INFORMATION RELATING TO THE SITE’S PRIVACY POLICY

  1. Dear user, thank you for choosing to use our site. We are committed to protecting the privacy and security of your personal information. The information that is shared with us helps us improve the quality of services on our site. This Privacy Policy, pursuant to Regulation (EU) 2016/679 and Legislative Decree 101/2018, describes the methods of processing the personal data of users who consult the website www.leuca20rooms.it This information is therefore valid for the purposes of art. 13 of Legislative Decree no. 196/2003, Code regarding the protection of personal data, amended by Legislative Decree 101/2018, and for the purposes of art. 13 of EU Regulation no. 2016/679, concerning the protection of individuals with regard to the processing of personal data as well as the free circulation of such data, for subjects who interact with our site, which can be reached at the address corresponding to the home page www.leuca20rooms.it
  2. However, this information does not concern other sites, pages or online services accessible via hypertext links that may be published on our site (see par. IV) and referring to resources external to the leuca20rooms.it domain, with reference to which the user can manage own settings and revoke consent by directly visiting the relative links and using the tools described in the individual privacy policies of the third parties or by contacting them.
  3. The purpose of this document is to provide information on the methods, timing and nature of the information that the data controller must provide to users when connecting to the web pages of our site www.leuca20rooms.it, regardless of the purpose of the connection itself, according to the Italian and European legislation in force.
  4. The information may undergo changes due to the introduction of new regulations; in this regard, we therefore invite the user to periodically check this page.
  5. If the user is under the age of 14, also in compliance with the provisions of Legislative Decree 101/2018 and of the art. 8, ch. 1 EU regulation 2016/679, he will have to legitimize his consent through the authorization of the parents or of those who have the responsibility or guardianship. Our websites and applications are not directed to children under the age of 14, and we do not knowingly collect personal information directly from children under 14. If you believe that we are inappropriately processing personal information relating to a minor, we ask you to promptly report it by contacting us.

DATA PROCESSING

  1. According to current legislation, the data controller is the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data. He also takes care of the security profiles. Following consultation of the website www.leuca20rooms.it, data relating to identified or identifiable natural and or legal persons may be processed.
  2. With regard to this website, the data controller is

BC STUDIO s.r.l
Via Stella d’Italia n.15
73039 Tricase (LE)
P.IVA 05082350751

The data controller is the natural or legal person, public authority, service or other body which processes personal data on behalf of the data controller. Pursuant to article 28 of EU Regulation no. 2016/679, for this site the data controller is BC STUDIO s.r.l – info@leuca20rooms.it

  1. If necessary, the data collected can be processed by the data controller or by persons appointed and/or authorized by it.
  2. The site deals with: tourism.

TYPES OF DATA COLLECTED

The website www.leuca20rooms.it collects the following general categories of data:

Information provided directly by the user

When the user uses the site www.leuca20rooms.it, he provides a series of information, which is necessary for the adequate analysis of requests and the consequent provision of services, and allows him to act in compliance with legal obligations. Without these data, the data controller, the manager and the persons in charge may not be able to provide all the services requested.

It should be taken into account that the above data mainly coincide with the data requested in the contact form or comments on posts. By way of example, these may include:

  • Profile data (name, surname, date and place of birth, tax code, address, telephone number and profile picture…).
  • Authentication information (e.g. a photo of your ID, passport or driving licence…) or other authentication information.
  • Payment information (e.g. bank account details or credit card details…) to facilitate payment processing.
  • Communications with personnel in charge of data collection and processing, with which the data provided by the User in communications is collected.

Optional information

The user, in communicating with the data controller, the manager and the persons in charge, can choose to provide additional personal data to improve the experience and services. Such additional data will be processed with the consent of the data subject, where applicable.

By way of example, these may include:

  • Additional profile data.
  • Contact data from the address book.
  • Other information (e.g. responses to surveys, participation in forums, communication with service personnel, comments).
  • Location information.
  • Information on the use and appreciation of the site and services.
  • Log data and information about the devices used.

Payment Services Information

This site does not collect data relating to payments, but makes use of external services, which can be directly consulted, to obtain information relating to their specific privacy policy.

Storage place

The Data is processed on the server and at the owner’s operating offices and in any other place where the parties involved in the processing are located, with the exception of data collected with Cookies set by third parties/marketing / monitoring / profiling Cookies, for to which reference is made in the next paragraph. This site uses an Aruba hosting provider service that allows us to make the website accessible. Therefore, user data will also be hosted on the data center of the hosting provider, which will operate as a third party.

