X
weiserhof image

Processing of personal data in accordance with EU Regulation no. 679/2016 (“GDPR”) – Data Holder

Date of entry into force of the data protection declaration GDPR 2016/679: 25.05.2018.


Data protection declaration and cookie policy


Wieserhof GmbH, based in 39054 Ritten/Renon, Via Monte di Mezzo/Mitterberg 30, (hereinafter referred to as "the Controller") is committed to protecting the online privacy of its users. This document has been drafted pursuant to art. 13 of EU Regulation 2016/679 (hereinafter referred to as the "Regulation") so that you are aware of our privacy policy and understand how your personal information will be treated when using our website and, if necessary, to give your explicit and informed consent to the processing of your personal data (valid only for persons aged 16 or over). The information and data provided by you or otherwise acquired by us when using our services on the Website (hereinafter referred to as "Services") will be processed in accordance with the provisions of the Regulation and the confidentiality obligations affecting the operation of the business.

In accordance with the provisions of the Regulation, the processing carried out by Wieserhof GmbH is based on the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.

 

1. The data controller

 

The  data controller responsible for the processing operations carried out on the website is Wieserhof GmbH (for data see above/imprint). For information on the processing of personal data by the responsible party, including the list of processors appointed to process the data, please write to the following address: info@naturhotelwieserhof.com.

 

2. The personal data subject to processing

 

We inform you that as a result of your browsing on the Website, the data controller will process personal data that may consist of an identifier such as your name, an identification number, an online identifier, a postal address, an e-mail address, a telephone number (landline and/or mobile) or one or more elements of your physical, physiological, mental, economic, cultural or social identity in order to identify or make identifiable the data subject (hereinafter referred to as "Personal Data").

The personal data processed via the website are the following:

 

Navigation data

 

The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (successful, error, etc.) and other parameters relating to the operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning, detect anomalies and/or abuse and are deleted immediately after processing. The data may be used to ascertain liability in the event of hypothetical computer crimes against the website or third parties. Apart from this possibility, the data collected on the website will be deleted after a short period of time.

 

Special categories of personal data

 

If you use our website to contact us (or send us an e-mail), your personal data could be transferred that fall under the special categories of personal data pursuant to Art. 9 of the Regulation, literally the "[... personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and [...] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation." Please do not publish this data unless it is absolutely necessary. We expressly inform you that, with regard to the communication of special categories of personal data, but in the absence of explicit consent to the processing of such data (you are of course allowed to send a CV), the controller cannot be held liable nor receive any kind of censure, since in this case the processing is allowed as it relates to data manifestly made public by the data subject, in accordance with Art. 9(1)e of the Regulation. However, we would like to point out that, as mentioned above, it is important to give explicit consent to the processing of special categories of personal data if you decide to provide this information.

We also inform you that the controller may analyze social profiles freely available on the Internet for professional purposes (e.g. LinkedIn) for the purpose of candidate selection.

 

Data provided voluntarily by the data subject

 

If you use certain services on the website (e.g. the inquiry, contact or reservation form), we may process personal data from third parties that you send to the data controller. In these cases, you are the data controller who assumes all legal obligations and liabilities. In this sense, you indemnify us to the maximum extent possible in relation to any retention, claims, compensation claims arising from the processing, etc. that the Data Controller may receive from third parties whose personal data has been processed through the use of the functions of the Website in violation of the applicable regulations on the protection of personal data. If, in the course of using the Website, you provide or otherwise process personal data of third parties, you guarantee in any case that this specific case of processing is based on an appropriate legal basis pursuant to Art. 6 of the Regulation, which legitimizes the processing of the information concerned.

Cookies

General information on cookies

 

Cookies are small text files that are stored on the hard disk of a client computer by a website and with the help of the browser in order to store small amounts of information from the website for a certain period of time. In general, there are different types of cookies. Some are essential for the functioning of the website, such as navigation or shopping cart cookies. There are also so-called analytics cookies, which collect information - e.g. about the number of website visitors and the path taken by visitors to the website. Function cookies enable the website to remember the choices you make (e.g. selected filter settings or automatic language presetting of a website).

