Privacy policy of https://en.ostelloreggioemilia.org and of the Student's Hostel network sites
Describes how we collect, use, process and communicate your data, including personal data, in relation to your access and use of the sites of our Network and any mobile application related to them.
Personal data, such as name, email and telephone numbers, are used only to facilitate the exchange of information between the Traveler and the Manager of tourist facilities, for the sole purpose of allowing an online booking.
In no case will the data be sold to third parties.
When this policy mentions https://en.ostelloreggioemilia.org, or one of the sites of the Network* or Network our sites websites of the network refers to the company BALLARO COOPERATIVE COMPANY (VAT number IT05450820823) which is responsible for your data according to this Privacy Policy (the Data Controller).
The services offered by the Owner are aimed at people of age; over 18 years old. Should the Data Controller become aware of the processing of data of minors under 18 years of age; without a valid consent of the parents or a legal guardian, reserves the right to unilaterally interrupt the use of the service offered, as well as; to delete the acquired data.
DEFINITIONS
In relation to the use of the sites covered by this information, the following categories of users are distinguished:
Traveler User (or traveler): user of the Network sites looking for tourist facilities to book;
User Manager (or also manager): natural persons who manage the accommodation facility to which the website belongs with the aim of advertising them to the public of Traveling Users.
Traveler User can use the search and selection services for rooms and services. For, the booking request, the receipt of information and updates automatically, all Users, both Travelers and Managers, must send an e-mail.
ACCESS TO DATA ABOUT YOU
All the data in our possession are stored only if you send a RESERVATION REQUEST by e-mail or through the forms on the site.
These data (name and surname, e-mail and telephone number, in addition to the data relating to your request) are stored in the management software of the single structure to which the site refers.
At any time you can send an e-mail to amministrazione@ballaro.org specifying the structure in which the request has been made and our staff will provide; to update or delete them, by giving written confirmation by e-mail.
PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
The Data Controller, pursuant to and for the purposes of the Regulation, announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be; based on principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.
PURPOSE, LEGAL BASIS OF THE PROCESSING AND OPTIONALITY; OF THE ASSIGNMENT
- Information you provide us directly.
- Information necessary for the request and subsequent confirmation of the booking: We ask and collect the following personal data: name, surname, e-mail, mobile phone, requests.
- Information necessary for the use of the Payment Services: credit card.
- Information we collect from Third Parties.
https://en.ostelloreggioemilia.org can collect data, including your personal data, that third parties provide about you when they use the https://en.ostelloreggioemilia.org platform and the Payment Services, or obtain information from other sources and combine it with the information we collect through the https://en.ostelloreggioemilia.org Platform and Payment Services. We do not control, supervise, n eacute; we respond for the modalities processing of your personal data by these third parties, therefore any request for information regarding the communication of your personal information must be sent directly to such third parties.
2. HOW WE USE THE DATA WE COLLECT
https://en.ostelloreggioemilia.org uses, stores and processes your data, including personal data, to provide, understand, improve and develop the https://en.ostelloreggioemilia.org Platform, create and maintain a reliable and secure environment and comply with its legal obligations.
2.1 Providing, improving and developing the https://en.ostelloreggioemilia.org Platform.
Allow you to access and use the Platform https://en.ostelloreggioemilia.org.
Provide customer support.
We process the information provided on the basis of legitimate interest in improving our Platform https://en.ostelloreggioemilia.org and the experience of Travelers and Managers, and where necessary to ensure the proper execution of the contract between us and the user.
2.2 Creating and maintaining a smarter environment reliable and safe.
Detect and prevent fraud, spam, abuse, security incidents and other activities; harmful.
Carry out security investigations and risk assessments.
Verify or authenticate the information or identification you have provided (e.g. verify the address of your Accommodation or compare your identification photo with another photo you have provided).
Fulfill our legal obligations.
Ensure the application of our Terms of Service and our other policies.
We process the information provided on the basis of legitimate interest in protecting our https://en.ostelloreggioemilia.org Platform, measuring the proper performance of the contract between us and you and complying with applicable laws.
2.3 Providing, personalizing, evaluating and improving our advertising and our marketing.
Send you promotional messages, marketing information, advertisements and other information that may be of interest to you based on your preferences and social media advertising through social media platforms (such as Facebook or Google).
Personalize, measure and improve our advertising.
We will process your personal data for the purposes listed in this section on the basis of the legitimate interest in carrying out activities; marketing to offer you products or services of your potential interest. You can opt out of receiving marketing communications from us by following the unsubscribe instructions included therein.
2.4 Mode d use of the data collected by the Data Controller of payments.
Allow you to access and use the Payment Services.
