Version 2.0 (valid from 09.03.2020)
The information and details you provide or which are otherwise acquired through your use of GL’s services (for example, booking requests, enquiries, the purchase of services or products or accessing certain areas of the Website; henceforth “Services”) will be handled in compliance with the stipulations of the Applicable Law and the appropriate confidentiality obligations. In compliance with the Regulation, personal data is handled by GL in accordance with the principles of lawfulness, fairness, transparency, purpose and retention time limitation, data minimization, accuracy, integrity and confidentiality.
1. Data controller
The subject entrusted with processing data through the Website is GL, as defined above. For any information on how your personal data are being processed by GL – including a list of the appointed data processors – you can contact the Data Controller at: firstname.lastname@example.org
2. Processed personal data
Following access to the Website, we inform you that GL will process personal data, which may comprise identifying data such as your name, an identification number, an online username or one or more elements distinguishing your physical, physiological, mental, financial, cultural or social identity, which may lead to the data subject being identified or made open to identification (“Personal Data”). The Personal Data processed through the Website are as follows:
The IT systems and software used to run the Website automatically acquire certain Personal Data, as transmission of the same is implicit to the use of Internet communication protocols. This type of information is not gathered for the purpose of linking it to identified subjects, but, by its nature, if processed and linked to data held by third parties, could lead to the user being identified. This category comprises data such as IP addresses or the domain names of the computers used by the users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to make the request of the server, the size of the file sent in response to the request, the numerical code indicating the state of the response made by the server (complete, error, etc.) and other parameters pertaining to the user’s operating system and type of device being used. These data are used exclusively to obtain anonymous statistical information about Website use and to ensure the site is working properly, as well as making it possible to pinpoint any anomalies or improper use of the site; they are deleted immediately after processing. In the event of unlawful attacks against either the Website or related third parties, these data may be used to identify the guilty party/ies; excepting these cases, the data regarding web contact are deleted within a few days of creation.
The voluntary sending of your Personal Data by means of contact forms and requests for availability or reservation trough the Site or via e-mail to addresses indicated on the Site entails the subsequent acquisition of the data communicated to the sender (including your name, surname, e-mail address, any mobile number) as well as the conferral of your consent to receive any reply messages to your requests. The Personal Data supplied in this way are used by GL for the sole purpose of providing the Services, as well as to respond to the requests transmitted and are communicated to third parties only if necessary for that purpose.
When availing of certain Services offered by the Website, it may happen that you forward third-party data to GL. In this event, you act as independent data controller, and shall be responsible for all the duties and liabilities foreseen by law. As such, on this point you grant us the fullest possible exemption from any protest, claim, request for damages from data processing, etc. that may be made against GL by third parties whose Personal Data have been processed through your using the Website functions in violation of the applicable legislation on personal data protection. NotwitGLtanding this, in the event of you providing or otherwise handling the Personal Data of any third party when using the Website, you hereby declare – and take full legal responsibility for the declaration – that there is a sound legal basis for doing so, in accordance with art. 6 of the Regulation legitimizing processing of the information in question.
3. Purpose of processing the data
The reasons for processing your data, with your express consent where necessary, are as follows:
4. Legal basis and compulsory or optional provision of personal data
The legal basis for processing your Personal Data for the purposes stated in section 3.a is art. 6(1)(b) of the Regulation, inasmuch as it is necessary to process your data in order to provide our Services and/or to reply to your queries. Providing Personal Data for these purposes is optional, but failure to do so will make it impossible for us to provide our Services.
The purposes stated in section 3.b constitute legitimate processing of Personal Data under the terms of art. 6(1)(c) of the Regulation. Once you have conferred your Personal Data, GL must process them in order to comply with legal obligations to which it is subject.
The legal basis of the data processing for the purposes set out in section 3.c is art. 6(1)(a) of the Regulation (the data sub’s consent). For the processing carried out for the same purposes that involve the direct sending of own advertising materials or for the fulfillment of own market research or commercial communications in relation to products or services of the Controller similar to those purchased by the data subject in the past, the Controller may use, even without the subject’s consent, e-mail addresses and post addresses, pursuant to and within the limits permitted by art. 130, paragraph 4 of Legislative Decree 196/2003 and the provision of the Italian Supervisory Authority of 19 June 2008. In such case, the legal basis for the processing of Personal Data is art. 6(1)(f) of the Regulation.
5. Who may receive your Personal Data
For the purposes stated in section 3 above, our Personal Data may be shared with:
6. Transmission of Personal Data
Your Personal Data will not be shared with any Recipients outside the European Economic Area
7. Data retention times
The Personal Data processed for the purposes stated in section 3.a will be stored for the necessary time it takes to complete the requested operations. As this data processing concerns the provision of Services, GL also retain your Personal Data for the time permitted under Italian Law for the defense of own rights (art. 2946 Code of Civil Law).
The Personal Data handled for the purposes stated in section 3.b will be stored for the time permitted by the specific disposition or applicable law.
Personal Data processed for the purposes referred to in section 3.c will be retained until the revocation of the consent by the subject, or in the absence of such revocation, for a maximum time considered appropriate by the Controller.
You can request further information on data retention times and the criteria adopted to establish these times by writing to the following address: email@example.com
8. Rights of data subjects
Under the terms of articles 15 onwards of the Regulation, you have the right to ask GL at any time to allow you to access your Personal Data, to make amendments to or delete them wholly or in part, object to their being processed; also the right to request restrictions to their processing in the cases foreseen by art. 18 of the Regulation, and to obtain the data pertaining to you in a structured, commonly recognized and legible form from an automatic device in the cases foreseen by art. 20 of the Regulation. At any time, you may revoke, the consent already given according to art. 7 of the Regulation, without prejudice to the lawfulness of the processing carried out prior to the withdrawal of consent. Requests of can be sent to the following address: firstname.lastname@example.org.
In any case, you always have the right to file a claim with the relevant Supervisory Authority (in Italy: Garante per la protezione dei dati personali), under the terms of art. 77 of the Regulation, in the event that you believe your Personal Data have been processed in violation of the Applicable Law.