Last update: Monday, May 28, 2018
*Network of sites: www.bed-and-breakfast.it, www.bedandbreakfast.it, www.agriturismo.farm, www.casevacanza.online, www.topbnb.it, www.bbcard.it, www.bb25.it, www.bbday.it, www.settimanadelbaratto.it, www.barattobb.it, barterweek.com, barterbb.com, charmedesign.it, inrivalmare.it, beb.it, bed-and-breakfast-sicilia.it, agriturismo-sicilia.it, case-vacanza-sicilia.it, bblombardia.com, bedbreakfastroma.it, worldbnb.com.
Personal data, such as name, email, and telephone numbers, are used only to facilitate the exchange of information between the traveller and operator of tourist facilities to allow online bookings. Under no circumstances is data sold to third parties.
The services offered by the Data Controller are intended for users over the age of 18. If the Data Controller discovers that the data of minors under the age of 18, without the valid consent or their parents or legal guardian(s) is being treated, it reserves the right to unilaterally interrupt the use of the services offered, as well as delete the acquired data.
The following categories of users, which is covered by the information in this document regarding the usage of the sites, are used to distinguish between:
- Users that are travellers (or also travellers): users of the network of sites in search of tourist facilities that they would like to book;
- Users that are platform operators (or also operators): physical persons and/or legal representatives who activate a pay card on the network as operators of tourist facilities to publicize themselves to the travellers on the site.
The travellers may use the search and selection services of the tourist facilities anonymously. For other services such as the publication of an advertisement, reservation requests, the receipt of information and automatic updates, all users, including both travellers and operators, must register. If a traveller does not register in advance, he or she will automatically be prompted to do so the first time a reservation request is made.
IMMEDIATE ACCESS TO THE DATA THAT AFFECTS YOU
All data in our possession that concerns you is included in the following sections of this document and can easily be viewed, modified, or deleted at any time using your account credentials to access it.
If you are a TRAVELLER who has made a request and/or reservation on any of the network sites, the data can be found through the link:
Your user account is automatically created with a random password at the precise time that you first make your request for information and/or reservations at one of the tourist facilities featured on one of the network sites. You are simultaneously notified by email with the instructions necessary to manage it. This is to provide you with the opportunity to manage (modify/delete) all the data personally, at any time.
The username necessary to access your account is your email. If you do not remember your password, you can a request that a link be sent to your email that will allow you to reset it.
If you are an OPERATOR of a tourist facility registered with a regular contract at Bed-and-Breakfast.it and/or one of its network sites, you will be able to manage your data from the dedicated Reserved Area with the username and password chosen at the time of registration.
If you forget this data, you can request that instructions be sent to the email address you indicated when registering your tourist facility to retrieve your login information (username and password). The password you choose is encrypted and stored so that it cannot be viewed by others under any circumstances.
PRINCIPLES APPLICABLE TO THE TREATMENT OF PERSONAL DATA
The Data Controller, pursuant to and for the purposes of enforcing the Regulations, declares that the law mentioned above provides for the protection of individuals regarding the treatment of personal data, and that this treatment will be based on the principles of correctness, lawfulness, transparency, and the protection of confidentiality and fundamental rights.
PURPOSE, LEGAL GROUNDS OF THE TREATMENT AND OPTIONAL CONFERRAL OF THE DATA
1. TYPES OF INFORMATION COLLECTED
Bed-and-Breakfast.it collects three different types of information:
1.1 Information directly provided to us.1.1.1 Information necessary for the use of the Bed-and-breakfast.it platform and its network sites.
When you use the Bed-and-Breakfast.it platform, we ask for and collect the following types of personal data. This information is necessary to effectively execute the contract between our site and the user and allows us to act in accordance with our legal obligations. Without this data, we may not be able to provide the user with all the required services.
- Account information. When you register for a new Bed-and-Breakfast.it account, or when you request information/availability/to make a reservation at one of the tourist facilities registered on our network, we will ask you to provide some data such as your name and surname, email address, and phone number.
- Profile and advertisement data. To use certain features on the Bed-and-Breakfast.it platform (how to book or create an advertisement), we may ask you to provide us with further information, including your address, mobile phone number, and profile picture, as well as all the necessary data to create the listing for your advertisement.
