privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF INDIVIDUALS

This document is drawn up in compliance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27-04-2016, relating to the protection of individuals with regard to the processing of personal data, implemented in Italy as a result of Legislative Decree 101/2018, issued following LD 163/2017, as well as subsequent amendments and i. .

I Tre Bacili S.r.l. (hereinafter Tre Bacili, Organization), as Data Controller (hereinafter also Data Controller), has as its main objective the compliance with the applicable regulations on the protection of personal data and, for this reason, ensures the necessary formalities for its correct adaptation to the Regulation (EU) 2016/679 on the subject (hereinafter also GDPR).

PURPOSE OF DATA PROCESSING

The processing of personal data c.d. municipalities (previously and later data) is aimed solely at the execution:

of the tourist accommodation services which the Guest has requested and adhered to, or the execution of the pre-contractual measures adopted or of the contract of which the Data Subject (The Resident or the Guest) is a party
the stay, or the use of badges for access control in the common areas and in the room assigned to the interested party
of the daily communication to the local competent police headquarters of the interested party and its so-called generality
of daily and periodic statistics to measure the satisfaction and understanding of the current and potential needs of the interested party, with the aim of improving the offers of tourist accommodation services
of video surveillance for the protection of property, as well as for the protection and safety of the interested parties
sending information on informative tourist accommodation services
the publication of audio and video recordings of a public nature
access to Wi-Fi, navigation on the site of the owner and third parties, as well as the use of third-party plugins.

The Organization does not provide for the processing of particular categories of personal data (so-called sensitive).

For point 1 see also the following § "Contact form management".

For point 2 see also the following § "Access control management".

For point 5 see also the following § "Video surveillance management".

For point 8 see also the following § "Wi-Fi management, cookies and plugins".

METHOD OF DATA PROCESSING

The treatment is carried out through operations, carried out with or without the aid of electronic tools, consisting in the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, blocking, communication, cancellation and destruction of data. The processing is carried out by the Data Controller and by the persons in charge expressly authorized by the Data Controller.

Il Titolare non trattiene originale del documento di riconoscimento dell'Interessato.

The Data Controller does not keep the original of the identification document of the interested party. The data will be processed by internal or external staff of the Data Controller in charge of pursuing the activities in § "Purpose of data processing". These resources have been designated as external persons in charge of processing and have received adequate operating instructions in this regard.

LEGAL BASIS OF DATA PROCESSING

The legal basis that legally authorizes the Data Controller to process data in the activities in § "Purpose of data processing" is for:

Points 1, 2, 3, 4 and 5, Community legislation and / or regulation, national legislation, or the obligations that the Owner himself has to fulfill the application of the Shengen agreement and in the field of tourist accommodation services , public safety, control and alarm for the safety of the interested party in the swimmers area
Points 6, 7 and 8, are the legitimate interest of the Owner to promote the offers of tourist accommodation services.

The legal basis is collected in the Register of treatments, available for consultation at the headquarters of the Data Controller.

CONSENT, CONFERRAL OR REFUSAL OF DATA PROCESSING

The provision of data is essential for carrying out the activities referred to in Points 1, 2, 3, 4 and 5 of the § "Purpose of data processing"; for them, the processing is lawful for the aforementioned obligations to which the Data Controller is subject. The Data Controller asks the interested party for consent as evidence of information and that the same freely lends it.

Any lack of consent and refusal of the interested party to the processing of data for the activities referred to in Points 2 and 5 of the § "Purpose of data processing", makes it impossible for the interested party to access the operational headquarters of the Data Controller in a lawful manner.

Any lack of consent and refusal of the interested party to the processing of data for the activities referred to in Points 6, 7 and 8 of the § "Purpose of data processing", makes it impossible for the Data Controller to carry out the aforementioned Points.

COMMUNICATION OF DATA

The data may only be disclosed to the persons in charge of the processing and may be communicated, for the activities referred to in § "Purpose of the data processing", to public or private authorities or control bodies, external collaborators, domiciliary holders, counterparties and their defenders , to any arbitrators and, in general, to all subjects whose communication is necessary for the correct performance of the requested service and to fulfill the activity of the aforementioned §.

TRANSFER OF DATA ABROAD

The data may be transferred to countries of the European Union or to third countries with respect to those of the European Union or to an international organization, to carry out the activity referred to in § "Purpose of data processing".

It will be communicated to the interested party whether or not there is an adequacy decision of the European Union.

DATA STORAGE

The data are kept for the minimum period required by current legislation referred to in § "Legal basis of data processing" and no longer than that necessary to fulfill the obligations or activities referred to in § "Purpose of data processing".

