Anchor 1 - WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
The Data Controller of your Personal Data (“Data Controller”) collected and processed through Excelsior Services is Excelsior S.r.l., an Italian limited liability company with operations at Via Marzia 73, 35031 Abano Terme (Padova). To obtain information on Personal Data processing carried out by the Data Controller, you may write to this address: firstname.lastname@example.org The Data Protection Officer can be contacted at the following address: email@example.com
Anchor 2 - WHICH PERSONAL DATA DO WE COLLECT?
In order to provide our products and Services and constantly improve them, we collect Personal Data of potential customers, those who have bought from us before, those who are buying from us now, and Web site visitors who may even be children.
Anchor 2.1 - DATA YOU PROVIDE US DIRECTLY
The Data Controller of your Personal Data (“Data Controller”) collected and processed through Excelsior Services is Excelsior S.r.l., an Italian limited liability company with operations at Via Marzia 73, 35031 Abano Terme (Padova). To obtain information on Personal Data processing carried out by the Data Controller, you may write to this address: firstname.lastname@example.org The Data Protection Officer can be contacted at the following address: email@example.com.
We keep any information you provide us directly in relation to our products and Services. You can choose not to supply any data, but in this case you would not be able to use many of our Services. These data can consist of identifying details such as name, mailing address, electronic mail address, telephone number or one or more characteristic elements of your identity related to physical, physiological, financial, cultural or social aspects you can be identified by ("Personal Data"). For security reasons data are also collected on the device, including IP addresses and details on your browsing history, type of browser and how often it is used. If you are under 16 years of age you should not provide any Personal Data or register at our Web site; at any rate we will not be held responsible for any false declarations made by you. When we realise that any false declarations have been made, we immediately delete any personal data collected. Below is a list of the categories of data we collect:
• Information provided by you when you complete registration forms on our Web site. This includes information provided during registration in order to use our Web site or to subscribe to our Services, when a booking is made for accommodation, or you book extra Services or purchase products;
• If you contact us to make a request or report a problem, we can keep track of this correspondence. We can ask you for information when you report a problem using our Web site;
• When you subscribe to our Services or to our newsletter to receive news about our activities, new commercial offers and on publication of posts of our blog;
• Information collected when you complete customer satisfaction surveys on your experience with our Services;
• Details on transactions made by you through our Web site concerning bookings or purchases, including your debit/credit card details;
• When you register to use wi-fi Service;
• When using “Messaging” or “Chat” Services to talk to our customer service representatives;
• Data concerning your health, such as information about allergies, intolerances, disabilities, diseases, disturbances if you reveal them;
• Data about children, if and when revealed by a parent;
• Details about what you like, your interests, wish lists and past purchases.
• Photos and biometric data intended to identify a certain individual;
In this case, you are considered the independent Data Controller and assume all legal obligations and responsibilities. In this regard, you agree to hold the Data Controller harmless by any dispute, expectation, claim for damages caused by processing received by the Data Controller from third parties whose Personal Data have been processed against applicable Personal Data Protection rules. If not strictly necessary, we prefer that you do not disclose any Personal Data belonging to Special Categories, such as those revealing your racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data concerning health or behaviour characteristics such as sex life and orientation. Remember that when Special Categories of Personal Data are revealed without giving your consent to their processing, the Data Controller cannot be held responsible in any way or receive any sort of protest, since in such case processing will be permitted as the data were revealed by the data subject himself. As pointed out above, we specify the importance of explicitly consenting to processing of Special Categories of Personal Data when you decide to share such information.
Anchor 2.2 - DATA COLLECTED AUTOMATICALLY
Anchor 3 - HOW DO WE USE THE DATA WE COLLECT?