- Other authentication information. To help create and a maintain a secure environment, we may collect identification data (such as a photo of your ID, passport, or driving license, if permittable by applicable law) or other forms of ID. In the case of tourist facilities, we may require the mandatory official registration documents such as SCIA (Certified Start of Activity Report) or other types of documents.
- Payment information. To use certain functionalities on the Bed-and-Breakfast.it platform (for example, making a reservation or creating an advertisement), we may ask you to provide payment information (such as your bank account or credit card details) to facilitate the processing of payments.
- Communications with Bed-and-Breakfast.it and other members. When you communicate with Bed-and-Breakfast.it or use the Bed-and-Breakfast.it platform to communicate with other members, we collect information regarding your communications and any data you choose to provide.
You can choose to provide us with additional personal data to improve your user experience on the Bed-and-Breakfast.it platform. This additional data will only be treated with your consent.
- Additional profile data. As part of your Bed-and-Breakfast.it profile, you can choose to provide us with additional information (such as gender, preferred language(s), address, city, and a personal description of yourself). As indicated in your account settings, some of this data will or may be used in the future as part of your public profile page and will be visible to others. This data, however, can be removed at any time from your user profile and you will always retain the right to decide personally whether to make this data public or not.
- Other information. You can also choose to provide us with other information by filling out a form, completing a search, updating, or adding information to your Bed-and-Breakfast.it account, by responding to surveys, posting forum content, participating in promotions, or using other features on the Bed-and-Breakfast.it platform.
To comply with the applicable law (for example, anti-money regulations) and fulfil the contractual obligations adequately, the Data Controller needs to collect the following information, without which you cannot use the payment services:
- Payment information. When the payment services are used with respect to the payment processing, the Data Controller asks for some payment details (such as your bank account or credit card details, or your PayPal account email) to process payments and comply to the applicable law.
- Authentication and other information. If you are an operator of a tourist facility registered on our network, the Data Controller may request an identity check (such as photo ID, passport, or driving license, if permitted by applicable law) or other information that verifies your identity, such as date of birth, email address, telephone number, and other details to provide you with payment services and comply with applicable law.
1.2 Information collected automatically from the use of the Bed-and-Breakfast.it platform and payment services
When you use the Bed-and-Breakfast.it platform and payment services, information is automatically collected, including your personal data, regarding the services and methods used. This information is necessary for the proper execution of the contract between the site and the user and enables us to act in accordance with our legal obligations based on our legitimate interest, which is to improve and offer you the optimal functionality of the Bed-and-Breakfast.it platform and payment services.
- Location information. When certain features of the Bed-and-Breakfast.it platform are used, information about your precise or approximate location is collected, which is determined through information such as your IP address or the GPS of your mobile device, offering you a better user experience. Most mobile devices allow the user to control or disable the location option for applications in the device settings menu. Furthermore, if the device settings or permissions of the device allow it, Bed-and-Breakfast.it may collect this information even when you are not using the app.
- Usage information. We collect information regarding your interactions with the Bed-and-Breakfast.it platform, including, for example, the pages or other content you view, your ad searches, bookings made, and other tasks you have performed on the Bed-and-Breakfast.it platform. This information is used to improve your user experience, or to make the experience of searching for and booking a tourist facility on Bed-and-Breakfast.it as simple as possible.
- Login and device information. We automatically collect login data and information on devices when a user accesses and uses the Bed-and-Breakfast.it platform, even if the user has not yet created a Bed-and-Breakfast.it account or has not logged in.
- Transaction information. Bed-and-Breakfast.it collects information relating to your transactions on the Bed-and-Breakfast.it platform, including the payment instruments used, the date and time, the amounts paid, the payment instrument expiration, the user’s billing address, the email address linked to the PayPal account, the IBAN, address, and other details relating to the transaction. This information allows for the proper execution of the contract between the site and the user and allows the latter to use and access the payment services on our site.
1.3 Information that we collect from Third-Parties.
Bed-and-Breakfast.it may collect data, including your personal data, which third parties provide about you when using the Bed-and-Breakfast.it platform and payment services, or obtain information from other sources and combine it with the information that we collect through the Bed-and-Breakfast.it platform and payment services. We do not control, supervise, or are responsible for the treatment of your personal data by such third parties, therefore any request for information regarding the disclosure of your personal information must be forwarded directly to the third parties.
