Privacy

Privacy Statement

English Version

Information provided pursuant to art. 13 of EU regulation 2016/679 (GDPR)

The data collected are processed in accordance with the principles of correctness, lawfulness, transparency and protection of your privacy and your rights.

Data Controller

Fagiano Rosso Società Semplice Agricola, with registered office in Vocabolo Conversino 163, Cannara

Owner’s email address: info@colledirocco.it

What is Personal Data?

Personal data is information that can directly or indirectly identify a natural person, such as name, email address, telephone number, postal address, gender, bank details or computer IP address.

Types of Data collected

In the course of its business, the Company collects and processes personal data in various ways. The data may be

– provided directly by the interested party

– collected from the Sites www.colledirocco.it , www.colledirocco.com , www.villacolledirocco.it www.colledirocco.com

– third party information,

The types of data collected are:

Email, name, surname, address, nationality, gender, date of birth, telephone number, bank details for payments, identity document data

Site usage data, device IP

Data relating to the profiling of preferences, choices and habits.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data are collected.

What happens if the interested party does not provide the indicated data?

The personal data provided by the interested party are processed using computer and paper methods and are necessary to carry out the services of this company, to send communications via email or mobile phone, as well as to execute contracts and to make the sites usable. Failure to provide your data and failure to authorize their processing will not allow the provision of the aforementioned services.

In cases where the sites or the Company indicate some Data as optional, the Interested Parties are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation.

Interested parties who have doubts about which data are mandatory can contact the Data Controller.

Any use of Cookies – or other tracking tools – by this site or by the owners of third-party services used by the Sites, unless otherwise specified, has the purpose of providing the Service requested by the Interested Party, in addition to the other purposes described in this document and in the Cookie Policy .

The Interested Party assumes responsibility for the Personal Data of third parties obtained, published or shared through the Sites or collected directly by the Interested Party and guarantees that he/she has the right to communicate or disseminate them, freeing the Owner from any liability towards third parties.

Method and place of processing of the collected data

Treatment methods

Security measures are adopted to avoid the risks of unauthorized access, destruction or loss, unauthorized processing or processing that does not comply with the purposes of the collection.

The processing is carried out using computer and/or telematic tools, with organizational methods and with logic strictly related to the indicated purposes.

Communication to third party recipients and categories of recipients

The personal data of the interested party are communicated to third parties whose activity is necessary for the execution of the contractual relationship established and to respond to certain legal obligations, specifically.

Persons involved in the organization of the Sites and this Company (administrative, commercial, marketing, legal, system administrators)

External parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies, accountants, credit and payment institutions, financial administration, public bodies, supervisory authorities), also appointed, if necessary, as Data Processors by the Owner.

The updated list of Data Processors may always be requested from the Data Controller.

Legal basis for processing

The Data Controller processes Personal Data relating to the Data Subject if one of the following conditions exists:

the Data Subject has given consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User’s consent or any other of the legal bases specified below, until the Data Subject objects (“ opt -out”) to such processing. However, this does not apply when the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
processing is necessary for the performance of a contract with the Data Subject and/or for the execution of pre-contractual measures;
processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
processing is necessary for the pursuit of the legitimate interest of the Owner or third parties.

It is always possible to ask the Owner to clarify the specific legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.

Place

The Data is processed at the Data Controller’s operating offices and in any other place where the parties involved in the processing are located. For further information, contact the Data Controller.

The Personal Data of the Data Subject may be transferred to a country other than the one in which the Data Subject is located. To obtain further information on the place of processing, the Data Subject may refer to the section relating to the details on the processing of Personal Data.

The interested party has the right to obtain information regarding the legal basis of the transfer of Data outside the European Union or to an international organization of public international law or constituted by two or more countries, such as the UN, as well as regarding the security measures adopted by the Owner to protect the Data.

If one of the transfers described above takes place, the interested party can refer to the respective sections of this document or ask the Data Controller for information by contacting him at the contact details provided at the beginning.

Personal data retention period

The Data is processed and stored for the period necessary to fulfill the purposes for which it was collected.

The following part of this document indicates the retention period for each specific purpose.

When the processing is based on the consent of the Data Subject, the Data Controller may retain the Personal Data for a longer period until such consent is revoked.

The owner reserves the right to retain certain personal information for longer periods if this is necessary to comply with legal obligations or to ensure security, prevent fraud and abuse and defend or exercise its rights.

Furthermore, the Owner may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of such period, the right of access, deletion, rectification and the right to portability of the Data can no longer be exercised.

Purpose of the Processing of Collected Data

Personal Data is collected for the following purposes and using the following services:

Contact the interested party to respond to his/her requests for information –

The interested party, by filling in the contact form on the Sites with his/her data, or by sending an email, consents to their use to respond to requests for information, quotes, or any other nature indicated by the header of the form or the content of the email.

Types of data : city, surname, date of birth, email, name, gender and various types of data.

Base legal : processing necessary for information, the definition of the contractual agreement and for its subsequent implementation

Storage: 12 months from the completion of the execution of the requested service or from the execution of the contract, unless specific consent is given for a longer storage period.

Management of the contractual relationship (booking and provision of accommodation and accessory services or product sales), purchase of services or products and for activities

Types of data : general information and contact details, tax code and/or VAT number, credit and debit card details provided as a guarantee and/or payment, list of services and products requested and purchased , arrival and departure date, etc.

