INFORMATION PURSUANT TO ART. 13 GDPR No. 679/16
In implementation of EU Regulation no. 679/16, the following information is provided to customers, suppliers and users:
identity and contact details of the data controller: the data controller is “Gattarella” s.p.a., in the person of the
legal representative on a temporary basis, based in 71019 Vieste (FG), Località Lama Le Canne, tel. 0884 703111; certified email: gattarella@pec.it; e-mail: info@gattarella.it; no. REA: FG-86657, VAT number: 01952630711.
Contact details of the data protection officer (D.P.O.): the data controller has appointed the lawyer as data protection officer. Marco Pagliara, who can be contacted by telephone: cell. 338 9521190; or by e-mail, P.E.C.: avv.pagliara@pec.it; email: avv.pagliara@tiscali.it; e-mail: privacydpo@gattarella.it.
Data categories and processing methods: the processing may concern direct identification data (e.g. common, contact, personal data, location data); indirect identification data (e.g. IP addresses); particular categories of data (e.g. biometric and health data); data relating to electronic communications (e.g. by post or via the internet). The data is collected from the interested parties and processed using automated and/or analogical methods.
Purpose of the processing for which the personal data are intended: the data will be processed, in general, for the purposes connected to hotel activities; for the promotion and management of services aimed at the development of tourist initiatives, the sale of tourist services; the noleggio and the concesión in use of vehicles and natanti to the clients. In particular, data will be processed for company purposes and needs, i.e. for: (1) tourist and hotel business (catering, private beach, swimming pool, bar with administration); (2) for direct marketing purposes (newsletter); (3) for purposes related to the execution of contracts and services; (4) for security and property protection reasons; (5) for fulfillment of legal obligations.
Legal bases of processing: the processing of personal data provided may be based 1) on the client’s consent; 2) on the execution of specific contracts or services; 3) on the fulfillment of the legal obligations of the data controller; 4) on the legitimate interest for reasons of security and protection of company assets.
Recipients or categories of recipients of personal data: personal data can be transferred to affiliated subjects, external managers, tax consultants, investee companies, public bodies and competent authorities; more specifically, labor consultants, competent doctor, occupational safety manager, external managers (subjects suppliers of and maintenance of software and hardware), outsourced services (general maintenance of the structure, dining room, kitchen, laundry, management, tourist entertainment), public administrations (P.S. Authority, Regional Body, Revenue Agency).
Intention of the data controller to transfer personal data to a third country: does not exist, since the data will not be transferred outside the EU. If there is a need to transfer data outside the EU, the processing will be regulated in accordance with the provisions of Chapter V of EU Reg. 679/2016, with verification of the adequacy decisions of the recipient third countries, or of the existence of adequate guarantees or binding rules of company, or the existence of specific exceptions and with the prior authorization of the interested parties and communication to them.
Retention period of personal data and criterion used to determine it: personal data may be kept for 10 years from the termination of the relationship, depending of the ordinary statute of limitations of the rights, or the same ten-year term from the acquisition for marketing purposes (web doc n. 2920245; 2547834; 2499354; 8998319); 5 years according to fiscal and legal obligations.
Rights of the interested party: interested parties are informed of the existence of the right to ask the data controller for access to personal data, rectification or cancellation of the same, limitation of treatment, to oppose their treatment, in addition to the right to data portability, governed by articles 15 and following of EU Reg. 679/16 (to exercise any right, send a request to the data controller or to the DPO to the contact details above).
Information to interested parties: interested parties are informed of the existence of the right to revoke the consent at any time, by electronic communication or in any written method, if the treatment is based on this legal basis and without prejudice to the lawfulness of the treatment based on the consent given before the revocation, as well as the right to proposeComplaint to a supervisory authority (Privacy Guarantor). The communication of personal data is necessary for the indicated purposes of the processing, for the purpose of accessing the services provided.
For the existence of any automated decision-making processes, including profiling, a logic inherent in the interests of the data controller will be used. treatment and of the interested parties, according to criteria aimed at managing the activities for the offer of the best and most specific services; the same decision-making processes may be necessary for the execution of the activities and the performance of the contractual services. The interested party can always communicate in writing to oppose the aforementioned treatment, also by electronic communication to the addresses indicated above.
EXERCISE OF RIGHTS: the interested party can forward any communication or request concerning the exercise of their privacy rights to the owner of the treatment (email: info@gattarella.it) or to the DPO (email: avv.pagliara@tiscali.it) at the indicated contact details.
PRIVACY INFORMATION PURSUANT TO ART. 13 GDPR No. 679/16
(prospective employees)
In implementation of EU Regulation no. 679/16, the following concise general information is provided to aspiring workers and collaborators:
Identity and contact details of the data controller: Gattarella s.p.a., in the person of its legal representative on a temporary basis, based in 71019 Vieste (FG), Località Lama Le Canne, tel. 0884 703111; certified email: gattarella@pec.it; e-mail: info@gattarella.it; no. REA: FG-86657, VAT number: 01952630711.
