1. This section describes the management procedures of the Internet site http://www.palazzodellascala.com as regards processing personal data belonging to users who visit it. Data are processed based on the criteria provided by the European Data Protection Regulation 2016/679 and any other national legislation, measure or authorisation of the concerned authorities. According to the indicated provision, data processing must be characterised by the principles of correctness, lawfulness and transparency and protection of your confidentiality and your rights.
2. This privacy notice refers only to our company's website, not to other websites that may be accessed by the user via links it contains.
3. This document aims to provide information on the manner, timing and nature of the information data controllers must provide to users when they land on web pages of this site, regardless of the purpose for landing on them, according to Italian and European legislation.
4. This notice is subject to change due to the introduction of new data protection provisions and users are asked to check this page regularly.
5. If the user is under 16 years of age, in accordance with Art. 8, paragraph 1 of EU Regulation 2016/679, his or her parents are required to provide consent instead.
II - DATA PROCESSING
1 - Data Controller
1. The Data Controller is the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and manner in which personal data are processed. The above also looks after security aspects.
2. With regard to this Internet site, the Data Controller is HOTEL PALAZZO DELLA SCALA, with registered office in Via Gardesana 54, 37017 Lazise – VR for any clarifications and to exercise the rights of users, you may send a message to the following email address firstname.lastname@example.org.
2 - Place of data processing
1. Processing related to this website's web-based services takes place at the above offices (see point on data controller), and is only handled by staff and/or duly appointed external personnel in charge of maintenance and update tasks. No data from the web service is communicated or shared.
2. The User's Personal Data could be transferred to another country. For more information on the place of processing the User can see the section containing details on Personal Data processing.
3 - Data retention period
Data are processed and kept for the time required for the purposes for which they were collected and for at most 10 years thereafter, unless deletion is requested in the manner described in point 4.
1. Personal Data collected for purposes connected to execution of a contract between the Data Controller and the User will be kept until execution of the contract has been completed.
2. Personal Data collected for purposes tied to the lawful interest of the Data Controller will be kept until that interest is satisfied. The User can obtain additional information on the lawful interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
When processing is based on the User's consent, the Data Controller can keep the Personal Data longer until consent is withdrawn. In addition, the Data Controller may be obligated to keep the Personal Data for a longer period of time for fulfilment of a legal obligation or by order of the authorities.
At the end of the storage period the Personal Data will be deleted. Upon expiry of this time limit the right to access the Data, their deletion, correction and the right to portability of the Data cannot be exercised.
4 - Processing Method
The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, alteration and destruction of the Personal Data.
Processing is carried out by using IT and/or screen-based instruments with organisational procedures and logics strictly related to the indicated purposes. Apart from the Data Controller, in some cases some people involved in the organisation of this application (administrative, commercial, marketing and legal personnel, system administrators) may have access to the data, as well as external subjects (such as third party technical service providers, courier services, hosting providers, IT companies, communications agencies) appointed by the Data Controller as Data Processing Officers, if necessary. You may ask the Data Controller for an updated list of Data Processing Officers.
5 - Purpose of data processing
The personal data provided by users while browsing our Web site will be processed anonymously solely for aggregated statistical purposes related to data contained in cookies saved on the User's device.
On the other hand, processing related to requests for information from the contact us section will be carried out only for the purpose of performing the requested service.
Processing related to registration for receiving the newsletter is aimed at sending information and promotional material in relation to our initiatives and/or of subsidiaries and/or associated companies.
Users are free to cancel their subscription to the newsletter at any time by sending an email message to the address given in point 1. Data Controller or with the unsubscribe link at the bottom of every newsletter received.
6 - Types of data processed
1. Browsing data. During normal operation, computer systems and software procedures that serve to keep the website operational collect certain personal information, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but given its nature it could allow for identifying users when processed and associated with data kept by others. This category includes IP addresses or the domain names of computers used by users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment. On this site, these data are only used in order to obtain anonymous statistical information about the site and verify its correct functioning. Personal information could be used for verifying responsibility in case of computer crimes committed at the expense of the site. For these data and, to a limited extent, for the above purposes it is not necessary to obtain consent.
