PRIVACY POLICY

Data Processing Information

Information provided pursuant to art. 13-14 of the European Regulation 2016/679.

By accessing the services offered by Vescine srl, data relating to identified or identifiable persons may be processed. The data controller is: Vescine Srl, Località Vescine, 53017 Radda in Chianti (Siena, Italy), VAT number 00713920528. The company Vescine srl, as Data Controller, informs you about the use of personal data by provided by you and/or referable to you for the booking and stay at our facility. The data controller company communicates to you pursuant to articles. 13/14 of EU Reg. 2016/679 which will process the personal data provided by you or referable to you in compliance with the provisions of the law. According to the legislation, the processing of your personal data (personal data, residence data, contact data, e-mail, telephone, data relating to preferences, booking data, data relating to your stay, navigation data, etc.) will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality.

Treatment methods

Personal data are processed with both manual and automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The processing is also carried out with the aid of IT means for the following purposes:

1. Purpose of booking and stay; We inform you that the personal data provided by you or referable to you during the booking and/or stay phase will be processed for the provision of the requested services. The legal basis of this processing is represented by the need to fulfill contractual and/or pre-contractual obligations pursuant to art. 6 paragraph 1 letter. b of EU Reg. 2016/679, as well as the need to fulfill legal obligations pursuant to Art. 6 paragraph 1 letter. c EU Reg. 2016/679. We inform you that the provision of these personal data is essential for the provision of the services, in case of failure to provide the data the data controller company may not be able to provide all or part of the requested services. Personal data pursuant to art. 4 paragraph 1 of EU Regulation 2016/679 may be processed for the time necessary to fulfill contractual and/or legal obligations;

2. to fulfill the obligation established by the "Consolidated law on public security laws" (article 109 R.D. 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for public security purposes, the details of customers accommodated according to the methods established by the Ministry of the Interior (Decree 7 January 2013). The provision of data is mandatory and does not require consent, and in case of refusal to provide it we will not be able to host you in our structure. The data acquired for this purpose are retained by us in order to allow tax/judicial audits by the appropriate authorities for a maximum period of 10 years;

3. to fulfill current administrative, accounting and tax obligations. For these purposes, the processing is carried out without the need to obtain consent. The data is processed by us and by our representatives, including external ones, and are communicated externally only in compliance with legal obligations. In case of refusal to provide the data necessary for the above-mentioned obligations, we will not be able to provide you with the requested services. The data acquired for these purposes are kept by us for the time required by the respective regulations (10 years, and even longer in the case of tax assessments);

4. to speed up the registration procedures in case of subsequent stays at our facility. For this purpose, upon acquisition of your consent which can be revoked at any time, your data will be kept until revoked upon request for cancellation, and will be used when you become our guest again for the purposes referred to in the previous points;

5. to manage the carrying out of surveys and/or evaluations relating to the quality of the services provided by Vescine srl and/or the perception of its image as a company. This processing does not require consent as it will take place based on the legitimate interest of the person responsible

6. Marketing purposes (optional) Subject to your express authorization, the personal data (pursuant to art. 4 paragraph 1 of EU Regulation 2016/679) provided by you or referable to you during the booking and/or stay phase may be processed for activities of direct "marketing" by sending advertising/promotional material via ordinary mail; emails, text messages, mobile applications or other digital communication channels. The provision of data for the purposes referred to in the previous point 6 is free and optional, therefore all services can still be provided even in the event of your refusal to authorize the processing for the purposes referred to in this point. The legal basis of the processing is represented by your express consent issued by ticking the appropriate consent approval clauses. Personal data pursuant to art. 4comma 1st EU Reg. 2016/679 provided by you or referable to you, will be processed in compliance with the legal indications for a time appropriate to the fulfillment of the purposes indicated in this point, having regard to the principle of balancing the legitimate interests of the owner of the treatment with the rights and freedoms of the customer as an interested party. Your data will be processed according to the timescales established by the provisions of the law, or in the absence of specific rules, your data will be processed until this is necessary for the completion of marketing activities, the data controller company guarantees that data processing will not take place indefinitely. If it is necessary to process the User's data to satisfy a legal obligation or for the execution of the contractual relationship existing between Vescine Srl and the user, the processing will be legitimized as necessary to satisfy these purposes. Regardless of the interested party's determination to remove them, the personal data will in any case be stored according to the terms established by current legislation and/or national regulations, for the exclusive purpose of guaranteeing the specific obligations specific to some Services (by way of example but not exhaustive, Certified Email, Digital Signature, Substitutive Storage). Furthermore, personal data will in any case be kept for the fulfillment of obligations (e.g. tax and accounting) which remain even after the termination of the contract; for these purposes the Data Controller will only retain the data necessary for the relevant pursuit. This is without prejudice to cases in which the rights deriving from the contract and/or registration must be asserted in court, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit. The Data Controller does not transfer personal data to countries in which the GDPR is not applied (non-EU countries) unless specifically indicated otherwise for which, if necessary, consent will be requested. We also wish to inform you that the provision of your data for the treatments referred to in points 1, 2 and 3 is mandatory, and in case of refusal to provide them we will not be able to accommodate you in our facility. If you wish for the treatments referred to in points 4, 5 and 6 to be carried out, you will have to give us your consent. Consent may however be subsequently revoked by objecting to the processing. Below we provide you with further information and clarifications valid for the specified treatments:

– The personal data provided by you or referable to you may be subject to partially or totally automated processing which may be carried out using paper, electronic and/or magnetic.

– Personal data will not be disclosed but may be communicated or may become known to specially trained operators who are part of the staff of the data controller company and/or external parties who collaborate with the company as managers or independent data controllers of the processing such as, by way of example but not limited to:

  • Companies, firms and/or freelancers for personal data processing and management activities;

  • Companies, firms and/or freelancers for consultancy and/or management activities in technical, corporate and IT fields;

  • other subjects to whom communication should be necessary for the correct and complete performance of the contractual relationship and/or to fulfill legislative obligations and/or to pursue the specified purposes.

We also inform you that it is your right to ask the Data Controller company for access to your personal data, rectification, cancellation, limitation of processing, it is also your right to object to the processing of personal data and exercise the right to portability. The rights referred to in this paragraph may be exercised as provided for in the articles. 15,16,17,18,20,21 EU Reg. 2016/679. All rights can be exercised against the data controller company, furthermore you have the right to lodge a complaint with the supervisory authority provided for by the national law in force. For any clarification and to exercise the above rights, you can contact the Data Controller (Vescine Srl) via e-mail at info@vescine.it