Detect and prevent fraud, abuse, security incidents and other activities; harmful.
Carry out security investigations and risk assessment.
Perform checks by cross-comparing databases and other sources of information.
Fulfill our legal obligations (such as anti-money laundering regulations).
Ensure the application of our Terms of Service and other payment policies.
With your consent, to send you promotional messages, marketing information, advertising; and other information that may be of interest to you based on your preferences.
The Data Controller processes the information provided on the basis of the legitimate interest in improving the Payment Services and the experience of its users, as well as where it is necessary to ensure the proper execution of the contract with the user and to comply with applicable laws.
3. SHARING AND COMMUNICATION
3.1 With your consent.
Where you have given your consent, we may share your data, including personal data, as described when we obtained your consent.
3.2 Additional services offered by the Managers of tourist facilities.
Managers may need to use third party services available in order for eacute; assist them in managing the Accommodation or to provide additional services you request, such as, for example, cleaning or access service providers.
3.3 Conformity to the law, I respond to requests from authorities; , prevention and protection of our rights.
https://en.ostelloreggioemilia.org could communicate your data, including personal data, to courts, authorities public authorities, authorities; government or authorized third parties if and to the extent that we are required or authorized to do so by law or if such disclosure is reasonably necessary: (i) to perform our legal duties (ii) to comply with a legal process and to respond to claims made against https://en.ostelloreggioemilia.org, (iii) to find verified requests relating to a criminal investigation or alleged or alleged activity; illicit or to any other activity; liable to expose https://en.ostelloreggioemilia.org, yourself or any of our other users to liability; legal, (iv) to manage and enforce our Terms of Service, Payment Terms or other agreements with Members, (v) to protect rights, property or the personal safety of https://en.ostelloreggioemilia.org, its employees, its Members or the general public.
Where appropriate, we may notify Members of such legal requests, unless: (i) providing such information is prohibited by applicable legal procedure, based on an order received from a court or under the law, or (ii) we believe the notice is unnecessary or ineffective, creates a risk of injury or physical harm to an individual or group of individuals, or creates or increases a risk of property fraud; of https://en.ostelloreggioemilia.org, its Members. In cases where https://en.ostelloreggioemilia.org complies with legal disclosure requests without giving notice to the user for the above reasons, https://en.ostelloreggioemilia.org will look for; to inform the interested user about the request as soon as it determines in good faith that we is no longer prohibited.
3.4 Social network platforms.
Where permitted by applicable law, we may use some of your personal information, such as your email address, to share it with social media platforms, such as Facebook or Google, in order to generate leads and redirect traffic to our websites, promote our products and services or our Platform https://en.ostelloreggioemilia.org. These activities of processing are based on our legitimate interest in carrying out activities; marketing to offer you products or services of your potential interest.
https://en.ostelloreggioemilia.org does not check n eacute; supervise the social media platforms with which your personal data may be shared. Therefore, any questions regarding how your personal data is processed by the social media provider should be directed to the provider in question.
We remind you that at any time you can request https://en.ostelloreggioemilia.org to stop processing your data for marketing purposes, by sending an email to amministrazione@ballaro.org.
3.5 Business operations.
If https://en.ostelloreggioemilia.org undertakes or is involved in any merger, acquisition, reorganization, business transfer or bankruptcy or insolvency proceeding, it may sell, transfer or share some or all your assets, including your data, in connection with or as a consequence of this transaction (e.g. in the due dligence phase). In such cases, you will be notified before your personal data is transferred and becomes subject to a different privacy policy.
3.6 Aggregated data.
We may also share aggregated data (information about our users that we combine together in a way that does not identify or is traceable to a single user) and other anonymous information for compliance; legislation, sector and market analysis, demographic profiling, marketing and advertising; and other purposes; commercial.
MODE OF TREATMENT AND STORAGE OF PERSONAL DATA
The Data Controller ensures that personal data are processed in full compliance with the Regulations, in paper and / or electronic format, also with the aid of automated procedures. The treatment will be able to also be carried out through automated tools designed to store, manage and transmit the data.
The data collected and processed will be protected with physical and logical methods such as to minimize the risks of unauthorized access, dissemination, loss and destruction of data, pursuant to art. 25 and 32 of the Regulation.
The data processing will have; duration not exceeding what is necessary to satisfy the purposes; for which they were collected.