Contact details of the data protection officer (D.P.O.): Avv. Marco Pagliara, e-mail: avv.pagliara@tiscali.it; certified e-mail address: avv.pagliara@pec.it-.
Data categories and processing methods: the processing may concern direct identification data (e.g. common, contact, personal data, location data); indirect identification data (e.g. IP addresses); data relating to electronic communications (e.g. by post or via the internet). The data is transmitted by the interested parties and processed using automated and/or analogical methods.
Purpose of the processing for which the personal data are intended: the personal data will be processed for purposes relating to the establishment and management of the employment relationship, for ensure equal employment opportunities; may subsequently be processed for tax, social security and insurance purposes, as well as for compliance with safety, health and hygiene at work, for the recognition of concessions, for the purposes of compliance with laws, regulations, company policies, collective agreements, bookkeeping purposes; to assert and defend a right, even by a third party, in court, to fulfill the insurance obligations for the coverage of risks from employer liability or for damages caused to third parties in the exercise of the work activity.
Legal bases of the processing: the legal basis of the processing consists of: a) the execution of pre-contractual measures (Article 6, paragraph 1, letter B GDPR), or the execution and management of the employment relationship (in case of establishment); b) or from the fulfillment of legal obligations of the data controller.
Recipients or categories of recipients of personal data: subjects in charge of managing the employment relationship based on the purposes specified above, public bodies and institutions, external managers ( consultants, IT companies, training bodies and companies), any investee companies.
Intention of the data controller to transfer personal data to a third country: does not exist, since the data will not be transferred outside the EU. If there is a need to transfer data outside the EU, the processing will be regulated in accordance with the provisions of Chapter V of EU Reg. 679/2016, with verification of the adequacy decisions of the recipient third countries, or of the existence of adequate guarantees or binding rules of company, or the existence of specific exceptions and with the prior authorization of the interested parties and communication to the same.
Retention period of personal data and criterion used to determine it: the data will be kept until the interest in establishing a relationship persists of collaboration or work and in any case no later than 5 years, depending on their actuality.
RIGHTS OF THE INTERESTED PARTIES: the interested parties are informed of the existence of the right to ask the data controller for access to personal data, rectification or the cancellation of the same, where the treatment is based exclusively on consent, the limitation of the treatment, in addition to the right to data portability, governed by articles 15 and following of EU Reg. 679/16 (to exercise a right, write to the data controller and/or to the DPO at the contact details indicated above).
Please infordata subjects of the existence of the right to lodge a complaint with a supervisory authority (Privacy Guarantor).
The communication of personal data is necessary for the purposes of the processing, for the purpose of establishing the employment relationship and to access the services provided. For any automated decision-making processes, including profiling, free and specific consent will be requested from the interested parties and possibly carried out on the basis of logic inherent in the interest of the company and of the aspiring workers in the establishment of an employment or collaboration relationship, according to criteria aimed at better management of the relationship. The interested party can always communicate in writing to oppose the aforementioned treatment.
COOKIES INFORMATION
Cookies are small text strings, sent by the sites visited to the user’s terminal (usually the browser), on which they are stored before being re-transmitted to the same sites on the next visit by the same user. Cookies are stored, based on user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Types of cookies Based on their characteristics and use, cookies can be divided into different categories:
Strictly Necessary Cookies
These are cookies that are essential to manage login and access to reserved functions of the site, typically for updating pages by web editors. The duration of these cookies is strictly limited to the work session (when the browser is closed they are deleted). Their deactivation compromises the use of the services accessible from the login.
“Technical” cookies (analysis and performance)
These are cookies used to collect and analyze traffic and use of the site anonymously. These cookies, even without identifying the user, allow, for example, to detect if the same user returns to connect at different times. They also allow you to monitor the system and improve its performance. The deactivation of these cookies can be performed without any loss of functionality.
Profiling cookies
These are permanent cookies used to identify (anonymously or not) user preferences and improve their browsing experience. The website uses cookies of the types indicated. Duration of cookies Some cookies (session cookies) remain active only until the browser is closed or the logout command is executed. Other cookies “survive” when the browser is closed and are also available on subsequent visits by the user. These cookies are called persistent and their duration is set by the server at the time of their creation. In some cases a deadline is fixed, in other cases the duration is unlimited. Browsing through the pages of the site, you can interact with sites managed by third parties who can create or modify persistent and profiling cookies.