2. Data supplied voluntarily by the user Voluntarily choosing to send email messages to the addresses given on this site and completing the form in certain sections with obligatory and optional fields, means that the sender's information and address, necessary for answering his request for services and/or information, have been collected. For these data and, to a limited extent, for the above purposes it is not necessary to obtain consent.
3. Cookies No personal user data is acquired from the site. No use is made of cookies to transmit information of a personal nature, nor are so-called “persistent cookies” of any kind used, or user tracking systems. The use of so-called “session cookies” (which are not stored permanently on the user's computer and disappear once the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) which are necessary to ensure safe and efficient navigation of the website.
7 - Data subjects’ rights
Users have the rights set out in Articles 15 to 21 of EU Regulation 2016/679 (Right to correction, right to oblivion, right to restrict processing, right to portability of data, right to opposition). Specifically:
• The right to access: for obtaining confirmation as to whether there is any personal data about them and to obtain access to such data and certain information (e.g. purpose of processing, categories of data in question, the addressees the data will be disclosed to);
• The right to correction: to obtain correction of inaccurate personal data without unjustified delay. In such case the Data Controller is obligated to send the correction to all addressees the data was sent to, unless this involves a disproportionate effort;
• The right to deletion: for obtaining deletion of personal data without unjustified delay and the Data Controller is obligated to delete them without unjustified delay in the event of particular reasons (e.g. personal data are no longer necessary for the purpose they had been collected or processed; if the data subject withdraws his or her consent; if they must be deleted for a legal obligation). In such case the Data Controller is obligated to send the deletion request to all addressees the data was sent to, unless this involves a disproportionate effort;
• The right to restrict processing: you can ask the Data Controller to restrict processing of your data, for instance to just saving them without any further use, in certain cases (for instance: if processing is unlawful and the data subject objects to deletion of the data; if the data subject claims they are inaccurate, limited to the period when inaccurate data was found). In such case the Data Controller is obligated to send the processing restriction request to all addressees the data was sent to, unless this involves a disproportionate effort;
• The right to portability of the data: to obtain return of personal data supplied and to send them to others or ask for them to be sent to another data controller, if technically feasible;
• The right to opposition: to oppose at any time processing for purposes of public interest or for lawful interest; for marketing purposes; for scientific, historical or statistical research.
Data Subjects can make a complaint to the Data Protection Authority, if necessary or just contact him to obtain more information on exercising the rights granted by EU Regulation 2016/679.
III - COOKIES
1 - Types of Cookies
2. A cookie is a limited set of data transferred to the user's browser by a web server and can only be read by the server that transferred it. This is not an executable code and it does not infect the device with a virus.
3. Cookies do not record any personal information and identifiable data are not saved. If you wish, you can prevent cookies from being saved. However, in this case use of our site and the services offered may be compromised.
2 - Technical cookies
1. Numerous technologies are used for saving information on the user's PC, which are then collected by sites. The most well-known and commonly-used one is the HTML cookie. They are used for browsing and for making connection and using the site easier for the user. These are necessary for sending messages over the electronic network, i.e. to the supplier for providing the service requested by the customer.
2. Settings for managing and disabling cookies vary according to the browser used. At any rate, the user can manage or obtain general disablement or deletion of cookies by changing the settings of his Internet browser. Disabling cookies can slow down or prevent viewing of some parts of our site.
3. Use of technical cookies allows for secure and efficient use of our site.
4. Cookies which are saved in the browser and sent back by Google Analytics or via the statistical services of bloggers or the like are technical ones only if used for optimisation of the site directly by the site owner, who may gather information in aggregated form on the number of users and how they browse the site.
5. All data collected are anonymous, as the user's IP address is not recorded. Under these conditions, the same rules on providing cookie notice and obtaining consent, required for technical cookies, apply to analytical cookies.
6. From the standpoint of duration, a distinction can be made between temporary session cookies, deleted automatically at the end of the browsing session, used for identifying the user and therefore avoiding having to login to every page viewed, and permanent cookies which remain active in the PC until their expiry or deletion by the user.
