Personal data consent

This report, drafted in compliance with Art 13 of Reg. 2016/679 (GDPR) aims to clarify to website Users the methods with which we collect personal data, why we collect it and the methods the Users can use to update, manage, export and eliminate information.

Our goal is to provide all the necessary information to make browsing on the website transparent and safe for Users. It is important to read the content below carefully; if Users do not agree with the content, we invite them to stop browsing on the website.

In order to provide our services, however, we need to collect some personal data, even through automated tools, as indicated below.

The data holder of the personal data gathered is Siset S.P.A., located in Via Altinate 62, 35121 Padua, Italia, VAT no. 00458810280, e-mail privacy@santangelo.it tel. +390498246401, in the person of temporary legal representative.

Through the website, we collect different types of data from Users suitable to identifying the Users themselves, such as personal and accounting data. Specifically, we collect the following personal data:

• Browsing data: information registered by our IT systems while users are browsing and while supplying of our services. For more information about the type of data collected, we invite Users to also read the Cookies policy.
  The following data is included:
  • Information relating to internet communication protocols, IP addresses and access logs to the IT systems;
  • Data relating to browsing and websites previously visited;
  • Data provided by the browser selected by the User;
• Data provided voluntarily and directly by the User: The User, by registering or using the services offered by the website, voluntarily shares his/her personal data.
  The following data is included:
  • personal data (e.g. name, surname, address, fiscal code)
  • communication data (e.g. phone number, email address)
  • accounting data (e.g. payment method)
  • data included in the documents sent by the Users (e.g. ID documents, etc.)
• Data of third parties voluntarily provided by the User: The User could also voluntarily provide third party data which is not related to the Holder in any way, such as, for example, when loading content onto the website. For this type of data, see the point below.
  The following data is included:
  • data of third parties (e.g. names of people who will be staying with the User, etc.)
  • third party accounting
  • data included in the documents sent by the Users (e.g. technical documents, etc.)

In the event the User informs the Holder of third-party contents, he/she declares to having gathered the consensus required for personal data processing and the communication of said information to the Holders.

The personal data collected via the website is treated by the Holder for the following purposes:

• this allow the Users to use the website and the services offered by the website;
• purchase and confirm the bookings and additional services, and to provide the services requested;
• to comply with the obligation set forth in the Consolidated Law on public security (Testo unico delle leggi di pubblica sicurezza), (article 109 of Royal Decree no. 773 dated 18.6.1931) which obliges us to register and notify the Police Headquarters of the general details of our guests, for purposes of public safety, according to the methods set out by the Ministry of the Interior (Decree of 7th January 2013).
• to fulfil the applicable administrative, accounting and fiscal obligations in force.
• to speed up the registration process in the event of your future stays at our establishment;
• provide information on the stay at the campsite (post, messages, visits and phone calls);
• statistical analysis and market analysis
• manage access to possible reserved areas;
• send notifications to the Users and/or communicate with them if there are requests for technical assistance and/or information;

Furthermore, with the consent of the Users, we can also:

• send reports and updates pertaining to offers, promotions and events connected to our business, through information and advertising material;
• carry out a direct sales service of the Services and website Contents.

The User can choose to share his/her data. However, failure to share personal data may result in the impossibility to provide the services requested and/or comply with the contract obligations on behalf of the Holder (e.g. if the payment data is not provided).

In any case, sharing data is always compulsory insofar as it is required to comply with the law (e.g. in accordance with the Consolidated Law on public security; compliance with accounting obligations, etc.).

The Holder carries out the data processing pursuant to Art. 6 of Reg 679/2016 and, specifically, following the collection of the consent on behalf of the User.
In any case, the Holder can process the Users’ personal data even without their consent in the following cases:

• processing is required for the execution of a contract that the User is part of or to execute pre-contractual measures adopted upon request of the User;
• processing is necessary to comply with a legal requirement that the processing Holder is subject to;
• processing is necessary to safeguard the vital interests of the User or other physical people;
• processing is necessary to execute a task of public interest or one connected to exercising public powers that the processing holder possesses;
• processing is necessary to pursue the legitimate interest of the processing holder or third parties, unless the interests, rights, fundamental freedom of the interested party requesting the protection of their personal data are compromised, particularly if the interested party is a minor.

