Palazzo della Spiaggia privacy policy

This privacy policy (“Privacy Policy”) is provided pursuant to EU Regulation 679/2016, Legislative Decree 196/2003 (and subsequent amendments), and other applicable provisions and measures regarding the protection of personal data. It informs you of the processing of personal data provided by completing the booking form on the website https://www.palazzodellaspiaggia.com/ (“Website”), via the Spiagge.it widget.
This policy applies exclusively to bookings made through the Website and not to other websites that may be accessed via links.

DATA CONTROLLER
The data controller is Ambrosiano di Ricci Rita & C. sas Lungomare Roma, 115, 55045 loc. Focette, Marina di Pietrasanta (LU) P.IVA: 00435840467 REA. [email protected]

CATEGORY OF DATA PROCESSED
The personal data collected through the online booking form are as follows:

  • personal data (such as name and surname);
  • contact information (such as email and telephone number).

PURPOSE OF PROCESSING
The personal data provided through the online booking form is acquired and processed for the following purposes:

  • providing the requested service, i.e., allowing you to book at our establishment and sending you service communications regarding booking confirmations, changes, reminders, and cancellations (“Service Provision”);
  • requesting reviews and collecting feedback on booked services (“Customer Satisfaction”);
  • fulfilling obligations under laws, regulations, and EU legislation (“Fulfillment of Legal Obligations”);
  • preventing or identifying any abuse or fraudulent activity detrimental to our establishment and thus allowing us to defend ourselves, including in court (“Defense”).
  • sending you marketing communications via email regarding products and services similar to those you have purchased (“Soft Spam”).

LEGAL BASIS AND NATURE OF PROCESSING
The legal basis for the Service Provision purpose is the implementation of pre-contractual or contractual measures requested by you. It is not mandatory to provide us with personal data for this purpose, but failure to do so will prevent us from providing the requested service.
Processing for the Fulfillment of Legal Obligations purpose is necessary to fulfill any legal obligations.
The legal basis for the Customer Satisfaction purpose is our establishment’s legitimate interest in requesting and collecting feedback and the level of appreciation for the booked services.

Similarly, the legal basis for the Soft Spam purpose is our establishment’s legitimate interest in sending you marketing communications via email regarding products and services similar to those you have already purchased. You can unsubscribe from these communications, without any consequences for you, by using the link at the bottom of each of these emails.
Processing for the Defense purpose is also based on our establishment’s legitimate interest in identifying and preventing any fraudulent activity or abuse in the use of the booking form or the Website, and therefore protecting itself, including in court.

DISCLOSURE OF PERSONAL DATA
In order to provide its services, our establishment will share the personal data provided for online bookings with Spiagge S.r.l. (VAT No./Tax Code 0453664040; registered office at Via Marecchiese 48, 47923 Rimini), owner of the SaaS platform that allows users to make bookings via the Website.
Your Personal Data may also be shared with: i) third parties used by our establishment to provide services on its behalf; ii) persons authorized by our establishment to process the personal data necessary for the performance of activities strictly related to the provision of the service (such as our employees); iii) public, judicial, or police authorities.

DATA PROCESSING METHODS AND TRANSFER OF PERSONAL DATA
Personal data processing is carried out – in compliance with applicable legislation – including with the aid of IT tools.
The Data Controller has adopted technical solutions and security measures that guarantee the security of personal data and prevent their alteration, loss, incorrect processing, or unauthorized access.

DURATION OF PROCESSING AND RETENTION
The data provided will be processed and retained for the period strictly necessary to achieve the purposes stated above. This does not affect the possibility of retention for a longer period in response to requests from public authorities or to meet the needs of exercising the right of defense in the event of a dispute.
Personal data processed for Soft Spam will be retained until you object to such processing by using the link at the bottom of each Soft Spam email.

RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 15 et seq. of the GDPR, you may exercise the following rights:

  • obtain from the data controller confirmation as to whether or not personal data concerning you is being processed and to know the source, purpose, categories of data processed, the recipients to whom the personal data has been or will be disclosed, including those abroad, and the retention period;
  • obtain, without undue delay, the rectification or integration of inaccurate data;
  • obtain the erasure of your data without undue delay pursuant to Art. 17 of the GDPR;
  • obtain restriction of processing where the accuracy of the data is contested or the processing is unlawful, pursuant to Art. 18 of the GDPR;
  • obtain data portability by receiving the data in a structured format;
  • object to processing pursuant to Art. 21 of the GDPR.

You may exercise the aforementioned rights by writing to [email protected].
In any case, you always have the right to lodge a complaint with the Italian Data Protection Authority, pursuant to Art. 77 of the GDPR, if you believe that the processing of your personal data violates applicable law.