Privacy policy

PURPOSE OF THE DOCUMENT
The first part of this document sets out the privacy policy for the website www.cortinabooking.com and it is addressed to all those accessing the site or interacting with the online services of the website www.cortinabooking.com.
This information sheet, drawn up in compliance with Article 13 of the EU GDPR (General Data Protection Regulation) 2016/679 on the protection of personal data and with Article 13 of D. Lgs. (Italian Legislative Decree) 196/2003 “The Personal Data Protection Code”, describes the methods used to manage the website in question in relation to the processing of the personal data of users consulting the site. This processing is to be performed according to the rules for legality, accuracy, relevance and not in excess.
This information does not apply to any websites able to be consulted by users via the links provided on the website www.cortinabooking.com

The second part of the document states the privacy policy adopted for customer relations.

DATA CONTROLLER
The Data Controller for any personal data disclosed following consultation of the website is Stayincortina srl, registered office in Via Majon di Sopra, 20 - 32043 Cortina d’Ampezzo (BL), VAT number 01164350256.

DATA PROCESSING PLACE
Processing linked to the online services provided by this website takes place on the premises of Stayincortina srl and it is performed only by technical staff appointed to do the processing or to carry out occasional maintenance operations.
None of the data arising from the web services will be disclosed or communicated. Any personal data provided by users at their specific request are to be used solely in order to respond to the request or provide the requested service and they will only be disclosed to third parties if this is necessary for that end (see the section “Optional Provision of Data”).

OPTIONAL PROVISION OF DATA
Other than when specified for navigation data, users are free to provide the personal data in the registration forms for the website www.cortinabooking.com in order for information and other communications to be sent. Failure to provide these data may make it impossible to obtain the service requested. In addition, it should be remembered that in some cases, not part of the ordinary management of this website, the Authority may request notice and information pursuant to Article 157 of D.lgs. 196/2003, for the purpose of monitoring the processing of personal data. In such circumstances we are obliged to respond on pain of administrative sanctions.
In the event that in order to access reserved sections of the website, users are asked to select a user name and set a password, users are responsible for keeping this information confidential and informing us immediately if it is being used by unauthorised persons.

TYPE OF DATA PROCESSED
Navigation data
The IT systems and software procedures used for the operation of this website acquire some personal data as a result of their normal functions and transmission of these data is implicit in the use of the internet communications protocols.
This information does not make it possible to identify the user, but such information as first and surnames and address must only be explicitly provided by the user.
This type of information includes IP addresses or the domain names of the computers of users connecting to the site, URI (Uniform Resource Identifier) addresses for the resources requested, the time the request was made, the method used to make the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response provided by the server (successful outcome, error, etc.) and other parameters associated with the operating system and user’s IT environment.
These data are erased immediately after processing and are used for the sole purpose of gathering anonymous statistical information on the website use and in order to check that it is functioning properly. The data may also be used to ascertain liability in the event of possible IT offences likely to damage the website. Other than in this situation, the website contact data are not kept for more than seven days.

Cookies
In providing online services no use is made of cookies for the transmission of information of a personal nature, nor use of persistent cookies of any type which are systems able to track users.
The use of session cookies, which are not saved in a persistent way on a user’s computer and that vanish once the browser is closed, is strictly limited to the transmission of session identifiers, consisting of random numbers generated by the server, which are necessary to enable safe and efficient navigation of the website.
The session cookies used on this website avoid the need to use other IT techniques which are potentially prejudicial to the confidentiality of website users and these cookies do not make it possible to acquire personal data identifying the user.

Data provided voluntarily by users
Sending e-mail messages voluntarily and explicitly to the addresses shown on this website will lead subsequently to the sender’s own e-mail address being acquired as necessary for responding to the requests made, as well as the acquisition of any other personal data included in the message.
Our customers’ contact details may be gathered, stored and used for direct marketing purposes and only on the basis of legitimate interest as set out in Article 6 of the GDPR or when the data subject’s express consent has been given and the subject in question may, at any time, object to the processing, by requesting, for example, the subject’s e-mail address to be removed from the mailing list. The normal storage period for such data is 2 years. No personal profiling will be carried out.
Specific additional information will be reported over time or displayed on the website pages devoted to particular services provided.