The data processing method is carried out by people authorised to do so (e.g. employees and collaborators) at our offices, both on paper and electronically, with logics which are strictly correlated to specific goals indicated in the privacy policy and, in any case, which guarantee the respect of the measures set forth by Reg. 679/2016, which guarantee the safety and confidentiality of the data itself, as the respect of the fundamental rights and freedoms of the Users and their dignity.

The IT systems and IT programmes are configured with the aim of reducing to a minimum the use of personal data and ID data, in order to exclude processing when the results pursued in specific cases can be met, respectively, via anonymous data or in ways that allow the interested party to be identified only in cases of need.

We guarantee the safety of data even via backup and data recovery systems.

Personal data is preserved for the duration of the Service supply (e.g. until the account is deleted by the website) and/or until the suspension of the consent and/or as long as the content loaded is available on the website itself.

In the event of suspension and/or at the end of the service provision, the data will be preserved within the terms set forth by the law for the fulfilment, for example, of civil and fiscal obligations and, in any case, for no less than 10 years.

In order to improve the Services provided, we can transfer the personal data of the Users to other member countries of the EU, for example, via the Cloud system.

In the even that, in order to provide the Services requested or for technical and/or operational reasons, it is necessary to enlist the services of subjects located outside the EU, or some of the data collected needs to be transferred to technical systems and cloud services located outside the EU, the processing will be regulated in conformity with what is set forth in point V of Reg. 679/2016 and authorised based on specific EU decisions.

In addition to employees and/or authorised collaborators responsible for processing, the Users personal data can also be shared with:

• subjects with whom it is necessary to interact to provide services, including:
  • subjects with whom communications are necessary to provide the services required;
  • subjects delegated with performing a technical activity;
  • other employees and/or collaborators specifically authorised to carry out data processing;
• subjects we rely on for sending commercial reports;
• professional firms which offer assistance and consulting activities on accounting, administrative, legal, tax and financial matters.
• legal authorities for suppression and certifying purposes.

User data will never be shared.

Every User and/or person involved in the processing procedure can exercise the rights set forth in articles 15-22 of EU Regulation 679/2016 and can specifically:

• revoke his/her consent to personal data processing, if the data processing is based on the consent given by the User;
• find out whether the Holder has and/or is treating his/her data, access it in full and obtain a copy (art. 15 Right to Access);
• ask that incorrect data be amended or incomplete data be integrated (Art. 16 Right to Rectification);
• ask for the personal data kept by the Holder be erased if one of the reasons set forth in Reg. 679/2016 applies (Right to Cancellation, 17);
• ask the Holder to limit the processing to specific data, in the cases foreseen (Art. 18 Right to limitation of the Processing);
• ask and receive the personal data processed by the Holder in a structured way, a descriptive manner, readable on an automatic device or ask for the data to be sent to another holder, in the cases foreseen (Art. 20, Right to Data Portability)
• not consent, in part or in whole, to the data processing for the purpose of sending commercial and/or promotional material, or any potential proliferation activities (Art. 21, Right to Not Consent)

Every person concerned can exercise these rights by informing the Processing Holder at the addresses indicated in the heading.
Furthermore, the interested party reserves the right to file a complaint to the Authority for the Protection of Personal Data in accordance with Art. 77 of Regulation 679/2016.

We reserve the right to make amendments to the content of this report on personal data processing at any time, providing information about the types of use and, in any case, via publication on the website.
The amendments enter into force from the moment the update is published, unless otherwise advised.

The official version of this report on personal data processing is the one written in Italian.