eng
Bike
Information Notice pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)
Subject: Privacy notice regarding the processing of personal data collected through the website
In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), we hereby provide you with the following information regarding the processing of personal data you supply.
This notice applies exclusively to the website www.boscodellaspina.it and does not apply to any third-party websites that may be accessed through links on this site. The Data Controller cannot be held responsible for third-party websites.
This privacy notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 and also takes into account Directive 2002/58/EC, as amended by Directive 2009/136/EC, regarding cookies, as well as the Italian Data Protection Authority’s decision of May 8, 2014 on cookies.
Pursuant to Articles 4 and 24 of Regulation (EU) 2016/679, the Data Controller is:
BOSCO DELLA SPINA S.R.L.
Via della Tinaia 13, Lupompesi 53016 Murlo (SI), Italy
VAT and Tax Code: 00784010522
Registered with the Siena Chamber of Commerce (REA) No. 90911
Share Capital: €50,000.00 (fully paid)
Tel. +39 0577 814605
Email: info@boscodellaspina.it
Hereinafter referred to as the “Data Controller”.
Personal data provided will be processed lawfully pursuant to Article 6 of Regulation (EU) 2016/679 for the following purposes:
Contract-related processing (Art. 6(1)(b))
Browsing this website;
Completing contact forms to request information;
Fulfilling administrative, accounting, and tax obligations;
Complying with applicable laws and regulations.
For data protection purposes, administrative and accounting processing includes activities of an organizational, administrative, financial, and accounting nature, regardless of the type of data involved.
Personal data voluntarily provided by users requesting information about hotel services (rates, availability of rooms and apartments, etc.), subscribing to the newsletter, making online reservations, or submitting job applications (including CVs in electronic format), will be used solely to provide the requested service and will not be disclosed to third parties unless required by law or strictly necessary to fulfill the request.
Like all websites, this site uses log files in which information collected automatically during user visits is stored. This information may include:
IP address;
Browser type and device parameters;
Internet Service Provider (ISP) name;
Date and time of access;
Referring and exit pages;
Number of clicks.
This data is not collected to be associated with identified individuals; however, by its nature, it could potentially lead to identification through processing and association with data held by third parties.
The optional, explicit, and voluntary sending of emails to the addresses listed on this site results in the acquisition of the sender’s email address, necessary to respond to requests, as well as any additional personal data included in the message.
Personal data provided via email contact or through the submission of a CV may be shared with recipients who process data either as Data Processors or as individuals acting under the authority of the Data Controller, for contractual or related purposes.
Data may be shared with:
Service providers managing IT systems and communication networks (including email services);
Professional firms or companies providing assistance and consultancy services;
Competent authorities for compliance with legal obligations;
Companies providing commercial information services for creditworthiness assessments and/or debt collection services, where necessary for administrative and accounting purposes.
In the case of spontaneous job applications, data will be stored at our premises and shared only with authorized personnel responsible for recruitment processes. Data will be processed exclusively by personnel specifically authorized by the Data Controller, including management and administrative staff responsible for system administration and personnel management.
The above entities may act either as Data Processors or as independent Data Controllers.
Data collected through the website is processed at the Data Controller’s premises and at the web hosting provider’s data center. The hosting provider, acting as Data Processor on behalf of the Controller, is located within the European Economic Area (EEA) and complies with applicable European regulations.
The updated list of appointed Data Processors is available at the registered office of Bosco della Spina S.r.l.
Personal data provided will not be transferred outside the European Union.
Processing is carried out using automated and/or manual methods designed to ensure maximum security and confidentiality by specifically authorized personnel.
In accordance with Article 5(1)(e) of Regulation (EU) 2016/679, personal data will be stored in a form that allows identification of data subjects for no longer than necessary to achieve the purposes for which the data was collected.
For further information regarding data retention criteria, please contact info@boscodellaspina.it.
Except for browsing data, users are free to provide personal data in designated areas of the website.
Providing personal data for the purposes described in this notice is necessary to access specific features and services, such as receiving a response to an information request. Failure to provide such data may make it impossible to obtain the requested service.
You may exercise your rights under Articles 15–22 of Regulation (EU) 2016/679, including:
Right of access (Art. 15);
Right to rectification (Art. 16);
Right to erasure (Art. 17);
Right to restriction of processing (Art. 18);
Right to data portability (Art. 20);
Right to object (Art. 21);
Right not to be subject to automated decision-making (Art. 22).
You may exercise your rights at any time by contacting the Data Controller at: info@boscodellaspina.it.
You also have the right to lodge a complaint with the competent Data Protection Authority if you believe that your data has been processed in violation of Regulation (EU) 2016/679.
Where processing is based on consent (Article 6(1)(a) and Article 9(2)(a)), you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
In the event of a data portability request, the Data Controller will provide your personal data in a structured, commonly used, and machine-readable format, in accordance with Article 20 of Regulation (EU) 2016/679.
