Privacy

Information notice on data processing in accordance with art. no. 13 of the European Regulation 679/2016

 

 

Dear Client,

the cooperative company Mimosa, processing data controller of your personal data, pursuant to art. 13 of EU Regulation 679/2016, informs you about the following with regard to the personal data you provided for the management of the contractual relationship.

 

Purpose and legal basis for data processing

The personal data you provided shall be used exclusively for the following purposes, within the limits and for the pursuit of the purposes relating to the existing contractual relationship:

  • to provide the services agreed with the data subject; in this case, legal basis of the processing is the compliance with obligations arising from the contract, of which the data subject is party, or to comply with possible specific requests of the data subject,  even at a pre-contractual stage;
  • to fulfil obligations provided for by law and regulations (e.g. accounting and fiscal requirements); in this case, legal basis of the processing is the compliance with a legal obligation to which the data controller is subject;
  • to book and confirm your reservation of accomodation and ancillary services and to provide the requested services; in this case, legal basis of the processing is the compliance with obligations arising from the contract, to which the data subject is party, or to comply with possible specific requests of the data subject, even at a pre-contractual stage  (art. 6(1)(b) GDPR); your consent shall be requested , if special, so-called sensitive data are collected (art. 6(1)(a) GDPR). The data processing shall cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and in the manner specified in the following paragraphs;
  • to comply with the obligation under the “Public Safety Law” (“Testo Unico delle Leggi di Pubblica Sicurezza” -  art. 109 of Royal Decree no. 773 of 18.06.1931), which requires us to notify the Police Headquarters, for public safety purposes, of the details of the clients staying at the facility, in accordance with the procedures provided for by the Home Office  (“Ministero dell’Interno - Decree of 7 January 2013); in this case,  legal basis for the processing is the compliance with a legal obligation to which the data controller is subject (art. 6(1)(c) GDPR). We shall not store data collected for this purpose, unless you give us your consent to storage (art. 6(1)(a) GDPR);
  • to comply with current administrative, accounting and tax obligations; in this case, legal basis of the processing is the compliance with a legal obligation to which the data controller is subject (art. 6(1)(c) GDPR); we shall store data collected for these purposes for the time provided for by the respective applicable regulations (10 years or longer in case of tax audits);
  • to speed up registration procedures, in case of your future stays at our facility. For this purpose, prior to your consent, which may be withdrawn at any time, your data shall be kept for a maximum of 10 years and shall be used the next time you are our guest again, for the purposes as per the previous paragraphs;
  • to provide the service of receiving messages and phone calls addressed to you during your stay. Your consent  is necessary for this purpose. You may withdraw your consent at any time. In any case, the data processing shall cease at your departure;
  • to send communications, newsletters and/or commercial offers to the data subject, prior his or her consent; in this case, legal basis of the processing is the data subject’s consent (art. 6(1)(a) GDPR);
  • to manage the access to the campsite, to protect people, property and company assets through a video surveillance system, aimed at reading the license plates only of vehicles accessing the facility. Your consent is not required for this processing, as it pursues our legitimate interest to protect people and property against possible assaults, theft, robbery, damages, acts of vandalism and for purposes of fire prevention and safety at work (art. 6(1)(f) GDPR). The recorded images are deleted at the end of your stay. They shall not be disclosed to third parties, unless it is necessary to comply with a specific investigation request by a judicial authority or by judicial police.

 

Processing procedures and duration

The personal data you provided shall be processed “lawfully and fairly” by paper, computer or telematic means.

The data processing shall continue for the entire duration of the relationship with the data controller and, if necessary, for any obligations to which the controller is subject , until their completion, according  to current regulations, as detailed in the previous paragraphs.

As regards the processing required to send communications, newsletters and/or commercial offers, personal data shall be kept until the data subject withdraws his or her consent.

Where legal basis for the processing is the consent of the client, he or she has the right to withdraw it at any time, without affecting the lawfulness of the processing carried out up to the date of revocation of consent.

 

Communication and disclosure of personal data and possible recipients

Only the persons authorized by the controller may access and therefore become aware of your data and  only insofar as needed to carry out their task.

Without prejudice to the communications carried out to comply with legal and contractual obligations, all data collected and processed may be communicated exclusively, for the purposes specified above, to:

  • persons authorized by the data controller (collaborators, trainees and employees);
  • data processors or external collaborators of the data controller (e.g., legal and labour consultants, accountants, IT specialists, auditors);
  • public and private entities to whom the communication is due by law or regulation;
  • insurance and debt collection companies;

Your data shall not be disclosed.

A list of these possible external parties shall be made available upon request made by the data subject.

 

Transfer of personal data abroad

Personal data shall not be transferred abroad.

 

Nature of the provision of data and consequences in case of non-consent to processing

The provision of data and its processing are optional, but  needed to deal with the activities necessary to carry out contractual obligations. Contractual relationships and legal obligations may be impossible to comply with, in case of refusal to provide the data for these purposes. Provision of data to send out communications and commercial offers is optional. Possible refusal shall not affect the supply of other services. You may object to your data processing at any time, even after you have given your consent for commercial purposes, by sending a request to the data controller, forwarding a communication to the following address info@coopmimosa.com.

 

Rights of the data subject

The data subject has the right to obtain  from the data controller confirmation of the existence, or otherwise, of data concerning him or her, even if not yet recorded, and their communication in intelligible form. The data subject has also the right to obtain the updating, rectification, or, if interested, integration of his or her data,  erasure  or restriction of their processing, transformation into anonymous form or the blocking of unlawfully processed data (including data which storage is unnecessary for the purposes for which they were collected or subsequently processed), certification that the operations, including their content, mentioned in the previous paragraphs, have been notified to those subjects to whom the data were communicated or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate use of resources compared to the protected right. The data subject shall have the right to object, in whole or  in part, on legitimate grounds, to his or her data processing, although relevant to the purpose of the collection, as well as the right to the portability of electronic data, that are subject to automated processing, and to submit a complaint with a supervisory authority. These rights may be exercised by contacting the data controller at the physical or telematic addresses stated in the letterhead.

 

Identification details of the data processing controller and processor

The controller of data processing is Mimosa cooperative company, Via S. Nazzaro, 47 – 38066 Riva del Garda (TN).
The updated list of data processors is available at the headquarters of the data controller.