1. Data controller
2. Purpose of the processing
3. Provision of personal data
4. Which data are processed?
5. Methods of data processing
6. To whom can the data be communicated?
7. What are the rights of the interested parties?
8. Right of withdrawal and opposition
1. Data controller
1. The data controller of the personal data of the user is Casa Mafalda B&B di Raul Natoli, with registered office in Lipari (Me) in via Maddalena 15, R.E.A. ME-234983, P.I. 03350800839, e-mail: email@example.com
2. Purpose of the processing
1. By accessing and consulting this site, as well as taking advantage of the services offered to users through the site, information relating to users as identified or identifiable natural persons can be collected and processed. In the event that personal data are acquired, these, in compliance with the current legislation on the protection of personal data, will be processed solely to pursue the following purposes:
a) purposes strictly connected and instrumental to allow access and the use of the site, its features and services required;
b) to fulfil any obligations foreseen by the law and European legislation;
c) for operational needs and internal management for the Owner and related to the services offered through the site;
d) in a completely anonymous and aggregate form, for statistical purposes;
2. The data collected by users, who use the site for the purposes indicated in the previous point could also be used for other purposes, but for each further processing , will be requested to users an approval and clear demonstration of agreement. In this way, the data collected by users can only be used if the user freely and clearly consents to each further processing.
3. Provision of personal data
1. The provision of personal data is mandatory for the purposes referred to in Article 2, paragraph 1, as the legal basis of the processing is the implementation of the services requested by the user, i.e. the use of the site and any additional service that may be eventually requested explicitly (as in the case of the newsletter and the forum), made available through the site. An eventual refusal to the relative treatment can therefore prevent the execution of the requested services; however, it will be possible to consult the Site without providing any personal data, even if some features may not be available and some services not provided.
2. In particular, the consequences of an eventual refusal to provide personal data will always be explicitly and specifically related to each service: for example, any possible refusal to the related processing may prevent the consultation of the Site and its functionality (in the case of cookies) or the receipt of the newsletter (in the case of the newsletter service offer). Therefore, the user will be adequately informed in what way for each specific case, but anyhow may consult the website even denying the agreement t to the processing of personal data, where requested; in this case, some features or characteristics of the site could be disabled.
4. What data are processed?
Depending on the service provided, personal data of different types may be processed, as specified in this article.
4.1 Navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data of which the transmission is implicit in the navigation of websites. This information is not collected in order to be associated with identified interested parties; however, by their nature they could, through elaboration and association with data held by third parties, allow users to be identified. Between these the IP addresses or domain names of the computers used by users connecting to the site, the URL addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters related to the operating system and to the platform used by the user.
The above data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning; they are deleted immediately after processing. The data could be used to verify responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days. Regarding cookies, please refer to par. 4.3 herewith underneath.
4.2.1 Data provided voluntarily by the user (communications)
The optional, explicit and voluntary sending of communications by means of contact forms available on the site or by e-mail to addresses indicated on this site, entails the subsequent acquisition of the data communicated by the user, including his e-mail address, and the consent to eventually receive any messages of reply to their requests.
The personal data supplied in this way are used only to satisfy or give feedback to the requests transmitted and are communicated to third parties, only in case if necessary for this purpose.
4.2.2 Data provided voluntarily by the user (to receive communications for marketing and/or commercial promotion purposes)
In the single case in which personal data (in particular, e-mail address and telephone number) are provided by the interested party in the context of a service requested, the data thus provided may be used to send communications via e-mail relating to similar services to those previously requested by the user, pursuant to art. 130, paragraph 4 of Legislative Decree 196/2003, without the need for express and prior consent (so-called soft spam). In every communication, in any case, the user is reminded that he can revoke the consent any time and without formalities. The data are deleted at the request of the interested party.
What are they? Cookies is information stored by the browser when a website is visited with any suitable device (such as a PC, a tablet or a smartphone). Each cookie contains several data (for example, the name of the server it comes from, a numerical identifier, etc.), it can remain in the system for the duration of a session (until the browser is closed) or for long periods and can contain an unique identification code.
What are they for? Cookies are used for different purposes depending on their typology: some are strictly necessary for the proper functionality of a website (technical cookies), while others optimize the performance to offer a better user experience or allow you to acquire statistics on ‘use of the site, such as cookies analytics or allow you to display personalized advertising, such as profiling cookies.
Consent: any registration of the user’s consent is memorized by Casa Mafalda B&B di Raul Natoli through a technical cookie, with a duration of 12 months. The user is informed both by means of the short notice (banner displayed until consent is given or denied, as explained in paragraph 4.4.3. “How to disable cookies?” and through this extended information; furthermore, in paragraph 4.4.3 the links to the privacy policies of third parties are indicated, also for the purposes of their disabling (where directly available at the same time).
How to disable them? It is possible to disable cookies either through the browser settings (section 4.4.3 “How to disable cookies?”) or through the mechanisms made available by some third parties (section 4.4.2 “Cookies used on the site”).
4.4.1 General types of cookies used on the site
Analytical cookies (first part): they are used for the purposes of aggregated analyses of visits on the site.
Analytical cookies (third part): they are used for the purposes of aggregated analyses of site visits, through the use of a third-party service.
Profiling cookies (third part): they are used to create profiles related to the user and are used to send publicity messages in line with the preferences expressed by the user in the context of surfing the net, through the use of a third-party service , including the dealing advertising for most of them. The names of third parties and links to disclosure standards are available in the next paragraph.
4.4.2 Cookies used on the site
First-party cookies: technical cookies are used for the following purposes: to store the user’s preference regarding cookies, the indication of the possibility to scroll through touch screen on mobile devices, authentication in the session (for the area reserved for staff only).