Managing cookies
The user can decide whether or not to accept cookies using the settings of his browser. The setting can be defined specifically for different websites and web applications. Below are the web resources that illustrate how to proceed for each of the main browsers:
Chrome: https://support.google.com/chrome/answer/95647?hl=it
Firefox: https:// support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windowsinternet-explorer-delete-manage-cookies< br />Opera: http://help.opera.com/Windows/10.00/it/cookies.html
Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT
Google Analytics
Some sites include components transmitted by Google Analytics, a web traffic analysis service provided by Google Inc. (“Google”). These are third-party cookies used to anonymously collect and analyze information on site usage behavior by visitor users. These cookies are used to store non-personal information. Google Analytics protects the confidentiality of your data in various ways:
The Google Analytics terms of service, which all Google Analytics customers must comply with, prohibit the sending of personal information to Google Analytics. Personal information includes any data that Google can use to likely identify an individual including, but not limited to, names, email addresses, or billing information.
You may not provide Google Analytics data to third parties without the customer consent, except in certain specific circumstances, such as when required by law.
Google’s teams of security engineers protect data from external threats.
Internal access to data (e.g. eg by employees) is stproperly regulated and subject to employee access controls and procedures. For further information, please refer to the link indicated below: https://support.google.com/analytics/answer/6004245
The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google. To disable the action of Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout
Third-party cookies (social)
By visiting the website you can receive cookies both from the site visited (“owners”) and from sites managed by other organizations (“third parties”). An example are the “social plugins” of Facebook, Twitter, Google+ and LinkedIn. These are parts of the visited page generated directly by the aforementioned sites and integrated into the page of the host site. The most common use of social plugins is aimed at sharing content on social networks. The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of the information collected by “third parties” is governed by the relative information to which reference is made. To ensure greater transparency and convenience, the web addresses of the various information and methods for managing cookies are shown below:
Facebook information: https://www.facebook.com/help/cookies/
Facebook (configuration): access your account. Privacy section
Twitter information: https://support.twitter.com/articles/20170514
Twitter (configuration): access your account. Settings section, Security and privacy
LinkedIn information: https://www.linkedin.com/legal/cookie-policy
LinkedIn (configuration): access your account. Menu Account E Settings, Privacy and settings
Google+ information: http://www.google.it/intl/it/policies/technologies/cookies/
Google+ (configuration): http://www. google.it/intl/it/policies/technologies/managing/
Pinterest information: https://about.pinterest.com/it/privacy-policy
Instagram: https://instagram.com/ legal/cookies/
INFORMATION TO SUPPLIERS ON THE PROTECTION OF PERSONAL DATA
(art.13, EU Regulation n. 2016/679)
Data controller: the data controller is “Gattarella” s.p.a., in the person of its legal representative on a temporary basis, based in 71019 Vieste (FG), Località Lama Le Canne, tel. 0884 703111; certified email: gattarella@pec.it; e-mail: info@gattarella.it; no. REA: FG-86657, VAT number: 01952630711.
Data Protection Officer: the aforementioned data controller uses a person responsible for the protection of personal data (Data Protection Officer), designated in the person of Avv. Mark Pagliara. For contacts, pec: avv.pagliara@pec.it; email: avv.pagliara@tiscali.it; tel. cell. 3389521190.
Preface
The data controller has a contractual relationship with you, or with your esteemed company (hereinafter the “Supplier”).
The data controller, pursuant to current legislation on the protection of personal data, is the natural or legal person who is responsible for decisions regarding the purposes, methods and means of processing personal data, including the security profile.
Data subject is to be understood as the natural person to whom the personal data belong, thus excluding the legal person. The Data Controller has the obligation to inform the interested party in advance about the processing of his personal data.
The information to the interested parties involved in the processing, when they perform work or professional activities or collaborate with the Supplier, and whose data are communicated, known and/or processed by the Data Controller in execution and in the course of the contractual relationship, must be understood as released by the Owner through the same Supplier.
That said, the aforementioned Data Controller informs you that your personal data will be processed in compliance with the legal requirements and your rights. Personal data refers directly to your person or to the company organization, or it can consist of information referring to natural persons who represent, belong to or are in any case linked in any way to your organization.
Data being processed: The identification and contact data of the supplier’s personnel are being processed, for the purpose of providing the service involving the supplier, necessary for the execution and management of the contractual relationship between the Data Controller and the Supplier himself .
Methods of treatment: The treatment may include the following operations: collection of lists, deeds and documents (obtained by telephone, telematics, from public registers, or public and/or private databases, informationcommercial sites or on websites of public and/or private entities, or at other customers or suppliers); registration, organization, conservation and processing on paper, magnetic, automated or telematic supports; processing of data collected from third parties, modification, selection, extraction, comparison, use, interconnection with data of other subjects based on qualitative, quantitative and temporal criteria, recurring or definable from time to time; temporary processing aimed at rapid aggregation or transformation of the data; discretionary (never totally automated) adoption of decisions, creation of profiles and information; communication, cancellation and destruction of data, or combinations of two or more of the aforementioned operations.