RIGHTS OF THE INTERESTED PARTY

The interested party has the right to exercise the:

Right of access, to know which data are processed and all information relating to the processing
Right of rectification, to be able to request the modification of data, as inaccurate, incomplete or obsolete, without undue delay, also by providing a supplementary declaration
Right to portability, to obtain a copy of the data that are processed, in a structured format, commonly used and readable by an automatic device, in order to facilitate a possible transfer of data to a Data Controller other than the Organization
Right to limit the processing, to be able to limit the processing of data, provided that one of the hypotheses provided for by the applicable regulations occurs
Right to be forgotten, to request the deletion of data, without undue delay, provided that one of the hypotheses provided for by the applicable regulations occurs
Right to object, to request the termination of data processing (eg: termination of commercial communications)
Right to lodge a complaint with the supervisory authority, to promote any reports, complaints or appeals to the Guarantor for the Protection of Personal Data

CONTACT FORM MANAGEMENT

Data Controller, as far as not expressed here, refers to the relative section for the management of the Contact Form.

MANAGEMENT OF ACCESS CONTROL

Data Controller, as far as not expressed here, refers to the relative section for the management of Access Control.

MANAGE VIDEO SORVEILLANCE

Data Controller, for as long as not expressed here and for as much as indicated by information signs installed at the operative headquarters, refers to the relative section for the Image Management.

MANAGE Wi-Fi, COOKIE AND PLUGIN

Data Controller, for as long as not expressed here refers to the relative section for the section for WiFi, Cookie and Social Network Plugin Management.

DATA CONTROLLER

The Data Controller is I Tre Bacili S.r.l., with registered office in Via Francesco de Mura 40, I-73100 Lecce (LE) and with operational headquarters in Via Congregazione, 31, 25 and 50, I-73039 Spongano (LE).

CONTACT FORM

This site has installed an IT contact form with which the User can request information from the Data Controller regarding the services offered. With the compilation of the same, the interested party provides and the Data Controller collects with the Application personal data such as name, surname, e-mail, cookies (see also following § Cookies) usage data.

The treatment is consistent with what is expressed in the aforementioned information.

ACCESS CONTROL

The Data Controller, in its operational headquarters in Via Congregazione, 31, 25 and 50, I-73039 Spongano (LE), has installed, activated and maintains an integrated system of software and electronic equipment and badges, bracelets, mobile-keys or tags ( previously and later also and only badges) to carry out an access control activity on the controlled gates.

The data collected includes name, surname and identification code associated with the room assigned during the stay, that is to say, the information is processed for the generation and activation of the access keys and for the recognition of the Guest during transit through the controlled gates.

The aforementioned processing can be carried out manually and / or through automated methods designed to store, process and transmit them, keep them for as long as necessary to pursue their purposes (and in any case no later than 13 months) and takes place through appropriate technical and organizational measures.

VIDEO SURVEILLANCE

Purpose of the images

The Data Controller, in its operational headquarters in Via Congregazione, 31, 25 and 50, I-73039 Spongano (LE), has installed, activated and maintains an integrated system of video intercoms and video surveillance (hereinafter equipment/s) for the purpose of protect company assets, property assets and people hosted in common areas, or to prevent illegal or fraudulent behavior.

The equipment is aimed at shooting, with or without image recording, areas outside the buildings and parking areas (perimeter, common areas such as gardens, courtyards, terraces, etc., as well as emergency exits), but not the interiors guest rooms or staff workstations.

Among the equipment we point the camera oriented to the pool of water with specific function of alternative control and alarm system able to guarantee the safety of bathers.

Legal basis for image processing

The processing of images is lawful as it is functional to the protection of property, respecting the legal obligations and the provisions of the Guarantor and, specifically, the General Provision of 08-04-2010 and subsequent amendments.

The activity in question is carried out in the so-called principle of proportionality of shooting methods with fixed cameras with varifocal optics equipped with optical zoom and location along the perimeter of the buildings and in the common areas inside them (e.g. areas outside the buildings and parking areas), as well as the treatment of images not exceeding the aforementioned purposes.

The integrated video intercom and video surveillance system in question is not subject to preliminary verification or notification to the competent Authorities on the subject, as the images are exclusively consistent with the aforementioned purposes and are treated temporarily.

Information to the interested party about the processing of images

Persons hosted in the aforementioned operational headquarters (for overnight stays or for the administration of food and drinks) or passing through the aforementioned outdoor parking areas are informed that they are about to access video-monitored areas by means of one or more information signs placed before the range of action or in the immediate vicinity of the equipment.

The Data Controller and the officers are trained and can also provide this information verbally to anyone who requests it.