7. Session cookies can be installed in order to enable access to and staying in a reserved area of the portal as an authenticated user.
8. These are not saved persistently but only for the duration of browsing until the browser is closed, and disappear when it is closed. Their use is strictly limited to sending session IDs consisting of random numbers generated by the server required for permitting secure and efficient browsing of the site.
3 - Third-party cookies
1. In relation to origin, cookies can be distinguished by those sent to the browser directly by the site being visited and those of third parties sent to the PC by other sites rather than the one being visited.
2. Permanent cookies are often third-party cookies.
3. Most third-party cookies consist of tracking cookies used for studying online behaviour, understanding what users are interested in, and customising ads for users.
4. Third-party analytical cookies can be installed. These are sent by third party domains external to the Web site.
5. Third-party analytical cookies are used for obtaining information on the behaviour of users on this site. The information is obtained in anonymous form so as to monitor performances and to improve usability of the site. Third-party profiling cookies are used for creating profiles related to users to offer advertisements in line with choices made by them.
6. The use of these cookies is governed by rules established by third parties and so we suggest that users read the privacy notices and instructions for managing and disabling cookies published on the relevant Web pages.
4 - Profiling cookies
1. Profiling cookies are used to send advertising messages in line with the preferences expressed by the user when browsing the internet.
2. Use of profiling cookies requires the consent of the user.
3. Article 22 of EU Regulation 2016/679 and Article 122 of the Data Protection Act apply.
5 - Technical or assimilated cookies
|Language lang, lang_id||Cookie for identifying the language used|
|Various supersized, supersized_title||Cookies for implementing the supersized plug-in|
|Google Analytics _ga, _gat, gtag, gtm||Cookie "analytics" used to collect information in aggregate form on the number of users and how they visit the website. These anonymous cookies collect information about how the website is used and allow its owner to have a better understanding of its users and to improve website accessibility.||Further information: To prevent the storage of the above-mentioned type of cookies, the user can follow the procedure available at the following link|
How to select/deselect or disable, remove or block cookies
This website allows you to select/deselect individual cookies in the manner described below, but please be aware that in case of deactivation, you may not be able to make full use of the service.
To disable, remove or block cookies, you can configure the browser settings. Here are the instructions on how to do that on the most common browsers. A complete list is available at the following link
1. Open Google Chrome;
2. Click on "Tools";
3. Select "Settings" and then "Advanced settings";
4. Select "Content Settings" under "Privacy";
5. In the "Cookies" tab, you can deselect the cookies and save your preferences.
1. Open Firefox;
2. Press "Alt" key on your keyboard;
3. In the toolbar at the top of your browser, select "Tools" and then "Options";
4. Then select the "Privacy" tab;
5. Go to "History" and then "Use custom settings";
6. Deselect "Accept cookies from websites" and save your preferences.
1. Open Internet Explorer;
2. Click on "Tools" and then on "Internet Options";
3. Select the "Privacy" tab and move the slider on the privacy level you want (up to block all cookies or down to allow all cookies);
4. Then click on "Ok".
1. Open Safari;
2. Choose "Preferences" from the toolbar, then select the "Security" pane in the dialogue window that follows;
3. In the "Accept cookies" section, you can specify if and when Safari must save cookies from websites. For more
information, click the Help button (marked with a question mark);
4. For more information on cookies that are stored on your computer, click "Show cookies".
1. Open Microsoft Edge;
2. In Microsoft Edge click on Other > Settings.
3. Under Delete browsing data click on Select elements to be deleted.
4. Tick the box beside each type of data you wish to delete and then click on Delete.
5. If you wish, always set Delete after closing the browser on Enable.
IV - MODIFICATIONS TO THIS DOCUMENT
2. This document can be changed at any time with notification provided to users on this page. Please take a look at this page often and check the bottom for the date of the most recent change made.
3. This document was last updated on 24 May 2018 to bring it in line with relevant provisions, particularly EU Regulation 2016/679.