This policy is provided in accordance with Article 13 of Regulation 2016/679 (GDPR), pursuant to Article 13 of
Legislative Decree No. 196/2003 (Personal Data Protection Code) and applies to all personal data processed in the
manner set out below.
Data Controller
The Data Controller of the Personal Data collected is: Hotel Ebe
Place of Operation: Via Le Mozzete 1/A – Scarperia – San Piero a Sieve Mugello – Tuscany Italy
Owner’s email address: info@ebeweb.it
Typologies of Data Collected
Full details on each type of data collected are provided in the dedicated sections of this privacy policy.
User’s Personal Data may be freely provided by the User or, in the case of Usage Data, automatically collected
during the use of the site.
Unless otherwise specified, all requested Data are mandatory. If the User refuses to provide them, it may be
impossible to provide the service. In cases where some Data are optional, Users may abstain from communicating such
Data, with no consequence on the availability of the Service or its operation.
Should Users doubt about which Data is mandatory, they are encouraged to contact the Data Controller.
The possible use of Cookies, or other tracking tools, by the site or third party service holders used, unless
otherwise specified, has the purpose of providing the Service requested by the User.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through the
site and guarantees that he/she has the right to communicate or disseminate it, releasing the Owner from any
liability towards third parties.
HOW AND WHERE THE DATA COLLECTED IS PROCESSED
Purposes of Data Collection
The User’s Data are collected to enable the Owner to provide its Services, as well as for the following purposes:
Statistics, Newsletters, Personalized Advertising, Accounting, Content and Functionality Performance Testing,
Interaction with social networks and external platforms, Displaying content from external platforms and interaction
with data collection platforms and other third parties.
Should you wish to obtain further detailed information on the purposes of processing and the Personal Data
concretely relevant for each purpose, you may refer to the relevant sections of this document.
Data processing mode
The Data Controller shall take all necessary security measures to prevent unauthorized access, disclosure,
modification or destruction of Personal Data.
Data processing is carried out using computer and/or telematic tools, with organizational methods and logics
strictly related to the indicated purposes. In addition to the Data Controller, other parties outside the company
(administrative, sales, marketing, legal, system administrators) or external parties (such as third party technical
service providers, postal couriers, hosting providers, IT companies, communication agencies) also being appointed,
if necessary, Data Processors by the Data Controller have access to the data. The updated list of Data Processors
can always be requested from the Data Controller.
Legal basis of data processing
Personal Data related to the User are processed by the owner if one of the following conditions exists:
the User agreed for one or more specific purposes;
- Processing is necessary in order to fulfill a contract with the user and/or the execution of pre-contractual
measures; - Processing is required to fulfill a legal obligation that the Owner is subject to;
- Processing is required for the performance of a task of public interest or the exercise of public authority
over which the Controller is subject; - Processing is necessary in order to pursue the legitimate interest of the Controller or third parties.
However, it is always possible to request the Data Controller to clarify the concrete legal basis of each
processing, and in particular to specify whether the processing is based on law, part of a contract, or necessary
to conclude a contract.
Place
Processing of Data is carried out at the operational offices of the Data Controller and at any other location where
the parties involved in the processing are located. For more information, please contact the Data Controller.
Personal Data of the User may be transferred to a country other than the country where the User is located. To
obtain more information about the location of the processing, the User may refer to the section on Personal Data
processing details.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the
European Union or to an international organization under public international law or consisting of two or more
countries, such as the UN, as well as regarding the security measures taken by the Controller to protect the Data.
Should any of the above-mentioned Data transfers take place, the User may refer to the specific sections of this
document or request information from the Data Controller by contacting it at the contact details given at the front
of this document.
Data retention period
Data are processed and retained as long as the purposes for which they were collected require:
Personal Data collected and used for purposes related to the performance of a contract between the
Data
Controller and the User will be retained until the performance of that contract is completed.Personal Data collected for purposes related to the legitimate interest of the Data Controller will be
retained
until such interest is satisfied. The User may obtain further information regarding the legitimate interest
pursued by the Controller in the
corresponding sections of this document or by contacting the Controller.
In cases where the processing is based on the User’s consent, the Controller may keep the Personal Data longer until
that consent is revoked. Furthermore, the Controller may be obliged to retain Personal Data for a longer period in
compliance with a legal obligation or by order of an authority.
