ABA VILLAGE
WEB PRIVACY PROTECTION POLICY
Guest Informations
WHY THIS NOTICE
This page describes the methods of managing the site with reference to the processing of personal data of users who consult it.
This information is also provided in accordance with Article 13 of the EU Regulation 2016/679 on the protection of personal data for those who interact with the web services of www.abavillage.it electronically;
The information is provided only for the above-mentioned sites and not for other websites that may be consulted by the user through links.
The information also follows Recommendation no. 2/2001 which the European authorities for the protection of personal data, gathered in the Group established by Art. 29 of Directive No. 95/46/EC, adopted on May 17, 2001, to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing, and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purposes of the connection.
Identity of the Data Controller.
Data Controller: Sangallo Tourist srls sole proprietorship, via Senese, 76 Poggibonsi, VAT number 01509830525, email: sangallotourist@pec.it, hereinafter also referred to as “The Company”, contactable via email: info@abavillage.it.
Please note that this Information does not apply to the processing of personal information on behalf of third-party companies and subject to third-party instructions, such as airlines, car rental companies, and other service providers, companies that organize or offer travel packages, business partners, or corporate clients. The processing is always based on principles of legality and fairness in compliance with all current regulations and appropriate security measures are adopted to protect the data.
All hotels managed by our Group are required to respect our privacy protection policies.
Purpose of Personal Data Processing
Data is processed for technical navigation issues as further specified in the section “Types of Processed Data.” The personal data requested in any contact forms or similar systems is governed by a specific privacy notice.
Luogo di Trattamento dei Dati
I trattamenti connessi ai servizi web di questo sito hanno luogo presso la sede del Titolare e le sue sedi secondarie e sono curati solo da personale tecnico dell’Ufficio incaricato del trattamento.
Categories of Data Processed
Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, data on web contacts currently do not persist for more than seven days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. In addition to these data, the Data Controller processes personal data obtained by filling in the forms and services active on the site and in particular for:
- Management of sending the requested information via the appropriate form or contact form. Legal basis of this processing is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures upon request of the same (art. 6, c. 1 letter b) Reg. Ue 679/2016. The provision is optional but otherwise it will not be possible to proceed with the management of the request for information.
- Respond to your requests for information via the chat channel or the WhatsApp chat service or by contacting the interested party at the contact details provided (telephone number or e-mail). Legal basis of this processing is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures upon request of the same (art. 6, c. 1 letter b) Reg. Ue 679/2016. The provision is optional but otherwise it will not be possible to proceed with the management of the request for information. The chat service via WhatsApp obviously presupposes the acquisition of your mobile number and the data that will be provided during the exchange of messages with the operator. The chats will be minimized and will not be disclosed to third parties and kept only for the time necessary to fulfill the purpose for which they were collected and in any case no later than 90 days from the date of conferment, for legal proof purposes.
- Management of the booking and “pre-check in” process via the site. Data processed are those provided for in the “booking” form for the booking holder (name, surname, arrival date, booking number, gender, date and place of birth, province of residence, citizenship, data relating to the identity document, residence address, telephone number and email, credit card number to block the rate and confirm the booking or for immediate payment if this is requested as an offer) and those of any guests (name, surname, gender, date and place of birth, possibly data relating to the respective identity documents). Legal basis of this processing is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures upon request of the same (art. 6, c. 1 letter b) Reg. Ue 679/2016. The provision is optional but otherwise it will not be possible to proceed with the management of the request.
- Sending promotional and marketing communications, including sending newsletters and market research through automated tools (SMS, MMS, email, push notifications) and non-automated tools (paper mail, telephone with operator). It is specified that the owner collects a single consent for the marketing purposes covered here pursuant to the General Provision of the Guarantor for the Protection of Personal Data “Guidelines on promotional activities and combating spam” of 4 July 2013; if in any case you wish to oppose the processing of your data for marketing purposes carried out with the means indicated here as well as revoke the consent given; you may do so at any time by contacting the owner at the contact details indicated in this information without prejudice to the lawfulness of the processing based on the consent given before the revocation. The legal basis for the processing of your data for the aforementioned purpose is the expression of consent by the interested party to the processing of their personal data for the purpose specified above pursuant to article 6.1 letter a of the regulation. The interested party can always revoke consent for the purposes indicated above by writing to info@abavillage.it.