- Third-party services. If you log in, connect, or access your Bed-and-Breakfast.it account through a third-party service (for example, Google or Facebook) this tool might send us information such as, for example, your registration data and your user profile associated with this service. The data sent to Bed-and-Breakfast.it varies and is controlled by the service itself, depending on the authorizations you have given to the services involved in relation to the privacy settings.
- References. The references written about you will be published on your public profile page on Bed-and-Breakfast.it with your consent.
- Other sources. we may receive additional information concerning you to the extent permitted by the applicable laws, including, for example, demographic data or fraud detection information, from service providers and/or third-party partners and combine them with the information in our possession. For example, we may receive the results of background checks (with your consent, when required) or fraud reports from industry service providers, such as identity verification companies, which is in line with our fraud prevention efforts and risk assessments. We may receive information about you and your activities on the Bed-and-Breakfast.it platform or outside of it, or about your experiences and interactions with our third-parties and networks, through these partnerships.
2. HOW THE DATA COLLECTED IS USED
Bed-and-Breakfast.it uses, stores, and processes your data, including personal data, to provide, understand, improve, and develop the Bed-and-Breakfast.it platform, creating and maintaining a reliable and secure environment and complying with its legal obligations.
2.1 Providing, improving, and developing the Bed-and-Breakfast.it platform.
- Allows you to access and use the Bed-and-Breakfast.it platform.
- Allows you to communicate with other platform members, both users who are operators and travellers.
- Provide customer assistance.
- Sending service or customer support messages, such as updates, security alerts, and account notifications.
- Manage, protect, improve, and optimize the Bed-and-Breakfast.it platform and the experience of our users, as well as personalize your experience (such as organizing search results or showing advertisements based on your research). To do this, for example, among other things, we create a profile based on your interactions with the Bed-and-Breakfast.it platform, the history of your bookings and searches, profile and preference data, and other content you send through the Bed-and-Breakfast.it platform.
We treat the data provided in accordance with our legitimate interests regarding the improvement of our Bed-and-Breakfast.it platform and the experiences of travellers and operators, and where necessary, to ensure the proper execution of the contract between the site and the user.
2.2 Create and maintain a more reliable and secure environment
- Detect and prevent fraud, spam, abuse, security breaches, and other harmful activities from occurring.
- Carry out safety investigations and risk assessments.
- Verify or authenticate the information or identification you provide (for example, verify the address of your facility or compare your identification photo with another photo that you have provided).
- Perform checks by cross-referencing databases and other sources of information, including legal background checks, to the extent permitted by applicable law and with your consent when required.
- Fulfil our legal obligations.
- Resolve any disputes with our members and assert our rights against third parties.
- Ensure the application of our Terms of Services and other policies.
- In connection with the activities described above, we may create a profile based on your interaction with the Bed-and-Breakfast.it platform and information obtained from third parties. In a few cases, automated processes may limit or suspend access to the Bed-and-Breakfast.it platform if they detect a potentially risky member or activity that threatens the security of the Bed-and-Breakfast.it platform, other members, or third parties.
We treat the information provided based on our legitimate interest in protecting our Bed-and-Breakfast.it platform, evaluating the proper execution of the contract between the site and the user, as well as complying with applicable laws.
2.3 Provide, personalize, evaluate, and improve our advertising and marketing
- Send promotional messages, marketing information, advertising, and other information that may be of interest to you based on your preferences (including information regarding the campaigns and services of Bed-and-Breakfast.it and its partners) and social media advertising through various social media platforms (for example, Facebook and Google).
- Personalize, evaluate, and improve our advertising.
- Manage referral programs, awards, surveys, prize competitions, or other promotional activities or events sponsored or managed by Bed-and-Breakfast.it or our partners.
- Create a profile based on your characteristics and preferences (based on the information you provide, your interactions with the Bed-and-Breakfast.it platform, the information obtained from third parties, and your booking and search history) to send you promotional messages, marketing, advertising, and other promotional material that we think may interest you.