At the end of the period of storage, the Personal Data will be deleted. Therefore, upon the expiration of this
period the right of access, deletion, rectification and the right to Data portability can no longer be exercised.
Information on the processing of Personal Data
Personal Data are collected for the following purposes and through the following services:
Mailing Lists or Newsletters
Upon registration to the mailing list or newsletter, the User’s email address is automatically added to a
contact list to which email messages containing information, including information of a commercial and
promotional nature, may be sent. The User’s email address may also be added to this list as a result of
registration to the site or after requesting a quote.
Collected Personal Data: email, first and last name.Contact form
The User, by filling out the contact form with their Data, consents to their use for inquiries, requests for
quotes, or any other type of request indicated by the header of the form.
Personal Data collected: first and last name, email (required data), telephone, and various types of
Data.Private area access registration
The User, when filling out the registration form with their Data, agrees to their use to create a unique
account that can be used for various functions of the site ( i.e. inquiries, quotes, or e-commerce).
Personal Data collected: first and last name, email (required data), telephone, and various types of
Data.Interaction with social networks and external platforms
Those types of services enable interactions with social networks, or other external platforms, directly from
this site. The interactions and information acquired are in each case subject to the User’s privacy
settings related to each social network.
In the event that a social network interaction service is installed, it is possible that, even if Users do
not use the service, it may collect traffic data related to the pages where it is installed.Facebook Social Widgets (Facebook Inc.)
Facebook social widgets are interaction services with the social network Facebook, provided by
Facebook, Inc.
Personal Data Collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.YouTube Social Widgets (Google Inc.)
YouTube social widgets are YouTube platform interaction services provided by Google Inc.
Personal Data Collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Remarketing e targeting comportamentale
This type of service enables you to communicate, optimize and serve advertisements based on your past
experience using this site. This activity is carried out through tracking of Usage Data and the use of
Cookies, information that is transferred to partners to which the remarketing and behavioral targeting
activity is linked.Remarketing with Google Analytics for display advertising (Google Inc.)
Google Analytics for Advertising Display is a remarketing and behavioral targeting service provided
by Google Inc. that links tracking activity performed by Google Analytics and its Cookies.
Personal Data Collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Statistics
The services contained in this section allow the Data Controller to monitor and analyze traffic data and to
track User behavior.Google Analytics (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (« Google »). Google uses the
Personal Data collected for the purpose of tracking and analyzing site usage, collecting reports
and sharing them with other services developed by Google. Google may use Personal Data to
contextualize and personalize ads in its advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out.
Additional information about Personal Data
Privacy Policy
The User, by filling out the contact form with their Data, consents to their use to respond to requests for
information, quotes, or any other nature indicated by the header of the form.
User Rights
According to Articles 15 – 21 of EU Regulation 2016/679, a number of rights are granted to each data subject
Right of Access: the data subject, in accordance with Article 15, has the right to receive
confirmation of
whether any personal data concerning him or her is being processed and, where necessary, to obtain a copy
of that data. He or she also has the right to access the personal data concerning him or her and further
information such as the purpose of the processing, the categories of recipients, the period of data
retention, and the rights that can be exercised.Right of rectification: the data subject, pursuant to Article 16, has the right to obtain the
rectification
of inaccurate personal data concerning him or her or the integration thereof.Right to erasure: the data subject has the right to obtain the erasure of personal data concerning
him/her,
without undue delay, if one of the grounds provided by art. 17 exists.Right to restriction of processing: the data subject has the right, in the cases provided by Art. 18
of
Regulation 2016/679, to obtain the restriction of processing.Right to data portability: the data subject has the right to receive, in a structured, commonly used
and
machine-readable format, personal data concerning him or her and has the right to transmit such data to
another data controller without hindrance, as provided by Art. 20 of Regulation 2016/679.Right of objection to processing: the data subject has the right to object to the processing of
personal
data concerning him or her in accordance with Article 21 of Regulation 2016/679.
The data subject shall also have the right to lodge a complaint with the competent supervisory authority, the
Privacy Controller.
The requests referred to in the preceding points must be addressed in writing to the Data Controller. The Data
Controller will, within the time limits established by current regulations, provide timely responses to requests to
exercise the rights of data subjects.