Privacy policy

Check availability

ROOMS STARTING FROM 80 €

Information Document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)

Why this information?
Pursuant to Regulation (EU) 2016/679 (hereinafter "GDPR"), this page describes the methods of processing personal data related to the website www.bbcatognellapescantinaverona.com and not for other third-party websites that may be consulted through links present on this website, for which no responsibility is assumed.

Who is the Data Controller? How can you contact them?

The Data Controller is Cà Tognella Bed & Breakfast, represented by the current legal representative, located at Via dei Pini, 35, 37026 – Pescantina (VR), email catognella@gmail.com.

Who are the data subjects?

This information is intended for users who wish to request information, book an overnight stay, and interact with the Website.

What data is processed?
The Data Controller will process the following categories of data:

  • Personal Data: Any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Browsing Data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This category includes IP addresses or domain names of the computers and terminals used by users, URI/URL addresses of the requested resources, the time of the request, and other parameters related to the user's operating system and computer environment.

What are the purposes of the processing?
The data will be processed for the following purposes:

  • Operational management of the Website and to allow its use;
  • Management of Website data security;
  • Compliance with legal obligations, including accounting, administrative, and tax obligations;
  • Technical assistance for the service and to respond to any information requests;
  • Management of any complaints, disputes, or objections;
  • Fulfillment of pre-contractual and contractual obligations deriving from a possible contractual relationship, as well as carrying out all the institutional activities of the Data Controller for the fulfillment of the established relationship.

The provision of data is necessary to achieve the aforementioned purposes, and failure to provide, partial, or incorrect provision could result in the inability to activate and benefit from the requested service. The Data Controller, in compliance with regulatory provisions, guarantees the possibility of revoking consent, even partially, without prejudice to the lawfulness of the processing based on consent before its revocation, as indicated below.

What are the legal bases for the processing?
The legal bases for data processing for the above purposes are as follows:

  1. Legitimate interest of the Data Controller: Data may be processed to protect the legitimate interests of the Data Controller in case of complaints, disputes, or objections, unless such processing prejudices the rights and freedoms of the data subject.
  2. Compliance with legal obligations: Data processing is necessary to allow the Data Controller to comply with legal obligations, including accounting, administrative, and tax obligations.
  3. Provision of services: Processing for these purposes is necessary for the performance of a contract to which the user is a party. In this case, the user is not obliged to provide their data; however, if they do not, the Data Controller will not be able to provide the requested service.

Who are the recipients of the data?
The user's data may be transferred, for the provision of services, to recipients authorized to process them pursuant to Art. 29 GDPR or to third parties expressly designated as Data Processors pursuant to Art. 28 GDPR. Data may be communicated to public authorities or the judiciary, where required by law or to prevent or suppress the commission of a crime, and they will operate as autonomous Controllers.

How long are personal data retained?
The Data Controller will retain the user's data for the period strictly necessary based on the reasons for which they are collected:

  • The data collected for the provision of services will be retained for the period deemed strictly necessary to achieve the purpose and, in any case, for no longer than 24 months from the user's last interaction.
  • Information will, however, be retained longer if necessary to manage complaints related to the service or to protect the interests of the Data Controller related to the provision of the service. This period shall not exceed 10 years from the complaint and/or the final judgment.

Are data transferred outside the European Union?
Data are processed by the Data Controller within the territory of the European Union. Should it be necessary for technical and/or operational reasons to make use of entities located outside the European Union, the transfer will be carried out in compliance with the rights and guarantees provided for by the applicable regulations. In any case, it is possible to ask the Data Controller if the data are processed outside the European Union to obtain more details about the specific guarantees adopted.

What are the rights of the data subjects?
At any time, the data subject can exercise, pursuant to Articles 15 to 22 of the GDPR, the right to:

  1. Request access to personal data (Art. 15 GDPR);
  2. Obtain the rectification of inaccurate personal data (Art. 16 GDPR);
  3. Obtain the erasure of data in the cases and within the limits set forth in Art. 17 GDPR;
  4. Obtain the restriction of processing (Art. 18 GDPR);
  5. Withdraw consent for processing based on consent (Art. 13, paragraph 2, letter c) GDPR);
  6. Obtain data portability (Art. 20 GDPR);
  7. Object to the processing of data (Art. 21 GDPR);
  8. Lodge a complaint with the Supervisory Authority according to the methods available on the website www.garanteprivacy.it.

These rights can be exercised by contacting the Data Controller at the email address catognella@gmail.com.