Pursuant to art. 7 paragraph 3 of the Regulations, the interested party will have; the faculty at any time and in a quick and easy way to revoke the consent to the processing and request the cancellation of their personal data, by sending a specific communication to the Data Controller at the address amministrazione@ballaro.org . Following the request for cancellation by the User, all personal data of the same will be deleted or stored in anonymized form (made anonymous and aggregated to allow analysis and statistics), without prejudice to the further conservation required by regulatory obligations.
However, in the event that a User has made or received reservations or reservation requests, in order to allow the correct management of the reservation itself as well as eacute; of the provision of the service, the personal data relating to this User will be deleted or stored in anonymized form (made anonymous and aggregated to allow analysis and statistics) only after 30 days have passed from the date of check-out from the facility where ; spent the stay.
Furthermore, in the event that the User has been recalled, suspended or sanctioned for fraudulent or suspicious behavior, or if a User has requested cancellation after publishing an advertisement, the Owner reserves the right to keep the personal data relating to such User for a period of 2 (two) years from the request for cancellation, in order to prevent the occurrence and / or repetition of any fraud to the detriment of the Data Controller. After this period they will be stored only in anonymized form (made anonymous and aggregated to allow analysis and statistics).
If, on the other hand, the Data Controller does not receive a request for cancellation, the personal data will be kept for a period not exceeding 10 (ten) years, with effect from the date of the last access to Site and / or App by the User. After this period they will be stored only in anonymized form (anonymized and aggregated to allow analysis and statistics).
RECIPIENTS OF PERSONAL DATA
The personal data collected may be processed, as well as by the Data Controller, by subjects or categories of subjects who act as Data Processors pursuant to art. 28 of the Regulation or who are authorized to process data pursuant to art. 29 of the Regulation.
Furthermore, for some services, the data may be disclosed to companies who collaborate or use the services of the Data Controller with the sole intention of providing the services requested by the User. In these cases, the Partners are autonomous owners, therefore the Owner is not; responsible for data processing by the same. Furthermore, the Data Controller is not; responsible for the contents and compliance with the legislation on the protection of personal data by sites not managed by the Data Controller.
In particular, the data provided by the User may be shared by the Owner with the following third parties exclusively to provide the services requested by the User or to comply with other regulatory obligations: </ p >
Service Companies that the Owner uses to manage, on their own behalf, the User's data for purposes such as sending promotional material, sending SMS and notification relating to the services offered by the Data Controller and verification of the correctness of the e-mail address provided during registration.
Payment service providers and financial institutions. The Owner may share some information on the booking (for example the booking confirmation) with the payment service provider or the specific financial institution in specific cases such as fraud detection and prevention. Commercial partners, in particular of the tourism industry, with whom the Owner shares some data of the User exclusively for the purpose of; marketing and with the consent of the User himself.
Apart from the aforementioned hypotheses, personal data will not be communicated except to subjects, entities and Authorities; to which communication is mandatory by virtue of provisions of law or regulation.
TRANSFER OF DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION
The personal data collected through the use of one of the sites of the Network, may be transferred outside the national territory, only and exclusively for the execution of the services requested in compliance of the specific provisions of the Regulations.
Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients takes place in compliance with the Regulations.
COLLECTION OF NAVIGATION DATA
The computer systems and the technical and software procedures underlying the operation of the network sites acquire, during their normal operation, some personal data whose transmission is; implicit in the access and functioning mechanisms and protocols in use on the Internet.
Every time the User connects to one of the sites of the Network and every time he calls or requests a content, the access data are stored in the systems of the Owner, under form of tabular or linear data files.
This category of data includes, for example, the IP addresses, the domain names of the computers used by the Users who connect to the Site and App, the request from the browser of the User, in the form of addresses in URI (Uniform Resource Identifier) notation, the date and time of the request to the server, the method used in submitting the request to the server, the quantity; of data transmitted, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the user's IT environment.
These data may be used by the Owner for the sole purpose of obtaining anonymous statistical information, in order to identify the favorite pages of the Users and therefore provide increasingly more content; adequate and to check their correct functioning. At the request of the Authority, the data could be used to ascertain responsibility. in the event of hypothetical computer crimes against the sites of the Network or its Users.
MOBILE DEVICES
The Site is; optimized for navigation through mobile devices, for which there are special Apps offered by the Owner. These Apps manage the personal data provided by the User with the same modalities; of the Site and, like the Site, allow the User to use geolocation services to search for properties based on location. Subject to the consent of the User, the Owner may send notifications (in push mode) with information on the Reservation. L User has the option; to authorize the Site and the Apps of the Owner to access their position in order to receive the requested service. The Owner invites Users to carefully read the instructions of their mobile devices to change the settings and activate (or disable) the sharing of these data or the receipt of push notifications.