Appointment of external and authorized data processors: The Data Controller has appointed external and/or internal data processors. The internal authorized persons belong to the homogeneous functional areas of the company which process the data for the purposes indicated in this disclosure. The processing is protected by adequate technical and organizational security measures, such as electronic archives, with access protected by authentication credentials, selectively limited to authorized and periodically updated profiles only, firewalls, antivirus, antispam, backup systems and data recovery in case of accidents as well as maintenance services. Personal data is processed by electronic means and with non-automated tools.
Purpose of processing: Personal data will be used for purposes related to the management and execution of the contractual relationship.
Legal basis of the processing The legal bases of the processing are as follows:
a) execution of a contract of which you/your company is a party or execution of pre-contractual measures adopted upon request (e.g. requests for sending information or commercial offers);
b) fulfillment of a legal obligation to which the Data Controller is subject;
c) legitimate interest of the Data Controller in the effective and efficient management of the relationship with its customers and/or suppliers, as well as for the management of internal and external organizational processes (e.g. management of relations with any of its sub-suppliers functional to the supply requested by the interested party). The processing is in any case necessary for the execution of the contract.
Scope of data circulation and recipients: The data can be used by employees or in collaboration with the data controller, who has been assigned a specific role, who has been given adequate operating instructions, as well as by companies third parties who carry out instrumental activities on behalf of the Data Controller, who act, as external data processors, under the direction and control of the Data Controller. The recipients can be affiliated subjects or joint data controllers (if applicable), external managers (tax and legal consultants, IT companies, hosting providers, postal couriers), investee companies.
Non-disclosure of data: Personal data will not be disclosed to indeterminate recipients.
Transfer of data abroad: Personal data will not be transferred to foreign countries. Where appropriate, the consent of the data subject will be requested and the adequacy of third countries verified.
Data retention time: The data will be kept for the duration of the entire contractual relationship and in any case until the ordinary limitation period of the rights (10 years), in compliance with the rights and in compliance with the consequent obligations, i.e. for 5 years for the fulfillment of accounting and tax obligations.
Rights of the data subject: In relation to the processing of personal data, including that of the supplier company’s employees, each data subject may exercise the rights listed below, by contacting the data controller without particular formalities, at the email address indicated above , or the DPO (pec: avv.pagliara@pec.it), in order to request confirmation regarding the processing of personal data concerning him and, in this case, obtain access to the same, or to the following information:< br />a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients from third countries or international organizations;
d) the envisaged retention period of the personal data or, if this is not possible, the criteria used to determine this period; The interested party may therefore exercise the following rights:
e) access (art. 15 GDPR); rectification (art. 16); cancellation of personal data (art. 17); to limit the processing of personal dataconcerning him (art. 18); to data portability (art. 20); express opposition to the processing (art. 21);
f) the right to lodge a complaint with the supervisory authority;
g) if the data are not collected from the interested party, all the information available on their origin;
h) the existence of an automated decision-making process, including profiling and, in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party;
l) the interested party also has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concern and to have such data transmitted directly to another Data Controller, without impediments of any kind, if the following (cumulative) conditions are met:
1) the processing is based on the consent of the Data Subject, for one or more specific purpose, or on a contract of which the interested party is a party and for whose execution the treatment is necessary;
2) the treatment is carried out by automated means (software).
m) Right not to be subjected a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person.
n) To propose a Complaint to the competent Supervisory Authority based on the GDPR ( Italian Privacy Guarantor).
INTEGRATIVE INFORMATION ON WEBSITE PRIVACY
This information provides the interested parties, users of the website, with additional information with respect to the general information, prepared pursuant to art. 13 EU Reg. no. 679/2016 by the Data Controller, published in the privacy section, of which it constitutes an integrative and complementary element.
The contact details of the Data Controller and/or of the DPO, where designated, can be found on the website, in the contact section, or in the aforementioned general privacy information. The same can be used for the exercise of privacy RIGHTS (provided for by articles 15 and following of EU Reg. 679/16) of access, rectification, cancellation, limitation, portability and opposition or for the revocation of consent to the data processing granted for a specific purpose. You can always refer to the information contained in the aforementioned general privacy information, drawn up pursuant to art. 13 GDPR, by sending a request to the Data Controller or to the DPO, where designated, or forwarding, if appropriate, a Complaint to the Privacy Guarantor Authority.
Categories of personal data processed through the website
The Data Controller processes common personal data (personal data, contact details, etc.) of the “interested” user, voluntarily communicated.
The provision of personal data can take place by filling in the appropriate “forms”, present in the sections of the website, or by communicating to customer service or by sending requests by e-mail. In particular, the following types of personal data are processed.
