Information pursuant to ART. 13 AND 14 - EU Regulation 2016/679

Stakeholders
Users of the www.risorgimentoresort.it website

Processing of personal data

Below is a description of the methods for managing the www.risorgimentoresort.it service, the owner of which is VESTAS S.R.L.. This information is provided pursuant to Article 13 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data. The information is provided only for the Risorgimento Resort website and not for any other websites consulted by the user through links.

Data controller

Following consultation of this site, data relating to identified or identifiable persons may be processed.
Data controller: VESTAS S.R.L. - VAT No.: 00225650753 - Risorgimento Resort - Via Augusto Imperatore, 19
73100 Lecce - email: info@risorgimentoresort.it, pec:vestas@legalmail.it with registered office VIALE ZARA 58 - 20124 - MILAN (MI)

Place of data processing and recipients

Processing related to Risorgimento Resort web services takes place in ITALY at VESTAS S.R.L. - VAT No.: 00225650753 - Risorgimento Resort - Via Augusto Imperatore, 19
73100 Lecce - email: info@risorgimentoresort.it, pec:vestas@legalmail.it with registered office VIALE ZARA 58 - 20124 - MILAN (MI)

Type of data processed

Navigation data
The software applications used to operate the Risorgimento Resort website acquire certain personal data transmitted via secure protocols. This information is not collected in order to be associated with identified interested parties, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, the browser identifier (user agent), the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the numerical code indicating the status of the response given by the server (e.g. successful, error) and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation.

Data provided voluntarily by the user
In order to access certain services provided through the Risorgimento Resort website, the optional and voluntary entry of certain identification data (email, name, contact details, and information necessary to provide the requested service) may be required.

Purpose and legal basis

Service delivery
The personal data provided by users availing themselves of the services rendered by Risorgimento Resort (e.g. by browsing the site, filling in forms for various requests) are used for the sole purpose of performing the service or provision requested. The legal basis of the processing is the execution of pre-contractual measures in order to respond to your requests.

Further communications following a stay
Subsequent to the purchase of a stay, Risorgimento Resort may send the user further communications, also of a commercial nature, regarding its services. The legal basis for the above processing is the legitimate interest of the data controller (cons. 47 GDPR).
Direct Marketing
In the event of specific consent (by registering for the newsletter) Risorgimento Resort may send information on new products, promotions and special offers by e-mail. It is the user's right to disable the service at any time through the appropriate procedure and/or the methods indicated below for the exercise of his/her rights. The legal basis for the processing described above is the consent of the data subject. Specific summary information, if necessary, will be reported or displayed on the pages of the site set up for particular additional services on request.

Data retention period
The data retention period is that necessary for the purposes arising from the services requested and for a further period of 24 months. If the information requested is the subject of an online transaction, such data may be retained for financial and tax reporting purposes for a period of 10 years. With regard to technical data managed by the site, such as cookies, the retention period is defined by the technical characteristics of the cookies themselves and specified in the "Site cookies" table. The data retention period is understood to be renewed for a further period of 24 months each time a new consent to data processing is given and/or each time the user accesses the services offered through his/her credentials (e.g. personal area login).

Optional provision of data

Apart from what is specified for navigation data, the user is free to provide Risorgimento Resort with the personal data required to use the services provided through the site. Failure to provide data in the fields marked with an asterisk (mandatory) will make it impossible to use the service offered.

Treatment modalities and security

Personal data is processed using IT tools suitable to guarantee the security and confidentiality of the data and in any case in compliance with the appropriate security measures as required by Article 32 GDPR, using secure communication protocols with SSL encryption algorithms. Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations provided therein. The Italian Privacy Guarantor's provision "Guidelines on promotional activities and the fight against spam of - 4 July 2013 (Published in the Official Gazette no. 174 of 26 July 2013), the Guidelines on the processing of personal data for online profiling - 19 March 2015, and the Guidelines on automated decision-making processes and profiling - WP251, defined in accordance with the provisions of Regulation (EU) 2016/679, are considered "good practices".

Recipients

In order to carry out and support the operation and organisation of the activity, certain data may be brought to the attention of or communicated to recipients. These subjects are distinguished in: Third parties, data processors and sub-processors, and authorised personnel under the authority of the data controller or processor.

Third parties

are defined in natural or legal persons, public authorities, service or other body other than the data subject, the data controller, the data processor and the authorised persons responsible for processing.
For data processing related to administrative purposes, accounting, legal obligations, customer management, contracts the data may be communicated to
- Companies operating traditional or computerised postal services.
- Domain Name Registrars
- Any other parties whose disclosure of data is necessary for the achievement of the above-mentioned purposes, or for a legal obligation;

Sub-responsible
- Website management and marketing company
- Hosting company

Within our corporate structure
Your data will only be processed by personnel expressly authorised by the Data Controller, with assurances of the adoption of appropriate instructions, training, confidentiality agreement and, in particular, by the following categories of employees:
- Administration staff.
- Reception clerks

Dissemination

Your personal data will not be disseminated in any way.

Rights of data subjects

Data subjects (persons to whom the personal data refer) may at any time exercise their rights under the Regulation through a dedicated personal area. It is possible to access this area by requesting the link through the appropriate procedure at the end of this notice. A further way of exercising the rights of the Regulation, if the user has made use of the newsletter service, is through the special link at the bottom of the email received. In particular, subjects may legitimately request the rights from Art. 15 to Art. 23, specifically: 1.The cancellation of all data. 2.The rectification/amendment. 3.The limitation. 4.The portability. 5.The right to oppose automated decision making (profiling). If necessary, please indicate further requests in the notes field.
Interested parties, where applicable, also have the right to lodge a complaint with the Garante as supervisory authority in accordance with the established procedures. For any further information, and to assert the rights recognised to you by the European Regulation, you may contact the data controller at the above-mentioned references.

Exercise of data subjects' rights Requests may also be made using the following contacts:
Data controller: VESTAS S.R.L. - VAT No.: 00225650753 - Risorgimento Resort - Via Augusto Imperatore, 19
73100 Lecce - email: info@risorgimentoresort.it, pec:vestas@legalmail.it with registered office VIALE ZARA 58 - 20124 - MILAN (MI)

Acknowledgement of the information notice and consent form of the person concerned
The undersigned data subject, having acquired the information provided by the data controller pursuant to Articles 13-14 and the GDPR, confirms that he/she has read this information notice on the processing of data, for the purposes indispensable to the provision of the service, and to enable Risorgimento Resort to correctly manage and process the data in an appropriate manner.

Consent

As evidence of your explicit and unequivocal consent we will record the time, date, IP address, your email. We remind you that you may at any time exercise your rights (set out above) via the link at the bottom of the communications you receive, or through the contact channels.