Third-party cookies: several third-party cookies are used. Herewith underneath below the links to the privacy policies of the related third parties, also for the relative and specific disabling (without prejudice to the provisions in section 4.4.3, “How to disable cookies?”):
• Google Analytics: http://www.google.com/intl/it_ALL/analytics/learn/privacy.html (for disabling – opt-out): https://tools.google.com/dlpage/gaoptout), http://www.google.com/ads/preferences (to disable Google ads – Double-click based on web interests);
For cookies resulting from sharing via social networks, refer to each social network (because the cookies are related to the same):
• Facebook: https://www.facebook.com/about/privacy/cookies;
• Twitter: https://twitter.com/privacy?lang=it;
• Google+: https://www.google.com/policies/technologies/cookies/;
• LinkedIN: https://www.linkedin.com/legal/cookie_policy.
4.4.3 How to disable cookies?
Browser control: The commonly used browsers (e.g., Internet Explorer, Firefox, Chrome, Safari) accept cookies by default, but this setting can be changed by the user at any time. This applies to both PCs and mobile devices such as tablets and smartphones: it is a function which is generally and widely supported.
Therefore, cookies can easily be disabled by accessing the options or preferences of the browser used and generally only third-party cookies can be blocked; in general, these options will only take effect for that browser and on that device, unless there are no options to unify preferences on different devices. Specific instructions can be found in the options or help page of the browser. The disabling of technical cookies, however, may affect the full and/or proper functioning of different sites, including this site.
As a rule, the browsers used today:
• offer the “Do not track” option, which is supported by some websites (but not all). In this way, some websites may no longer collect certain browsing data;
• offer the option of anonymous or incognito browsing: in this way no data will be collected in the browser and the browsing history will not be saved, but navigation data will still be available to the operator of the website visited;
• allow you to delete all cookies stored or a part of them, but a new visit to a website are usually installed, where this possibility is not blocked.
The links to the support pages of the most popular browsers are indicated (with instructions on how to disable cookies on these browsers):
• Firefox (https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie);
• Internet Explorer (http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11);
• Safari (iOS) (https://support.apple.com/it-it/HT201265);
• Chrome (desktop: https://support.google.com/chrome/answer/95647?hl=en; Android and iOS https://support.google.com/chrome/answer/2392971?hl=en).
Third-party cookies: third-party cookies can be disabled either in the manner described above or referring to each third party (following the links indicated in the previous paragraph).
Online tools: please note that from the website http://www.youronlinechoices.com/it/ it is possible not only to acquire further information on cookies, but also to verify the installation of numerous cookies on your browser / device and, where supported, also to disable them.
5. Methods of data processing
1. Personal data are processed in a lawful and correct manner and used only for the purposes indicated in art. 2. The processing will be carried out using appropriate tools to ensure the security and the confidentiality of personal data and with automated tools for storing, managing and transmitting the data. Specific security measures are adopted to prevent data loss and contain the risks of illicit or incorrect use and unauthorized accesses and personal data will be kept for the period prescribed by the law and, in any case, for the time strictly necessary to follow up on the activities for which they were collected (for example, to find the request sent via the contact form on the site) and/or until the revocation of the consent given for the purposes referred to in art. 2, paragraph 1, letters e) and f).
6. To whom can the collected data be communicated?
1. The treatment of the data connected to the web services of this site takes place at the headquarters of Casa Mafalda B&B di Raul Natoli and is only handled by technical staff, specifically responsible for processing, internal and/or external data. In particular, where necessary only with prior consent, the data may be disclosed to third parties whose cooperation of Casa Mafalda B&B di Raul Natoli may and/or must use for the performance of the services offered. The data acquired via the web, or in any case deriving from web services, may be communicated to the technological and instrumental partners of which the Data Controller makes use for the provision of services requested by users, always in compliance with the purposes indicated in art. 2. To this end, the persons who will have access to personal data will be specifically authorized for processing by the Data Controller and, as a result, appointed as the responsible Data Processors, pursuant to Arts. 28 and 29 of the GDPR.
2. The data collected for the purposes set out above may also be disclosed to companies connected to the Data Controller and to persons authorized for this purpose by legal provisions and European legislation.
3. A list of the persons to whom the Data Controller communicates the personal data collected for the aforementioned purposes is available and can be consulted at the Data Controller’s office and can be requested at the addresses indicated.
7. What are the rights of the interested parties?
1. The interested party is the physical person, identified or identifiable, to whom the personal data treatment refer and, therefore, the user who accesses the site and who may eventually request the provision of services by Casa Mafalda B&B di Raul Natoli.
2. Each party has the right to access at any time the data concerning him/ her treated by the Data Controller (access right) in order to verify the correctness and to verify the lawfulness of the processing performed. The interested party may also exercise all rights recognized by the current national and European legislation on the protection of personal data (from Legislative Decree 196/2003 and from EU Regulation No. 2016/679 and subsequent amendments and additions): in particular, it may request at any time the correction and updating of incorrect or inaccurate data, the limitation of the processing performed and the cancellation of the data (right to be forgotten), as well as proposing a complaint to the Competition Authority for the protection of personal data.
3. With reference to personal data processed by automated means, the interested person may also receive data relating to him/her in a structured and commonly used format and transmit them, if necessary, to another data controller (right to data portability).
8. Right of revocation and opposition
1. Each party is also entitled to revoke the consent granted at any time, without prejudice to the lawfulness of the processing performed by the Data Controller before such revocation.
2. The interested party is also always entitled to oppose the processing of data concerning him if it was carried out for direct marketing purposes by the Data Controller; in this case, your data will no longer be processed for these purposes, depending on the specific consent previously issued, by the Data Controller or any third party (right of opposition).