We will treat your personal data for the reasons listed in this section based on our legitimate interest in marketing products or services to you that you might potentially be interested in. You can choose not to receive marketing communications from us by following the instructions to unsubscribe described inside the communications, or by changing the notification settings on your Bed-and-Breakfast.it account.
2.4 Methods of using the data collected by the Data Controller with respect to the processing of payments
- Allow access and use of the payment services.
- Detect and prevent fraud, abuse, security breaches, and other harmful activities from occurring.
- Carry out safety investigations and risk assessments.
- Perform checks, making cross-checks with databases and other sources of information.
- Fulfil our legal obligations (such as anti-money laundering regulations).
- Ensure the application of our Terms of Services and other payment policies.
- Upon your consent, send you promotional messages, marketing information, advertising, and other information that may be of interest to you based on your preferences.
The Data Controller of the payment processes treats the information collected in the legitimate interests regarding the improvement of the payment services and the experience of its users, as well as ensuring the proper execution of the contract with the user and complying with the applicable laws where necessary.
3. SHARING AND COMMUNICATING
3.1 With your consent.
We may share your data, including your personal data, with your consent, for example when you authorize an application or a third-party website to access your Bed-and-Breakfast.it account, or when you participate in promotional activities sponsored by Bed-and-Breakfast.it partners or third parties.
3.2 Sharing between members.
To help facilitate bookings or other interaction between members, we may need to share specific information, including personal data, with other members, to the extent necessary to ensure the proper execution of the contract between the site and the user, such as those illustrated in the scenarios below:
- When, as a traveller, you submit a booking request, some information about you is shared with the operator of the tourist facility, including your first and last name, the full name of additional guests, your cancellation history, and other information that you agree to share. When your booking is confirmed, we will share additional information, including your phone number, to assist you with organizing your trip.
- When, as the operator of a tourist facility, you have confirmed a booking, some of your data will be shared with the traveller to manage the booking, including, for example, your name and surname, telephone number, and the address of the facility.
- When, as a traveller, you invite other travellers to participate in a booking, your first and last name, travel dates, the operator of the tourist facility’s name, the details of the advertisement, the address of the facility, and other relevant information will be shared with each additional guest.
- When, as a traveller, you initiate a booking request with group payment, some information regarding the other participants, such as name, initials of the surname, profile picture, and booking details, are shared among all the participants of the request in question.
We do not share your billing and payment information with other members.
3.3 Profiles, advertisements, and other public information
The Bed-and-Breakfast.it platform allows you to publish information, including personal data, which is visible to the public. For example:
- Parts of your public profile page, including, for example, your name, profile description, and city are publicly visible to other users.
- The advertisement pages are visible to the public and include information such as the precise location of your tourist facility, the advertisement description, the calendar availability, your public profile photo, aggregate information on the application (for example, the number of page views in a given period), and any additional information that helps travellers decide whether to book the facility.
- After completing a booking, travellers and operators can write reviews and rate each other. Reviews and ratings are part of your public profile page and can be viewed on other parts of the Bed-and-Breakfast.it platform (such as the advertisement page).
- If you post content on a community or discussion forum, blog, or social media, or use a similar functionality on the Bed-and-Breakfast.it platform, such content will be publicly visible.
Based on our legitimate interests in promoting the Bed-and-Breakfast.it platform, we may make parts of it visible (for example, your advertisement page) on the websites of Bed-and-Breakfast.it partners, using technologies such as widgets or APIs. If your advertisements are shown on a partner’s site, it is possible that the data on the public page of your profile may also be visible.
The data that you publicly share on the Bed-and-Breakfast.it platform can be indexed by search engines not managed by Bed-and-Breakfast.it. In some cases, you can opt out of this feature through your account settings. If you change your settings or the content that is publicly accessible, these search engines cannot update their databases. We are not responsible for the practices of third-party search engines and these may use cache containing data that is not updated.
3.4 Additional services managed by the operators of tourist facilities.
Operators may need to use third-party services available through the Bed-and-Breakfast.it platform to assist them in managing the accommodation or to provide additional services requested to you, such as, for example, cleaning or access to the facility. The operators may use the features available on the Bed-and-Breakfast.it platform to share information about the guest (for example, check-in and check-out dates, the name and telephone number of the guest) with such third-party service providers to organize the stay, manage the accommodation, or provide other relevant services.
