Cookie Policy

Who are we and what do we do with your personal data?

HVB LIVING SRL, headquartered in Via Crosaron Snc – cap. 37053 – Cerea (VR), (hereinafter also The Data Controller), as the Data Controller, is concerned about the confidentiality of your personal data and to ensure that they are protected from any event that may put them at risk of being breached.

The data controller implements for the purpose policies and practices having regard to the collection and use of your personal data and the exercise of your rights under applicable law. The Data Controller takes care to update the policies and practices adopted for the protection of personal data whenever it’s necessary and in any case of regulatory and organizational changes that may affect the processing of your personal data. The Data Controller has appointed a data protection officer (DPO) whom you can contact if you have questions about its policies and practices.

You may contact the DPO at dpo.hvb@midigroup.it

How does the Data Controller collect and process your data?

The personal information, that affect you, will be processed for

the site navigationwww.hotelvillabartolomea.it

The processing of your personal data, such as browsing data e.g. IP address and cookies issued by browsing the sitewww.hotelvillabartolomea.it will be processed by the Data Controller to follow up on the management of the website and to collect information also of an aggregate nature. Your personal data will not be in any way disseminated or disclosed to unspecified people.

The communication to third parties and recipients

The communication of your personal data is made mainly to third-parties and/or recipients whose activities are necessary to carry out the activities inherent to the aforementioned purposes, and also to respond to certain legal obligations. Any communication that does not respond to these purposes will be subject to your consent. In particularly, your data will be transmitted to third-parties/recipients for:

the conduct of the service (e.g. IT service provider);
communications in respect of the financial administration, and public supervisory and control bodies towards which the Data Contoller must fulfill specific obbligations arising the specificity of the activity exercised.;

The personal data that the Data Controller processes for this purpose are:

navigation data (IP address)

IT security reasons

The Data Controller processes, including its suppliers (third-parties and/or recipients), your personal data (e.g. IP address) or traffic data collected, or obtained, in case of services displayed on the website to the strictly necessary and proportionate extent to ensure the security and the ability of a network or servers connected to it to withstand, at a certain level of security, unexpected events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. For these purposes, the Data Collector provides procedures for handling a personal data breach.

What are cookies and for what purposes they can be used

A “cookie” is a small text file created by some websites on the user’s computer at the time the user accesses in a particular site, for the purpose of storing and transporting information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s computer; then they are re-sent to the website on subsequent visits. Some operations could not be accomplished without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the website uses cookies to simplify and facilitate navigation by the user or to enable the user to take advantage of specifically requested services. Cookies may remain in the system for long periods and may also contain a unique identification code. This allow the sites that use them to keep track of the user’s navigation within the site itself, for statistical or advertising purposes, that is, to create a personalized profile of the user from the pages that he/she has visited and them show and/or send him/her targeted advertising (so-called Behavioural Advertising).

What cookies are used and for what main purposes

The Data Controller reports below the specific categories of cookies used, the purpose and the consequence of de-selecting them:

COOKIE TYPE	FIRST/THIRD PART	PURPOSE	RETENTION TIME	CONSEQUENCE IN CASE OF DESELECTION
Technical cookies	First part	Site Management. They enable the safe and efficient operation and exploration of the website	Browsing session.	These are the cookies necessary for the use of the website, blocking them does not allow it to work
Functionality cookies	First part	Facilitate navigation and service rendered to the user in terms of a set of criteria selected by the user	Based on the installed cookie: -browsing session; -1 day; -1 year.	It would not be possible to maintain the choices made by users while browsing
Cookie analytics	First part	Collect information in aggregate form about users’ browsing to optimize the browsing experience and the services themselves.	Based on the cookie installed: -browsing session; -6 months; -13 months;	It would no longer be possible for the Data Controller to acquire the aggregate information
Cookie analytics	Third part		Term remitted to the third party.

