PRIVACY POLICY AND COOKIE POLICY
This policy describes the procedures followed by
BLU HOLIDAYS S.R.L.S (hereinafter the “Data Controller”) regarding the processing of personal data collected through the website https://santeodoroholidays.it (hereinafter the “Site”).
Unless otherwise specified, this policy also serves as information – pursuant to art. 13 of Legislative Decree no. 196/2003 (hereinafter the “Code”) and art. 13 of Regulation (EU) no. 2016/679 (hereinafter the “GDPR”) – provided to those who interact with the Site (hereinafter the “User”).
Detailed information on the processing of personal data is provided, where necessary, on the pages related to the individual services offered through the Site. Such information is intended to define the limits and methods of processing personal data for each service, based on which the user may freely give their consent, where necessary, and possibly authorize the collection of data and their subsequent processing.
Data Controller. Data Processors.
The Data Controller is BLU HOLIDAYS S.R.L.S, with registered office at VIA NAZIONALE, 28 07052 – SAN TEODORO (SS), tel. +39 331 625 0968, e-mail [email protected]. The updated list of any data processors is available at the Data Controller’s office.
Data Protection Officer.
The Data Protection Officer, appointed by the Data Controller, can be contacted via:
– regular mail, at the address [regular mail address, c/o Data Protection Officer];
– telephone, at the number +39 331 625 0968;
– e-mail, at [email protected]
Types of data processed.
Through the Site the following may be collected and processed:
– browsing data;
– personal data voluntarily provided by the user in the forms present within the Site.
Cookies.
Cookies are small text files that visited websites send to the user’s device, where they are stored, and then retransmitted to the same websites on the next visit.
The Site uses technical cookies, both first-party and third-party. These cookies, being technical in nature, do not require the User’s prior consent to be installed and used.
In particular, the cookies used on the Site fall into the following subcategories:
– navigation or session cookies, which ensure normal navigation and use of the Websites. Since they are not stored on the user’s computer, they disappear when the browser is closed;
– analytical cookies, with which statistical information is collected and analyzed about the number of users and visits to the Websites;
– social widgets and plugins: some widgets and plugins provided by social networks may use their own cookies to facilitate interaction with the reference site.
Below are listed the third-party cookies installed on the Site. For each of them, the link to the related information on the processing of personal data carried out and on the methods for the possible deactivation of the cookies used is provided. Regarding third-party cookies, the Data Controller is only obliged to include in this policy the link to the third party’s website. It is the responsibility of that party, however, to provide the information and indicate the methods for possible consent and/or deactivation of the cookies.
– Google Analytics:
Information at https://www.google.com/intl/it_ALL/analytics/learn/privacy.html
Opt Out at
https://tools.google.com/dlpage/gaoptout/
Cookies can be disabled by the user by changing the browser settings based on the
instructions provided by the respective providers at the links listed below.
– Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies#ie=ie-11
– Mozilla Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
– Google Chrome: https://support.google.com/chrome/answer/95647-hl=it
– Apple Safari: https://support.apple.com/it-it/HT201265
– Opera: http://www.opera.com/help/tutorials/security/cookies/
Purpose and legal basis of processing.
The personal data collected through the Site will be processed for managing requests for information or documents submitted by the User.
The processing of personal data for the above purpose does not require the User's consent as the processing is necessary to fulfill specific requests of the data subject pursuant to art. 24, paragraph 1, letter
b) of the Code and art. 6, paragraph 1, letter b) of the GDPR.
Provision of data and consequences in case of failure to provide.
The provision of personal data for the above purpose is optional and failure to provide them will result, as the only consequence, in the inability of the Data Controller to manage and fulfill the data subject's requests.
Processing methods. Personal data will be processed using electronic tools, including by entering and organizing them in databases, in accordance with the provisions of the Code and the GDPR regarding security measures.
Recipients or categories of recipients.
Personal data may be made accessible to, brought to the attention of, or communicated to the following subjects, who will be appointed, as appropriate, as data processors or persons in charge:
– companies within the group to which the Data Controller belongs (parent companies, subsidiaries, affiliates), employees and/or collaborators of the Data Controller in any capacity;
– public or private entities, natural or legal persons, used by the Data Controller for carrying out activities instrumental to achieving the above purpose or to whom the Data Controller is required to communicate personal data by law or contract.
In any case, personal data will not be disseminated.
Retention period.
Personal data will be retained for 1 year from their registration.
Rights of access, deletion, restriction, and portability.
Data subjects are recognized the rights referred to in Articles 7 of the Code and from 15 to 20 of the GDPR. By way of example, each data subject may:
a) obtain confirmation as to whether or not personal data concerning them is being processed;
b) where processing is ongoing, obtain access to personal data and information relating to the processing as well as request a copy of the personal data;
c) obtain the rectification of inaccurate personal data and the completion of incomplete personal data;
d) obtain, where one of the conditions set out in Article 17 of the GDPR applies, the deletion of personal data concerning them;
e) obtain, in the cases provided for in Article 18 of the GDPR, the restriction of processing;
f) receive personal data concerning them in a structured, commonly used and machine-readable format and request their transmission to another controller, if technically feasible.
Right to object.
Each data subject has the right to object at any time to the processing of their personal data carried out for the pursuit of a legitimate interest of the Controller. In case of objection, their personal data will no longer be processed, unless there are legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a right in court.
Right to lodge a complaint with the Authority.
Furthermore, each data subject may lodge a complaint with the Data Protection Authority if they believe that the rights they hold under the Code and the GDPR have been violated, according to the procedures
indicated on the Authority’s website accessible at: www.garanteprivacy.it.
Updates. This Privacy Policy will be subject to updates. The Controller therefore invites Users who wish to know the methods of processing personal data collected through the Websites to periodically visit this page.