We process your Personal Data to perform, supply and improve our Services, to inform you about our business activities and to offer you more personalised Services according to your interest. The following are the purposes for which we process your data, and only after receiving your consent, if necessary:
Anchor 3.1 - TO ALLOW YOU TO USE OUR SERVICES AND IMPROVE THE WAY IN WHICH THEY ARE SUPPLIED
We use your Personal Data to enable you to have access to our Services and use them, including:
• To allow you to register at our Web site;
• To respond to requests for assistance or information about our Services, purchases, products and bookings;
• To enable management of orders and bookings, to supply the products and Services you requested, to process payments and to fulfil any contractual obligations we have towards you;
• To fulfil any legal, accounting and tax obligations;
• To contact you with news about your orders, requests, bookings, and our products and Services;
• To fulfil legal obligations imposed by local and municipal regulations, and civil and criminal law;
• To prevent and check fraud and abuse in order to look after our security, our customers' security and the security of others. We may even use credit ratings to evaluate and manage credit risks, protect our receivables and manage payables;
• To process data concerning health, disabilities, allergies and food intolerances, diseases and disturbances in order to provide access to and performance of our Services.
• To analyse CVs and contact applicants who submitted an application. Further, for selection purposes, the Data Controller may analyse professional social network profiles, such as LinkedIn, found on the Internet.
Anchor 3.2 - TO KEEP YOU INFORMED ABOUT OUR BUSINESS VENTURES
We use the data collected to keep you informed about promotions you might be interested in. Processing for direct marketing purposes is optional and can only be done with your consent. So refusing to give your consent for these purposes will not prevent you from using other Services. In particular, we use them for:
• Sending newsletters and advertising material by any means, including email, SMS, and push notifications, telephone calls or direct mail, related to our products and Services such as invitations to special events, promotions of special offers, advertising new products and Services;
• Conducting analyses and generating reports on marketing communication systems, such as monitoring the number of email messages opened, the clicks on links contained in messages, the sort of device used for reading messages, the operating system used and the list of unsubscribers.
• Market research, optional surveys and user satisfaction surveys for improving our Services;
Anchor 3.3 - FOR PROVIDING YOU PERSONALISED SERVICE
We process the data collected in order to analyse your habits and preferences so as to offer you a more personalised Service in line with your interest and to improve our range of products and services. These analyses are not connected to any automated decision-making process. We also use your data to make our Service better and process them for these purposes:
• To adapt our Services based on your interests and wishes, by using data related to your interests and wishes to supply adequate Services in future;
• To create a profile of your preferences and needs for sending personalised advertising material on products and Services you asked us about or we believe you might be interested in;
• To suggest functionalities, products and Services you might be interested in for finding your preferences and personalising your browsing experience at our Web site;
• To provide functionalities, to analyse performances, to correct mistakes and to improve use and efficiency of our Services.
Anchor 4 - WHO DO WE SHARE YOUR DATA WITH?
The data collected are processed by our staff, who follow specific instructions given in accordance with applicable legislation and were selected and authorised by the Data Controller for this purpose.
Data concerning our customers are a fundamental component of our business and we do not sell our customers' Personal Data to third parties.
When the data collected are necessary or instrumental for achieving the above purposes, they may be processed by third parties; these businesses and individuals are authorised by the Data Controller and appointed as external Data Processors, as the case may be, and receive the data as independent data controllers.
• Companies, entities, associations that perform Services related or instrumental to supply of Services and achievement of the above purposes:
• On behalf of the Data Controller they perform assistance and consulting tasks in the fields of accounting, administrative, legal, tax, finance and credit collection services related to the supply of Services.
• for the supply of Services such as hosting and cloud Services, persons carrying out technical maintenance (including maintenance of network equipment, electronic communication networks and operating software);
• Entities and authorities we are obligated to disclose Personal Data to according to law or orders of the authorities;
• Collaborators who are bound to keep your data private or are legally obligated to keep them confidential for processing of Special Categories of Personal Data, necessary for performing tasks strictly related to supplying services;
• Delegates appointed to perform certain tasks on our behalf, such as filling orders for products and Services, delivering packages, sending paper post and email, supplying estimates and providing customer assistance Services;
• Financial institutes and organisations looking after processing of payments, prevention of fraud, credit risk reduction or for ensuring that our General Conditions of Sale and other agreements are respected and applied, or for safeguarding rights, assets and the security of the Data Controller, our users and other subjects;
• Delegates appointed to perform data analyses, marketing services, supply results of studies and share contents.
