+

PRIVACY POLICY

INFORMATION PURSUANT TO THE NEW REGULATION
FOR THE PROTECTION OF PERSONAL DATA (Reg. n. 679/2016 - GDPR)

Privacy policy of the site
www.villarizzo.com

The EU Reg. 2016/679 ("European regulation on the protection of personal data" in short GDPR) provides for the protection of persons and other subjects and respect for the processing of personal data.

The first principle of the GDPR n. 679/2016 is accountability, i.e. the responsibility of the Data Controller and of all the components of its organization in data management.

EXTREME IDENTIFICATION OF THE HOLDER, RESPONSIBLE FOR DATA PROCESSING

Name of the data controller
Villa Rizzo Resort & Spa Srl

Address
Via G. Napoletano N°2, San Cipriano Picentino

E-mail
amministrazione@villarizzo.com

Pec
villarizzo@pec.it

Holder of the personal data treatment
Dr. Gaetano Rizzo

Name of the Data Protection Officer
Roberta Lucia Di Ruocco

Telephone number
0039 089 862108

Mail
sales@villarizzo.com

This site may collect some personal data of users.
Pursuant to articles 13 and 14, therefore, we provide some information on the processing of some of your data.

 

RIGHTS OF THE INTERESTED PARTY

Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679

The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data in question;

c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;

d) the retention period of the personal data envisaged or, if this is not possible, the criteria used to determine this period;

e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;

f) the right to lodge a complaint with a supervisory authority;

h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

 

Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one that carries out its duties and exercises its powers. in the Member State where the violation of the GDPR occurred.

 

Right pursuant to art. 17 of EU Reg. 2016/679 - right to cancellation ("right to be forgotten")

The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if one of the following reasons exists:

 

a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

b) the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing ;

c) the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2;

d) the personal data have been unlawfully processed;

e) personal data must be deleted to fulfill a legal obligation under Union law or the law of the Member State to which the data controller is subject;

f) the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of EU Reg. 2016/679

Right referred to in art. 18 Right to limitation of treatment

The interested party has the right to obtain from the data controller the limitation of the processing when one of the following hypotheses occurs:

 

a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

 

b) the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited;

 

c) although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

 

d) the interested party has opposed the processing pursuant to article 21, paragraph 1, EU Reg. 2016/679 pending verification on merit

 

Right referred to in art. 18 Right to limitation of treatment

The interested party has the right to obtain from the data controller the limitation of the processing when one of the following hypotheses occurs:

 

a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

 

b) the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited;

 

c) although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;

 

d) the interested party opposed the processing pursuant to Article 21, paragraph 1, EU Reg. 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

 

PROTECTION OF RIGHTS

Articles 11 and 12 of the "New Regulation" generally govern the procedures for exercising all the rights arising from the interested party.

The Community Legislator has provided for the obligation - imposed on the owner - to respond regularly in writing to the requests of the interested party, also through electronic tools that facilitate accessibility. The requested information may be given to the interested party in oral form only in the event that the same explicitly requests it

In order to assert his rights, the interested party can also contact the judicial authority or the Guarantor, in case of non-satisfaction of his requests to the data controller.

 

Response times for the exercise of rights

The deadline for the response to the data subject by the Data Controller is, for all rights (including the right of access), 1 month, which can be extended up to 3 months in particularly complex cases; the owner must in any case give a reply to the interested party within 1 month of the request, even in case of refusal.

In the event of a data breach, the Data Controller will have to implement two different actions:

• notification of the violation to the Supervisory Authority within 72 hours of the fact

• reporting to the person concerned (without undue delay).

 

Revocation of consent to treatment

For reasons relating to the particular situation of the interested party, the same may object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller.

 

The interested party has the right to have their personal data deleted if there is no legitimate prevailing reason of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.

 

Conclusion

On 25 May this Regulation also entered into force in Italy to govern the relationship that public and private bodies, professionals, establish with people: citizens, customers, workers. We are obliged to process the personal data of our users in full compliance with the law.