Petriolo s.r.l. with registered seat in Milan (MI), Italy, Corso di Porta Nuova, n. 15, VAT 06642280488 ("Petriolo" or the "Controller"), PEC email@example.com, Email firstname.lastname@example.org
SOURCE OF DATA
The data is collected from the data subject or automatically by the systems of the Controller at the time of access to the Wi-Fi network of the facility.
IDENTIFICATION AND CONTACT DATA: name, surname, e-mail address OTHER INFORMATION: IP address, Mac Address, information related to logs of access and disconnection from the Service, other parameters regarding the operating system and computer environment used by the guest. The identification data will not be correlated with users' browsing data except for specific investigation or verification needs required by the competent Authorities. In addition, the Controller does not process any data related to users' devices for the purpose of location or movement tracking (using Wi-Fi location tracking techniques).
PURPOSES OF THE PROCESSING
The data is processed to allow access to the Wi-Fi network of the Controller's facility. The identification data will also be used in order to allow the competent authorities to trace the author of any illegal conduct perpetrated through the use of the Wi-Fi service.
The execution of contractual obligations of which the guest of the facility and the Controller are a party in order to allow access to the facility's Wi-Fi (Article 6, paragraph 1, lt. B) GDPR). The fulfillment of legal obligations regarding security to which the Controller may be subject as a result of the user's access to the facility's Wi-Fi (Article 6, paragraph 1, lt. C) GDPR).
PROVISION OF DATA
The provision of data for access to the wi-fi network is necessary. In the event of failure to provide, or incomplete, the Controller may not be able to allow access to the Wi-Fi network.
DATA RETENTION PERIOD
The identification data for access to the Wi-Fi network will be kept by the Controller for a period of 3 days from the first connection. The Controller may keep the data to exercise or defend any right or claim in legal proceedings. The retention of telematic traffic data generated by the user is, according to the relevant legislation, exclusively on the telecommunication operators.
JOINT DATA CONTROLLERS
Petriolo s.r.l. with registered seat in Milan (MI), Italy, Corso di Porta Nuova, n. 15, VAT 06642280488 and Villa Vignamaggio S.r.l. ("Vignamaggio"), VAT 04072370481, with registered seat in via Petriolo 5 -50022- Greve in Chianti (FI), Italy, which can be reached at the following addresses: PEC email@example.com, Email firstname.lastname@example.org (the "Joint Controllers").
SOURCE OF DATA
The data is collected from the data subject.
IDENTIFICATION AND CONTACT DATA: name, surname, e-mail address, country of origin.
PURPOSES OF THE PROCESSING
The data may be processed for direct marketing purposes, such as sending newsletters, information and commercial communications, updates on the latest launches, offers and promotions relating to the products and services of Petriolo and Vignamaggio and partners operating in the fields of: wellness, accommodation, leisure, wines, restaurants, tours and events. The data may also be processed to perform market research, statistical analysis or other research to improve the products and services of Petriolo and Vignamaggio and of the partners belonging to the following categories: wellness, accommodation, leisure, wines, restaurants, tours and events, as well as for customer satisfaction surveys. We may carry out these activities through our newsletter, via email, even by automated means (SMS, social media). The data subject can choose to receive such communications exclusively by non-automated means (for example, non-automated telephone calls or by post) by writing an e-mail to email@example.com
The consent of the data subject to the processing of data (Article 6, paragraph 1, lt. A) GDPR).
PROVISION OF DATA
The provision is optional. In case of failure to provide the data, the user will not receive offers and promotions from Petriolo and Vignamaggio, and his data will not be used for market research and statistical analysis or customer satisfaction surveys.
DATA RETENTION PERIOD
If the user has given their consent, they can withdraw it at any time by clicking on the "unsubscribe" link included in our marketing email received or by sending an email to firstname.lastname@example.org. Petriolo and Vignamaggio will no longer use and delete the processed data (i) for marketing and other commercial purposes or (ii) in order to improve relations with their customers, after 24 months from the date of the last stay.
RECIPIENTS/CATEGORIES OF DATA RECIPIENTS
The data will be processed by employees of the Controller or of the Joint Controllers, depending on the processing, expressly authorized to processing on the basis of the instructions received and after the adoption of suitable measures to protect the data in relation to all the purposes indicated above. The following subjects may become aware of the data in relation to the processing purposes provided for in this policy and may process the data both as autonomous controllers and as processors duly appointed by the Controller or by the Joint Controllers, depending on the processing (the list of these processors and autonomous controllers is available upon request via e-mail to be sent to email@example.com), including:
**DATA TRANSFER TO AN NON-EU COUNTRY **
The data processing will be carried out at the facility of the Controller or of the Joint Controllers, depending on the processing, in Italy, as well as at the servers managed by the data processors indicated above, in the United Kingdom, South Africa and the United States. In case of transfer of personal data to third countries:
DATA PROCESSING METHODS
The data will be processed in compliance with the principles of correctness, lawfulness and transparency, through manual and automated methods and through the use of paper and electronic means, in any case within the limits of the purposes of the data processing(s) set out in this policy and, in any case, always guaranteeing the security and confidentiality of the data.
RIGHTS OF DATA SUBJECTS
The data subject may at any time exercise the following rights under the conditions and within the limits provided for in Articles 12-22 of the GDPR by sending an email to firstname.lastname@example.org:
In the event that the data subject believes that the processing of personal data carried out by the Controller, or by the Joint Controllers, depending on the processing, occurs in violation of the provisions of Regulation (EU) 2016/679, they have the right to lodge a complaint with the Supervisory authority, in particular in the Member State in which they habitually reside or work or in the place where the alleged violation of the regulation has occurred (in Italy the Garante Privacy https://www.garanteprivacy.it/), or to refer to the appropriate judicial offices.
CONDITIONS OF USE OF THE WI-FI SERVICE
Access to the Wi-Fi network will be available free of charge, by registering on a specific captive portal, to all guests of the Controller's facility, who are of legal age. By entering the data in the registration form, the user confirms that they are at least 18 years old.
The user of the WiFi service will be responsible for the activities carried out while connecting to the internet and for any illegal or improper use of the device authorized for access.
The user undertakes to indemnify and hold harmless the Controller from any liability, damage or claim of third parties for any reason for the violation of the prohibitions indicated above or any other use that does not comply with the law.
The user is aware of the IT risks inherent in navigation and acknowledges that the Controller does not provide any guarantee with respect to the provision of the WiFi service with regard to quality and continuity, nor with respect to the content and information found by the user on the internet. The user also acknowledges that access to the WiFi network may not be subject to data encryption and it will therefore be the user's responsibility to take appropriate security measures to protect the data and content transmitted via their device.
The Controller reserves the right to suspend the WiFi service at any time and in the event of illicit or improper use by the user, communicating the incident to the public security authorities in the event of violations that may hypothesize illegal behavior.