Legal basis : processing necessary for the definition of the contractual agreement and for its implementation

Retention: 10 years from the completion of the execution of the contract, unless specific consent for a longer retention period is given.

Notification of personal details to the Police Headquarters

Types of data – : general information and identification document details, arrival date and nights spent, family relations, etc.

Legal basis : legal obligation

Storage : until sent to the Police Headquarters, unless specific consent is given for a longer storage period.

Legal, administrative, accounting and tax obligations

Types of data : general information and contact details, tax code and/or VAT number, pec , credit and debit card details provided

Balance, services and products purchased reported in account statements and tax documents, etc.

Legal basis : legal obligations

Storage: within the limits required by law, unless specific consent is given for a longer storage period.

Data storage – of regular customers – to speed up

the « check in » Types of data : general information and details of identification documents, contact details, etc.

Legal basis : consent

Storage : 24 months, unless the consent given for this purpose is revoked.

Mailing list or newsletter

By registering for the mailing list or newsletter, the interested party’s email address is automatically added to a contact list to which email messages containing information, including commercial and promotional information, relating to the Sites may be sent.

Personal Data collected: email, first name, last name and phone number.

Legal basis : consent

Retention : Until revoked

Promotional activities

This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the interested party for promotional initiatives or loyalty programs, special offers or to propose services or products.
These services may also allow you to collect data relating to the date and time the messages are viewed by the interested party, as well as the interaction of the interested party with them, such as information on clicks on links inserted in the messages.

Personal Data collected: general information, contact details, preferences, etc.

Legal basis : consent

Retention : Until revoked

Profiling

The personal data of the interested party may also be processed for profiling purposes (such as processing and analysis of the transmitted data and the chosen Services, proposing advertising messages and/or commercial proposals in line with the needs expressed by the users themselves)

Legal basis consent

Retention : Until revoked

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to track the behavior of the Interested Party.

Google Analytics with anonymized IP (Google Inc. )

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualise and personalise the ads of its own advertising network. This integration of Google Analytics makes your IP address anonymous. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries adhering to the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google’s servers and shortened within the United States. Place of processing: USA

Personal Data collected: Cookies and Usage Data.

Legal basis : consent

Retention : Until revoked

Rights of the interested party

The interested party has the right to:

revoke consent at any time. The Data Subject may revoke consent to the processing of their Personal Data previously expressed.
object to the processing of your Data. The Data Subject may object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
request access to their Data. The Data Subject has the right to obtain information on the Data processed by the Owner, on certain aspects of the processing and to receive a copy of the Data processed.
verify and request correction of your Data.
obtain the limitation of processing. When certain conditions apply, the Data Subject may request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than their conservation.
obtain the deletion or removal of their Personal Data. When certain conditions apply, the Data Subject may request the deletion of their Data by the Data Controller.
receive your Data or have it transferred to another controller. The Data Subject has the right to receive his/her Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain the transfer without hindrance to another controller. This provision is applicable when the Data is processed with automated tools and the processing is based on the consent of the Data Subject, on a contract to which the Data Subject is a party or on contractual measures connected to it.
lodge a complaint with a competent data protection supervisory authority or take legal action.

How to object to the processing of your personal data

When Personal Data is processed in the public interest, in the exercise of public authority vested in the Owner or to pursue a legitimate interest of the Owner, the Data Subject has the right to object to the processing for reasons relating to his or her particular situation.

Interested parties are hereby informed that, if their Data is processed for direct marketing purposes, they may object to the processing without providing any justification. To find out whether the Data Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.

How to exercise your rights

To exercise their rights, the interested party may send a request to the contact details of the Owner indicated in this document. The requests are filed free of charge and processed by the Owner in the shortest possible time, in any case within one month.

Cookie Policy

The Sites use Cookies. To learn more and to view the detailed information, the User can consult the Cookie Policy.

Further information on treatment

Defense in court

The Personal Data of the Interested Party may be used by the Owner in court or in the preparatory stages of its possible establishment for the defense against abuse in the use of these Sites, of this company or of the connected Services by the User.
The Interested Party declares to be aware that the Owner may be obliged to reveal the Data by order of the public authorities.

Specific information

Upon request of the Data Subject, in addition to the information contained in this privacy policy, this company may provide the Data Subject with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and, if possible, on the Sites and, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Please therefore consult this page regularly, referring to the date of the last modification indicated at the bottom.

If the changes affect treatments whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.

Definitions and legal references

Personal Data (or Data)

Personal data is any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage Data

This information is collected automatically through the Sites (including third-party applications integrated into the Sites), including: the IP addresses or domain names of the computers used by the User who connects to this Application, the URI ( Uniform Resource Identifier ) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages visited, the parameters relating to the operating system and the IT environment of the User.

Interested

The individual who uses the Sites or requests the services of this Company and the natural person to whom the Personal Data refers.

Data Controller (or Controller)

The natural person, legal person, public administration or any other entity that processes personal data on behalf of the Owner, as set out in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools used, including the security measures relating to the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

Service

The Service provided by this Company

Product

The product supplied by this Company

Sites

The websites www.colledirocco.it , www.colledirocco.com , www.villacolledirocco.it www.colledirocco.com

Society

Red Pheasant Simple Agricultural Company

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area.

Cookie

Small portion of data stored within the User’s device.

Legal references

This privacy policy is drafted on the basis of multiple legislative systems, including Articles 13 and 14 of Regulation (EU) 2016/679.

Cookie	Durata	Descrizione
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.