The integrated system of video intercoms and video surveillance in question, if connected to the police forces, is made known to the interested party through the aforementioned information signs.

Integrated system management

The operational headquarters are protected by an anti-intrusion and access control system.

The hardware equipment and programming software are stored in cabinets suitable for the purpose and protected by electronic keys.

The equipment is installed at adequate heights in order to be sufficiently preserved from vandalism, suitable and protected from atmospheric agents and are not designed to display or store images.

The equipment and hardware devices are connected by cable (generally underground or inside the walls) and not by wireless connections (eg: Wi-Fi, Gprs).

The terminals and portable devices equipped with screens for viewing images are protected by suitable access systems (i.e. authentication credentials).

Image processing

The processing of images is carried out in such a way as to limit the angle of view to the area actually to be protected, avoiding / hiding, as far as possible, the shooting of surrounding places and details that are not relevant to the aforementioned purposes.

The transmission of images from the shooting points to the equipment takes place via cable and not for wireless connections (eg: Wi-Fi, Gprs).

The images are never taken and recorded by associating them with the personal data of the interested party.

The images are:

collected and accessible at the time of use only in the case of video intercom, to open or not the entrance doors or gates to buildings and parking areas
collected, accessible and stored in the case of cameras, with the aim of preventing their destruction, loss (even accidental), etc.
collected, accessible and stored in the aforementioned hardware devices, with the aim of preventing their destruction, loss (even accidental), etc.
constantly visible on the aforementioned screens
protected by suitable access systems (or authentication credentials)
protected from unauthorized processing (ie cryptography)
stored with these limits:
- 24 hours after shooting from the cameras
- or over 24 hours on the occasion of holidays or periods of closure, or in case of need (eg: following the detection of illegal or fraudulent behavior), but in any case below one week period,
- or according to the provisions of the judicial authorities or the police forces, firefighters, etc. .

After the aforementioned time limits, the images are automatically and completely deleted, without the possibility of being able to be recovered or reused.

The images can be visible, transmitted and / or made available to the police.

Responsible and in charge of the treatment

All the personnel involved in the management of the equipment have their own authentication credentials (user id and password dedicated to the Data Controller, to the internal and external Appointees) and who, depending on the assigned tasks, can carry out the operations within their competence.

Responsible
As far as equipment is concerned, he can turn the entire integrated system on or off, but not change the settings except for the exclusion of equipment that is not functioning properly which could make the remaining part of the integrated system ineffective.
As for the images, he can view them, in synchrony with the shooting and on a delayed basis, but he cannot delete or duplicate them.

Responsible for the reception
As regards the equipment, he can carry out any operation, except for authorization and qualification registered by the Manager.
As for the images, he can view them, only in synchrony with the shooting, but he cannot carry out operations of deletion and duplication of the images.

As regards the equipment, he can carry out, on site or from the service center, all the installation operations, ordinary or extraordinary maintenance on the entire integrated system, including switching on, setting (e.g .: shifting the viewing angle, change the zoom), the initial and subsequent testing, and shutdown.
As regards the images, in addition to what is strictly necessary in the aforementioned phases and only in synchronicity with the shooting in the absence of any interested parties, he can access the images in the presence on site or remotely of subjects with authentication credentials enabled to view the Images.

Wi-Fi

The operational headquarters is equipped, for organizational and courtesy reasons, with a network reserved for the Owner and a network dedicated to people hosted or passing through.

The first network is private and not visible. It can only be reached via dedicated access, classified according to the degree of protection required and authentication credentials are required.

The network dedicated to people hosted or passing through, in accordance with the indications of the Fipe (Italian Federation of Public Concerns) and the Guarantor regarding the free Wi-Fi connection in public establishments and orientation towards smart cities, is, in fact, free. In fact, in this case, the Data Controller is not considered to be jointly responsible for the activities carried out by them.

COOKIE

General terms

This site uses cookies, text files that are recorded on the terminal of the interested party (previously or later User or Visitor) or that allow access to information on the terminal of the same. Cookies allow information on the preferences of the interested parties to be stored, they are used in order to verify the correct functioning of the site and to improve its functionality by customizing the content of the pages based on the type of browser used, or to simplify navigation by automating procedures (eg .: login, site language) and, finally, for the analysis of the use of the site by the interested parties.

This site uses the following categories of cookies:

technical cookies, they are used for:
- carry out the transmission of an electronic communication
- ensure the correct display of the site and navigation within it
- to distinguish between the various interested parties connected in order to provide a service requested to the right interested party (Login) and for site security reasons

(some of these cookies are deleted when the browser is closed (session cookies), others have a longer duration (eg: cookie necessary for storing the consent of the interested party in relation to the use of cookies, which lasts 1 year) and for which does not require consent)

analysis cookies, they are:
- used to collect information, in aggregate form, on the number of interested parties and on how they visit the site
- similar to technical cookies if the service is anonymized
profiling and marketing cookies, they are used exclusively by third parties other than the owner of this site to collect information on the behavior of the interested parties while browsing, on interests and consumption habits, also in order to provide personalized advertising.

