Privacy
This page describes how the site is managed with regard to the processing of personal data of the users who consult it. This information is also provided In accordance with to art. 13 of the EU Regulation 2016/679 applicable from 25 May 2018 - General Data Protection Regulation (hereinafter referred to as GDPR) to those who interact with the web services of Borgo dei Conti Resort, accessible by electronic transmission from the address: www.borgodeicontiresort.com
The information is provided only for the site www.borgodeicontiresort.com and not for other websites that may be consulted by the user via links and complies with Recommendation No. 2/2001 on minimum requirements for on-line data collection in the European Union, adopted on 17 May 2001 by the Article 29 Working Party.
DATA OWNER
In accordance with to Article 4 point 7 of the GDPR 2016/679, the Data Controller of your personal data is the Company S.p.l.i.a. Spa, which provides hotel and restaurant services for the Borgo dei Conti Resort with headquarters in Strada Montepetriolo, 26 - 06132 Perugia.
DATA CONTROLLER
The data supervisor is the General Manager of the Hotel.
In accordance with 28 of GDPR 2016/679, the company officially appointed to manage the website and reservations is the company BLASTNESS SRL a socio unico, Piazza Castello, 26, 20121, Milan, Italy.
DATA PROTECTION OFFICER
In accordance with 37 of GDPR 2016/679, S.p.l.i.a. Spa has officially appointed a Data Protection Officer (Data Protection Officer hereinafter referred to as DPO) whose contact details are: privacy@bdcresort.com. The DPO is available to interested parties for any information concerning the processing of their personal data and the exercise of their rights.
PLACE OF DATA PROCESSING
The processing operations connected to the web services of this site take place at the headquarters of the owner and the person responsible for processing, and are carried out only by technical personnel of the service in charge of processing. The servers and databases of the bookings are located at the offices of the External Data Processor. No data deriving from the web service is communicated or disseminated. The personal data provided by users who request dispatch of informative material are used only to perform the service or provision requested and are communicated to third parties only where this is necessary for that purpose.
TYPES OF DATA PROCESSED
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site: except for this possibility, at present the data on web contacts do not persist for more than thirty days. Data provided voluntarily by the user The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
PROCESSING METHODS
Personal data are processed by automated tools for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorised access.
PURPOSE, LEGAL BASIS AND NATURE OF THE CONFERMENT
The Personal Data you provide through the Website will be processed by S.p.l.i.a. Spa for the following purposes: a) purposes related to the performance of a contract to which you are a party or to the execution of pre-contractual measures taken at your request (e.g.: request for information in the "Contact Us" section, Reservations, Subscription to special offers, etc.). The legal basis is based on Article 6(1)(b) of the GDPR 2016/679, i.e. the processing is necessary for the performance of a contract to which you are party or the performance of pre-contractual measures taken at your request. Consent is not necessary; b) purposes of research and statistical analysis on anonymous aggregate data, aimed at measuring the functioning of the Site, measuring traffic and assessing usability and interest to make it more functional and performing; Consent is not necessary as there is no processing of personal data c) purposes relating to compliance with laws and regulations. The legal basis is based on Article 6 par. 1 lett. c) of GDPR 2016/679, i.e. the processing is necessary to comply with a legal obligation of the controller. Consent is not necessary; d) purposes necessary to establish, exercise or defend a right in court or whenever judicial authorities exercise their judicial functions. The legal basis is based on Article 6(1)(f) of GDPR 2016/679 i.e. the processing is necessary for the purposes of pursuing the legitimate interest of the controller. Consent is not required
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
No personal data of the user is transferred outside the EU.
DATA RETENTION
S.p.l.i.a. Spa will process your Personal Data for the time strictly necessary to achieve the purposes indicated in this policy. Notwithstanding the above, S.p.l.i.a. Spa will process your Personal Data for as long as is permitted by Italian law to protect its interests (Art. 2947(1)(3) c.c.). Further information regarding the period of retention of Personal Data and the criteria used to determine this period may be requested by writing to the data controller.
CURRICULA MANAGEMENT
This information notice, drawn up in compliance with art. 13 of the GDPR 2016/679, may be used by the company S.p.l.i.a. Spa also for any advertisements published for personnel recruitment on sites or portals not directly managed by the same. The Company will process curricula received by email or through third party personnel selection companies (publications on portals, etc.) to evaluate potential applications within the company or that may arise in the near future. Processing is carried out electronically, with the exception of curricula received by ordinary mail. CVs considered "interesting" will be stored at the company's headquarters for a period of 18 months and will be processed in full compliance with the security measures provided for in Article 32 of the GDPR 2016/679. Curricula deemed irrelevant as well as those curricula whose retention time has exceeded 18 months will be trashed. However, CVs will be stored in the company's human resources department, may be assessed by officially appointed heads of service and will not be communicated to unauthorised third parties. The same may be assessed by hotel department heads appointed as authorised persons for processing (ex art. 29 and 32 paragraph 4 of GDPR 2016/679 and art. 2-quaterdecies of Legislative Decree 196/2003).
Applicants are requested to respect the following rules when compiling their CVs
- fill in your CV using the European format
- send your CV in pdf format
- avoid including in their CV special categories of personal data as defined by Article 9 of the GDPR 2016/679 (relating, in particular, to health status, religious, philosophical or political beliefs) that are not relevant in relation to the job offer;
- give consent to the processing of special categories of personal data relating to the state of health as defined in Article 9 of the GDPR relevant to the establishment of an employment relationship (e.g. membership of protected categories).
The company reserves the right not to reject CVs that do not comply with the above requirements.
The purpose of processing related to the management of curricula, will involve activities strictly related to the evaluation, recruitment or selection of personnel, with the aim of collaboration, recruitment for a fixed or indefinite term, internship, or to allow the successful candidate to prepare his thesis at our Headquarters.
BOOKING SYSTEM SECURITY
Blastness is certified as PCI DSS compliant (Payment Card Industry Data Security Standard). All information sent to this site, if in an SSL session, is encrypted and protected against disclosure to third parties.
MINORS
The Hotel specifically requests that minors do not use this Site and do not send or post information on it. In the event that the Hotel should inadvertently acquire personal information or other data belonging to a minor, it should be noted that any disclosure by the Hotel of such data to third parties would depend solely on the fact that the minor user has used the Site and disclosed personal information without having requested or received permission from the Hotel.
AUTOMATED PROCESSING
The company does not carry out processing based on automated decision-making, including profiling, which produces legal effects or which may significantly affect your person.
RIGHTS OF THE INTERESTED PARTIES
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (Chapter III GDPR 2016/679). Pursuant to the same article, you have the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing.
In accordance with Chapter III of GDPR 2016/679, you have the right to request at any time, access to your Personal Data, to rectify or erase it or to object to its processing, to restrict its processing as well as to obtain in a structured, commonly used and machine-readable format the data concerning you you you also have the right to object to profiling and to lodge a complaint with the Supervisory Authority. You also have the right to withdraw your consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation. For the complete and exhaustive list of rights that can be exercised by the data subject, please refer to Art. 15 ff. of GDPR 2016/679.
Requests should be sent by e-mail to: privacy@bdcresort.com or you can consult the data controller directly at the accommodation facility.
UPDATE AND REVISION
The Privacy & Cookie policy was updated on 02-10-2019 (previous revision on 24-05-2018) and may be subject to future revisions