Data relating to the functioning of the website
The computer systems used to operate the website acquire the following personal data, the transmission of which takes place as a result of the use of internet communication protocols: IP addresses; type of browser used; addresses of websites or accounts from which you are logged in; data relating to access time, parameters relating to navigation, etc… The information acquired is of an indirect type, but could allow users to be identified through processing and association with other data held by third parties.
Data relating to the implementation of promotional activities and “profiling”
Subject to the provision of “free and specific” consent by the user concerned, which can be acquired by affixing specific flags, the contact data provided may be used for forwarding promotional communications (so-called direct marketing). The service could be customized, based on the preferences expressed by completing the specific sections (so-called “profiling”). The personal data requested are common data (personal data, contact details, e-mail addresses, etc.) and are provided by the user concerned to allow his identification or the execution of the requested service (sending of newsletters, communication of promotional initiatives, etc. …). Additional data can be provided and processed for the execution ofpersonalized services. The provision of data for the aforementioned purposes (marketing and profiling) is optional, therefore, the interested user can always deny consent with respect to their treatment, or revoke it at any time, without prejudice to the lawfulness of the treatment carried out before the revocation. Consequently, failure to provide or withdraw consent to the processing of data for the aforementioned purposes (marketing and profiling) cannot constitute grounds for denying access to the service by the user concerned. In this case, the Data Controller will not be able to send commercial communications to obtain promotional advantages, nor could he personalize the forwarding of the same based on the preferences expressed by the interested party. In the event that the user uses the social network authentication function to register on the site, the social account data will be requested, specified in the appropriate “pop-up” window, which is displayed at the time of the request. Through the social platform, the user can activate or deactivate the function that allows the transfer and sharing of the personal data provided or one’s social experience to other websites or third-party applications. At any time, the user can disable the sharing of data from his social account by accessing the settings of the service provider.
Purpose of the processing for which the personal data are intended
The navigation data are processed by subjects authorized by the Data Controller, in order to allow access to sections of the website and for participation in promotional events, games, competitions; for the evaluation and communication of digital coupon offers, for the assignment of prizes related to participation, for responding to requests received by e-mail. In these cases, the legal basis is constituted by the execution of pre-contractual measures or by the contract; or from the legitimate interest to allow maintenance of the site, check its correct functioning and obtain statistics in relation to its use.
Data connected to the realization of promotional activities, marketing and market research
Subject to the acquisition of free and specific consent by the user, and until the revocation of the same, the Data Controller will be able to: – carry out marketing activities, or activities connected to the subscription to the newsletter; market research; sending information and promotional material; advertising activity concerning products and services; detection of the degree of user satisfaction on the quality of products and services, as well as on the activity performed by the Owner; – carry out personal or telephone interviews directly, or through companies specialized in distance communication techniques (by SMS, MMS, fax, automated telephone calls, e-mail, messages on web applications) and traditional (paper mail and telephone calls); administration of questionnaires; statistical surveys; – carry out analyzes on consumption habits or choices, to define the user’s profile, using the information provided by the latter at the time of registration when completing questionnaires, or on the basis of actions performed while browsing the web or through interaction with the Controller’s advertising banners with content published on social networks. The Data Controller may allow users to publish news or communications (so-called “posts”) directly on the website or on sites managed independently by third parties (facebook, twitter, etc …), with which the Data Controller has reached agreements in this sense. In all the aforementioned hypotheses, the legal basis of the processing is constituted by the consent, specifically and freely given by the user concerned, which can be revoked at any time, without prejudice to the processing carried out by the Data Controller in the period preceding the revocation. The aforementioned consent to the processing of personal data is optional and optional. To revoke the consent given for the aforementioned purposes, a request can be sent to the contact details of the Data Controller or to the DPO, where appointed, indicated in the general information pursuant to art. 13 EU Reg. no. 679/16 or published on the website, or simply by selecting the appropriate flags set up for the revocation of consent with respect to the processing of data optionally provided. By selecting this option, present in the section dedicated to registration on the owner’s home page, or by communicating the request for revocation of consent, the personal data provided by the interested party will be completely removed from the system (and from the databases) and promotional messages will no longer be sent by part of the Data Controller. The processing of personal data referred to above, may be carried out only for the fulfillment of any legal obligations, or for the management of disputes; in the latter case, the legal basis of the processing is the legitimate interest of the Data Controller.
Methods of treatment and categories of recipients. Non-EU transfers
The personal data provided by the interested parties, directly or indirectly, will be processed automatically, with logics related to the indicated purposes and through archives managed by the Data Controller or by third parties appointed as external data processors. The Data Controller undertakes to adopt suitable security measures to protect the data of the interested parties and to use protected data transmission protocols. The data of the users concerned are stored on servers located in the EU territory, in the case of electronic platforms (Google or SAP Customer Data Cloud), they could be transferred by the Data Controller to non-EU territory, in compliance with the provisions of the law and subject to verification of adequate guarantees . The data received from the web service is not disclosed and can be processed by authorized employees or collaborators of the Data Controller, who operate under its direct authority or by system administrators or communicated to third parties appointed as external data processors.