Storage period

The Data are processed and stored for as long as necessary for the purposes for which they were collected and in any case for a period of no less than the duration connected to the times of navigation of the site or contact with the site, and to the statistical surveys connected to this . The consent to the treatment can be revoked at any time, as explained in paragraph VII.

COOKIES – PLUGINS – SOCIAL NETWORKS – SERVICES

Cookies

The www.leuca20rooms.it site uses Cookies to make the user’s browsing experience easier and more intuitive: cookies are small text strings used to memorize some information, which may concern the user, his preferences or the device access to the internet (computer, tablet or mobile phone) and are mainly used to adjust the functioning of the site to the user’s expectations, offering a more personalized browsing experience and memorizing the choices previously made. A cookie consists of a small set of data transferred to the user’s browser from a web server and can only be read by the server that made the transfer. It is not executable code and does not transmit viruses. Cookies do not record any personal information and any identifiable data will not be stored. We use technical cookies on this site. By continuing to browse the site and accepting the privacy policy, the user accepts the use of cookies; otherwise he can abandon the navigation of the site. The use of these cookies is governed by the rules established by the third parties themselves. Therefore, users are invited to read the privacy information and the indications for managing or disabling cookies published directly on the relative web pages.

Below are the types of Cookies that the site mostly uses:

  • Strictly necessary cookies: for example authentication cookies, used to find out if the user has logged in to the site or not.
  • Preference cookie: memorizes the preferences set by users such as account name, language, localization and whether the User has chosen to view the mobile version of a site.
  • Statistics cookies: collects information on how users interact with the website, including which pages are visited the most, as well as other analytical data. These details are used to improve the performance of website functions.

Services of Google Inc.

This site also uses third-party services and in particular Google Inc. services. These include Analytics, Search Console, Tag Manager, Google reCAPTCHA.

By way of description, these are:

GOOGLE Analytics

This website uses GOOGLE Analytics. Google Analytics collects information about user visits such as IP address, browser type, time spent on pages and more. Google Analytics uses “cookies” to allow the website to analyze how users use the site. The information generated by the cookie on the use of the website by the User will be transmitted and stored on Google’s servers in the United States. Google will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. Refusal to use cookies automatically prevents you from using all the features of this website. By using this website, the user consents to the processing of data by Google for the methods and purposes indicated above. Further information on terms of use and privacy can be found in the Google Analytics terms of service and in the Google Analytics privacy policy.

GOOGLE SEARCH CONSOLE

This site uses Google Search Console, a web analytics service provided by Google Inc. (“Google”). The information generated by Google Search Console cookies on the use of the site by the user (analysis of searches, broken links, indexing, scanning errors and more) is anonymous and is used exclusively for site optimization. More information on terms of use and privacy can be found in the Google Search Console terms of service and in the Google Search Console privacy policy.

GOOGLE TAG MANAGER

This site also uses Google Tag Manager. This service allows you to manage website tags via an interface. Tags are metadata that are used, for example, to analyze the behavior of traffic and visitors to a site or an app, to understand the effect of online advertising and social channels, to set up remarketing and preferences towards of target groups and for testing and optimizing websites. For completeness and transparency regarding the tools used, it should be specified that Google Tag Manager only implements tags. This means that no cookies are used and, consequently, no personal data is recorded. Further information on terms of use and privacy can be found in the Google Tag Manager terms of service and in the Google Tag Manager privacy policy.

GOOGLE reCAPTCHA

This site uses the Google reCAPTCHA service, aimed at preventing or discouraging the sending of comments or spam messages by users or spambots.
The use of this technology involves the installation of cookies (not profiling) of the third party company, Google Inc. However, the site does not share any navigation information or User data acquired in the case of use of this technology. More information on terms of use and privacy can be found in the Google reCAPTCHA terms of service and the Google reCAPTCHA privacy policy.

PURPOSE OF THE TREATMENT

  1. Provide the requested services and manage customer relations. The provision of personal data is mandatory and the refusal to supply them makes it impossible to carry out what is requested;
  2. Fulfill the requirements dictated by national and community regulations;
  3. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or activities constituting a crime.

The aforementioned information is treated on the basis of the legitimate interests of the owner.