There are also cookies, so-called profiling cookies, which record the user's preferences and actions. This information is used to create a user profile. This is used to combine advertising messages with the interests of the user and thus enables more targeted advertising. In many cases, cookies from third-party providers are used by the website operator to broadcast personalized advertising.

 

Consent requirement for cookies

 

Website visitors must actively consent to the setting of cookies that are not essential for the functionality of the website and also have the right to withdraw their consent at any time.

This website only uses technical cookies for which consent is not required.

 

Block cookies via browser settings

 

Firefox:

  1. Click on the menu and on Settings.
  2. Go to the Privacy tab.
  3. In the "History" area, select "Create a history according to user-defined settings" under "Firefox will create a history:".
  4. In the selection options that now appear, uncheck the "Accept cookies" box
  5. Click on the "OK" button.

You can find detailed information on this here:

https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

 

Google Chrome

  1. Click on the menu and on Settings.
  2. Click on "Show advanced settings" at the bottom.
  3. In the "Privacy" section, click on "Content settings...".
  4. In the Cookies section, select "Block data storage for all websites".
  5. Click on the "Done" button.

You can find detailed information on this here:

https://support.google.com/chrome/answer/95647?hl=en-GB.

 

Internet Explorer

  1. Open the "Internet options" under the menu item "Extras" or, if the menu bar is not displayed, click on the menu icon and on "Internet options".
  2. Click on the "Privacy" tab
  3. You can use the slider to choose between several levels of cookie processing. If the slider is at the top, all cookies are blocked; if it is at the bottom, all cookies are allowed.
  4. Click on the "OK" button.

You can find detailed information on this here:

https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d.

 

Safari

  1. Click on "Privacy" in the settings
  2. In the "Accept cookies" section, you can specify whether and when Safari should save cookies from websites. For more information, click on the Help button (indicated by a question mark)

You can find detailed information on this here:

https://support.apple.com/en-gb/guide/safari/sfri11471/mac.

 

3. Purpose of data processing

 

The processing that we intend to carry out (where necessary) with your explicit consent has the following purposes:

  • To enable the provision of the services you have requested
  • Respond to customer service requests, requests for information or reservations
  • Analyze CVs and contact applicants who have submitted their application
  • To fulfill all legal, accounting and tax obligations
  • Marketing purposes: the data provided may be processed for the sending of promotional and marketing communications, including the sending of newsletters and market research surveys, with automated (SMS, MMS, e-mail, push notifications) and non-automated (postal, call center) systems, subject to prior express and specific consent. The legal basis for processing your data for these purposes is Article 6(1)(a) of the Regulation. Consent to the processing for direct marketing is optional and depends on your free decision, so not giving your consent for this purpose does not affect the use of the services.
     

4. Legal basis and mandatory or optional nature of the processing

 

The legal basis for the processing of personal data for the purposes mentioned in section 3 (a-b-c) is Art. 6(1)(b) of the Regulation (performance of a contract), as the data processing is necessary for the provision of the services or for responding to requests from the data subject. The provision of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services provided by the website, process requests or evaluate CVs. With specific reference to purpose 3.c and the related analysis of social media profiles of a professional nature made freely available on the internet pursuant to section 2.b, Art. 6(1)(f) of the Regulation constitutes the legal basis for the processing of the data, i.e. the legitimate interest of the controller in assessing possible risks to the candidate's suitability to fill the specific vacancy.

The purpose mentioned in section 3.d constitutes lawful processing of personal data within the meaning of Art. 6(1)(c) of the Regulation (compliance with a legal obligation). Indeed, once the personal data have been provided, the processing is necessary for compliance with a legal obligation to which the controller is subject.

The legal basis of the processing for the purposes referred to in section 3.e is Art. 6(1)(a) of the Regulation (consent of the user).