- For booking services via telephone or chat: personal data, such as name, address, email, telephone number, nationality, passport/identity card/driving license number and date and place of issue; travel history; payment information, such as your payment card number, bank details and other card information, and other billing and account details relating to electronic invoicing. Legal basis of this processing is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures upon request of the same (art. 6, c. 1 letter b) Reg. Ue 679/2016. The provision is optional but otherwise it will not be possible to proceed with the management of the booking.
- For accounting, administrative and tax services. Legal basis of the processing is to fulfill legal obligations pursuant to art. 6 c.1. lett. c GDPR.
- To speed up the registration procedures in the event of your subsequent stays at our facilities. Legal basis of this processing is the execution of a contract of which the interested party is a party or the execution of pre-contractual measures upon request of the same (art. 6, c. 1 letter b) Reg. Ue 679/2016. The provision is optional but otherwise it will not be possible to proceed with the management of the case.
- To offer you services suited to your personal preferences and problems such as motor difficulties or allergies; data which where imply unequivocal consent to processing for the purpose of enjoying our hotel and accommodation services.
- Personal data deriving from the management of CVS. The Company reserves the right to evaluate the CVs received for potential applications present within the hotel or which could arise in the near future. However, candidates are invited to respect the following rules when transmitting CVs in electronic format:
- respecting the European format when compiling your CV;
- by sending the CV in PDF format;
- avoiding including sensitive data in your CV (relating, in particular, to your state of health, religious, philosophical or political beliefs) that are not relevant to the job offer;
- giving consent to the processing of sensitive data relevant to the establishment of an employment relationship (for example belonging to protected categories).
Sarà cura della Società fornire un’idonea informativa ai candidati durante gli eventuali colloqui. The purpose of the processing connected to the management of curricula will concern activities strictly related to the evaluation, recruitment or selection of personnel, with objectives of collaboration, fixed-term or permanent hiring, internships.
- Data we collect at the facility. We collect additional personal data during registration/check-in at our hotel, including information required by local laws. Furthermore, further data may be collected during the stay, subject to prior information and, where necessary, the guest’s consent (for example for photographic services, promotional video shooting, participation in events, excursions, equipment rental and related insurance).
- Event profiles: at our facility it is possible to organize conference events, meetings and private parties. For such events, we will record the event or meeting specifics, date, number of guests, guest room details and, for corporate events, information about Your organization (name, annual budget, number of events sponsored every year). We also collect information about guests who are part of your group or event. If you are visiting as part of a group, we may request your personal information from the group and may send you commercial information with your express consent following your stay with a group or attendance at an event. If you visit us as part of an event, we may share your personal information with the event organisers.
- Information we collect from third parties. In case of booking through affiliated agencies or in any case our commercial partners (airlines for example), your main common data, such as name, surname, address and email and contact details will be collected through the aforementioned bodies. Similarly, we may also collect personal data from social media services consistent with your settings on such services. We may add this information to what we already have on file and share it with others as set forth in this Policy.
- Defense of one’s rights and credits. The Data Controller may collect and process personal data necessary for the defense of its rights, including those of a credit nature, by appointing external lawyers, collection or investigation agencies. Legal basis of the processing for this purpose is legitimate interest and art. 6 c.1 Lett f) GDPR.
Treatment methods
The processing of your personal data is carried out by means of the operations indicated in the art. 4 n. 2) GDPR and precisely: collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is subjected to both paper and electronic and/or automated processing. The processing operations are implemented in such a way as to guarantee the logical, physical security and confidentiality of your personal data.
4. Nature of personal data
Your personal, common, particular, sensitive, health data relating to the carrying out of the activities whose purpose has been specified above are the object of processing. As for particular, sensitive and health data, its minimization is guaranteed, i.e. its collection, use, protection and conservation only in cases of absolute necessity and relevance to the purpose and with prior consent.
Mandatory or optional nature of the provision.
Apart from what is specified for navigation data, the user is free to provide personal data to make an online booking. The progress of the online booking procedure implies an implicit consent of the interested party to the processing of their personal data based on the privacy policy set out here. Voluntary registration for the newsletter data entry procedure implies explicit and unequivocal consent of the interested party to the processing of their personal data based on the privacy policy of the site from which you register (you will still be required to accept this information) .
