Privacy Policy

Privacy policy

Interested Parties: Internet users

Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods used for processing the personal data of users who visit the website, accessible electronically at the following address: https://www.ivrealavilla.com/

This information does not apply to other websites, pages or online services accessible via hyperlinks that may be published on the website, but refer to resources outside the Data Controller’s domain.

It should be noted that the Privacy policy may be changed from time to time as a result of the activation of new services or as a result of the revision and variation of Legal requirements. It is thus advisable to periodically verify whether any conditions have been updated by referring to the aforementioned websites. This page presents an overview of the manner in which the website is managed with regard to the processing of the personal data of users who access the same. This policy is also provided pursuant to Article 13 of the Regulation (EU) regarding the protection of natural persons with regard to the processing of personal data to those who interact with the web services of “SGS S.r.l. Via Torino 334 Ivrea”, accessible electronically from the address mentioned above. Any further data processing is defined in the corresponding information and cookie policy in the footer of the website.

The policy is only provided for this website and not for any other Internet websites that may be accessed by the user via specific links. The policy also adheres to Recommendation no. 2/2001, which the European authorities, for the protection of personal data, as part of the Group established on the basis of Article 29 of Directive 95/46/EC, adopted on 17 May 2001 to identify various minimum requirements for the collection of online personal data and, in particular, the methods adopted, time frames and the nature of the information that the data controllers must provide to users when they enter the web pages, regardless of the purpose of the connection.

The Data Controller

After consulting this website, data relating to identified or identifiable persons may be processed.

The “data controller” is SGS S.r.l. Via Torino 334 Ivrea

Data Protection Officer

The Data Protection Officer (DPO) is Davide Pagliarin, who can be reached at the following email address:  amministrazione@sgscorporate.it

Legal basis for data processing

The personal data indicated on this page is processed by Hotel La Villa, in order to carry out its activities. Consent, the implementation of a contract, the fulfilment of a legal obligation and also the pursuit of a legitimate interest are the legal bases that will be pursued, depending on the data processing carried out on the aforementioned website.

Place of data processing

The data processing linked to the web services of this website takes place in Italy, is managed by the “Pensare web srl” service provider and is organised by the technical staff of reference (data processing manager) and by other representatives of Hotel La Villa, on the occasion of updating and maintenance operations. No data deriving from the web service will be disclosed. The personal data provided voluntarily by users who submit requests for contact are used for the sole purpose of carrying out the service or action required, also through external service providers.

Types of data processed and purposes of data processing

Browsing data

During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or the domain names of computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method adopted to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.

This data is necessary for the use of web services and is also processed for the purpose of:

  • Obtaining statistical information on the use of services (most frequently visited pages, the number of visitors (by time slot or per day), geographical areas of origin, etc.);
  • Checking that the services offered function correctly.

Data provided by the user

The optional, explicit and voluntary transmission of messages to the contact addresses indicated on the forms, and also the compilation and submission of forms present, entail the acquisition of the sender’s contact information, necessary for replying, and also all personal data included in the communications.

Specific notices will be published on the pages of the websites set up for the provision of certain services.

Cookies and other tracking systems

Cookies are not used for the purpose of user profiling.

However, session cookies (non-persistent) are adopted and their use is strictly limited to what is required for safe and efficient browsing of the websites. The storage of session cookies in terminals or browsers remains under the control of the user, in cases where, in the servers, at the end of HTTPS sessions, information regarding cookies remains recorded in the service logs, with storage times regarding each individual third party manager of the service. Any data acquired through cookies and the methods adopted for their management are fully described in the ‘cookie policy’ document.

Browsing data

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to verify that it is functioning correctly strictly for the time necessary to fulfil the purposes for which the data has been collected. The automatically-collected information can be used by “SGS S.r.l..” for verification of responsibility in the event of hypothetical computer crimes to the detriment of the website, for statistical purposes, to improve browsing and website content. Any data acquired through cookies are fully described in the ‘cookie policy’ document.

Data provided voluntarily by the user

The optional, explicit and voluntary transmission of data entered in data collection forms or the sending of email messages to email addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary for responding to requests, and also any other personal data included in the message. It should be noted that the personal and/or business data entered in the forms present on the websites are used to respond to user queries and to provide the information and services that have been requested.

Data processing methods

The personal data is processed using automated tools strictly for the time necessary to fulfil the purposes for which the data has been collected. Specific security measures are observed to prevent the loss of data, their unlawful or improper use and unauthorised access. We wish to inform you that in order to provide a complete service there are links to other websites managed by other data controllers. We decline all responsibility in the occurrence of any errors or in the presence of content, cookies, publications of unlawful immoral content, advertising, banners or files that do not comply with current legal provisions and also with regard to privacy legislation on the part of websites not managed by us to which reference is made.

Recipients of the data

The recipient of the data collected following website consultation, pursuant to Article 28 of the Regulation, is the person responsible for the Pensare web srl data processing, as provider of the web platform hosting services;

Transfer of data abroad

Third Countries: The website communication services may use external suppliers located in non-EU countries, and in particular in the USA. For these suppliers it has been ascertained that the contractual clauses provide for adherence to the Privacy Shield agreements.

Rights of the Interested Parties

You have the right to obtain, from the data controller, the cancellation (‘right to be forgotten’), limitation, updating, rectification and portability of data and you are entitled to oppose any processing of personal data concerning yourself. In general, you may exercise all rights provided for by articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR, where applicable, with respect to the purposes of data processing.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21 and 22 –

  1. The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/herself, even if this data has not yet been recorded, and communication of the data in an intelligible form.
  2. The interested party has the right to obtain information regarding:
    a. the origin of the personal data;
    b. the purposes and methods of the data processing;
    c. the logic applied in case of processing carried out with the aid of electronic tools;
    d. the identification details of the data controller, of the persons responsible and of the designated representative pursuant to article 5, paragraph 2; e. the individuals or categories of individuals to whom the personal data may be communicated or who may gain knowledge of the data, as designated representatives in the territory of the State, as persons responsible or as appointees.
  3. The interested party has the right to obtain:
    a. updating, rectification or, when interested, integration of the data;
    b. the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data of which the retention is unnecessary for the purposes for which it was collected or subsequently processed;
    c. attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data was communicated or distributed, except in the case in which the fulfilment of this action proves impossible or involves the use of means manifestly disproportionate to the protected right;
    d. data portability.
  4. The interested party has the right to object, fully or partially:
    a. for legitimate reasons, to the processing of personal data concerning him/herself, even if pertinent to the purpose of the collection;
    b. to the processing of personal data concerning him/herself for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

Right to lodge a complaint

Interested parties who believe that the processing of their personal data carried out through this website is in breach of the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority, as provided for in Article 7