The Controller may, without your consent, use e-mail addresses and postal addresses for processing for the same purposes, which may include the direct sending of advertising material or direct sales or the performance of market research or commercial communications relating to products or services of the Controller similar to those purchased, in accordance with and within the limits permitted by Article 130(4) of the Privacy Code and the Decree of the Guarantor for the Protection of Personal Data of June 19, 2008. The legal basis for processing your data for this purpose is Article 6(1)(f) of the Regulation (legitimate interest).

 

5. Recipients of personal data

 

Your personal data may be disclosed for the purposes set out in section 3:

 

  • Subjects that typically act as Processors, i.e.: i) persons, companies or joint offices that provide assistance and advice to the Controller in accounting, administrative, legal, tax, financial, collection, marketing and communication matters relating to the provision of the Services; ii) subjects with whom cooperation is necessary for the provision of the Services (e.g. hosting providers); iii) subjects in charge of carrying out technical maintenance operations (including maintenance of network equipment and electronic communication networks) (collectively referred to as "Recipients"). hosting providers); iii) entities entrusted with the performance of technical maintenance work (including the maintenance of network equipment and electronic communication networks) (collectively referred to as "Recipients");
  • subjects, bodies or authorities to whom your personal data must be disclosed by law or by order of the authorities;
  • persons authorized by the Controller to process personal data necessary for the performance of activities related to the provision of the Services or for the other purposes referred to in Section 3 and who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g. employees of the Controller).

6. Transfer of personal data

 

Some of your personal data will be transferred to recipients who may be located outside the European Economic Area. The data controller will ensure that the processing of your personal data by these recipients is carried out in accordance with the Regulation. Indeed, transfers may be based on an adequacy decision, on the contractual clauses approved by the European Commission or on another appropriate legal basis. For more information, please contact the Data Controller at the following address: info@naturhotelwieserhof.com.

7. Storage of personal data

Personal data processed for the purposes referred to in section 3(a-b) will be kept for the time strictly necessary to achieve these purposes. In any case, since the data processing is carried out for the provision of services, the Data Controller will process the personal data until the time provided for by Italian legislation on the protection of interests (art. 2946 et seq. of the Italian Civil Code). With regard to the CVs sent via the website or by e-mail in accordance with section 3.c, the personal data will be kept for a period of time deemed appropriate for the purpose for which the data was collected. This is notwithstanding the possibility for the controller to contact the applicant again shortly before the expiry of the specified period to request an extension of this retention period.

The personal data processed for the purposes referred to in section 3.d will be stored until the time provided for by the specific obligation or the applicable law.

However, personal data processed for the purposes referred to in section 3.e will be retained until the data subject withdraws consent or, in the absence of such withdrawal, for a maximum period deemed appropriate.

For more information on the data retention period and the criteria for determining this period, please contact the Data Controller at the following address: info@naturhotelwieserhof.com.

 

8. Rights of the data subjects

 

In accordance with Article 15 et seq. of the Regulation, you have the right to ask the data controller for access to your personal data at any time, to request that it be rectified or erased, or to object to the processing. You have the right to request the restriction of processing in the cases provided for in Art. 18 of the Regulation and, in the cases provided for in Art. 20 of the Regulation, to receive the data concerning you in a structured, commonly used and machine-readable format.

Any request must be sent in writing to the controller at the following address: info@naturhotelwieserhof.com.

You have the right to lodge a complaint at any time with the competent supervisory authority (Guarantor for the Protection of Personal Data) pursuant to Art. 77 of the Regulation if you believe that the processing of your personal data violates applicable law.

 

9. Modifications

 

This privacy policy is valid from 18.05.2023. The Data Controller reserves the right to modify or update its content, in whole or in part, also due to changes in current legislation. Therefore, the Controller encourages you to visit this section regularly to check the latest and most up-to-date version of this Privacy Policy.

 

Sendinblue

Newsletter Management – privacy policytermini di utilizzo


The Site uses the external service Sendinblue that is responsible for managing the mailing lists and sending messages, the service is provided by Sendinblue SAS, place of data processing: France.