Third-party cookies

Third-party cookies, i.e. cookies created by a website other than the one the user is currently visiting, are also operational on this website. In particular, users are informed that the website uses the following services that issue cookies:

-Microsoft Clarity cookies installed by Microsoft Corporation store a unique user ID, track and combine a user’s page views into a single session record, and store and track interaction. For more information about the processing of personal data and your rights under the Data Privacy Act visitCookie Policy Microsoft Clarity

Social buttons

Sul sito www.hotelvillabartolomea.it there are special “buttons” (called “social buttons/widgets”) that depict the icons of social networks (e.g. Facebook, linkedin, etc.) and other web services (e.g. Youtube, etc.). The same allow users who are browsing the Data Controller’s web page to access the relevant social networks with a “click”. In this case, the social network and web services acquire data about the user, while the Data Controller will not share any browsing information or user data acquired through its site with the social networks and web services accessible thanks to the social buttons/widgets. Such services issue “third-party cookies.” Below are links to the privacy policies of the most commonly used social networks and websites to which the buttons refer:

for Facebook: www.facebook.com/help/cookies

for Instagram: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect&__coig_consent=1

Deselezione e attivazione dei cookie “rivedi le tue scelte sui cookie”

What happens if you do not provide your data?

Please, take a look at the consequences of deselecting individual cookies as listed in the table above.

How, where and how long is your data stored?

How we process your data

The processing of personal data is carried out through computer procedures by specially authorized and trained internal parties. They are allowed access to your personal data to the extent and to the limits in which it is necessary for the performance of the processing activities concerning you. The Data Controller periodically verifies the means by which your data are processed and the security measures provided for them, the constant updating of which it provides for; verifies, also through the authorized persons in charge of the processing, that no personal data whose processing is not necessary are collected, processed, archived or stored; verifies that the data are stored with the guarantee of integrity and authenticity and their use for the purposes of the processing actually carried out.

Where we process your data

The data are stored in computer and telematic archives also located outside the European Economic Area. In particular: US – Adherence to Data Privacy Framework.

How long do we process your data?

-Cookie: Please, review the personal data retention terms as outlined in the table above. -Site Navigation: Personal data are retained for the time necessary to allow the navigation of the site and in any case no longer than 12 months, except in cases where events occur that involve the intervention of the competent Authorities, including in collaboration with third parties / recipients who are entrusted with the data security activities of the Data Controller, to carry out any investigations into the causes that led to the event, as well as to protect the interests of the Data Controller related to a possible liability related to the use of the site and its services.

What are your rights?

Basically you, at any time and free of charge and without special burden and formalities for your request, can:

obtain confirmation of the processing operated by the Data Controller;

access to your personal data and know their origin (when the data are not obtained from you directly), the aims and purposes of the processing, the data of the individuals to whom they are communicated, the retention period of your data or the criteria useful for determining it;

update or rectify your personal information so that it is always exact and accurate;

delete your personal data from the databases and/or archives, including backup archives of the Data Controller in case, among others, that they are no longer necessary for the purposes of the treatment or if it is assumed to be unlawful, and always if the conditions provided by the law are met; and in any case if the treatment is not justified by another equally legitimate reason;

limit the processing of your personal data in certain circumstances, such as where you have disputed its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must also be informed, in a reasonable time, when the period of suspension has expired or the cause for restricting processing has ceased to exist, and thus the restriction itself lifted;

obtain your personal data, if received or processed by the Data Controller with your consent and/or if they are processed on the basis of a contract and by automated instruments, in electronic format also for the purpose of transmitting them to another Data Controller.

The Data Controller should do so without delay and, in any case, no later than one month after receiving your request. If necessary, the deadline may be extended by two months, considering the complexity and number of requests received by the Controller. In such cases, the Data Controller will, within one month of receipt of your request, inform you and make you aware of the reasons for the extension. To exercise your rights, write to dpo.hvb@midigroup.it

How and when can you object to the processing of your personal data?

For reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on legitimate interest, by sending your request to the Data Controller, at dpo.hvb@midigroup.it You have the right to the deletion of your personal data if there is no legitimate reason overriding the one that originated your request

Who can you complain to?

Without prejudice to any other action in administrative or judicial proceedings, you may lodge a complaint with the competent supervisory authority or the one that performs its duties and exercises its powers in Italy where you have your habitual residence or work or if different in the member state where the violation of Regulation (EU) 2016/679 occurred.