Information on the Processing of Personal Data
Pursuant to art. 13 of Regulation (EU) 2016/679 (GDPR)
1. Data controller
The Data Controller is el Zhìgol di Pozzobon Sofia, with registered office in Via Cal Nova 41, 31010 Farra di Soligo (TV), Italy.
For any communication regarding the protection of personal data, you can contact the Data Controller by email or telephone, whose contact details are available at the facility.
2. Purpose of the processing
Personal data are processed for the following purposes:
- fulfillment of obligations under current legislation regarding public safety and tourist flow management (e.g., data communication to the Police Headquarters, ISTAT, and the Municipality);
- administrative and accounting management of the stay;
- sending promotional communications and personalized offers, subject to the interested party's consent.
3. Legal basis for processing
The processing is lawful as it is based on:
- need to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR);
- performance of a contract to which the data subject is party (Article 6, paragraph 1, letter b) GDPR);
- express consent of the interested party for marketing purposes (Article 6, paragraph 1, letter a) GDPR).
4. Categories of data processed
The data processed includes: personal details, information contained in identity documents, telephone numbers and email addresses, and any preferences expressed by the guest.
5. Methods of processing
Processing is carried out using manual and electronic tools, in compliance with the security measures required by the GDPR, aimed at ensuring the confidentiality, integrity, and availability of the data.
6. Data retention period
The data will be retained for the time necessary to fulfill legal and contractual obligations, and in any case no longer than 10 years for tax and accounting purposes. Data processed for marketing purposes will be retained until consent is revoked.
7. Communication and dissemination of data
The data may be disclosed to third parties such as public authorities (e.g., police headquarters, municipalities), tax consultants, and IT service providers, acting as data controllers. The data will not be disseminated.
8. Transfer of data abroad
The data will not be transferred to third countries outside the European Union. If necessary, the transfer will be carried out in compliance with Articles 44 et seq. of the GDPR.
9. Rights of the interested party
The interested party has the right to access their personal data, request rectification, erasure, restriction of processing, object to processing, and withdraw consent. These rights may be exercised by contacting the Data Controller. It is also possible to lodge a complaint with the Italian Data Protection Authority.