COOKIES AND THIRD PARTY SERVICES
The Websites of the Network use cookies in order to improve navigation, speed up the analysis of Internet traffic and facilitate users access to the services offered by the sites . The User aware that, if you browse the site, you accept the use of cookies.
In our website, third-party components such as Facebook (www.facebook.com) are integrated. If the user logged into Facebook and accesses our site, Facebook detects which internet pages you visit. This information is collected by the Facebook component and associated with the corresponding Facebook account of the user. For example, if the user clicks on a Facebook button integrated into our site (for example: I like), Facebook collects this information and associates it with the user's Facebook account.
Facebook always collects, through the Facebook components integrated into our site, information about visitors to our site when they are logged in on Facebook. If you do not want to allow this collection of information you must log out of Facebook before accessing our site.
You can find more information on the data protection guidelines adopted by Facebook at the following address: https://facebook.com/about/privacy/
Google Analytics
In this site, the Google Analytics component was integrated (with the anonymization function active). Google Analytics collects information on visitor behavior, such as the pages visited, the site from which the user comes (referrer), the ip, the viewing time of the individual pages.
The purpose of Google Analytics is; to analyze the traffic on our site. Google collects and organizes information to provide, among other things, reports that show the activity on our website.
This information is mainly used to optimize the browsing experience of the visitor to our site.
To do this, Google Analytics creates a cookie on the visitor's system in which it stores personal information, such as access time, location; from which access is made, the frequency of visits. At each visit to our site, the information collected is sent to Google in America and there; are stored and managed by Google.
To prevent this collection of information is possible to install a browser plugin that will prevent to Google Analytics to collect information while browsing our site.
you can download the plugin at: https://tools.google.com/dlpage/gaoptout.
In case of system formatting or system reinstallation it will be; You must also reinstall the plugin.
You can find further information on the data protection guidelines adopted by Google at the following addresses: https://policies.google.com/privacy?hl=it, https: //www.google.com/analytics/terms /it.html and https://www.google.com/analytics.
SECURITY
https://en.ostelloreggioemilia.org implements and constantly updates administrative, technical and organizational security measures aimed at protecting your data from unauthorized access by third parties, from destruction or alteration. Some of the security measures we use to protect your information are firewalls, encryption and information access controls.
The Server of https://en.ostelloreggioemilia.org and of the sites of the Network is; located at the INCUBATEC webfarm ( www.server24.eu ), based in EUROPE.
RIGHTS OF THE DATA SUBJECT
Pursuant to art. from 15 to 22 of the Regulations, the User, as an interested party, has the right; to exercise specific rights regarding your personal data. In particular, the interested party has the right to obtain:
1. confirmation of the existence or not of personal data concerning him, even if not yet registered, in a concise, transparent, intelligible and easily accessible form, with simple and clear language;
2. l indication:
to. of the origin of personal data;
b. of the purposes and modalities of treatment;
c. the legitimate interests pursued by the Data Controller or by third parties;
d. of any recipients or any categories of recipients of the personal data;
is. of the owner's possible intention to transfer personal data to a third country or to an international organization;
f. of the retention period of personal data;
g. of the applied logic, as well as the importance and the expected consequences of this treatment for the interested party, in case of treatment carried out with the help of electronic tools in the context of an automatic collection and / or profiling process;
h. the identification details of the Data Controller, of the Managers, of the designated Representative and of the Data Protection Officer (so-called DPO);
the. of the subjects and categories of subjects to whom the personal data may be communicated or who can learn about them in quality designated representative in the State, managers or agents;
3. the possibility; to propose a complaint to an Authority control;
4. updating, rectification or, when interested, integration of data;
5. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those of which it is not; storage is necessary in relation to the purposes for which the data were collected or subsequently processed;
6. the limitation to the processing;
7. portability; of personal data concerning him to another Data Controller;
8. the revocation of the treatment;
9. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves a manifestly disproportionate use of means with respect to the protected right .;
10. l opposition, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even though; relevant to the purpose of the collection.
DATA CONTROLLER AND DATA PROTECTION MANAGER
To exercise the rights in the previous point, the interested party may contact the Data Controller and / or the Data Protection Officer at any time for any communications regarding the processing of their Personal Data, or to know the updated list of any Data Processors appointed by the Company, by sending notice to the contacts below reported:
Società Cooperative Ballarò
Via Niccolò Garzilli n.34
90141 PALERMO
VAT number IT05450820823
E-mail: amministrazione@ballaro.org
The Data Controller and the Data Processor/DPO is Company Administrator Cooperative Ballarò: Massimiliano Lombardo.
Last updated: Thursday 31 December 2020