Pursuant to art. 13 of the GDPR, EU Regulation 2016/679
The tourist company “ABA Immobiliare Turistica” , property of Buosi Josè Via Latisana 180 – I 33054 Lignano Sabbiadoro UD. Email firstname.lastname@example.org , Telephone +39 0431 71616, as data controller pursuant to articles 4, 7, and 24 of EU Regulation 2016/679 of 27/04/2016 on the protection and processing of the personal data of individuals (hereinafter, “GDPR”), would like to inform you that, pursuant to art. 13 of the GDPR EU Regulation 2016/679 with reference to the personal data requested to supply real estate intermediation, the processing will be correct, lawful and transparent protecting your confidentiality and your rights. On this point, we kindly ask you to read this Policy carefully.
Purpose of Processing The Data Controller processes personal data, in particular: name, surname, tax code, VAT number, phone number, address, etc., that we have an absolute need to identify during the pre-contractual and/or contractual stage, that is when a service agreement is finalised. As it is not relevant for the relationship in question, no sensitive will be recorded or processed.
1) Legal Basis and Processing Purpose:
The legal basis is founded on contractual and/or legal obligations, or on the consent of the data subject. We collect the data from the data subject solely to satisfy the contractual obligations established for the professional mandate you assigned to us, and more specifically to:
1.1 acquire and confirm your booking for accommodation and accessory services and to provide the services requested. As this processing is needed to draw up and implement the contractual agreement, your consent is not required; unless special, so-called sensitive data, should be provided. If you should refuse to provide personal data, we will not be able to confirm your booking and provide the services requested. Processing will cease when you leave, but some of your data may and must still be processed for the purposes and with the methods indicated in the following points;
1.2 to comply with obligations set forth in the “Consolidation act of public safety laws” (article 109 R.D. 773 of 18.6.1931) which obliges us, for public safety purposes, to send Police headquarters the details of clients staying based on methods established by the Minister for the Interior (Decree 7 January 2013). Providing data is obligatory and does not require your consent. If there should be a refusal to provide data, we cannot accommodate you in our facility. Data acquired for that purpose is not stored by us unless you consent to that storage as set forth in point 1.4;
1.3 to comply with administrative, accounting and fiscal laws in force. For that purpose, processing does not require your consent. Data is processed by us and by our processors, and is only communicated to external parties to fulfil legal obligations. If you should refuse to provide the data needed for to fulfil those obligations, we will not be able to provide the services requested. Data acquired for those purposes is stored by us for the time established in the respective laws (10 years, and even longer with tax assessments);
1.4 to speed up the registration processes for your future visits to our facility. For that purpose, having acquired your consent that can be revoked at any time, your data will be stored for a maximum of 3 (three) years and will be used when you are our guest once again, for the purposes indicated in the previous points;
1.5 to send you our promotional messages and updates on tariffs and offers. For that purpose, having acquired your consent, your data will be stored for a maximum of 3 (three) years and will not be communicated to third parties. You may revoke consent at any time.
2) Processing methods:
We process data both manually and the relative paper documents will be stored correctly and protected by us for the time needed to process it or ordered by law, and through our computer system. In that case, the data will be recorded on protected IT systems.
3) Providing data and consequences of a refusal to respond
Please note that, considering the processing purposes illustrated above, for those indicated from point 1.1. to point 1.4) providing data is obligatory and not doing so, or doing so partially and inaccurately, may result in not being able to perform the activity itself and prevents us from fulfilling the contractual obligations foreseen in the mandate. For the marketing purposes indicated in point 1.5) providing data is optional and not doing so does not prevent the existing relationship.
Pursuant to art. 13 of the GDPR EU Regulation 2016/679
Data collected and processed may be: made available to some employees and collaborators of the Controller as Processors appointed to process data:
communicated to and shared with internal and external Consultants of the Controller’s facility solely if involved and functional to the relationship or services requested. Those parties will operate as external Processors and will be given suitable operating instructions;
communicated to financial Offices, Chambers of Commerce and, in general, all Bodies assigned to audit and control correct compliance with the purposes of the assignment performed;
5) Rights of the data subject We would also like to inform you that, as the Data Subject, you are granted specific rights pursuant to articles from 15 to 23 of the GDPR:
Ask and obtain information on where the data comes from, processing purposes and methods and the logic applied, identification details of the controller and of processors, of the subjects and subject categories that personal data may be communicated to or that can gain knowledge of it;
Have data updated, rectified or integrated, erased, transformed into an anonymous form or blocked if processed in breach of the law; certification that those operations requested have been notified to those the data was communicated to unless that compliance is impossible or implies a use of means that is manifestly disproportionate to the right protected. Where applicable, you also have the rights set forth in articles 16-21 of the GDPR including the Right to rectification, right to be forgotten, right to restriction of processing, right to portability, right to object, and the right to present a complaint to the Data Protection Authority. The data subject has the right to revoke his/her consent at any time. Revoking consent does not prejudice the legality of processing based on consent prior to it being revoked.