Privacy Policy
Cryss house – Privacy Policy
PRIVACY POLICY
Privacy Policy of www.crysshouse.it
Data Controller
Cryss House by Cristina Tirelli
Via Pulciano Gaino, 23 – 25088 Toscolano Maderno – Bs –
CF TRLCST61D44 B012I
Data processor: Cristina Tirelli / p>
In compliance with the obligations deriving from national legislation (Legislative Decree 30 June 2003 n.196, Code regarding the protection of personal data) and community, (European regulation for the protection of personal data n. 679/2016, GDPR) and subsequent changes, this site respects and protects the privacy of visitors and users, making every possible and proportionate effort not to infringe the rights of users.
This privacy policy applies exclusively to the online activities of this site and is valid for visitors / users of the site. It does not apply to any information collected through channels other than this website.
The purpose of the privacy policy is to provide maximum transparency regarding the information that the site collects and how it uses it.
This page describes how to manage the personal data acquired through this site (navigation log and cookies) and other services connected to it, which involve interaction with the user:
Newsletter subscription;
Information requests.
This is an information notice, provided pursuant to art. 13 of the GDPR, valid exclusively for the website www.crysshouse.it and not for other websites that may be consulted by the user through links. 1. GENERAL INFORMATION
Users (hereinafter “interested”, pursuant to Article 4, paragraph 1 of the GDPR) are informed of the following general profiles, valid for all areas of processing: all data are processed in a lawful, correct and transparent manner towards of the interested party, in compliance with the general principles set out in Article 5 of the GDPR; specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access; the Data Controller is the undersigned Company, in the person of the legal representative; the Data Controller has appointed a Data Protection Officer / Data Protection Officer – Contact details: T. + 39 3358099635 Email info@crysshouse.it- to which it is possible to contact to exercise all the rights provided for by articles 15-21 of the GDPR (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously granted consent; in case of non-response to their requests, the interested parties can lodge a complaint with the supervisory authority for the protection of personal data (GDPR – Article 13, paragraph 2, letter d). SPECIFIC INFORMATION
2.1 Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could – through processing and association with data held by third parties – allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
| Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c) | These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site (legitimate interests of the owner). | |
| Communication scope (GDPR-Art.13, paragraph 1, letter e, f) | The data are processed exclusively by internal personnel, duly authorized and trained in the processing (GDPR-Art.29) and will not be disclosed to external subjects, disseminated or transferred to non-EU countries. Only in the event of an investigation can they be made available to the competent authorities. | |
| Data retention period | (GDPR-Art.13, paragraph 2, letter a) | The data are usually kept for short periods of time, with the exception of any extensions connected to investigation activities. |
| Conferment | (GDPR-Art.13, paragraph 2, letter f) | The data are not provided by the interested party but acquired automatically by the technological systems of the site. |
| Place of processing | The data collected by the site are processed at the headquarters of the Data Controller, and at the web Hosting datacenter. The web hosting (Aruba Spa, VAT number 01573850516, with registered office in 24036 Ponte San Pietro (BG), Via San Clemente 53,), which is responsible for data processing, processing the data on behalf of the owner, is located in the European Economic Area and acts in accordance with European standards. |
2.2 Cookies
For specific information you can consult the Cookie Policy 2.3 Newsletter subscription
The Cryss House newsletter allows users a constant and extensive study with useful information for tourism and holidays.
| Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c) | Only the email address and name are requested for the sole purpose of sending the newsletter. Registration is subject to the acceptance of specific, free and informed consent (GDPR-Article 6, paragraph 1, letter a) | |
| Communication scope (GDPR-Art.13, paragraph 1, letter e, f) | The data are processed exclusively by internal personnel, duly authorized and trained in the processing (GDPR-Art.29) and will not be disclosed to external subjects, disseminated or transferred to non-EU countries. Only in the event of an investigation can they be made available to the competent authorities. | |
| Data retention period | (GDPR-Art.13, paragraph 2, letter a) | The data are kept until the eventual “unsubscribe”, freely available at any time through the link at the bottom of each message sent. |
| Conferment | (GDPR-Art.13, paragraph 2, letter f) | Failure to provide the email address, name and consent will make it impossible to obtain the newsletter service. |
2.4 Contact requests
The contact forms on the website www.crysshouse.it allow the interested party to request a contact from the staff and identification and contact data are requested.
| Purpose and legal basis of the processing (GDPR-Art.13, paragraph 1, letter c) | The identification and contact data necessary to be able to respond to the contact requests of the interested parties are requested. The sending of the request is subject to the specific, free and informed consent (GDPR-Article 6, paragraph 1, letter a) documented through a specific check-box (GDPR-Article 7, paragraph 1) | |
| Communication scope (GDPR-Art.13, paragraph 1, letter e, f) | The data are processed exclusively by internal personnel, duly authorized and trained in the processing (GDPR-Art.29) and will not be disclosed to external subjects, disseminated or transferred to non-EU countries. Only in the event of an investigation can they be made available to the competent authorities. | |
| Data retention period | (GDPR-Art.13, paragraph 2, letter a) | The data are kept for times compatible with the purpose of the collection. |
| Conferment | (GDPR-Art.13, paragraph 2, letter f) | The provision of data relating to the mandatory fields is necessary in order to obtain an answer, while the optional fields – telephone number and contact date are aimed at providing Cryss House with Cristina Tirelli additional useful elements to facilitate contact. |
3.DATA PROVIDED VOLUNTARILY BY THE USER
The optional, explicit and voluntary sending of electronic and / or ordinary mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. If the sender sends his CV to submit his professional application, he remains solely responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without authorization to process data will be immediately deleted. 4. USER RIGHTS
Pursuant to the European Regulation 679/2016 (GDPR) and to the art. 7 of Legislative Decree June 30, 2003, n. 196 http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1311248, the User can, according to the methods and within the limits established by current legislation, exercise the following rights: – object in whole or in part, for legitimate reasons, to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
– request confirmation of the existence of personal data concerning him (right of access);
– know its origin;
– receive intelligible communication;
– have information about the logic, methods and purposes of the processing;
– request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
– in cases of consent-based processing, receive the data provided to the owner at the cost of any support, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
– the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor – link to the Guarantor page);
– as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
In the event that the data are processed on the basis of legitimate interests, the rights of the data subjects are guaranteed (except the right to portability which is not provided for by the rules), in particular the right to object to the processing that can be exercised by sending a request to the data controller. Requests should be addressed to the Data Controller.
4. POLICY UPDATE
It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a suitable time. However, the interested party is invited to periodically consult this policy.
This Privacy Policy was updated on June 16, 2018