Subscription to the Osteria dell’Orcia newsletter
Information on the processing of personal data
The Company ORCIA OSPITALITA ‘SRL, with registered office in Via Case Sparse Podere Osteria, 15 – 53023 CASTIGLIONE D’ORCIA (SIENA), PIVA / CF 01487880526 (hereinafter, “Owner”), as data controller, informs you pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the following purposes:

1) Object of the processing and purpose This data processing process concerns the email address you provided when registering for the newsletter service and any additional personal data, personal data and / or identification, entered during the registration. The personal identification and computer data, collected from the interested parties, object of the processing, are used directly to fulfill the request for sending the newsletter and relative registration in the mailing list, concerning information messages and commercial and promotional communications relating to the activity carried out by the Owner, in full compliance with the principles of lawfulness and correctness and the provisions of the law. In no case will your data be used for purposes other than those indicated above.
2) Processing methods The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing. The data are collected by the subjects indicated in point 4, according to the indications of the reference legislation, with particular regard to the security measures provided for by the GDPR (Article 32) for their processing by means of computerized, manual and automated tools and with strictly related logics. for the purposes indicated in point 1 and in any case in order to guarantee the security and confidentiality of the data. The data processing is carried out by the Data Controller and / or the Data Processor and / or by the Sub-Data Processors.

3) Retention period The data provided will be kept exclusively for the period in which the service will be active.

4) Subjects to whom the data may be disclosed Your data may be made accessible for the purposes referred to in art. 1: a) employees and collaborators of the Data Controller in their capacity as persons in charge and / or internal managers and / or sub-managers of the processing; b) companies that perform functions strictly connected and instrumental to the operation – including technical – of the services offered by the Data Controller, such as direct marketing service providers and / or companies in general that provide technical components for the provision of certain functions of the service Personal data will be stored on servers located in the European Union, without prejudice to the right of the Owner to transfer the location. Personal data may be transferred to countries of the European Union and to third countries with respect to the European Union exclusively for the purposes referred to in point 1. In this case, we ensure that this transfer takes place in compliance with current legislation and that an adequate level of protection of personal data is guaranteed based on an adequacy decision, on standard clauses defined by the European Commission or on Binding Corporate Rules.
5) Rights of the interested party In your capacity as interested party, you have the right to exercise the rights referred to in art. 7 of the Privacy Code and art. 15 and ss. GDPR and precisely can: a) obtain from the Data Controller, at any time, information about the existence of their personal data, the origin of the same, the purposes and methods of treatment and, if present, to obtain access to the data personal data and the information referred to in Article 15 of the GDPR; b) request the updating, rectification, integration, cancellation, limitation of data processing in the event that one of the conditions provided for in article 18 of the GDPR is met, transformation into anonymous form or blocking of personal data, processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected and / or subsequently processed t) object, in whole or in part, for legitimate reasons, to the processing of data, even if pertinent to the purpose of the collection and processing of personal data provided for the purposes of commercial information or sending advertising or direct sales material or for carrying out market research or commercial communication. Each user also has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation d) receive their personal data, provided knowingly and actively or through the use of the service, in a structured format, of common use and readable by automatic device, and to transmit them to another data controller without impediments to lodge a complaint with the Guarantor Authority for the protection of personal data in Italy.

6) How to exercise your rights You can exercise your rights at any time by sending a registered letter with return receipt. a Hotel Margherita Via Umberto I, 70 – 84010 Praiano, Salerno (Italy)

7) Owner, manager and DPON Not falling within the cases specified by art. 37 of reg. 2016/679, also taking into consideration the indications of the WP243 guideline, the Data Protection Officer has not been designated.