3.5 Compliance with the law, response to requests from public authorities, prevention, and protection of rights.
Bed-and-Breakfast.it may communicate your data, including personal data, to courts, public authorities, government authorities, or third parties authorized in the event and to the extent that we are required or authorized to do so by law or if such communication is reasonably necessary: (i) to comply with our legal duties; (ii) to comply with legal procedures and respond to claims made against Bed-and-Breakfast.it; (iii) to find verified requests relating to a criminal investigation or an alleged or allegedly illegal activity or any other activity likely to expose Bed-and-Breakfast.it, yourself, or any of our other users to legal liabilities; (iv) to manage and enforce our Terms of Service, Terms of Payment, or other agreements with members; (v) to protect the rights, property, or personal security of Bed-and-Breakfast.it, its employees, its members, or the public in general.
Where appropriate, we may inform members about such legal claims, unless: (i) providing such information is prohibited by the applicable legal procedure, based on an order received by the court or according to the law, or (ii) we believe that the notice is useless or ineffective, creates a risk of injury or physical harm to an individual or group of individuals, or creates or increases the risk of fraud against the property of Bed-and-Breakfast.it, its members, and the Bed-and-Breakfast.it platform. In cases where Bed-and-Breakfast.it complies with the legal requests for the communication of data without providing notice to the user for the reasons mentioned above, Bed-and-Breakfast.it will try to inform the user concerned about the request as soon as it determines in good faith that this is no longer prohibited.
3.6 Service providers.
Bed-and-Breakfast.it uses or may use in the future a variety of third party service providers to provide services related to the Bed-and-Breakfast.it platform and the payment services. The providers of these services may be located inside or outside the European Economic Area (“EEA”).
Bed-and-Breakfast.it will have to communicate your data, including your personal data, to guarantee the proper execution of the contract stipulated with you.
3.7 Social networking platforms.
We may use some of your personal information when permitted by applicable law, such as your email address, sharing it with social media platforms such as Facebook or Google, to generate leads and redirect traffic to our websites and promote products and services on the Bed-and-Breakfast.it platform. These treatment processes are based on our legitimate interests with respect to marketing and advertising products or services that may be of potential interest to you. Bed-and-Breakfast.it does not control or supervise social media platforms with which your personal data may be shared. For this reason, any questions regarding the way your personal information is treated by the social media provider must be addressed to the provider in question.
Remember that you may ask Bed-and-Breakfast.it to stop treating your data for marketing purposes at any time by sending an email to firstname.lastname@example.org.
3.8 Tax authorities.
In countries where Bed-and-Breakfast.it facilitates or requires registration, notification, permission, or licensing of a tourist facility operator with a local government authority through the Bed-and-Breakfast.it platform in compliance with local law, we may share information about the participating operators. This can include sharing information such as name, surname, contact details, address of the accommodation, tax identification codes, advertisement details, and number of nights booked with the relevant authority, both during this procedure, and if applicable, at various time intervals.
3.9 Business operations.
3.10 Aggregated data.
We also may share aggregated data (information about our users that we combine so that it does not identify or refer to single users) and other anonymous information for reasons of regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other commercial purposes.
4. OTHER IMPORTANT INFORMATION
4.1 Analysis of your communications
We many review, scan, or analyse your communications on the Bed-and-Breakfast.it platform for the purposes of: preventing spam, fraud, engaging in risk assessment, complying with current legislation, investigating, researching, and engaging in product development, and providing customer support. For example, as part of our fraud prevention activities, we will proceed to scan and analyse messages to hide contact information and references to other sites. In some cases, we may also scan, review, or analyse messages for debugging purposes, as well as improve and expand the product offering. We will use automated methods when reasonably possible. However, we may occasionally need to manually check certain communications, including, for example, spam control, anti-fraud investigations, and customer support, or to evaluate and improve the functionality of these automated tools. We will not review, scan, or analyse your communications to send you marketing messages and will not sell reviews or analysis of such communications.
These activities are carried out based on the legitimate interest of Bed-and-Breakfast.it to ensure full compliance with applicable laws and our Terms, intercept spam, prevent fraud, promote security, and improve and ensure the proper performance of our services.
