deu
Data Controller
S.A.N. HOTELS DI ZORDAN STEFANIA E C. SNC
Via Alcide de Gasperi 13C, 25019 Sirmione (BS), Italy
PEC: sanhotels@unapec.it
VAT: 03973430980
Phone: +39 3348624329
Email address of the Data Controller: direzione@yachtinghotelmistral.com
Types of Data Collected
Among the Personal Data collected by this Application, either independently or through third parties, are: Tracking Tools; Usage Data; IP address; answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, it may be impossible for this Application to provide the Service. In cases where this Application indicates some Data as optional, Users are free to refrain from providing such Data without any consequences on the availability or functionality of the Service.
Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller. Any use of Cookies — or other tracking tools — by this Application or by third-party services used by this Application is intended to provide the Service requested by the User, in addition to the purposes described in this document and in the Cookie Policy. Users are responsible for the Personal Data of third parties obtained, published, or shared through this Application.
Methods and Place of Data Processing
Processing Methods
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. Besides the Data Controller, in some cases, other parties involved in the organization of this Application may have access to the Data (administrative, commercial, marketing, legal personnel, system administrators), as well as external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) who may also be appointed as Data Processors by the Data Controller if necessary. The updated list of Data Processors can always be requested from the Data Controller.
Place
Data is processed at the Data Controller’s operational offices and at any other location where the parties involved in the processing are situated. For more information, contact the Data Controller. User Personal Data may be transferred to a country different from the User’s location. For further information about the place of processing, the User can refer to the section on Personal Data processing details.
Retention Period
Unless otherwise specified in this document, Personal Data is processed and stored for the time required for the purpose for which it was collected and may be kept for a longer period due to legal obligations or based on User consent.
Purpose of Data Processing
User Data is collected to allow the Data Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), identify potential fraudulent or malicious activities, as well as for the following purposes: Statistics and SPAM Protection.
For detailed information on the purposes of processing and the Personal Data processed for each purpose, the User can refer to the section “Details on Personal Data Processing.”
Details on Personal Data Processing
SPAM Protection
This type of service analyzes the traffic of this Application, potentially containing Users’ Personal Data, to filter traffic, messages, and content recognized as SPAM.
Google reCAPTCHA
Google reCAPTCHA is a SPAM protection service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages data processing. The use of reCAPTCHA is subject to Google’s privacy policy and terms of use. For understanding how Google uses data, please consult Google’s partner policies.
Personal Data processed: clicks; Usage Data; keypress events; motion sensor events; touch events; mouse movements; scroll position; answers to questions; Tracking Tools.
Processing location: United States; Ireland.
Category of personal information collected under the CCPA: information regarding internet or other network activity; information derived from other personal information.
Statistics
Google Analytics 4 (Google Ireland Limited)
Google Analytics is a statistical service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected to track and examine the use of this Website, compile reports, and share them with other Google services. Google may use Personal Data to contextualize and personalize advertising within its network. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before data is stored in any data center or server. For more details, see Google’s official documentation.
Personal Data processed: city, Usage Data, browser information, device information, latitude (of the city), longitude (of the city), number of Users, session statistics, and Tracking Tools.
Processing location: Ireland – Privacy Policy – Opt-Out
Retention period:
_ga: 2 years
_ga*: 2 years
Additional Information for Users
Legal Basis for Processing
The Data Controller processes Users’ Personal Data if one of the following conditions applies:
The User has given consent for one or more specific purposes.
Processing is necessary for the execution of a contract with the User and/or pre-contractual measures.
Processing is necessary to comply with a legal obligation to which the Controller is subject.
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Processing is necessary for the legitimate interests pursued by the Controller or by third parties.
It is always possible to request the Data Controller to clarify the specific legal basis for each processing, and whether it is based on law, a contract, or necessary to enter into a contract.
Further Information on Retention Period
Unless otherwise specified, Personal Data is processed and stored for the time required for the purpose for which it was collected and may be kept longer due to legal obligations or consent.
Specifically:
Personal Data collected for contractual purposes will be retained until the contract is fully performed.
Personal Data collected for legitimate interests will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When processing is based on User consent, the Controller may retain Personal Data longer until consent is revoked. Additionally, the Controller may be required to retain Personal Data for a longer period to comply with legal obligations or orders from authorities.
At the end of the retention period, Personal Data will be deleted. Therefore, after this period, the rights of access, deletion, correction, and data portability cannot be exercised.
User Rights under the General Data Protection Regulation (GDPR)
Users can exercise certain rights regarding the Data processed by the Controller.
Specifically, within the limits established by law, Users have the right to:
Withdraw consent at any time.
Object to the processing of their Data when it is carried out on a legal basis other than consent.
Access their Data, obtaining information about the Data processed, specific processing aspects, and a copy of the processed Data.
Verify and request correction. Users can check the accuracy of their Data and request updates or corrections.
Obtain restriction of processing. The Controller will not process the Data for other purposes other than storage.
Obtain deletion or removal of their Personal Data.
Receive their Data or transfer it to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format, and, where technically feasible, to have it transferred to another controller.
Lodge a complaint with the relevant supervisory authority or take legal action.
Users also have the right to information regarding the legal basis for transferring Data abroad, including to international organizations, and the security measures adopted by the Controller to protect their Data.
Details on the Right to Object
When Personal Data is processed in the public interest, in the exercise of public powers, or for legitimate interests of the Controller, Users have the right to object for reasons related to their particular situation. If Personal Data is processed for direct marketing purposes, Users can object at any time, free of charge, and without providing any reason. Once Users object to direct marketing, Personal Data will no longer be processed for these purposes.
How to Exercise Rights
To exercise their rights, Users can send a request to the contact details of the Data Controller provided in this document. The request is free of charge, and the Controller will respond as soon as possible, in any case within one month, providing all the information required by law. Any corrections, deletions, or restrictions of processing will be communicated to all recipients, if any, to whom Personal Data has been transmitted, unless impossible or requiring disproportionate effort. The Controller will provide information on such recipients upon request.