, in some cases, as data controllers. More details can be obtained by contacting the Owner.
​
Retention period of your personal data
Personal data will be processed by the Data Controller for the time necessary for the establishment and management of the existing relationship. The data subject to conservation obligations established by law or potentially necessary for the protection of the rights deriving from the relationship will be kept, in compliance with the reference standards. The storage period therefore generally corresponds to 10 years. The data will be used by the Data Controller for sending advertising information (marketing activities) until consent is revoked.
​
Mode
The processing of personal data will take place using suitable tools to guarantee their security and confidentiality in accordance with the provisions of art. 32 GDPR.
​
Data transfer
Any transfer outside the EU of personal data is governed by specific contracts designed to require the recipient to comply with the adequate guarantees provided for by the current legislation on privacy, or to subjects who enjoy an adequacy decision (Article 44 and seg. GDPR); a copy of the adequate guarantees can be requested by contacting the Data Controller and obtained in the event of a transfer.
​
Nature of the provision and consequences
Failure to provide the data requested for contractual and pre-contractual purposes makes it impossible for the Data Controller to fulfill the requirements and its legal obligations. The Data Controller may not use personal data for the marketing purposes described above in the absence of the specifically expressed consent of the interested party. No consequences are foreseen for failure to provide data for the purposes of legitimate interest described above.
Rights of the interested party
As an interested party, you are recognized all the rights provided for the protection of personal data, with particular reference to art. 15 to 21 GDPR the following rights are highlighted:
• right of access, art. 15, GDPR: right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to your personal data, including a copy of the same;
• right of rectification, art. 16, GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;
• right to cancellation (right to be forgotten), art. 17, GDPR: right to obtain, without undue delay, the cancellation of personal data in accordance with the terms indicated in the EU Regulation no. 679/2016;
• right to limitation of treatment, art. 18, GDPR: right to obtain the limitation of the processing, when: a) the interested party disputes the accuracy of the personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited c) although the data controller no longer needs it for the purposes of the processing, the personal data are necessary for 'Interested party for the assessment, exercise or defense of a right in court; d) the interested party has opposed the processing, as indicated below, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party;
• right to data portability, art. 20, GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Data Controller to another Data Controller if this is technically feasible;
• right to object, art. 21, GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of lawfulness of the legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the treatment that prevail over interests, on the rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court.
• withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
• lodge a complaint with the Guarantor Authority (Guarantor for the protection of personal data based in Piazza di Montecitorio n. 121, 00186, Rome). For more information, you can consult the website of the Guarantor for the Protection of Personal Data: www.gpdp.it.
​
Primary method of exercising rights
You can exercise your rights at any time through the contact channels made available, for greater certainty of receipt of the request we recommend:
- sending a registered letter to BELLAVISTA EXLUSIVE DESENZANO, Via San Bendetto n. 9, cap 25015, Desenzano Del Garda (Bs)
- or a pec a.
​
Owner and further contact details
The data controller is SRL registered in the Brescia Company Register, PI, CF and registration number: 03741690238, with registered office in Via San Benedetto n. 9, Desenzano Del Garda (Bs), tel. +39 3472430079 , e-mail infobellavista@gmail.com , pec .
​
Contact details of the data protection officer
The Data Controller has appointed Avv. Valentina Remonato email studiolegale@valentinaremonato.it , tel. +39 338 8785457 .