Under the terms of art. 13 Italian Legislative Decree No. 196/2003 (hereafter ‘Privacy Code’) and art. 13 EU Regulation No. 2016/679 (hereafter GDPR),
Terme Internazionale Viale Mazzini, 5 - 35031 Abano Terme - Montegrotto Terme Euganee (PD) - Italy
(hereafter ‘Data Controller’) wishes to provide you with the following information:
1. SUBJECT MATTER AND SCOPE OF APPLICATION.
Personal data that may be collected are the following:
personal data provided to receive a specific service (e.g. name and contact details);
browsing data (e.g. IP address, location – country -, information on pages visited by the user within the website, access time on the website, navigation time on each page, clickstream analysis. While the Company does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information or by using other information collected);
2. PURPOSE OF PROCESSING.
Your data will be processed:
A. Without express consent (art. 24 a, b, c Privacy Code and art. 6 b and e GDPR) for the following purposes:
- to provide information requested;
- to enter into the data controller’s service contracts;
- to fulfil pre-contractual, contractual and fiscal obligations deriving from the business relationships entered into;
- to fulfil obligations required by law, rules, EU regulations or authorities (e.g. anti-money laundering);
- to exercise the data controller’s rights (e.g. the right to legal defence in the event of non-fulfilment of contractual obligations);
- to prevent or reveal fraud or infringements that could damage the website.
B. Only with declared consent (arts. 23 and 130 Privacy Code and art. 7 GDPR) for information and marketing purposes:
- to allow registration or request on the website;
- to allow subscription to the data controller’s newsletter and any other services required;
- to email newsletters, sales information and/or advertising material about the data controller’s products or services and to survey the degree of satisfaction regarding quality of services;
In any case, you may at any time revoke your consent to the processing described at B. above by simply sending an e-mail to the address given in clause 10.
Please be notified that if you are already one of our customers we may send commercial communications relating to the data controller’s services and products similar to those you have already used, subject to your dissenting (art. 130, clause 4 Privacy Code).
If the data controller intends to process your data for purposes different from those described in this paragraph, you will be informed in advance.
3. DATA CONTROLLER’S LEGITIMATE INTERESTS.
These comprise observance of the contractual obligations entered into by the parties. Under the terms of art. 6 GDPR processing is lawful when consented to by the party involved.
4. ACCESS TO DATA AND THEIR COMMUNICATION.
Access may be granted for the purposes described in clause 2:
A. to the data controller’s employees and associates in charge of and/or responsible for in-house data processing and/or system managers;
B. to third parties (banks, couriers, external professionals and consultants (e.g. tax consultants) for the sole purpose of protecting credit and managing individual business relationships) who perform outsourced operations on behalf of the data controller as independent external operators or processors nominated by the data controller.
Without your express consent (art. 24 a), b), d), Privacy Code and art. 6 b) and c) GDPR) the data controller may communicate your data for the purposes described in clause 2 A. to watchdog bodies, judicial authorities and all other subjects which by law require such communication in order to achieve the purposes in question. Such subjects will hold data as independent data controllers.
Your data will not be disseminated.
Data will be managed and stored on servers (located within the European Union) used by the data controller and/or third parties duly appointed as data processors. The data will not be transferred outside the European Union.
5. OPTIONAL / COMPULSORY DATA PROVISION.
Providing data for the purposes described in clause 2. A. is compulsory in as far as it is required by legal and contractual obligations. Refusal to provide data or failure to authorise their processing will preclude the data controller from entering into contractual relationships (the subject involved will not receive a service, contractual non-fulfilment and due liability, non-fulfilment of legal obligations and due legal sanctions, etc.). Providing data for the purposes described in clause 2. B. is optional and failure to provide them or to authorise their processing will preclude sending newsletters, commercial communications and/or advertising materials regarding the data controller’s products and services and surveying the degree of satisfaction regarding the quality of
6. DATA STORAGE TIMES.
Subject to the five or ten year terms for storing documents containing data regarding civil, accounting and tax matters, as foreseen by current legislation, any other data will be stored for five years after the business relationship ceases, unless you withdraw your consent or require us to erase your data.
7. DATA SUBJECT’S RIGHTS.
Subject to cases involving legal obligations, public interest or public authorities, you have the right at any time to revoke your consent, without compromising the lawfulness of processing based on consent before its withdrawal. Art. 7 of the Privacy Code and art. 15 of the GDPR grant you specific rights, which include that of obtaining confirmation as to whether or not personal data concerning you exist, communication of such data in intelligible form; the right to be informed of the source of the data, the purposes and methods of processing, the logic applied to the processing, identification concerning data controllers and the subjects to which the data may be communicated; the right to obtain updating, rectification or integration of the data, their erasure, anonymisation or blocking of unlawfully processed data; the right to object on legitimate grounds to the processing of data concerning you.
The GDPR grants you the following rights: data erasure (art. 17), restriction of processing (art. 18), data portability (art. 20) and in the case of automated processes (profiling), processing by the data controller’s human intervention (art. 22).
These rights can be exercised in any way and without charge.
8. RESPONSE TIME.
If you request information about your data the data controller shall respond promptly – unless this proves impossible or involves a manifestly disproportionate effort compared with the right to be protected – and in any case no later than 30 days from the request. The data controller will justify any inability to meet the request, or delay in doing so.
If you consider that any of your rights listed in clause 7 have been violated you may file a complaint with the Garante (using the procedures and instructions published on the Authority’s website www.garanteprivacy.it) or lodge an administrative or judicial appeal.
10. DATA CONTROLLER.
The data controller is Terme Internazionale Viale Mazzini, 5 - 35031 Abano Terme - Montegrotto Terme Euganee (PD) - Italy, which can be contacted for requests, enquiries or information, including exercising your rights as described in clause 7.