PRIVACY POLICY

PRIVACY POLICY

 

COOKIE POLICY

 

ex art. 13 Regulation EU 2016/679 (GDPR)

PREMISE

The present disclosure describes how the Company Cascina Ghitin of Icardi Sara (hereinafter the Data Controller) collects and processes personal data for the performance of its activities towards its customers and visitors of the site “www.cascinaghitin.com“, as well as for all commercial and customer-related activities (hereinafter interested). In accordance with art. 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR), and in relation to the personal data of which the company will enter with the consent of the interested party, we inform you as follows:



DATA CONTROLLER:

The data controller is Cascina Ghitin of Icardi Sara, with registered office in Asti, 14100, Località Variglie 106, email: amministrazione@cascinaghitin.com, pec: sara.icardi@pec.it. Referent is Icardi Sara.


PERSONAL DATA PROCESSED

No registration is required for the consultation of the website. The visitor has the faculty, however, to spontaneously provide their contact details to take advantage of the contents reserved for registered users, such as the blog, the newsletter, the booking of rooms and the access to the promotions offered by the structure, the “La Dispensa di Ghitin" online shop .

– If the interested party wishes to subscribe to our newsletter, the personal data collected consist only of the e-mail address.

– If the interested party wish to subscribe to our site , the personal data collected consist of: name, surname, e-mail, website and any declaration made by the data subject himself.

– If the interested party made a booking with the booking service of the site www.cascinaghitin.com, the data personal data collected consist of: name, surname, company name (if present), residential address, shipping address ( if different from the residence), billing address (if present), telephone number, e-mail address, selected payment method and any other declarations made by the interested party. Requested to make a reservation through an external booking service (for example the website www.booking.com), the personal data collected are indicated at the third party site and the company that manages it operates as an independent third party with respect to Cascina Ghitin of Icardi Sara will be.

– If the interested party made an online purchase at the Online Shop “La Dispensa di Ghitin", the personal data collected consist of: name, surname, company name (if present), residential address, shipping address ( if different from the residence), billing address (if present), telephone number, e-mail address, selected payment method and any other declarations made by the interested party.

Please note that, within the types of personal data listed above, the Data Controller may only collect and process some of these types based on the specific service provided (site registration, newsletter subscription, room reservation, sh op online). For the purposes indicated in this statement, personal data qualifying as “special categories" are not collected and processed, including health data, data suitable to reveal racial and ethnic origin, sexual life, as well as the c.d. judicial data.

It is also specified that, like all websites, this site also acquires navigation data whose transmission is implicit in the use of Internet communication protocols. This information is not collected for identification purposes, but could be through processing and cross-referencing with data held by third parties, such as the Internet Service Provider (ISP) or the judicial authority. These data include the IP addresses or domain names of the computers used by users, the type of browser and the parameters of the device used to connect to the site, the name of the ISP, date and time of visit, web page of origin and exit , country of origin.

PURPOSE OF THE TREATMENT:

1. Purposes related to the establishment and execution of reports and contracts to which the interested party is a member (for example, room reservation service, online shop), and, in general, to examine and process specific requests for information formulated in this context by the interested party himself. Also included in this context are any communications and contacts (including telephone calls) aimed at managing and executing the relationship, as well as managing administrative and accounting aspects.
2. For investigations and functional research for the performance of the Company’s own activity and, in particular, for the identification and development, also on the basis of statistical processing, of new services and for the improvement or modification of services already offered .
3. For the defense in court of a right or interest of the Company before any authority or competent body (in Italy and abroad) and from public / private subjects / bodies.
4. For the fulfillment of the obligations foreseen by laws, regulations and community regulations, as well as by instructions given by authorities and by supervisory and control bodies.
5. To carry out market surveys, also aimed at assessing the degree of customer satisfaction, and sending advertising material relating to the services offered by the Company by means of automated systems, such as e-mails and newsletters, or through traditional methods, ie by paper mail (marketing).

For navigation data it is specified that the collection takes place in aggregate and anomic form, and is aimed at verifying the correct functioning of the site and for security reasons and that none of this information allows the identification of the user.

LEGAL BASIS OF TREATMENT:

– Fulfillment of contractual obligations (Article 6, letter b) GDPR), for the purpose referred to in point 1
– By virtue of a legitimate interest (Article 6, letter d) GDPR), for the purposes referred to in points 2, 3
– Fulfillment of a legal obligation (Article 6, letter c) GDPR), for the purpose referred to in point 4
– By virtue of the consent of the interested party (art. 6 lett. A) GDPR) optional and revocable at any time, for the purpose referred to in point 5.