With respect to the provision of hotel and tourism services of our structure, the provision of data is optional but may make it impossible to provide all or part of the requested services. For the purposes of electronic invoicing via email and marketing, the provision is optional and does not interfere with the provision of the facility’s services.
The interested party may refuse to provide the Data Controller with navigation data; to do this, you must disable cookies by following the instructions provided by the browser in use as per the separate cookie policy. Disabling cookies can make navigation of the site’s features worse.
Scope of communication and dissemination of data
The data may be processed exclusively by personnel officially appointed and trained in matters of confidentiality and security of personal data.
We only disclose your data to third parties in these circumstances:
- to those seeking information in the capacity of the guest’s agent, such as a travel agency;
- to third parties involved in providing the services requested to the customer for the part required in order to complete the service;
- to third parties who work for the company in order to carry out services such as booking management, data processing and storage, customer questionnaires
- to public authorities if in the opinion of the Company it is believed that there is an imminent danger to life or material goods that could be reduced or avoided by the dissemination of the information, or if its dissemination is requested by the authorities.
Any such disclosure of information by us to third parties will be made only on the condition that we maintain a confidential status, so that the information is used only for the purposes for which it was disclosed.
Place of processing and Transfer of personal data to a third country.
The management and storage of personal data will take place on servers located within the European Union of the Company and/or third-party companies appointed and duly appointed as data controllers. Attualmente i server sono situati in UE. I dati non saranno oggetto di trasferimento al di fuori dell’Unione Europea. aThe servers are currently located in the EU. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
Method and duration of storage of personal data.
The Data Controller will process personal data until the purpose for which they were collected is exhausted and in any case within the legal limitation periods in case they are processed for legal defense.
Questi i termini di cancellazione specifici per alcune limitate finalità: aThese are the specific cancellation terms for some limited purposes:
- 24 months for storing curricula;
- 10 years for the purpose of conservation of accounting documentation pursuant to art. 2220 cc
- 5 years marketing, unless consent is withdrawn and newsletters are cancelled.
- 10 years for data collected for contractual purposes.
Right of access of the interested party (art. 15 GDPR EU 679/2016)
The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
d) the expected retention period of personal data or, if this is not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
Withdrawal of consent
With reference to the art. 6 of GDPR 679/16, the interested party can revoke consent at any time.
Other rights of interested parties.
With reference to the following regulations: art. 16 “right of rectification”, art. 17 “right to cancellation”, art. 18 “right to limit processing”, art. 20 “right to portability”, art.21 “right to object to the automated decision-making process of the GDPR 679/2016, the interested party exercises his rights by writing to the Data Controller a registered letter with return receipt to the registered office or by sending a certified e-mail tosangallotourist@pec.it
Filing of complaints
The interested party has the right to lodge a complaint with the supervisory authority of the state of residence.
Automated decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by publicizing them to Users on this page. Please therefore consult this page often, taking as reference the date of last modification indicated at the bottom. In case of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Application and may request the Data Controller to remove their Personal Data. Unless otherwise specified.
The privacy of minors
Our website is aimed at a general audience and does not offer services aimed at children. If we discover that a minor has provided us with personal information without parental or guardian permission, we will immediately delete that information.
External links
If any pages of this website or sections of our applications contain links to other sites, they are not bound by this Privacy Policy. We recommend that you carefully read the privacy policies available on these external sites and review their practices for the collection, use and disclosure of personal information that they use.
Defense in court
The User’s Personal Data may be used for the defense by the Owner in court or in the preparatory stages of its possible establishment, against abuses in the use of the same or related services by the User.
Following a subpoena, judicial order or other legal initiative; in order to establish or exercise the rights granted to us by law; to defend ourselves in the event of legal action against us or for other purposes dictated by law. The User declares to be aware that the Owner may be required to reveal the Data upon request of public authorities.
Legal references
This information is drawn up in fulfillment of the obligations established by GDPR 679/16 by art. 10 of Directive no. 95/46/EC, as well as the provisions of Directive 2009/136/EC regarding Cookies.
Last updated January 2024