Retention period
The personal data provided by the interested parties are kept for the time necessary to achieve the specific purposes and according to their actuality. In particular, the data used to obtain anonymous statistical information on the use of the site, and to check its correct functioning, are kept for the time necessary to request cancellation from the service. Personal data provided for marketing and “profiling” purposes may be processed for the time necessary according to their relevance, within a maximum period of 10 years from collection (web doc. Privacy Guarantor n. 2920245; n. 2547834; n. 2499354; n. 8998319) and in any case until the possible withdrawal of consent. The data relating to the participation in the competitions can be kept until the ordinary limitation period of the rights of obligation (10 years), in which case the treatment will be limited for this purpose. The personal data processed to fulfill the request for information from the interested parties can be kept for the time necessary for the legal requirements for the protection of rights.
INFORMATION NEWSLETTER ON THE PROCESSING OF PERSONAL DATA
Ex article 13 of Regulation (EU) n.679/2016
The Newsletter is published on the website and distributed via e-mail to applicants who fill in the relative form. The data provided will be used with IT and telematic tools in order to render the service and will be kept for the time in which it will be active. The legal basis of the processing is constituted by the consent expressed through the (positive) activity of registration and provision of data for this purpose. The data will be processed exclusively by the owner’s staff and collaborators (see complete information at the link in the privacy policy section) or by subjects expressly appointed as data processors (e.g. for site technological maintenance needs).
The interested parties have the right to obtain, in the foreseen cases, access to personal data and the rectification or cancellation of the same or the limitation of the treatment that concerns them or to oppose the treatment (articles 15 and following of the regulation). The appropriate request is submitted to the certified e-mail address of the data controller or DPO, where appointed. We inform you that interested parties have the right to lodge a complaint with the Privacy Guarantor, as provided for by art. 77 of Regulation 2016/679 or to take the appropriate judicial offices (art. 79 of the Regulation).
CANCELLATION OF SERVICE
To stop receiving the newsletter, enter your e-mail address in the form on this page and click on the “Unsubscribe” button.
INFORMATION Video surveillance EX ART. 13 GDPR No. 679/16
In implementation of EU Regulation no. 679/16, the following information is provided to customers, suppliers and users:
identity and contact details of the data controller: Gattarella s.p.a., in the person of the legal representative on a temporary basis, based in 71019 Vieste (FG), Località Lama Le Canne, tel. 0884 703111; certified email: gattarella@pec.it; e-mail: info@gattarella.it; no. REA: FG-86657, VAT number: 01952630711-
Contact details of the data protection officer (D.P.O.): Avv. Marco Pagliara, Via Casotti n.5, 71036 Lucera (FG), cell. 338 9521190; Certified e-mail address: rossagliara@pec.it; email: avv.pagliara@tiscali.it; e-mail: privacydpo@gattarella.it-
Legal basis of the processing: legitimate interest for security and protection reasonstion of the
Recipients or categories of recipients of personal data: the data may be transferred to public subjects legitimated to request them, or judicial and public authorities
Intention of the data controller to transfer personal data to a third country : does not exist, since the data will not be transferred extra
ENTITIES AUTHORIZED FOR TREATMENT:
The data may only be processed by employees of Gattarella s.p.a.; in particular, by the manager, by the members of the privacy office, who can carry out activities related to the processing of the same data, for the pursuit of the purposes indicated.
Personal data retention period: 7 days. from the moment in which the images have elapsed. After this term, the images will be deleted with the overwriting of new images.
The interested parties are informed of the existence of the right to ask the data controller for access to the images and the rights, where applicable , governed by articles 15 and following of EU Reg. 679/16.
The interested parties are informed of the existence of the right to lodge a complaint with a supervisory authority (Privacy Guarantor).
The processing of data is necessary for the purposes indicated, the refusal of treatment will make it impossible for the interested party to access the company offices and
The cameras are appropriately indicated with appropriate signs, affixed before the relative range of action, in compliance with the provision of the Guarantor privacy of April 8
Gattarella Resort Location Lama Le Canne 71019 Vieste (FG)
INFORMATION Wi-Fi service – pursuant to ART. 13 GDPR No. 679/16
In implementation of EU Regulation no. 679/16, the following concise information is provided to customers, visitors and users regarding the data processing carried out in the execution of the Wi-Fi service:
identity and contact details of the data controller: the data controller is “Gattarella” s.p.a., in the person of its legal representative on a temporary basis, based in 71019 Vieste (FG), Località Lama Le Canne, tel. 0884 703111; certified email: gattarella@pec.it; e-mail: info@gattarella.it; no. REA: FG-86657, VAT number: 01952630711.