DATA RETENTION:

– For the sole duration of the relationship and for the following 10 years for data relating to the purposes referred to in points 1, 2, 3, 4.
– Unlimited, with the possibility of withdrawal, for data relating to the purpose referred to in point 5.

MANDATORY OBLIGATION:

The provision of data is to be considered MANDATORY for the purposes referred to in points 1, 2, 3, 4 and their failure, partial or incorrect conferment may have, as a consequence, the impossibility of starting the relationship by establishing or establishing or, again, to fulfill specific requests.
The provision of data is instead OPTIONAL for the purpose referred to in point 5 and it is based on the consent of the data subject. Failure to provide the data will make it impossible for the Company to elaborate the commercial profile, through the detection of choices and consumption habits, also in order to guarantee a better customer satisfaction or the sending of promotions and offers connected to the activity of tourist accommodation of the structure.

The interested party declares his consent to the processing of data for the purposes referred to in points 1, 2, 3, 4, 5 by completing and sending the contact forms on the site, such as:
– Subscription to the Newsletter, present in Home Page
– Booking, available on the Booking page
– Information request, present on the Contacts page
– Online shop, present on the page “La Dispensa di Ghitin"

DATA RECIPIENTS:

Personal data, including the categories of personal data, may be communicated to the following categories of subjects (“recipients"):

As independent owners
• to all those individuals (including the Public Authorities and supervisory and control bodies) who have access to personal data pursuant to legislative or administrative provisions;
• to banks and companies that manage national or international payment circuits through which payments are made for services;
• to all those individuals, public and / or private, natural and / or legal persons (Judicial Offices, Chambers of Commerce, Chambers and Labor Offices, etc.), should the communication prove necessary or functional to the correct fulfillment of the contractual obligations assumed , as well as the obligations deriving from the law;
• to all those private individuals who operate as partners of the structure, to booking services outside the site (eg wwww.booking.com or www.tripadvisor.com), to pages linked to the site such as – for example – the channels social networks (eg Facebook, Google, Instagram)

As individuals appointed as external processors
Those third parties who operate on behalf of the Company, such as, but not limited to:
• to companies or third parties in charge of printing, enveloping, shipping and / or delivery of information or promotional material, as well as couriers or shipping agents in charge of postal services;
• to companies, consultants or professionals in charge of the installation, maintenance, updating and, in general, the management of the information and non-information systems of the Company;
• to companies, consultants or professionals who may be in charge of providing connected or ancillary services
• to companies, consultants or professionals in charge of hosting and website maintenance services.

A list of names and updated names of the persons appointed as data processors is available at the Company’s registered office.
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and / or third party companies duly appointed and appointed as Data Processors. The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers in Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller now ensures that the extra-EU data transfer will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the European Commission.

SUBJECTS AUTHORIZED FOR TREATMENT:

The data will be processed, for the pursuit of the aforementioned purposes, by persons who have been expressly authorized to treat, have been trained and who have received adequate operating instructions.

TRANSFER OF PERSONAL DATA IN COUNTRIES NOT BELONGING TO THE EUROPEAN UNION:

It is not the intention of the Data Controller to transfer data to countries outside the European Union, but if this should occur, the existence or absence of an adequacy decision by the Commission will be assessed or, in the case of transfers referred to in the Article 46 or 47, or Article 49, second paragraph, the reference to appropriate or appropriate guarantees and the means to obtain a copy of such data or the place where they have been made available.

RIGHTS OF THE INTERESTED PARTY AND CLAIM TO THE AUTHORITY OF CONTROL:

By contacting the Company at the contacts indicated in the paragraph “DATA CONTROLLER", interested parties may request the Data Controller access to the data concerning them, their cancellation, the correction of inaccurate data, the integration of incomplete data, the limitation of processing in the cases provided for by art. 18 GDPR, as well as the opposition to the processing in the hypotheses of legitimate interest of the owner.
Moreover, in the event that the processing is based on consent or on the contract and is carried out with automated tools, they have the right to receive the data in a structured format, commonly used and automatically readable, as well as, if technically feasible , to transmit them to another holder without impediment.
Interested parties have the right to revoke the consent given at any time for marketing and / or profiling purposes, as well as to oppose the processing of data for marketing purposes, including profiling related to direct marketing. Without prejudice to the possibility for the interested party that he / she prefers to be contacted for the aforementioned purpose exclusively through traditional methods, to express his / her opposition only to receiving communications through automated means.
Interested parties have the right to lodge a complaint with the competent control authority in the Member State in which they habitually reside or work or of the State in which the alleged violation occurred (www.garanteprivacy.it).

AUTOMATED DECISION PROCESSES:

Automated decision-making processes are not carried out.