4.2 Link to third-party accounts.
You can choose to link your Bed-and-Breakfast.it account to another of your third-party social networking sites. Your contact details on these third-party services are referred to as “Friends.” When you create this link:
- Some of the information provided to us by linking to your accounts may be published on your Bed-and-Breakfast.it account profile;
- Your activity on the Bed-and-Breakfast.it platform may be viewed by your friends on the platform and/or on the third-party site;
- A link to your public profile on the third-party social networking site may be included on your Bed-and-Breakfast.it public profile;
- Other Bed-and-Breakfast.it users may be able to view any mutual friends you have in common with them, or the fact that you are a friend of their friends, where applicable;
- Other users of the Bed-and-Breakfast.it website may be able to view the schools, city of origin, or other groups that you have in common with them as reported on the social networking platforms they use;
- The information you provide that comes from the connection of your accounts can be stored, processed, and communicated for fraud prevention and risk assessment purposes;
- The publication and display of the information that you provide to Bed-and-Breakfast.it through this link are subject to your settings and authorizations relating to the platform and the third-party site.
We collect your information from linked accounts to third-party sites only to the extent necessary that ensures the proper execution of the contract between the site and user, and the compliance with applicable laws, or with your consent.
METHOD OF TREATMENT AND STORAGE OF PERSONAL DATA
The Data Controller ensures that the personal data is treated in full compliance with the regulations, in paper and/or electronic format, as well as with automated procedures. The treatment can also be performed through automated tools for storing, managing, and transmitting data.
The data collected and processed will be protected using physical and logistic methods that minimize the risks of unauthorized access, dissemination, loss, and destruction of the data, pursuant to Articles 25 and 32 of the Regulations.
The processing of the data will last no longer than the period necessary to fulfil the purposes for which they were collected.
Pursuant to Article 7, Paragraph 3 of the Regulations, a person has the right at any time, in a quick and efficient way, to revoke his or her consent regarding the treatment of data and request that his or her personal data be deleted by sending a specific communication to the Data Controller at email@example.com. Following the request to delete the data by the user, all personal data will be deleted or stored in anonymized form (anonymous and aggregated to allow analysis and statistics), without prejudice to the further conservation of the data required by regulatory obligations.
In the event, however, that a user has made or received reservations or booking requests, the personal data of that user will be deleted or stored anonymously (rendered anonymous and aggregated to allow for analysis and statistics) only after 30 days have elapsed from the collection of data collected upon check-out from the accommodation where the stay took place. This is to allow the correct management and provision of the platform’s services.
In addition, should the user be recalled, suspended, or sanctioned for fraudulent or suspicious behaviour, or should the user request cancellation after having published an advertisement, the Data Controller reserves the right to keep personal data relating to such user for a period of 2 (two) years from the cancellation request, to prevent the occurrence and/or reoccurrence of any fraud against the Data Controller itself. After this period, the data will only be kept in an anonymous form (anonymous and aggregated to allow for analysis and the compiling of statistics).
If, however, the Data Controller does not receive a cancellation request, the personal data will be kept for a period not exceeding 10 (ten) years, starting from the date in which the site and/or app was last accessed by the user. After this period, the data will only be kept in anonymous form (anonymous and aggregated to allow for analysis and the compiling of statistics).
RECIPIENTS OF PERSONAL DATA
In addition to the Data Controller, the personal data collected may be treated by a party or parties acting as Data Controllers pursuant to Article 28 of the respective Regulations, or who are authorized to treat data pursuant to Article 29 of the Regulations.
Furthermore, for some services, the data may be disclosed to companies that collaborate or use the services of the Data Controller with the sole intent of providing services requested by the user. In these cases, the partners are independent controllers, therefore the Data Controller is not responsible for their treatment of data. The Data Controller is also not responsible for the content and compliance with the legislation regarding the protection of personal data by sites not managed by the Data Controller.
Specifically, the data provided by the user may be shared by the Data Controller with the following third parties for the sole purposes of providing the services requested by the user or to comply with other regulatory obligations:
- Service companies that the Data Controller uses to manage, on their own, the user’s data for purposes such as sending promotional material, SMS messages, and notification settings related to the services offered by the Data Controller and the authentication of the user’s email address, which is provided during registration.