Contact details of the data protection officer (D.P.O.): Avv. Marco Pagliara, certified e-mail address: avv.pagliara@pec.it-; email: avv.pagliara@tiscali.it-
Data and methods: the processing concerns identification data, contact data, usage data, cookies, system logs, IP addresses and Mac addresses; takes place in automated ways, using IT or telematic tools.
Purpose of the processing for which the personal data are intended: the data will be processed for purposes relating to the management and execution of the Wi-Fi service, for statistical and marketing purposes.
Legal bases of the treatments. The legal bases of the treatments are normally constituted by: a) consent; b) from the execution of the contract; c) legitimate interest; d) fulfillment of legal obligations.
Recipients or categories of recipients of personal data: external managers (consultants, IT companies, hosting providers, service providers). The personal data provided by the interested party are not intended for dissemination, except with explicit consent, and may be communicated to third parties in a collaborative relationship with the Data Controller and/or for the fulfillment of legal obligations, bound by the most absolute confidentiality regarding any information they may become aware of (by way of example only, public administrations, supervisory and control bodies for their institutional purposes, third parties who collaborate with the Data Controller to achieve the aforementioned purposes, also for the management and/or or maintenance of information systems, such as system administrators and/or consultants, communication agencies and/or professional firms, subsidiaries and/or associates or in any case pertaining to the Data Controller…).
Intention of the data controller to transfer personal data to a third country: the treatment will be regulated in compliance with the provisions of Chapter V of EU Reg. 679/2016, with verification of the adequacy decisions of the third country recipients, or of the existence of adequate guarantees or binding company rules, or existence of specific exceptions and prior authorization of the interested parties and communication to the same. The treatment is also carried out through google analytics, for the purpose of tracking the use of the application, compiling reports and sharing them with other services developed by google by personalizing the ads of its advertising network. Third country United States adhering to the Privacy Shield.
Retention period of personal data and criterion used to determine it: the data will be kept until the indicated contractual purposes and execution of the service are achieved. In case of marketing in rareason of the actuality of the data, in any case, no later than 10 years (web docs. nos. 2920245; no. 2547834; 2499354; 8998319), also according to the criterion relating to the ordinary legal limitation period of rights, or for periods higher in the event of interruption of the prescription terms or for the legitimate interest of the data controller and upon communication of the same to the interested parties.
Rights of the interested party: interested parties are informed of the existence of the right to ask the data controller for access to personal data, rectification or cancellation of the same, limitation of treatment, to oppose their treatment, as well as the right to data portability, governed by articles 15 and following of EU Reg. 679/16 (send the request to the contact details indicated on the data controller or DPO).
The interested parties are informed of the existence of the right to withdraw the consent at any time, by electronic communication, if the treatment is based on this legal basis and without prejudice to the lawfulness of the treatment based on the consent given before the revocation, as well as the right to lodge a complaint with a supervisory authority (Privacy Guarantor). The communication of personal data is necessary for the purposes of the treatment, for the purposes of any contracts and to access the services provided.
For the existence of automated decision-making processes, a logic inherent to the purposes expressed will be used, according to criteria aimed at managing the relationship with advertising investors, improving their campaigns and assisting commercial management in the development of digital strategies; the same are in any case necessary for the execution of the activities and the performance of the contractual services. The interested party can however communicate in writing to oppose the aforementioned treatment, by electronic communication to be sent to the indicated contacts.
INFORMATION on publication of data EX ART. 13 GDPR No. 679/16
In implementation of EU Regulation no. 679/16, the following concise information regarding data processing is provided to customers and users:
Identity and contact details of the data controller: Gattarella s.p.a., in the person of its legal representative on a temporary basis, based in 71019 Vieste (FG), Località Lama Le Canne, tel. 0884 703111; certified email: gattarella@pec.it; e-mail: info@gattarella.it; no. REA: FG-86657, VAT number: 01952630711-
Contact details of the data protection officer (D.P.O.): Avv. Marco Pagliara, Via Casotti n.5, 71036 Lucera (FG), cell. 338 9521190; certified email: avv.pagliara@pec.it; e-mail: avv.pagliara@tiscali.it;
Purpose of the processing for which personal data are intended: personal and biometric data (in particular facial images represented by photography or video recordings) may be processed for the purposes of publication and diffusion in any form on the website, on any other means of diffusion, also through collaborators and/or consultants, for advertising and promotional purposes. For direct marketing purposes.
Legal basis of the processing: the legal basis of the processing is normally constituted by the written consent or unequivocal positive actions of the interested parties, or legitimate interest for reasons of security and protection of assets.
Recipients or categories of recipients of personal data: external managers (consultants, advertising graphics companies). Intention of the data controller to transfer personal data to a third country: does not exist, since the data will not be transferred outside the EU. If there is a need
to transfer data outside the EU, the processing will be regulated in accordance with the provisions of Chapter V of EU Reg. 679/2016, with verification of the adequacy decisions of the recipient third countries, or the existence of adequate guarantees o binding corporate rules, or the existence of specific exceptions and subject to authorization by the interested parties and communication to them.
