On this page, we explain how we process the personal data of users of our site in accordance with Regulation (EU) 2016/679 (GDPR).
Data Controller and Owner
Hotel Canasta Via Campo di Teste 6, 80073 Capri, Italy | e) firstname.lastname@example.org
Types of Data collected
The types of personal data that this website collects, directly or through third parties, include: cookies, usage data, email address, first name, last name, phone number, address, country, province, password, ZIP/postal code, and city.
Personal data may be freely provided by the user, or collected automatically when using this website.
Failure to provide certain Personal Data may make it impossible for this website to provide its services.
Users are responsible for any personal data of third parties obtained, published, or shared through this website, and confirm that they have the third party's consent to provide the data to the owner.
Subjects Who Access the Data
In addition to the data controller subjects involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) may have access to some categories of data and may be appointed, if necessary, as data processors by the data controller. The updated list of those with access to data can be requested from the data controller at any time.
The use of the collected Data
Data concerning the user is collected to allow the owner to provide services, as well as for the following purposes: commenting on content, contacting the user, handling payments, managing support and contact requests, managing contacts and sending messages, interaction with live chat platforms, interaction with external social networks and platforms, advertising, registration and authentication, access to third party services' accounts, remarketing and behavioral targeting, analytics, displaying content from external platforms, and commercial affiliation.
The types of personal data used for each purpose are outlined in each specific section of this document.
Data is used to provide the user with the services requested and for additional purposes for which the user has given consent.
Specifically, data is used for:
allow users to register on the site and use services reserved for registered users, including the possibility to purchase online through the site;
respond to requests sent by the user, including those sent through the contact form on the site.
In these cases, data is being processing on the legal premise of fulfilling a contract or executing pre-contractual measures undertaken at the request of the party concerned.
To do so, the user's data will be stored and processed for the time necessary to complete the processing activities (for example, registration data will be stored until the account is closed, taking into account the technical time required), keeping in mind that once this deadline has passed, the Data Controller will store the user's data until the legal deadline established to fulfill the administrative, accounting, and tax obligations required by current legislation.
In these cases, the user is obligated to provide personal data, and refusal will make it impossible for the user to take advantage of the services offered by the site and, in particular, to conclude the purchase contract through the site.
send the user informative and promotional materials by e-mail and through the postal service (including the newsletters and special offers) referring to products and/or services of their own and/or third parties, as well as for direct sales purposes and for carrying out market research;
carry out marketing surveys and promotional activities via social media.
In these cases, the legal basis for processing and storage is the consent of the interested party, who has the right to withdraw consent at any time.
For these purposes, the user's data will be retained for up to 24 months following the last contact with the Data Controller, for example the initial sales communications sent by the Data Controller.
In these cases, the user is not obligated to provide personal data.
monitor and track user behavior on the site, collect and record data related to navigation (pages visited, for example) and purchasing data (type of product purchased, for example);
In these cases, the legal basis for storage and processing is the consent of the interested party, who has the right to withdraw consent at any time.
For these purposes, user data will be deleted no later than 12 months from the date of collection.
In these cases, the user is not obligated to provide personal data.
Detailed information on the processing and storage of Personal Data
Personal Data is collected for the following purposes and using the following services:
Access to third party services' accounts
These services allow this website to access personal data from your account with a third party service and perform actions with it.
These services are not activated automatically, but require explicit authorization by the User.
Access to Facebook accounts (Facebook, Inc.)
This service allows this website to connect with the user's account on the Facebook social network, provided by Facebook, Inc.
Permissions asked: Email.
Access to Twitter accounts (Twitter, Inc.)
This service allows this website to connect with the user's account on the Twitter social network, provided by Twitter, Inc.
Managing contacts and sending messages
These services make it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with the user.
These services may also collect data concerning the date and time when the message was viewed by the user, as well as when the user interacted with the message by undertaking actions such as clicking on links included in the message.
Mailchimp (Mailchimp, Inc.)
Mailchimp is an email address management and message sending service provided by Mailchimp, Inc.
Personal data collected: Email address.
Registration and authentication
Direct registration (this website)
The user registers by filling out the registration form and providing personal data directly to this website.
Personal data collected: address, city, country, email address, first name, last name, password, phone number, and ZIP/postal code.
Selling goods and services online
The personal data collected are used to provide the user with services or to sell goods, including payment and possible delivery. The personal data collected to complete payment may include the credit card or the bank account used for directs transfers, or any other means of payment. The specific types of data collected by this website depends on the payment system used.
Right of access to personal data and other rights
Users may exercise certain rights with regarding their personal data processed and stored by the Data Controller and Owner.
Specifically, users have the right to:
withdraw consent at any time. The user can withdraw previously expressed consent to the processing and storage of their personal data.
oppose the processing and storage of personal data. Users may object to the processing of personal data when it occurs on a legal basis other than consent. Further details on the right of opposition are indicated in the section below.
access personal data. The user has the right to obtain information on the data processed and stored by the Data Controller and on certain aspects of the processing, and to receive a copy of the data processed.
verify and request corrections. The user can verify the accuracy of personal data and request updates or corrections.
obtain limitations to processing and storage. Under certain conditions, users can request the limitation of the processing of their data. In this case, the Data Controller will not process the data for any other purpose other than storage.
obtain the cancellation or removal of personal data. When certain conditions are met, the user can request the cancellation of personal data by the data controller or owner.
receive personal data or have it transferred to another holder. The user has the right to receive personal data in a legible format, commonly used and readable by an automatic device and, where technically feasible, to obtain the transfer without hindrance to another holder. This provision is applicable when personal data is processed with automated tools and based on the user's consent, on a contract in which the user is a party or connected contractually.
lodge a complaint. The user can lodge a complaint with the competent personal data protection authority or act in court.
Details on the right of opposition
Users can oppose the processing and storage of their personal data without providing any reasons when their data is used for direct marketing purposes. To find out if the Owner processes and stores data for direct marketing purposes, users can refer to the respective sections of this document.
How to exercise user rights
To exercise their rights, users can direct a request to the contact details of the data controller or owner indicated here. Requests can be made free of charge and processed by the Owner as soon as possible, at most a month.
Additional information about Data collection and processing
Place of data handling and transfer of data internationally
Personal data is processed at the operational headquarters of the data controller and in any other location where the parties involved in processing and storage are located. For more information, contact the data controller or owner.
Personal data may be transferred to a country other than the one in which users are located. To obtain further information on the processing site, users can refer to the section concerning the processing of personal data.
Personal data may be transferred outside the national territory to countries located in the European Union or outside the European Union, for example to the United States.
Data transfers follow the guidelines of the European Commission on the adequacy of the protection offered by the EU-US shield regime (the so-called "Privacy Shield").
Users' rights under the Privacy Shield are described in an updated form on the US Department of Commerce website.
To obtain further information on the processing site, the user can refer to the section concerning the processing of personal data.
With reference to transfers outside the European Union to countries not considered adequate by the European Commission, the data controller and owner will adopt appropriate security measures to protect personal data.
Users have the right to request information regarding the privacy guarantees adopted for the transfer of personal data, and instructions on how to obtain a copy of personal data or the place where they were made available.
The user's personal data may be used for legal purposes by the data controller, in a court of law, or in the preparation of possible legal action arising from improper use of this website or related services.
The user declares knowledge that the data controller may be required to reveal personal data upon request of public authorities.
System Logs and Maintenance
For operation and maintenance purposes, this website and any third party services used by it may collect system logs, which are files that record the interactions and that may also contain personal data, such as the user IP address.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.