1. Type of data processed
The Company will process the following personal data of the Users who browse the Website and interact with the web services offered through the latter, in particular:
The computer systems, cookie technology and software procedures used to operate the Website acquire, during their normal operation, some data whose transmission is automatic in the use of the Internet. These data are not collected to be associated with a specific User. However, they could, by their very nature, lead to the identification of the Users, by means of processing and associating them with different data held by third parties.
This category of data includes, for instance, IP addresses or domain names of computers used by Users to connect to the Website, Website pages visited by Users, domain names and addresses of websites from which the User has accessed the Website (by referral), the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numeric code indicating the status of the response sent by the web server, and other settings regarding the browser (e.g. Internet Explorer, Google Chrome, Firefox), the operating system (e.g. Windows) and the User’s computer environment.
These are the data voluntarily provided by the User to the Company (e.g. name, surname, e-mail address, other personal data included in e-mails or attachments thereto, etc.) following the sending of a communication through the interface in the “Contact Us” section of the Website.
2. Legal basis and purposes of the processing
The personal data – automatically or voluntarily – provided by the User will be processed for the following purposes without the prior consent of the User:
Should the Company use the personal data collected for any other purpose incompatible with the purposes for which these data were originally collected and processed, the Company will inform in advance the User who may deny or withdraw his consent.
3. Nature of the provision of data
The provision of personal data automatically provided by the User occurs by merely browsing the Website. Therefore, whether the User does not intend to provide any personal browsing data, he should not visit or otherwise use the Website or send requests or communications through the Website or give his consent when the option is proposed to him in accordance with the Privacy Legislation.
The provision of personal data voluntarily provided by the User is optional. However, failure to provide such data may result in the impossibility to receive replies to communications sent by any means to the Company through the Website.
4. Methods of data processing
The processing of Users’ personal data is carried out by means of the operations set out in article 4 GDPR and, in particular: the collection, recording, storage, retrieval, consultation, use, disclosure by transmission, restriction, erasure of data.
We also inform you that User’s personal data:
User’s personal data are processed by means of paper, automated or information technology tools as well as by adopting organizational methods and logic which are strictly related to the purposes of the processing.
The Company uses the most appropriate technological and security measures (information technology, physical, organizational and procedural) to ensure the security and confidentiality of the data processed.
The User acknowledges, however, that the disclosure of personal data by means of websites presents risks associated with the communication of such data and that no system is totally secure or tamper-proof or immune to information theft.
5. Access to data
The User’s personal data may be made accessible only for the purposes referred to in § 2 to the following authorized subjects: employees and collaborators of the Company or of the holding company Sardegna Resorts S.r.l., duly authorized by the Company.
6. Disclosure of data
The Company may, even without the express consent of the User and for the purposes referred to in § 2, disclose the User’s personal data to: supervisory and/or control bodies of the Company, judicial authorities and all other persons to whom disclosure of data is required by law for the achievement of the abovementioned purposes, as independent data controllers.
In addition, the Company may entrust certain personal data processing operations – carried out for the purposes referred to in § 2 above – to categories of third parties, specifically appointed, if necessary, as data processor by the Company, including, but not limited to:
The User’s personal data will not be disseminated to the public or to indeterminate subjects.
7. Transfer of data outside the EU
User’s personal data will be handled and stored using Company’s or third party’s servers located within the European Union. In case the Company uses third party’s servers to handle and store data the third party will be appointed as data processor.
The User’s personal data will not be transferred to non-EU countries or international organisations.
Any transfer of the User’s personal data to non-EU countries or international organisations may only take place under the terms and with the safeguards provided by the Privacy Legislation.
8. Period of data storage
User’s personal data will be stored and processed until the end of the browsing session. After the end of the browsing session, personal data will not be stored and/or processed, for any reason whatsoever, for a period exceeding 24 months (the “Storage Period”), unless a different storage period is provided for under the applicable law.
At the end of the Storage Period your personal data will be deleted, unless there are further Company’s legitimate interests and/or legal obligations for which – following their prior minimisation -this storage of personal data is mandatory.
9. User’s Rights
Pursuant to the Privacy Legislation, the User shall always be granted the right to withdraw his consent, and may at any time exercise the following rights:
In the above cases, where necessary, the Data Controller will inform the third parties to whom the User’s personal data were disclosed of any exercise of Users’ rights, unless it proves to be impossible or unduly burdensome.
10. Exercise of User’s rights and complaint to the Garante Privacy
The User may at any time exercise the rights referred to in the previous paragraph as follows:
a) by sending a registered letter with acknowledgement of receipt to the Company address in Arzachena, Porto Cervo, Casa Il Ginepro 1/A;
b) by sending an e-mail to: email@example.com and to the DPO to: dpo@DP-Advisory.eu.
Pursuant to the Privacy Legislation, the User has also the right to lodge a complaint with the Garante Privacy by:
a) lodging the complaint by hand to the offices of the Garante Privacy (using the address referred to in lett. b) below);
b) forwarding a registered letter with acknowledgement of receipt addressed to “Garante per la protezione dei dati personali”, Piazza Venezia n. 11 – 00187 Rome;
c) sending an e-mail at the following address: firstname.lastname@example.org, or email@example.com or a fax to the following number: 06-696773785.
For further information, please visit the website of the Garante Privacy: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
11. Data Controller and data protection officer
The Data Controller of the personal data collected and processed through this Website is Pevero Golf S.r.l., with registered office in Arzachena, Porto Cervo, Casa Il Ginepro 1/A.
The Data Controller can be contacted by e-mail at the following address: firstname.lastname@example.org.
The data protection officer is Data Protection Advisory S.r.l., domiciled for the assignments at the registered office of the Company (the “DPO”). The DPO can be contacted at the following e-mail address: dpo@DP-Advisory.eu.
Last update: [●] 2019