AGRITURISMO PIAN DI FILETTO POPPI
AZ.AGR.PIANO DI FILETTO di Fani Cristina
Località Piano di Filetto 8 52014 POPPI (Ar)
C.F.FNACST71C62A851O P.I.01983210517
REA AR-153411 Tel.0575 550215
CUSTOMER PRIVACY POLICY
Dear Customer
In accordance with applicable privacy laws (EU Regulations n. 679, 2016), we would like to take this
opportunity to inform you that your personal information will be processed in an ethical and transparent
manner, only for lawful purposes, and in a manner that safeguards your privacy and your rights. Processing
takes place manually and using IT tools, and is done, by us and our persons in charge of data processing, for
the following purposes:
1. To obtain and confirm your booking of accommodations and other services, and to provide
such services as requested. Since this processing is required to define our contractual relationship
and to perform under our contract with you, your consent is generally not required, unless certain
“sensitive” information* is submitted. Should it be necessary to process your personal “sensitive”
information (Article 9 of the EU Reg. 679,2016) to provide such services as requested, the processing
will begin only after your consent has been obtained. Should you refuse to submit your personal
information, we will not be able to confirm your booking or provide you with the requested services.
Processing shall cease once you check out, although some of your personal non sensitive
information may (or in some instances, has to) continue to be processed for the purposes and in the
manner described below;
2. To comply with our “Public Safety Law” (Article 109 Royal Decree n. 773, 18/6/1931) which
requires that we provide identification data of our guests to the police, for purposes of public safety, in
the manner established by the Ministry of the Interior (Decree of 7 January 2013). Data submission is
mandatory, and does not require your consent. Should you refuse to provide such information, we will
not be able to host you in our hotel. Data acquired for such purposes shall not be retained by us,
unless you provide consent to their retention as required under point 4, infra;
3. To comply with applicable administrative, accounting, and tax regulations. For these purposes,
your consent is not required. Personal information is processed by us and our processors or persons
in charge of data processing, and is disclosed outside the company only when and if required by law.
Should you refuse to submit the required data for the above purposes, we will not be able to provide
you with the requested services. Data acquired for such purposes is retained by us for the required
statutory period (10 years – or longer, in case of tax audits);
4. To speed-up check-in on your next visit to our hotel. For such purposes, upon obtaining your
consent (which can be revoked at any moment), your information will be retained for a maximum of 6
months, and will be used the next time you are our guest, for the reasons listed supra;
5. To allow you to receive messages and telephone calls during your stay. Your consent is
required for such purposes. You can revoke your consent at any time. Such processing, where
consent is granted, shall end when you check out;
6. To send you advertising messages and updates on special rates and promotions. For this
purpose, upon obtaining your consent, your information shall be retained for a maximum of 12
months, and will not be disclosed to third parties. You may revoke your consent at any moment;
Your personal information shall not be used in the undertaking of automated decision-making processes,
including profiling.
We also would like to inform you that the European Regulation grant you certain rights, including rights of
access to, adjustment, erasure, limitation of, or objection to the processing of your data, as well as data
portability rights and the right not to be subject to a decision based solely on automated processing, including
profiling, when and insofar as applicable (Articles 15-22 of the EU Regulations n. 679, 2016). You can also
file a complaint with the Data Protection Authority, according to the procedures set forth under applicable
regulations.
For any other concern, and to assert your rights under the EU Regulation, please contact:
Data Controller Agriturismo Pian di Filetto Poppi di FANI CRISTINA Loc. Piano di Filetto n.8 52014 Poppi
(Ar) 0575550215 3357086211 agriturismo@piandifilettopoppi.it fanicristina@pec.it
* (i.e. special categories of personal data are information revealing the ethnic or racial origin of the Data Subject, his/her political opinions, religious or
philosophical beliefs or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data regarding
health or sexual life and sexual orientation of the person)
Data Protection Officer – DPO: ==
REGULATION (EU) 2016/679 (General Data Protection Regulation)
Article 15
Right of access by the data subject
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her
are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third
countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that
period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal
data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases,
meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the
data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be
informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the
controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and
unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Article 16
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data
concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal
data completed, including by means of providing a supplementary statement.
Article 17
Right to erasure (‘right to be forgotten’)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue
delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2),
and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or
the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is
subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller,
taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform
controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy
or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for
the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article
89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives
of that processing; or
(e) for the establishment, exercise or defence of legal claims.
Article 18
Right to restriction of processing
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the
personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the
establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the
controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with
the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural
or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the
restriction of processing is lifted.
Article 19
Notification obligation regarding rectification or erasure of personal data or restriction of processing
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with
Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or
involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Article 20
Right to data portability
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in
a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance
from the controller to which the personal data have been provided, where:
(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b)
of Article 6(1); and
(b) the processing is carried out by automated means.
2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data
transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to
processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the
controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
Article 21
Right to object
1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of
personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The
controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing
which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to
processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct
marketing.
3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such
purposes.
4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly
brought to the attention of the data subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his
or her right to object by automated means using technical specifications.
6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data
subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or
her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Article 22
Automated individual decision-making, including profiling
1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which
produces legal effects concerning him or her or similarly significantly affects him or her.
2. Paragraph 1 shall not apply if the decision:
(a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
(b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard
the data subject’s rights and freedoms and legitimate interests; or
(c) is based on the data subject’s explicit consent.
3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data
subject’ss rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express
his or her point of view and to contest the decision.
4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a)
or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