DATA PROTECTION OFFICER (DPO):

Given the non-mandatory nature of establishing the figure of the DPO, for greater protection of the interested Cascina Ghitin of Icardi Sara has provided for the aid of this subject. To contact the DPO, the interested party can send an email to amministrazione@cascinaghitin.com.

 


EXTENDED INFORMATION ON THE USE OF COOKIES

Cookies are small text files that the sites visited by users send to their terminals, where they are stored before being re-transmitted to the same sites on the next visit. Cd cookies “Third parties" are instead set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than that of the site visited. This site uses exclusively “Technical Cookies". These data are collected in aggregate form and for purely statistical and anonymous purposes, recording information on the browser used, the operating system, the host and the URL of origin, as well as the data of the page requested. They are not used for other purposes and are normally installed directly by the website owner or manager. They can be divided into browsing or session cookies, which guarantee the normal navigation and use of the website; analytics cookies, similar to technical cookies when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site; functionality cookies, which allow the user to browse according to a series of selected criteria in order to improve the service rendered to the same. For the installation of these cookies, the prior consent of the users is not required, while the obligation to provide the information remains valid.

THIRD-PARTY COOKIES:

By visiting this website you may receive cookies from sites managed by other organizations (“third parties"), such as social networks using “plugins" (eg Facebook, Google) or integrated content (eg Youtube video). The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of the information collected by “third parties" is governed by the relevant information to which reference should be made. To ensure greater transparency and convenience, the web addresses of the various information and methods for managing cookies are shown below.

Facebook information: https://www.facebook.com/help/cookies/
Facebook (configuration): log in to your account. Privacy section.
Google Maps and Google+: https://www.google.com/policies/technologies/cookies/
Linkedin information: https://www.linkedin.com/legal/cookie-policy
Linkedin (configuration): https://www.linkedin.com/settings/
Youtube info: http://www.google.it/intl/it/policies/technologies/cookies/
Youtube Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/
Informative/configuration Pinterest: https://about.pinterest.com/it/privacy-policy
Flikr Yahoo informative: http://info.yahoo.com/privacy/it/yahoo/cookies/details.html
Flikr Yahoo (configuration): http://info.yahoo.com/privacy/it/yahoo/opt_out/targeting/details.html

DURATION OF COOKIES:

Some cookies (session cookies) remain active only until the browser is closed or the logout command is executed. Other cookies are also available in subsequent user visits. These cookies are called persistent and their duration is set by the server at the time of their creation. In some cases a deadline is set, in other cases the duration is unlimited.

COOKIE MANAGEMENT:

The user can decide whether to accept cookies using the settings on his or her browser, knowing that total or partial disabling of technical cookies could compromise the optimal use of the site and that disabling “third party" cookies does not affect in any way navigability.
On the Internet, documentation on how to set the cookie management rules for your browser is readily available, for example, some addresses related to the main browsers are reported:

Chrome: https://support.google.com/chrome/answer/95647?hl=it
Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9
Opera: http://help.opera.com/Windows/10.00/it/cookies.html
Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

 

WordPress

Functional

Usage

We use WordPress for website development. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
wordpress_test_cookie
Expiration
none
Function
Checks if cookies can be placed
Name
wordpress_logged_in_*
Expiration
persistent
Function
Keep users logged in
Name
__stripe_mid
Expiration
365
Function
Fraud prevention
Name
wfwaf-authcookie-29adaf5d4917bc748d33fdf49a49a411
Expiration
365
Function
Security
Name
Expiration
session
Function
Store language settings

Polylang

Functional

Usage

We use Polylang for locale management. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
pll_language
Expiration
365
Function
Multilanguage site preference

GDPR Cookie Consent

Functional

Usage

We use GDPR Cookie Consent for cookie consent management. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
cmplz_marketing
Expiration
365 days
Function
Cookie policy

Wordfence

Purpose pending investigation

Usage

We use Wordfence for security and fraud prevention. Read more

Sharing data

For more information, please read the Wordfence Privacy Statement.

Purpose pending investigation

Name
Expiration
Function

Instagram

Marketing/Tracking

Usage

We use Instagram for display of recent social posts and/or social share buttons. Read more

Sharing data

For more information, please read the Instagram Privacy Statement.

Marketing/Tracking

Name
Expiration
1 year
Function
Store ad display frequency

Facebook

Marketing/Tracking, Functional

Usage

We use Facebook for display of recent social posts and/or social share buttons. Read more

Sharing data

For more information, please read the Facebook Privacy Statement.