The personal data collected for the aforementioned purposes could also be processed to carry out activities functional to the promotion and sale of products through the site, carry out market surveys and customer satisfaction: the provision of data for these purposes is optional and for the treatment consent is required for such data.

By granting consent to processing for Marketing purposes, the interested party specifically takes note of such promotional, commercial and marketing purposes in the broad sense of the processing (including the consequent management and administrative activities) and expressly authorizes them, once consent has been given on the basis of the established procedures, pursuant to the EU Regulation.

We inform you specifically and separately, as required by art. 21 of the EU Regulation, that if personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him carried out for these purposes and that if the interested party opposes the treatment for direct marketing purposes, personal data can no longer be processed for these purposes.

TRANSFER OF DATA TO NON-EU COUNTRIES

This site, as already clarified above, may share some of the data collected with services located outside the European Union area (for example with Google, Facebook, through social plugins and the Google Analytics service). The transfer is authorized on the basis of specific decisions of the European Union for which no further consent is required.

YOUR RIGHTS

Pursuant to European Regulation 679/2016 (GDPR) and in compliance with the provisions of Legislative Decree Privacy no. 101/2018, the user can, according to the methods and within the limits established by current legislation, exercise the following rights:

  • request confirmation of the existence of personal data concerning him (right of access);
  • have information about the logic, methods and purposes of the processing;
  • request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
  • in cases of treatment based on consent, receive at the sole cost of any support, your data provided to the owner and held by it, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
  • the right to lodge a complaint with the Privacy Guarantor or with the Judicial Authority;
    pursuant to art. 2-terdecies of the Privacy Decree n. 101/2018, all rights (art 15 up to 22 of the EU Regulation) referring to personal data concerning deceased persons, can be exercised by those who have an interest of their own or act to protect the interested party, as his agent, or for reasons of family members deserving of protection
  • as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.

Requests should be addressed to the data controller.

In the event that the data are processed on the basis of legitimate interests the rights of the data subjects are in any case guaranteed (except for the right to portability which is not envisaged by the regulations), in particular the right to object to the processing which can be exercised by sending a request to the data controller. You can object to the processing of your personal data:

  1. for legitimate reasons;
  2. (without the need to justify the opposition) when the data are processed for commercial or marketing purposes.

All without prejudice to the limitations on the rights of the interested parties pursuant to art. 2-undecies and 2-duodecies Legislative Decree n. 101/2018.

APPEAL

If the user believes that their rights regarding the protection of personal data have been violated, they can lodge a complaint with the Privacy Guarantor pursuant to art. 77 of the Regulation and of the art. 141 of the code regarding the protection of personal data or to appeal to the Judicial Authority pursuant to art. 78 and 79 of the EU Regulation and pursuant to art. 152 and following. personal data protection code.

FULFILLMENTS

In the event of a BREACH OF PERSONAL DATA (DATA BREACH), i.e. a breach of security which involves – accidentally or unlawfully – the destruction, loss, modification, unauthorized disclosure or access to the personal data transmitted, stored or otherwise processed, the data controller without unjustified delay and, where possible, within 72 hours from the moment in which he became aware of it, will notify the personal data protection authority of the violation unless it is unlikely that the data violation personal data involves a risk for the rights and freedoms of natural persons.

The data controller who becomes aware of a possible violation is required to promptly inform the owner so that he can take action.

If the violation involves a high risk for the rights of individuals, the owner will communicate the violation to all interested parties, using the most suitable channels, unless he has already taken measures to reduce its impact. Regardless of notification to the Guarantor, the data controller will document all personal data breaches, for example by preparing a special register. This documentation will allow the Authority to carry out any checks on compliance with the law.

Only personal data breaches that may have significant adverse effects on individuals, causing physical, material or immaterial damage, should be notified.

The notification will contain the information required by art. 33, par. 3 of Regulation (EU) 2016/679 and indicated in the attachment to the Provision of the Guarantor of 30 July 2019 on the notification of violations of personal data (web doc. n. 9126951).

SECURITY OF DATA PROVIDED

In any case, it should be noted that this site processes user data in a lawful and correct manner, adopting the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or unauthorized destruction of data. The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

In addition to the owner, as already specified above, in some cases, categories of persons involved in the organization of the site will have access to the data (administrative, marketing, commercial, legal, system administrators) or external subjects such as (as service providers third-party technicians, postal carriers, hosting providers, IT companies, communication agencies).