PRIVACY POLICY - ART. 13 EUROPEAN REGULATION NR. 2016/679
(General Data Protection Regulation)
 
1. Data controller
The Data Controller is SIRMIONE2 SPA - VAT 00551890981,in person of the legal representative pro temporeMr. Santi Giorgio Paolo, with registered office in 25019 Sirmione - BSvia Salvo D’Acquisto 15, www.sirmione2.it, hereinafter "the Holder".
The Data Controller intends to provide the data subject with complete information on the purposes and methods of processing personal data.
 
2. Methods of processing personal data
Personal data (personal data, telephone number, e-mail, etc.) are processed on computer media or in any case with the aid of computerized or automated tools in compliance with the minimum security measures and, in any case, in order to guarantee the integrity, security and confidentiality of the data.
 
3. Purpose of the processing
The Data Controller will process your personal data for the following purposes:
1) performance of contractual and pre-contractual activities
2) compliance with tax or legal obligations
Personal data will also be processed exclusively for purposes strictly connected and instrumental to the fulfillment of the obligations inherent to the aforementioned points.
The consent you have expressed is the legal basis of the processing pursuant to art. 13, paragraph 1), letter c) of the GDPR.
 
4. Nature of the contribution
The provision of your data for the purposes referred to in paragraphs 1) and 2) of Article 3 does not require any formal consent as a preliminary and essential to any contractual or pre-contractual relationship.
 
5. Recipients or category of recipients of personal data
The personal data you have provided, for the purposes described above, may be brought to the attention of employees and / or collaborators of the Data Controller and communicated to the following subjects:
a) third-party companies possibly appointed by the Owner to provide for the execution of the obligations assumed by the latter for the implementation of the treatments provided for by the purposes set out in points 1) and 2) of Article 3;
c) all subjects (including Public Authorities) who have the right to access data under regulatory or administrative provisions;
All the collaborators or suppliers used by the Data Controller for the processing of your personal data have been appropriately and legally authorized and empowered on the methods and purposes of the treatments attributed to them and will act in compliance with and in accordance with this information.
 
6. Data retention times
Your personal data will be kept for the times defined by the relevant legislation, which are specified below pursuant to art. 13, paragraph 2, letter a) GDPR:
  1. for the purposes indicated in points 1), 2) of article 3 for the times prescribed by the laws in force and in any case for a period not less than 10 (ten) years
 
7. Exercise of rights by the interested party
Pursuant to article 13, paragraph 2, letter b) , 15, 18, 19 and 21 GDPR, the interested party is informed that he has the right to:
a. Access to personal data: obtain confirmation of whether data concerning you are being processed and, in this case, access to the following information: the purposes, the categories of data, the recipients, the retention period, the right to lodge a complaint with a supervisory authority, the right to request rectification or cancellation or limitation of processing or opposition to the processing itself and the existence of an automated decision-making process;
b. Request for rectification or cancellation of the same or limitation of the processing that concerns you; "limitation" means the marking of data stored with the aim of limiting its processing in the future;
c. Opposition to processing: to oppose for reasons connected with your particular situation to the processing of data for the performance of a task of public interest or for the pursuit of a legitimate interest of the Controller;
d. Data portability: in the case of automated processing carried out on the basis of consent or in execution of a contract, to receive data concerning you in a structured format, commonly used and readable by automatic device; in particular, the data will be provided by the Data Controller in .xml format;
e. Revocation of consent to processing for marketing purposes, both direct and indirect, market research and profiling; the exercise of this right does not prejudice in any way the lawfulness of the processing carried out before the revocation;
f. Propose a claim pursuant to art. 77 RGPD to the competent supervisory authority based on your habitual residence, workplace or place of violation of your rights; for Italy, the Guarantor for the protection of personal data is competent, which can be contacted via the contact details on the website http://www.garanteprivacy.it.
The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated in art. 1 of this information.
Requests relating to the exercise of your rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and in the number of requests, this deadline may be extended by a further 2 (two) months. e) obtaining data portability;
The exercise of rights is not subject to any form constraint and is free. The e-mail address for the exercise of rights is privacy@sirmione2.it
 
 
 
 
 
Partners