Marketing/Tracking

Name
Expiration
2 years
Function
Store last visit
Name
Expiration
1 year
Function
Store account details
Name
Expiration
3 months
Function
Store a unique session ID
Name
Expiration
3 months
Function
Provide ad delivery or retargeting
Name
Expiration
90 days
Function
Store logged in users
Name
Expiration
3 months
Function
Store and track visits across websites
Name
Expiration
2 years
Function
Provide fraud prevention
Name
Expiration
30 days
Function
Store a unique user ID
Name
Expiration
2 years
Function
Store browser details
Name
Expiration
1 year
Function
Store account details

Functional

Name
Expiration
1 week
Function
Read screen resolution
Name
Expiration
90 days
Function
Provide fraud prevention
Name
Expiration
session
Function
Store and track if the browser tab is active

LinkedIn

Marketing/Tracking, Functional

Usage

We use LinkedIn for display of recent social posts and/or social share buttons. Read more

Sharing data

For more information, please read the LinkedIn Privacy Statement.

Marketing/Tracking

Name
Expiration
2 years
Function
Store browser details
Name
Expiration
1 month
Function
Provide ad delivery or retargeting
Name
Expiration
3 months
Function
Store browser details
Name
Expiration
30 days
Function
Provide ad delivery or retargeting
Name
Expiration
1 day
Function
Store performed actions on the website
Name
Expiration
2 years
Function
Store performed actions on the website
Name
Expiration
session
Function
Provide functions across pages

Functional

Name
Expiration
10 years
Function
Store privacy preferences
Name
Expiration
session
Function
Provide functions across pages

Google Fonts

Marketing/Tracking

Usage

We use Google Fonts for display of webfonts. Read more

Sharing data

For more information, please read the Google Fonts Privacy Statement.

Marketing/Tracking

Name
Expiration
expires immediately
Function
Read user IP address

Google Maps

Marketing/Tracking

Usage

We use Google Maps for maps display. Read more

Sharing data

For more information, please read the Google Maps Privacy Statement.

Marketing/Tracking

Name
Expiration
expires immediately
Function
Read user IP address

Complianz

Functional

Usage

We use Complianz for cookie consent management. Read more

Sharing data

This data is not shared with third parties. For more information, please read the Complianz Privacy Statement.

Functional

Name
Expiration
365 days
Function
Store accepted cookie policy ID
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store if the cookie banner has been dismissed
Name
Expiration
365 days
Function
Store cookie consent preferences

Google reCAPTCHA

Functional, Marketing/Tracking

Usage

We use Google reCAPTCHA for spam prevention. Read more

Sharing data

For more information, please read the Google reCAPTCHA Privacy Statement.

Functional

Name
Expiration
session
Function
Provide spam protection

Marketing/Tracking

Name
Expiration
session
Function
Read and filter requests from bots
Name
Expiration
session
Function
Read and filter requests from bots
Name
Expiration
persistent
Function
Read and filter requests from bots

PHP

Functional

Usage

We use PHP for website development. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
Function
Provide functions across pages

JetPack

Statistics

Usage

We use JetPack for advertising. Read more

Sharing data

For more information, please read the JetPack Privacy Statement.

Statistics

Name
Expiration
1 year
Function
Store referrer ID's

Automattic

Statistics

Usage

We use Automattic for website development. Read more

Sharing data

For more information, please read the Automattic Privacy Statement.

Statistics

Name
Expiration
30 minutes
Function
Provide functions across pages

Beddy Booking Engine

Purpose pending investigation

Usage

We use Beddy Booking Engine for gestione del negozio online.

Sharing data

This data is not shared with third parties.

Purpose pending investigation

Name
booking_quote_currency
Expiration
Function

Visual Composer

Purpose pending investigation

Usage

We use Visual Composer for website design. Read more

Sharing data

This data is not shared with third parties.

Purpose pending investigation

Name
Expiration
Function
Name
Expiration
Function

TUS (Resumable File Transfer)

Functional

Usage

Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
persistent
Function
Read if resumable file transfer is supported

WhatsApp

Functional

Usage

We use WhatsApp for chat support. Read more

Sharing data

For more information, please read the WhatsApp Privacy Statement.

Functional

Name
Expiration
6 days
Function
Store language settings
Name
Expiration
session
Function
Provide access

Miscellaneous

Purpose pending investigation

Usage

Sharing data

Sharing of data is pending investigation

Purpose pending investigation

Name
booking_quote
Expiration
Function
Name
lastRouteIsBookingQuote
Expiration
Function
Name
booking_quote_selected_option
Expiration
Function
Name
WP_PREFERENCES_USER_1
Expiration
Function
Name
cmplz_consenttype
Expiration
365 days
Function
Name
roundcube_cookies
Expiration
Function
Name
wpEmojiSettingsSupports
Expiration
Function