Who are we and what do we do with your personal data?
The company Odsweet srl, as Data Controller, protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. The Data Controller therefore adopts policies and practices in relation to the collection and use of personal data as well as the exercise of the rights that are recognized to you under the applicable legislation. The policies and practices adopted will be updated when this becomes necessary both as a result of regulatory and organizational / company changes, where these affect the processing of your personal data.
For everything concerning the processing of your personal data, you can contact the Data Controller at firstname.lastname@example.org
The Data Controller has also appointed a Personal Data Protection Officer (RPD or DPO - Data Protection Officer) who can be contacted for information or requests at the e-mail address: email@example.com
How do we collect and process your data?
The Data Controller collects and / or receives your personal identification data, such as name, surname, e-mail address, telephone etc. which are given while browsing the site www.odsweethotel.com through the direct compilation of online forms to request information on the activities carried out by ODSweet SRL or through contact request and online booking forms. These data are necessary for the Data Controller to follow up on your requests and can be communicated to third parties who have contractual relationships with the Data Controller or associated companies and / or commercial partners or external collaborators and in general to allsubjects to whom the communication of said data is necessary for the timely, exhaustive and exhaustive fulfillment of your requests.
The Data Controller also collects and / or receives information concerning you relating to the IP address and cookies issued by browsing the website www.odsweethotel.com. These data are used for the management of the site itself and for the collection of information of an aggregate nature. The communication of this data takes place mainly towards third parties and / or recipients whose activity is necessary for the completion of the activities related to the aforementioned purposes as well as to respond to any legal obligations.
Your personal data will therefore in no way be disseminated or disclosed to indeterminate subjects.
On the site www.odsweethotel.com there are particular "buttons" (called "social buttons / widgets") that depict the icons of social networks (eg Facebook). These buttons allow users who are browsing the sites to interact with a "click" directly with the social networks depicted therein. In this case, the social network acquires data relating to the user's visit, while the owner will not share any navigation information or user data acquired through its site with these social networks accessible via social buttons.
1. Communication to third parties and recipients The processing of your personal data takes place in accordance with the contract and the obligations, including legal and / or regulatory obligations deriving from it. Your data will therefore not be disclosed to third parties for their autonomous purposes unless: a) You give authorization b) it is necessary for any obligations arising from the contract and / or the law. The personal data that the Data Controller processes for this purpose are, among others: IP address and cookies.
2. IT security The Data Controller processes, also through its suppliers (third parties and / or recipients) your personal computer data or data traffic or obtained to an extent strictly necessary and proportionate to guarantee the security and capacity of a network or servers connected to it. to resist, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. For these purposes, the Data Controller provides procedures for the management of the violation of personal data (data breach).
What happens if you don't provide your data?
The personal data concerning you and identifying you are necessary in order to fulfill the requests you submit through the Contact section or through other forms on the site - such as online booking, if not provided, they make it impossible for the Data Controller to fulfill your requests.
How, where and for how long is your data stored?
Data processing is carried out through IT procedures by specifically authorized and trained internal subjects. They are allowed access to your data to the extent and to the extent that it is necessary for the performance of the processing activities that concern you. Your data is processed separately from others, also by means of pseudonymisation or aggregation methods that do not allow you to be easily identified. The Data Controller periodically checks the tools by which your data are processed and the security measures envisaged for them, which are also expected to be constantly updated; verifies, also through the subjects authorized to process, that personal data which does not need to be processed are not collected, processed, archived or stored; verifies that the data are kept with the guarantee of integrity and authenticity and of their use for the purposes of the treatments actually carried out.
The data is stored in computerized and telematic archives located within the European economic area. The data are kept for the time necessary to fulfill the requests for information and to send communications that the Data Controller makes following your request and in any case for a period not exceeding a maximum of ten years, except in cases where events occur. which involve the intervention of the competent Authorities, also in collaboration with third parties / recipients who are entrusted with the IT security activity of the Data Controller, to carry out any investigations on the causes that led to the event. With regard to data from internet traffic and cookies, please refer to the retention terms already mentioned above.
What are your rights?
Your rights under the new legislation pursuant to EU Regulation 2016/679 allow you to have continuous control of your data through the rights of:
- Limitation of processing;
- Objection to processing;
You can therefore, at any time and free of charge:
- Obtain confirmation of the processing carried out by the Data Controller;
- Access your personal data and know its origin (when the data are not obtained from you directly), the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the retention period of your data or the criteria useful to determine it;
- Update or rectify your personal data so that it is always accurate and accurate;
- Delete your personal data from the databases and / or archives, including backups, of the Data Controller in the event, among others, in which they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and always if they exist the conditions required by law; and in any case if the processing is not justified by another equally legitimate reason;
- Restrict the processing of your personal data in certain circumstances, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must also be informed, in a reasonable time, of when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself has been revoked;
- Obtain your personal data, if received or processed by the Data Controller with your consent and / or if their processing takes place on the basis of a contract and with automated tools, in electronic format also in order to transmit them to another Data Controller.
The Data Controller must proceed in this sense without delay and in any case at the latest within one month of receiving your request. The deadline can be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller, possibly informing you of the reasons for the extension.
For any further information and any requests, you can contact the Data Controller at firstname.lastname@example.org
How and when can you object to the processing of your personal data?
For reasons relating to your particular situation, you can object to the processing of your personal data at any time if it is based on legitimate interest, by sending your request to the Data Controller, at email@example.com
You have the right to have your personal data deleted if there is no legitimate reason overriding the one that gave rise to your request.
Who can you lodge a complaint with?
Without prejudice to any other administrative or judicial action, you can lodge a complaint with the competent supervisory authority or the one that carries out its duties and exercises its powers in Italy where you have your habitual residence or work or if different in the Member State where the violation of EU Regulation 2016/679 occurred. Each update of this information will be promptly communicated to you by appropriate means and will also be communicated to you if the owner will continue to process your data for purposes other than those referred to in this information before proceeding and in time to give your consent if necessary.