This statement, pursuant to article 13 of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal (hereinafter the “Regulation”) will explain to the user how the data are collected, the purposes of the data collection and the user’s rights. This document forms an integral part of the data protection statement, available here: https://www.hotelvillaenrica.com/privacy.
WHAT ARE COOKIES?
Cookies are small text files which are sent directly to the user’s terminal (usually the browser) when they visit a website. They are stored and then sent back to the same websites on the same user’s next visit (first-party cookies). Whilst browsing a website, the user’s terminal may also receive cookies from other websites or web servers (third-party cookies); this happens because the website visited may contain elements such as, for example, images, maps, sounds and specific links to websites of other domains which are stored on different servers from the one on which the requested web page is stored. In other words, these are cookies which are imposed by a different website from the one you are currently visiting.
Cookies may be limited to a single session on the browser (session cookies), in which case they are automatically deactivated when the user closes the browser, or they may have a pre-set expiry date, in which case they remain stored and active on the hard disk until the expiry date, continuing to collect information during each separate browser session (persistent cookies).
Cookies are used for a number of different functions. Some are necessary for allowing you to browse the Website and make use of its functionalities (technical cookies). Others are used to obtain statistical information, in an aggregated or individual form, on the number of users who access the Website and how the Website is used (tracking or analytics cookies). Lastly, others are used to track a consumer’s profile and to display adverts on the Website which may be of interest as they match the user’s preferences and purchasing habits (profiling cookies).
To find out more about these different types of cookies, users should continue to read this statement to learn about how they work and what they are used for, to then make a free choice whether or not to permit their use or block them.
The Website uses the following types of technical first-party cookies, the installation of which does not require the user’s consent, although the Controller is required to provide adequate information about them:
(a) Browser or session cookies: crucial for allowing the user to navigate the Website normally and to correctly use the related services; as they are not stored on the user’s computer, they disappear when the browser is closed;
(b) “Functionality” cookies: only used to improve and speed-up browsing of the Website, by remembering certain choices made by the user (e.g. language preferences).
Essentially, they are tools used by the Controller to ensure, among other things, efficient browsing and session stability and remembering user logins and the selected country of access. They are also used to store the choices made by the user about how certain elements are displayed on the page, for example the cookies statement and information banners.
The use of technical cookies and the associated data processing does not require, under the current regulations, the prior consent of the user.
However, the user retains the option of preventing the installation of technical cookies at any time through their browser settings, in the knowledge that such a choice may complicate, slow down and sometimes prevent the use of a Website.
The Controller is only considered to be the controller for the first-party cookies installed on the Website.
It is possible that, whilst a user is browsing a Website, some cookies will be stored on the user’s device which are not directly controlled and managed by the Controller. This happens, for example, when the user visits a page which includes content from a third party’s website.
In this regard, it should be noted that the Controller does not play any role in the processing of the data arising from this type of cookie as the Controller is simply a technical intermediary.
Third-party profiling cookies are used to display targeted adverts on the Website and on other websites. They function on the basis of each user’s individual browsing activity. This type of cookie can also be used by third parties to display their products and services on the Website.
The Website uses some types of third-party analytical cookies through which the following information (by way of an example) is collected:
(a) number of visitors, page views and browsing within the Website;
(b) effectiveness of marketing campaigns based on the source of web traffic;
(c) details on the products viewed and, where applicable, downloaded from the Website.
These cookies, as well as the purposes for which they are used other than for the Website, come under the sole and direct responsibility of the third party which installs them on the user’s terminal. They are used to display adverts to the user which are aligned with their own interests (this is the case for third-party profiling/retargeting cookies).
Should the user not want to receive third-party cookies on their device, they may, at any time, using the link below, access the privacy statements and consent forms of these third parties and block them.
The following table shows all of the cookies on the Website, indicating their specific properties and, in the case of third-party cookies, the links to the respective privacy statements, so that the user can make an informed decision to consent to the use of these cookies or to block or delete them.
HOW TO DISABLE COOKIES?
When first visiting the Website, the user can accept all cookies by clicking on the “OK” button or the “X” (close) button on the banner or on any element of the web page outside of the banner.
