PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH EUROPEAN General Data Protection Regulation (GDPR)
Terre del Garda® Srl as the data controller for personal information protects your privacy during your visits on our website and takes all appropriate measures to ensure security in the processing of your information when you use the site.
This statement intends to accurately describe the management methods of processing personal data of users and visitors to the site.
Terre del Garda® Srl exclusively deals with the personal data that site visitors freely agree to provide for the purposes indicated in this statement.
The processing is compliant with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of individuals with regard to the processing of personal data.
Personal data is processed in paper format and/or with automated tools.
Pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as the “Regulation”), we are providing you with the information regarding the processing of your personal data, which will be carried out manually (for example, on paper) and/or through automated tools (for example, using electronic procedures and supports) and in any case in compliance with the Regulation.
1. Data Controller and Data Processor
The Data Controller is Terre del Garda® Srl, with its registered office in Salò (BS), Piazza Cavour 29/31, 25087 , in the person of its pro tempore legal representative (hereafter referred to as the “Data Controller”).
The Data Processor is Giulio Coccoli, who is electively domiciled at the Data Controller, email address [email protected] (hereinafter referred to as the “Data
2. Purpose and legal basis of the processing for which personal data are intended
The personal data you provide is processed for the purposes indicated below: to allow members who have entered their email address to submit requests (contact form) or to receive educational and/or informative materials (newsletters).
The processing of your personal data is lawful as it is based on your free and informed consent.
3. Recipient categories of personal information
Your personal data will be processed by the employees and/or collaborators of the Data Controller and the Data Processor and by those responsible for managing and entering data information systems. These subjects have been authorised for processing and have received, in this regard, adequate operating instructions.
In addition to the subjects indicated above, some processing of your personal data may also be carried out by third parties to whom the Data Controller entrusts activities and/or services (or parts thereof) connected to the relationship with you.
These subjects have been designated as data processors and have signed an agreement with the Data Controller, undertaking to adopt the appropriate technical and organisational measures to guarantee the confidentiality and security of personal data. These subjects are included in the following categories: business partners of the Data Controller.
4. Criteria used to determine the retention period for personal data
Your personal data will be kept until the end of the processing activities related to the purposes indicated in point 2) of this statement, unless the retention of personal data is required by a rule of European Union or national law.
5. Rights of the Data Subject
Pursuant to Article from 15 to 21 of the Regulation, we inform you that you have the right:
- to obtain confirmation from the Data Controller whether your personal data is undergoing processing and, in such a case, obtain access to personal data, rectification or cancellation thereof;
- to obtain the limitation of the processing of your personal data;
- to oppose the processing of your personal data;
- to obtain the portability of personal data (transmission to another data controller pursuant to Article 20 of the Regulation);
- to withdraw the consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing itself based on the consent given prior to the revocation;
- pursuant to Article 77 of the Regulation, to propose a complaint to the supervisory authority (Privacy Guarantor) in the case of an alleged violation of the Regulation in the processing of your personal data.
6. Transfer of personal data to third countries/international organisations
The transfer of your personal data to third countries (not belonging to the European Union)/international organisations will be carried out in compliance with the Regulation, with particular reference to Paragraph V. Therefore, the transfer will be made to third countries with a decision of adequacy concerning the level of protection of personal data or, in the absence of such decision on the basis of adequate guarantees pursuant to Article 46 of the Regulation.
7. Consequences of non-conferral
The conferral of personal data is optional. Failure to provide partial or incorrect data will make it impossible to receive the information referred to in point 2) of this statement.