Enable cookies

By pressing "OK" on the banner present at the first access to the site or by browsing the site, the User expressly consents the use of cookies and similar technologies and, in particular, to the registration of these cookies on his terminal for the purposes indicated above, as well as access via cookies to information on your terminal.

Disabling cookies

The User can refuse the use of cookies and at any time can revoke a consent already provided. Since cookies are connected to the browser used, they can be disabled directly from the browser (refusing / revoking consent to the use of cookies) or via the banner at the bottom of the page.

Disabling cookies may prevent the correct use of some functions of the site itself or of third-party services (see following §). In particular, they may not be accessible and, therefore, viewable:

the maps of Google Maps
YouTube videos or other video sharing services
the buttons of social networks

Instructions for disabling cookies can be found on the following web pages:

Mozilla Firefox - Microsoft Internet Explorer - Microsoft Edge - Google Chrome - Opera - Apple Safari

Third party cookies

This site is also an intermediary for third-party cookies (such as buttons for social networks), used to provide additional services and features to the interested parties and to simplify the use of the site itself or to provide personalized advertising. This site has no control over their cookies (managed entirely by them) and does not have access to the information collected through these cookies. Information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by the third parties on the pages indicated below.

Generally, the tracking of the User does not involve identification of the same, unless the interested party is already registered for the service and is not already logged in, in which case it is understood that the User has already expressed his consent directly to the third party when registering for the relevant service (eg: Facebook, Instagram, LinkedIn).

Application Hosting and backend infrastructure - The data hosted by the Application are necessary for its correct functioning.

For information on the use of data and their treatment by the third party in question, it is recommended to read its information and its methods of use of data when using the site of the owner.

This site uses cookies from Google Ireland ltd (data processor).

Google Maps or Analytics - the collected data are browser identifier, date and time of interaction with the site, page of origin, IP address, geographical position.

Collected data:

they are used to analyze the use of the site by Users, compile reports on site activity and User behavior, check how often Users visit the site, how the site is tracked down and which pages are visited most frequently, provide the indications of places and merchants, etc.
are combined with information collected from other sites in order to create a comparative picture of the use of the site compared to other sites of the same category
do not allow the personal identification of Users and are not crossed with other information relating to the same person
are treated in aggregate form and anonymised (truncated to the last octet).

On the basis of a specific agreement (DPA), Google is prohibited from crossing such data with those obtained from other services.

The User can selectively disable (opt-out) the collection of data by Google Analytics by installing the appropriate component provided by Google on their browser (opt out).

For information on the use of data and their treatment by the third party in question, it is recommended to read its information and its methods of use of data when using partner sites or apps, as well as for its cookies.

The place of data processing is the European Union since the anonymization of the service is active.

YouTube - Platform for sharing videos.

Cookies are set when accessing the page containing the embed and when the video is started, and do not allow the identification of the User unless he is already logged into the Google profile.

For the videos on the site, the "advanced privacy (no cookie)" option has been activated which ensures that YouTube does not store information about visitors unless they voluntarily reproduce the video.

The data collected are the number and behavior of users of the service, the IP address, preferences on video viewing, information that links visits to the site to the Google account (for users already logged in).

The place of data processing is the USA.

Social Network Plugin

This site uses buttons (and / or plugins) of Google Ireland ltd (data processor) - Facebook, Instagram

This site uses buttons (and / or plugins) of Microsoft Corporation (data controller) - LinkedIn.

This site incorporates third-party plugins also in order to allow easy sharing of content on the user's favorite social networks. When you visit a page of this site that contains a plugin, the Visitor's browser connects directly to the servers of the social network from which the plugin is loaded, which server can track the visit to this website and, if necessary, associate it to the account, in particular if you are logged in at the time of your visit or if you have recently browsed one of the websites containing plugins.

The User who does not want the social network to record the data relating to his visit to this site, must log out of his account and, probably, delete the cookies that the social network has installed in the Visitor's browser.

This site has installed plugins with advanced privacy protection functions for Users, which do not send cookies or access cookies on the User's browser when the page is opened, but only after clicking on the plugin.

For information on the use of data and their processing by the specific third party, it is recommended to read its information and its methods of use of data when using partner sites or apps, as well as for its plugins.

salento holidays vacation italy spongano rooms hotel b&b hospitality tre bacili