Anchor 4.1 TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Anchor 5 - HOW AND FOR HOW LONG WILL YOUR DATA BE KEPT?
The Personal Data collected will be kept by using electronic and non-electronic instruments and processed manually or by automated means in a secure manner.
• to carry out commitments made in contracts;
• as required by law (for tax and accounting purposes) or as you have been informed;
• we keep the history of transactions so you can check purchases made and the addresses you asked for your orders to be delivered to;
• to improve the range of Services and the contents we recommend;
• to check job applications.
Anchor 6- HOW DO WE PROVIDE PROTECTION FOR YOUR DATA?
We design our systems by duly taking your privacy into account and by taking reasonable security measures for the data we collect.
• We take appropriate security measures from a physical, electronic and organisational standpoint for the collection, storage and disclosure of our customers' Personal Data;
• We limit the number of people who have access to our software, servers and databases and have installed electronic security systems that protect against unauthorised access, loss of data, illegal and inappropriate use of data;
• Owing to our security procedures you may be asked at times to prove your identity before we reveal your Personal Data to you;
• As we are committed to safeguarding the security of your data during transmission, the information you provide on our Web site is encrypted during transmission by the Secure Sockets Layer (SSL) system;
• To manage your credit card data and to meet security standards, during payment processes on our Web site we rely on financial institutes. To prevent unauthorised access to your password, computers, devices and applications, we recommend that you take suitable precautions. Always make sure you log out when you have finished using a computer shared with other users.
Anchor 7 - WHAT ARE YOUR RIGHTS?
You have a number of rights when it comes to your Personal Data. You have the right to ask the Data Controller the following any time:
• Confirmation of whether your Personal Data are being processed, which data are being processed, the source, purpose and processing method.
• To receive a copy of your Personal Data, supplied willingly and directly or during use of the Service, in a commonly used electronic format and to send them to another Data Controller;
• To update, supplement and correct inaccurate Personal Data.
• If there is any automated decision-making process, including profiling, the logic used and important consequences of such processing.
• To object wholly or partially on legitimate grounds to our processing of your Personal Data or to sending you advertising or direct sales materials, or commercial communications and to ask for limitation of processing of your Personal Data in certain cases. Besides, if you no longer wish to receive emails or other marketing communications from us, click here and follow the on-line procedure to unsubscribe to commercial communications;
• To delete your Personal Data (right to be forgotten) but only when there is no longer any need to keep them for the purposes they were collected or processed, or if they have been processed unlawfully or it is necessary to fulfil any legal obligation the Data Controller is required to fulfil, or to exercise the right to freedom of expression and information or for verifying, exercising or defending a right in legal proceedings, or for archiving purposes in the interest of the public, or for scientific, historical or statistical research purposes.
In the event the right to be forgotten is exercised by asking for deletion of your Personal Data processed by the Data Controller, your data will be kept in a protected manner with limited access only for safeguarding its rights, verifications and prevention of crimes, and legal obligations for the time strictly necessary and will be deleted safely or transformed into anonymous and aggregated form for statistical purposes.
As said above, you can choose not to supply any data, but in this case you would not be able to use many of our Services.
We take the secrecy of all records containing Personal Data seriously and if you make a request we reserve the right to ask you to prove that it really is you.
If you wish to lodge a complaint or have a problem with how we use your Personal Data, you should contact us at the address firstname.lastname@example.org for this purpose and we will do our best to solve the problem as soon as possible. You also have the right to lodge a complaint with our supervisory authority, the Italian Personal Data Protection Authority http://www.garanteprivacy.it/ or with the supervisory authority of your place of residence.
Anchor 8 - CONTACT US AND INFORMATION
If you have any questions on how we use and process your Personal Data, please address your questions to the Data Controller and send them by electronic mail to the address email@example.com and we will do our best to answer you as soon as possible. The Data Controller has appointed a Data Protection Officer who can be contacted at this electronic mail address: firstname.lastname@example.org