Published on 2024-09-27 07:32:23
Mountain Hotel Mezdí, with registered office at Str. Pecëi 20, Kolfuschg (BZ) - 39033, C.F./P.IVA IT01199060219, (hereinafter referred to as the "Data Controller" or "Controller"), is committed to protecting the online privacy of individuals while they browse and use the services of the website https://mezdi.it (hereinafter referred to as the "Portal" or "Website").
This document describes every aspect related to the processing of personal data of users (hereinafter referred to as "Data Subjects") carried out through the Website, in accordance with the provisions of Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as the "Regulation"). According to the provisions of the Regulation, the processing carried out by the Controller through the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
The Data Controller for the processing carried out through the Portal is Mountain Hotel Mezdí as defined above and can be contacted using the methods indicated in the "Contact" section (see Article 10).
Information collected during the user's visit to the Website (e.g., IP address, URI notation addresses, browsing history, information about interactions with the site, information about the user's computer environment, browser type and language, operating system, location, date and time of the request). These are pieces of information that are not collected to be associated with identified individuals, but by their very nature, through processing and associations with data held by third parties, they could allow user identification.
Personal information voluntarily provided by the user through specific forms on the Website (e.g., registration, contact, comments, reviews, posts, etc.). Such information may include, for example: identifying data (name, surname, ID number, username, user ID, password, place and date of birth, etc.), personal image, contact and location data (residential address, email address, phone number, postal address, etc.).
Information necessary for the performance of economic and fiscal obligations related to the provision of services on the Website (e.g., payment information, VAT number, purchase history, product or service usage information, credit and billing information, assistance requests, etc.).
Information indicating the geographical location (latitude, longitude, altitude, direction of movement, time of position recording) of the user's terminal device (e.g., smartphone, PC) using the services of the Website.
The Data Controller uses the Personal Data collected through this Website for the following purposes:
Responding to information requests received through the Website; delivering content and services related to the Website; sending user notifications and updates regarding the requested service.
Managing the economic and fiscal profile related to the sale of products/services through the Website.
Monitoring and preventing fraudulent activities and ensuring that systems and processes function properly and securely.
Ensuring the Data Controller's right to protect or exercise a legal claim.
Complying with a legal obligation to which the Data Controller is subject.
The Data Controller uses the Personal Data collected through this Website for the following purposes:
The processing of Personal Data is based on Article 6(1)(b) of the Regulation ("[...] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract").
The processing of Personal Data is based on Article 6(1)(a) of the Regulation ("[...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes"). The consent given by the user is voluntary and does not affect the use of additional services on the Website. The consent given can always be revoked through the appropriate cookie preference selection form or by contacting the Data Controller using the contact information provided in the [Data Controller Contacts] section.
The processing of Personal Data is based on Article 6(1)(f) of the Regulation ("[...] processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party").
The processing of Personal Data is based on Article 6(1)(c) of the Regulation ("[...] processing is necessary for compliance with a legal obligation to which the data controller is subject").
The processing of Personal Data is based on Article 6(1)(d) of the Regulation ("[...] processing is necessary in order to protect the vital interests of the data subject or of another natural person").
The processing of Personal Data is based on Article 6(1)(e) of the Regulation ("[...] processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller").
The processing is carried out using manual and/or automated methods, including the use of computer and telecommunications technologies (e.g., CRM, management software, and mailing list services), applying suitable technical and organizational security measures to ensure the security, integrity, and confidentiality of Personal Data, in order to minimize the risks of destruction, loss, unauthorized access, alteration, and unauthorized disclosure, in accordance with Articles 6 and 32 of the GDPR.
The Data Controller does not intend to transfer Personal Data outside the European Economic Area. However, if there is a need for organizational/production purposes, for example, by using providers and/or cloud services that involve the transfer of data abroad, appropriate safeguards will be implemented for the transfer of Personal Data to a Third Country. Depending on the specific circumstances, these safeguards may include verifying the existence of adequacy decisions by the European Commission, adopting standard contractual clauses and/or binding corporate rules, and verifying the adoption of any additional measures in compliance with EDPB Recommendation 01/2020.
Vendor Name | Description | Vendor Privacy Policy |
---|---|---|
Microsoft Clarity | https://privacy.microsoft.com/en-us/privacystatement | |
Google Advertising Products | https://business.safety.google/privacy/ | |
Consisto | https://www.consisto.it/it/privacy-policy.html |
The Data Controller retains Personal Data only for the periods of time necessary to fulfill the purposes outlined in this document, or as required by specific regulations.
In particular:
After the expiration of these retention periods, Personal Data will be deleted or anonymized, unless held for additional purposes based on appropriate legal grounds.
The Personal Data collected by the Data Controller may be disclosed or made accessible, for the purposes mentioned above, to the following categories of recipients:
After the expiration of these retention periods, Personal Data will be deleted or anonymized, unless held for additional purposes based on appropriate legal grounds.
At any time, the Data Subject has the right to access their personal information and request its rectification, erasure, restriction of processing, and portability. The Data Subject also has the right to object, in whole or in part, to the processing and to not be subject to a decision based solely on automated processing, including profiling.
To exercise the rights provided by Articles 15-22 of the GDPR, the Data Subject can contact the Data Controller using the contact details provided in the "Contacts" section (see Article 10). The Data Controller is required to respond to the request within 1 month, or to communicate any delay in case of numerous and/or complex requests (the extension period cannot exceed 2 months). In any case, the Data Subject has the right to lodge a complaint with the competent Supervisory Authority (Data Protection Authority) in accordance with Article 77 of the Regulation if they believe that the processing of their Personal Data is in violation of applicable regulations.
For further information regarding the processing of Personal Data carried out under the contract or to exercise your rights, you can contact the Data Controller at the following email address: info@mezdi.it