Retention period of personal data and criterion used to determine it: 10 years depending on the duration and topicality of the images.< br />The interested parties are informed of the existence of the right to ask the data controller for access to personal data, the rectification or cancellation of the same, the limitation of treatment, to oppose their treatment, in addition to the right to data portability. data, governed by articles 15 and following of EU Reg. 679/16.
The interested parties are informed of the existence of the right to withdraw consent at any time, if the treatment is based on this legal basis and without prejudice to the lawfulness of the treatment based on the consent given before the revocation, as well as the right to lodge a complaint with a supervisory authority (Privacy Guarantor).
The communication of personal data is necessary for the purposes of the processing, for the purposes of any contracts and to access the services provided.
For the existence of automated decision-making processes, including profiling, an inherent logic will be used the interest of the company and customers, according to criteria aimed at commercial promotion, for the development of digital strategies; the same are in any case necessary for the execution of the activities and the performance of the contractual services. The interested party can however communicate in writing to oppose the aforementioned treatment or revoke the consent.
COVID-19 PRIVACY POLICY
Data Controller
The data controller is the employer or the manager or owner of the company premises to which access is made.
Contact details of the Data Protection Officer
The Data Protection Officer can be contacted at the following addresses: e-mail: avv.pagliara@tiscali.it; certified email: avv.pagliara@pec.it; tel.: 338 9521190.
Interested
Employees, collaborators, visitors, people who have access to company premises.
Legal Basis
–reasons of public interest: implementation of anti-contagion safety protocols pursuant to art. art. 1, no. 7, letter. d) of Prime Ministerial Decree of March 11, 2020, in particular Shared Protocol of March 14, 2020, Protocol of April 24, 2020 and subsequent additions and amendments;
–legal obligations: art. 32 Constitution; art. 2087 of the civil code; Legislative Decree 81/2008 (in particular art. 20).
Purpose of processing
– prevention from COVID-19;
– protection of the health of people in the company;
– collaboration with public authorities and, in particular, health authorities.
Collected Data
Body temperature detected in real time, without registration or storage, except for the hypothesis referred to in the following n. 2.
Identification data and recording of the exceeding of the temperature threshold only if it is necessary to document the reasons that prevented access to company premises or permanence therein; as well as, in this case, the recording of data relating to temporary isolation, such as the time of exit and the circumstances reported by the interested party to justify the exit from temporary isolation.
Situations of danger of contagion from Covid- 19, including data relating to the state of health, such as, by way of example, body temperature/flu symptoms; origin/non-origin from areas at epidemiological risk; presence/absence of contacts, in the last 14 days, with objects tested positive for COVID-19.
Data relating to the state of health regarding the “occurred negativeization” of the Covid swab-
Situations of particular fragility and pathologies current or past employees.
Consequences in case of refusal to collect or provide data
In the event of refusal to take the temperature or to supply data, access to the company premises and stay therein are prohibited
Recipients
The data may be known by persons authorized to process them; by those designated for processing and in particular by the person in charge of the personnel office; by the competent doctor. The data is not disclosed or communicated to third parties outside the specific regulatory provisions (e.g. in the event of a request from the Health Authority for the reconstruction of the supply chain of any close contacts of a worker who tested positive for COVID-19). data may be communicated to public authorities.
The data is not transferred abroad and no profiling or automated decisions are made.
Retention period
The identification data and the exceeding of the temperature threshold, recorded only if it is necessary to document the reasons that prevented access to the company premises, as well as the information relating to temporary isolation are kept until the end of the state of emergency foreseen by the competent public authorities. No registration and/or storage is carried out in the event of failure to exceed the temperature threshold. This is subject to retention for a longer period in relation to requests from public authorities. This is without prejudice to the retention of personal data, even particular ones, for a longer period, within the limits of the limitation period of the rights, in relation to needs connected to the exercise of the right of defense in the event of disputes.
Protection mode
The interested parties have the right to obtain, in the foreseen cases, access to their personal data and the rectification or cancellation of the same or the limitation of the treatment that concerns them or to oppose the treatment (articles 15 et seq. of the Regulation). The appropriate request is presented to the DPO, via the contact details sindicated, or to the data controller at the company headquarters. Interested parties who believe that the processing of personal data referred to them carried out according to the methods indicated therein takes place in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself, or to take the appropriate judicial offices (art. 79 of the Regulation).
DPO contacts
To exercise privacy rights and information, contact the DPO:
Attorney Mark Pagliara. For contacts, pec: avv.pagliara@pec.it; email: avv.pagliara@tiscali.it; tel. cell. 3389521190.