- Payment service providers and financial institutions. The Data Controller may share some information regarding the booking (for example, the booking confirmation) with the payment service provider or the specific financial institution in specific cases such as fraud detection and prevention.
- Business partners, specifically in the tourism industry, with whom the Data Controller shares certain user data solely for marketing purposes and with the prior consent of the user.
Apart from the scenarios mentioned above, personal data will not be disclosed except to parties, organizations, and authorities to whom the communication is mandatory according to the provisions of the law or regulations.
TRANSFER OF DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
Personal data collected using one of the network’s sites may be transferred outside the country solely and exclusively for the execution of the services required in compliance with the specific provisions outlined in the regulations.
Some personal data may be shared with recipients outside the European Economic Area (EEA). The Data Controller ensures that the treatment of personal data by these recipients complies with the regulations.
COLLECTION OF NAVIGATION DATA
The computer systems and the technical and software procedures underlying the operation of the network sites acquire, during their normal operation, some personal data for which transmission is implicit to the access, operational mechanisms, and protocols used on the internet.
Each time the user connects to one of the network sites and accesses or requests content, the access data is stored in the Data Controller’s systems, in the form of tabular or linear data files.
For example, this category of data includes the IP addresses, domain names of the computers used by the users who connect to the site and app, requests by the user’s browser in the form of URI (Uniform Resource Identifier) notation addresses, the date and time of the request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numerical code indicating the status of the response given by the server, and other parameters related to the operating system and to the user’s computer.
This data may be used by the Data Controller for the sole purposes of obtaining anonymous statistical information to identify the pages preferred by the users so that increasingly adequate content can be provided and to check that it is functioning efficiently. At the request of a competent authority, the data may be used to ascertain responsibility in the case of hypothetical computer crimes committed against the network of sites or its users.
This site is optimized for navigation using mobile devices, for which there are special apps offered by the Data Controller. These apps manage the personal data provided by the user in the same way as the site, and, like the website, allow the user to use geolocation services to perform location-based property searches. With the user’s consent, the Data Controller may send notifications (in push mode) with information regarding the booking. The user has the right to authorize the data’s controllers site and app to access his geographical location to receive the requested service. The Data Controller invites users to carefully read the instructions on their mobile devices to change the settings and activate (or disable) the sharing of this data or the reception of push notifications.
THIRD-PARTY COOKIES AND SERVICES
Third party sites such as Facebook (www.facebook.com) are integrated into our website. If the user logs into Facebook and accesses our site, Facebook detects which internet pages to visit. This information is collected by Facebook and associated with the user’s Facebook account. For example, if the user clicks on a Facebook button integrated into our site (for example, “like”), Facebook collects this information and associates it with the user’s Facebook account.
Facebook always collects information on the visitors to our site through components of the site integrated into our website and when they log into Facebook. Should you wish to withhold consent regarding the collection of this information, you need to log out from Facebook before accessing our site. You can find more information on the data protection guidelines adopted by Facebook by accessing the following link: https://facebook.com/about/privacy/
The Google Analytics feature has been integrated into this site (with the anonymization function activated). Google Analytics collects information on visitor behaviour, such as the pages they visit, the site from which they are referred (the referrer), the user, the IP address, and the time in which individual pages are displayed.
The purpose of Google Analytics is to analyse the traffic on our site. Google collects and organizes information to provide, among other things, reports that show activity on our site. This information is mainly used to optimize the browsing experience of the visitor to tour site.
To do this, Google Analytics creates a cookie on the visitor’s system that stores personal information, such as access time, the location from which sites are visited, and the frequency of visits. Every time a user visits our site, the information collected is sent to Google in America and store and managed there by Google.
You can install a browser plugin that will prevent Google Analytics from gathering information while browsing our site to prevent that this information is collected.
You can download the plugin at: https://tools.google.com/dlpage/gaoptout.
If your system is re-formatted or re-installed, it will be necessary to reinstall the plugin.
You can find more information about the data protection guidelines adopted by Google at the following addresses: https://policies.google.com/privacy?hl=it, https://www.google.com/analytics/terms/it.html and https://www.google.com/analytics.