However, as the majority of browsers are programmed to automatically accept cookies, the user may choose not to receive them, particularly in the event that the third party in question has not correctly provided the opt-out option, by accessing the browser settings and disabling their use, using the procedures described on the links below:
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
For further information on cookies you can visit the website www.youronlinechoices.com (only for those companies which are registered with this platform) to get more information about how to remove or manage cookies depending on the browser used and configure your preferences for using third-party cookies. https://www.youronlinechoices.com/uk/
Your Online Choices is a website managed by the non-profit association European Interactive Digital Advertising Alliance (EDAA), the English language version is available at www.youronlinechoices.com/uk/ which provides information on behavioural advertising based on profiling cookies (https://www.youronlinechoices.com/uk/about-behavioural-advertising) and allows internet users to easily opt-out of the installation of the main profiling cookies installed by advertisers and used on websites (https://www.youronlinechoices.com/uk/your-ad-choices). Before using this service, we advise users to carefully read the terms and conditions on the Your Online Choices website (https://www.youronlinechoices.com/uk/terms-conditions), frequently asked questions (FAQs) (https://www.youronlinechoices.com/uk/faqs) and the user guide (https://www.youronlinechoices.com/uk/opt-out-help).
To disable analytical cookies and prevent Google Analytics from collecting data from the user’s activity, the user can download the browser add-in to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout.
We will retain the user’s cookies preferences using a specific technical cookie which has the properties specified in the table above.
PROCESSING METHODS AND DATA RETENTION PERIODS
As stated in the introduction to this statement, the Controller collects and processes some of the user’s personal data via the cookies which it transmits directly from the Website (first-party cookies). The Controller is considered to be the controller for these data, in accordance with the provisions of the Regulation. The Controller shall process the user’s data using electronic means only, in a fully automated manner without human intervention. As a result, the Controller’s employees or contractors shall never have access to the content of the user’s personal data obtained via the cookies, which means that they will never be able to access and/or obtain direct Personally Identifiable Information (PII).
Some of the Controller’s employees or contractors, named as authorised individuals, may perform maintenance work on the IT systems which host the user’s personal data, without ever being able to access the actual content. The personal data may be stored on servers managed by third parties (e.g. IT systems suppliers) or may be managed by specialists in online advertising, which act as external processors on the basis of a specific written appointment by the controller. The controller informs users that, in compliance with the prerequisites and guarantees established by the Regulation, the user’s data may be sent to countries which are not part of the European Economic Area (EEA) which may not offer the same level of data and privacy protection as that ensured by Italian and European privacy laws but as controller it shall implement suitable guarantees to ensure the protection and security of the data transmitted.
The user’s personal data will not be disclosed to third-party controllers nor will such data be publicised.
The user’s personal data from the Website will only be stored for the period of time strictly necessary for performing the primary purposes specified in this statement, or as is required for the protection of the rights and interests of the users and the controllers.
To exercise their rights, or to obtain further information or clarifications regarding this Cookies Statement, users may contact the controller using the following methods:
In accordance with the Regulation, the controller informs users that they have the right to obtain the following information (i) the source of the personal data; (ii) the purposes and means of processing; (iii) the logic applied for processing performed using electronic means; (iv) the identity of the controller and the processors; (v) the entities or categories of entities to which the personal data may be disclosed or which may become aware of the said data as processors or authorised parties.
In addition, users have the right to obtain:
a) access to the data, to have it updated or rectified or, when necessary, to have the data completed;
b) the deletion, anonymisation or blocking of data processed in breach of the law, including those data which it is not necessary to retain for the purposes for which the data were collected or subsequently processed;
c) confirmation that the operations in subsections a) and b) have been notified, including in terms of their content, to those people to whom the data have been transmitted or distributed, except where this compliance is impossible or involves the use of means which are manifestly disproportionate in relation to the right protected.
Furthermore, users can withdraw their consent at any time, if the processing is contingent on their consent;
b) (where applicable) the right to data portability (right to receive all personal data relating to the user in a structured, commonly used and machine-readable format), the right to the restriction of the processing of personal data and the right to erasure (“right to be forgotten”);
c) the right to object:
i) in full or in part, for legitimate reasons, to the processing of personal data concerning him or her, even if relevant to the purpose of the collection;
ii) in full or in part, to the processing of personal data concerning him or her for the for the purposes of sending advertising or direct marketing materials or for conducting market research or business communications;
d) if users consider that the processing relating to them is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the member state in which he/she is normally resident, in which he/she works or in which the alleged breach has occurred). The supervisory authority in Italy is the “Garante per la Protezione dei Dati Personali”, based in Rome (http://www.garanteprivacy.it/).
The controller is not responsible for updating all of the links contained in this Cookies Statement, therefore whenever a link is broken and/or updated, Users acknowledge and accept that they should always refer to the document and/or section of the websites referenced by the said links.
By continuing to use the website https://www.hotelvillaenrica.com/, the user accepts the installation of cookies.