PROCESSING METHODS
The personal data are processed using automated equipment for the time strictly necessary to achieve the purposes for which the data have been collected, unless otherwise stated in particular circumstances (see above for the data to be used for direct marketing to customers).
Specific security measures are taken to prevent the loss of the data, their unlawful or improper use and access not authorised in compliance with the obligation required for minimum security measures.
Moreover, we wish to inform you that, in order to provide a complete service, our portal may contain links to other websites, not managed by us. We are not liable for any errors, content, cookies, content publication, advertising, banners or files that are not compliant with the provisions of current regulations and with regard to the privacy regulations on the part of the websites in question not managed by us.

DATA SUBJECTS’ RIGHTS
Personal data subjects have every right due to them under the terms of Articles 15-21 of the GDPR, in particular the right, at any time, to obtain confirmation of the existence or otherwise of the data in question, to be made aware of their content and origin, to verify their accuracy or request that they be added to, updated or rectified.
The data subject has the right to request the erasure, transfer into anonymous form or blocking of data processed in violation of the law and, in all circumstances and for legitimate reasons, to object to their processing. Requests for this to be done are to be sent to the e-mail address info@cortinabooking.com
The data subject may also turn to or make a complaint to a guarantor authority such as the Italian Privacy Guarantor (Garante Privacy): www.garanteprivacy.it

CHANGES TO THE CURRENT PRIVACY POLICY
Stayincortina srl reserves the right to update this privacy policy to make it compliant with subsequent rights, also taking into due consideration any suggestions made by company employees, customers, partners and site users.
For further information on this subject, we can be contacted by e-mail at info@cortinabooking.com.
_________________________

Pursuant to Article 13 of the EU regulation 2016/679 (GDPR) on personal data protection and Article 13 of D.Lgs. 196/2003 (Italian personal data protection code), any personal data obtained from within the context of contractual relation is processed in line with the principles of accuracy, lawfulness and transparency in order to protect your privacy and your rights.
According to the aforementioned regulation we provide you with the following information.
1. Processing purposes and methods: any personal data provided by you in the context of a business relationship will be processed exclusively for administrative and accounting purposes and also to meet the obligations imposed by law, regulations or EU directives. Your contact data may be used for direct marketing purposes, in compliance with the law and only provided you have given you express consent or on the basis of the legitimate interests of the data Controller, as provided for in Article 6 of the GDPR. No other profiling activities are to be undertaken. The data collected are processed by our appointees, either manually or with the aid of IT equipment, and they are processed and stored for the time period necessary to achieve the aforesaid purposes, using appropriate equipment and procedures able to guarantee their security and confidentiality.
2. Obligatory provision of data: you are obliged to provide your personal data in order to perform the aforesaid operations. Failure to accept this obligation and failure to authorise the use of the data will make it impossible to establish or proceed with the business relationship, to the extent that the data are necessary for operating the relationship in question.
3. Context of disclosure and communication: your personal data will not be disclosed nor communicated to non-EU recipients. The data may be communicated to recipients outside our company if they are performing operation that are associated with or instrumental to our business activities solely to meet technical and operational needs that are strictly linked to the above-mentioned purposes. In particular, the recipients belong to the following categories: entities, professionals, companies or other bodies appointed by us to process the data in order to fulfil administrative, accounting, business and managerial obligations associated with the ordinary performance of our business activities including for the purpose of debt recovery; to public sector and administrative authorities in order to meet legal obligations.
4. Data subject rights: data subjects may apply to the Data Controller in order to verify their data, to have them updated or rectified and/or to exercise their rights under Articles 15-21 of the GDPR. In particular, data subjects may, at any time, object to the processing of their e-mail address details to be used for direct sales or marketing purposes. Anyone wishing to exercise such rights or to make any request, may send an e-mail to info@cortinabooking.com. Data subjects at all times have the power to turn to or to make a complaint to a guarantor authority such as the Italian Privacy Guarantor (Garante Privacy): www.garanteprivacy.it.

5. Data Controller: Stayincortina srl, tax code and VAT number 01164350256, Via Majon di Sopra, 20 – 32043 Cortina d’Ampezzo (BL) in the person of its legal representative.
For further information on this subject, we can be contacted by e-mail at info@cortinabooking.com.