PRIVACY POLICY OF THE WEBSITE WWW.SASSONGHER.IT
Hotel Sassongher Sas di Pescosta Riccardo & Co. (hereafter “Hotel Sassongher”) explains, on this page, how it processes the data of users who visit its site and how the cookies that are installed by the site act.
This Privacy Policy is made in compliance with Article 13 of the GDPR 2016/679 (General Data Protection Regulation, European Data Protection Regulation), the Privacy Guarantor’s Guidelines of June 10, 2021, the EDPB Guidelines 5/2020 referring to consent, the ECJ Judgment October 1, 2019 C-673/17, the General Measure of the Privacy Guarantor on Cookies of May 8, 2014, no. 229, the “Working Document 02/2013 providing guidance on obtaining consent for cookies,” WP 29 Opinion No. 4/2012 On Cookie Consent Exemption, Directive 2002/58/EC, and Recommendation No. 2/2001 of the Working Group Article 29.
The following applies only to the site www.sassongher.it; the Data Controller is not responsible for the data entered and cookies installed by other sites that may be consulted through links.
Information about the data controller and data protection officer (if any)
The Data Controller is Hotel Sassongher Sas di Pescosta Riccardo & Co., with registered office in Sassongherstr. 45, 39033 Corvara (BZ). To exercise your rights under the regulations, you can contact the Data Controller at its office or by calling 0471 836085 or sending an email to info@sassongher.it.
Purpose and legal basis for processing
The Data Controller explains below for what purposes it processes site user data.
|
Purpose of processing |
Fulfilling legal obligations |
|
Description |
Data processing is necessary for the fulfillment of obligations required by law, regulation, or EU legislation |
|
Legal Basis |
Fulfillment of a legal obligation to which the data controller is subject (Art. 6 para. 1 lit. c) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is necessary to fulfill a legal obligation |
|
Consequences of failure to confer |
N.A. |
|
Storage time |
That required by the relevant legislation |
|
Effective retention time |
From the provision of data |
|
Purpose of processing |
Statistical analysis on aggregated or anonymized data |
|
Description |
The processing does not allow user identification, but serves to verify the adequacy of the web marketing campaigns adopted and/or the proper functioning of the site, measuring the user traffic it generates. The processing of aggregated or anonymous data, which do not allow the identification of the user, does not fall under the scope of the legislation on the protection of personal data and therefore no consent is required for their processing. |
|
Legal Basis |
N.A. |
|
Nature of conferment |
N.A. |
|
Consequences of failure to confer |
N.A. |
|
Storage time |
N.A. |
|
Effective retention time |
N.A. |
|
Purpose of processing |
Handling of requests to exercise rights |
|
Description |
Data processing is necessary to handle requests for the exercise of rights sent by the data subject, pursuant to Articles 15-22 of the GDPR. |
|
Legal Basis |
Fulfillment of a legal obligation to which the data controller is subject (Art. 6 para. 1 lit. c) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is necessary to fulfill a legal obligation |
|
Consequences of failure to confer |
Failure to provide data may result in the total or partial inability to respond to the submitted request. |
|
Storage time |
5 years |
|
Effective retention time |
From the provision of data |
|
Purpose of processing |
Information Request/Contacts |
|
Description |
Data processing is necessary to provide feedback to your request. |
|
Legal Basis |
Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is necessary to fulfill a contractual obligation |
|
Consequences of failure to confer |
Failure to provide data may result in the total or partial inability to respond to the submitted request. |
|
Storage time |
2 years |
|
Purpose of processing |
Availability request |
|
Description |
Data processing is necessary to provide feedback to the availability request on the dates indicated |
|
Legal Basis |
Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 (b) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is necessary to fulfill a contractual obligation |
|
Consequences of failure to confer |
Failure to provide data may result in total or partial inability to respond to the submitted request. |
|
Storage time |
2 years |
|
Effective retention time |
From the provision of data |
|
Purpose of processing |
Reservation of stay |
|
Description |
Data processing is necessary to book the stay at the Facility |
|
Legal Basis |
Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 (b) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is necessary for the conclusion of a contract |
|
Consequences of failure to confer |
Failure to provide data may result in the total or partial inability to respond to the submitted request. |
|
Storage time |
10 years |
|
Effective retention time |
From the provision of data |
|
Purpose of processing |
Newsletter |
|
Description |
Processing is required to subscribe to the newsletter and receive commercial communications |
|
Legal Basis |
Consent of the data subject (Art. 6 para. 1. lett. a) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is optional |
|
Consequences of failure to confer |
Failure to provide data will only result in non-subscription and inability to receive the newsletter |
|
Storage time |
Until consent is revoked |
|
Effective retention time |
From the consensus |
|
Purpose of processing |
Stay insurance |
|
Description |
Treatment is required to purchase insurance for the stay |
|
Legal Basis |
Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1(b) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is necessary for the conclusion of a contract |
|
Consequences of failure to confer |
Failure to provide data may result in the total or partial inability to respond to the submitted request. |
|
Storage time |
10 years |
|
Effective retention time |
From the provision of data |
|
Purpose of processing |
Reviews/Comments |
|
Description |
Processing is necessary for the publication of the review and/or commentary |
|
Legal Basis |
Consent of the data subject (Art. 6 para. 1. lett. a) GDPR 2016/679) |
|
Nature of conferment |
The provision of data is optional. |
|
Consequences of failure to confer |
Failure to provide the data will result in the inability to publish the review/commentary |
|
Storage time |
Until the right of cancellation is exercised, if possible. |
|
Effective retention time |
From the consensus |
Methods of processing, automated decision making.
Data processing is carried out in computer-based mode, although potential processing in paper-based mode is not excluded. No automated decision-making processes are used to process your personal data. Any profiling by cookies is done against specific user consent: more information is available in the cookie policy and/or information banner at first access. User profiling carried out by means other than cookies is described in the section “Purposes of processing,” where carried out.
Target audience
Your data may be disclosed to the following categories of recipients:
- Computer service providers and hosting companies to ensure the operation of the site and other explicit purposes
- Communications companies, agencies, marketing consultants and platform providers for sending promotional communications
- Platforms that enable the use of specific services (e.g. electronic payment systems, etc.)
- Public authorities, administrations and agencies.
Transfer of data to third countries or international organizations
Data disclosed may be transferred to third countries and/or international organizations outside the EU. The transfer is legitimized by the presence of an adequacy decision.
The service providers listed below may transfer your personal data outside the European Union. In detail:
|
SUPPLIER |
DATA TRANSFER STATUS |
ADEQUACY DECISION |
|
Mailchimp |
USA |
EU-US Data Privacy Framework of 10.07.2023 |
|
Google (e.g. GPay, Font etc.) |
USA |
EU-US Data Privacy Framework of 10.07.2023 |
|
Blastness |
UK |
Commission Implementing Decision (EU) 2021/1773 of 28 June 2021 |
The hosting of the site is within the European Union.
Rights of the data subject and complaint to the Privacy Guarantor
You have the right to ask us at any time for access to the data concerning you, their amendment, supplementation or deletion, the restriction or opposition to their processing, where there are legitimate reasons, as well as the portability of these data to another Data Controller. We will provide you with a response in writing within 30 days. You may revoke, at any time, the consents you have given on this site, by contacting one of the contact details given within this Privacy Policy You may also lodge a complaint with the Control Authority, where you believe that your data has been processed unlawfully.