thanking you for visiting our site, in the following information you will find all the useful indications to understand the purposes and methods of processing of your personal data as a visitor, as well as any other information required by art. 13 and 14 from the EU General Data Protection Regulation 2016/679 ("GDPR").
The policy concerns only this site and not also other websites, portals, sections/pages/spaces connected through links, owned by third parties or Albergo Terme Santamaria, for which please refer to their respective policies.
1. Who is the Data Controller?
The data controller is Albergo Terme Santamaria, located in Suio Terme di Castelforte (LT), Via delle Terme, 423 Cod. Fisc SNTMCR36A69C104V. and VAT no. 00048590590
2. What kind of data do we process and how long do we keep them?
(a) Browsing data
The computer systems and software procedures responsible for the operation of this site acquire, in normal operation and for the sole duration of the connection, certain data that are then implicitly transmitted in the use of Internet communication protocols.
This information is not collected for the purpose of associating it with users but, by its very nature, could, through processing and association with data held by third parties, allow them to be identified. This data is deleted a few hours after processing.
(c) Data provided voluntarily by users/visitors
If by connecting to this site you decide, where applicable, to submit your personal data (for example: first name, last name, email address) in order to access certain services, that is, to make requests via email, Albergo Terme Santamaria will process such data in order to respond to your request, that is, to provide you with the service you have requested in accordance with this policy and the specific privacy notices rendered when you subscribe to individual services. Data will be kept for as long as necessary to provide the requested service and to handle any disputes. Your personal data will be disclosed to third parties only in the event that the disclosure is necessary to comply with the requests of the users themselves, as specified in the specific notices of individual services, or to simplify - at your request - the registration operations to third-party sites/applicationsYou will not be asked for health data and, in general, special categories of personal data referred to in Article 9 of the GDPR (sensitive, biometric, genetic and criminal).
Legislative Decree No. 196/2003: Art. 7 - Right of access to personal data and other rights
The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and its communication in an intelligible form.
The data subject has the right to obtain information on:
a) the origin of personal data;
(b) of the purposes and methods of processing;
(c) of the logic applied in the case of processing carried out with the aid of electronic instruments;
(d) of the identification details of the owner, managers and designated representative under Article 5(2);
e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees.
The data subject has the right to obtain:
a) the updating, rectification or, when interested, the integration of data;
(b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
(c) certification that the transactions referred to in subparagraphs. (a) and (b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected.
The data subject has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him or her, even if pertinent to the purpose of collection;
b) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
Data Collected as a Result of Voluntary User Submission:
-First and last name
3. How are your data processed?
Your data are processed with the support of computerized and telematic means and are protected through adequate security measures suitable to guarantee their confidentiality and integrity.
In particular, Albergo Terme Santamaria has adopted and takes appropriate organizational (distribution of roles and responsibilities in the execution of activity and controls), procedural and technical (firewalls, antivirus and other advanced technologies) measures to protect your data against loss, theft, as well as unauthorized use, disclosure or modification.
4. What are the purpose and legal basis of processing?
Albergo Terme Santamaria processes your anonymous browsing data in 2.a in order to monitor the technical operation and performance of the site, to understand how to improve services and evolve them. This data is necessary to ensure the delivery of the site.
The data in section 2.b are used for the sole purpose of obtaining anonymous statistical information about the use of the site and to check that it is working properly (they are therefore necessary to ensure the delivery of the site).
When the services offered by the site are free of charge and supported by advertisements, the legal basis for processing is the legitimate interest of the Data Controller expressly provided for in the GDPR. (read above point 2.b).
5. To whom can your data be disclosed?
The anonymous data in 2.a and 2.b may be disclosed to partners and suppliers who support Albergo terme Santamaria in the delivery of this site.
In addition, your data may be disclosed to individuals, entities or authorities to whom the disclosure of data is mandatory in by law.
6. What are your rights?
At any time you can access information about yourself and request that it be updated, corrected, and supplemented, as well as deleted, anonymized, or blocked. You may also object in whole or in part to the processing.
7. Changes and updates
This policy may be subject to change over time - including related to the possible enactment of new industry regulations, the updating or delivery of new services, or to intervening technological innovations - so we encourage you to consult this page periodically.