Services provided by Webtrekk have been integrated into this site. Webtrekk is a combined system of analysis and marketing that allows us to gather information on the activity on our site, facilitating the identification of customized marketing campaigns based on pseudonymized profiles. This means that information collected is pseudonymized, which means that is separated from real identities. To do this, Webtrekk creates a cookie on the visitor’s system that stores various information to track the activity on our site.
The information collected by Webtrekk is stored and maintained in Germany.
The user can prevent this collection of information, should he or she desire, through special software or by configuring his or her browser appropriately. In addition to this, the user may object to data collection by Webtrekk by clicking on the link: https://www.webtrekk.com/en/legal/opt-out-webtrekk and following the listed instructions.
Further information regarding the data protection guidelines adopted by Webtrekk can be found at the following address: https://www.webtrekk.com/en/why-webtrekk/data-protection.
Bed-and-Breakfast.it constantly implements and updates security measures of an administrative, technical, and organizational nature with the aim to protect your data from unauthorized access by third parties, destruction, and alteration. Some of the security measures that we use protect your information are firewalls, cryptography, and accessing controls to your information. Should you believe for any reason that your Bed-and-Breakfast.it account credentials have been lost, stolen, misappropriated, or otherwise compromised, or suspect unauthorized use of your Bed-and-Breakfast.it account, you can contact us as described in the Contact Us section of our site.
The Bed-and-Breakfast.it servers and network sites are hosted by EdgeHosting/DataBank server farm, which is based in The United States, and by Amazon Web Services in Europe. Read the security criteria adopted by clicking on the following links:
RIGHTS OF THE INTERESTED PARTY
Pursuant to Articles 15 to 22 of the regulations, the user, as an interested party, has the right to exercise specific rights regarding his or her personal data. Specifically, the interested party has the right to obtain:
- 1. Confirmation of the existence (or lack of existence) of personal data that concerns him or her, even if not yet registered, in a concise, transparent, intelligible, and easily accessible form, in clear and simple language;
- 2. Indication regarding:
- a. The origin of personal data;
- b. The purpose and method of treatment of this data;
- c. The legitimate interests being pursued by the Data Controller or third parties;
- d. Any recipients or eventual recipients of personal data;
- e. Any intention of the holder of this data to transfer personal data to a third country or international organization;
- f. The retention period of the personal data.
- g. The logic applied, as well as the importance and expected consequences of the treatment of the data for the interested party, in the case that the data is treated and carried out using electronic tools as part of an automated collection and/or treatment process;
- h. The identifying details of the Data Controllers, supervisors, any designated representative, and/or the Data Protection Officer (the so-called DPO);
- i. The interested party and parties to whom personal data may be communicated or whom can discover their existence as appointed representatives of the state, managers, or agents;
- 3. The method in which to file complaints to a controlling authority;
- 4. The updating, rectification, or when interested, integration of data;
- 5. The cancellation, transformation in anonymous form, or blocking of data treated in violation of the law, including data whose retention is unnecessary for the purposes in which the data was collected or subsequently treated;
- 6. The limitations to the treatment of the data;
- 7. The mobility of personal data concerning the user to another Data Controller;
- 8. The revocation of consent with respect to the treatment of data;
- 9. The attestation that the transactions referred to in points a) and b) above are known about, also regarding their content, to those whom the data has been communicated or disseminated, except in the case in which this action proves impossible or involves an action manifestly disproportionate to the protected right;
- 10. The opposition, in whole or in part, for legitimate reasons, to the processing of personal data concerning him or herself, even if they are pertinent to the purposes of the collection.
DATA CONTROLLER IN CHARGE AND RESPONSIBLE FOR DATA PROTECTION
To exercise rights detailed in the previous points outlined above, the party or parties concerned can contact the Data Controller and/or the Data Protection Officer at any time, for any reason, concerning the treatment of their personal data, or to request an updated list of any data supervisors appointed by the company, by contacting:
Studio Scivoletto srl Unipersonale
Via Catagirasi snc
97015 Modica (RG)
VAT Number: 01194800882
The Data Controller and DPO is the administrator of Studio Scivoletto s.r.l. Unipersonale: Giambattista Scivoletto.