INFORMATION ON THE PROCESSING OF PERSONAL DATA OF INDIVIDUALS
This document is drawn up in compliance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27-04-2016, relating to the protection of individuals with regard to the processing of personal data, implemented in Italy as a result of Legislative Decree 101/2018, issued following LD 163/2017, as well as subsequent amendments and i. .
I Tre Bacili S.r.l. (hereinafter Tre Bacili, Organization), as Data Controller (hereinafter also Data Controller), has as its main objective the compliance with the applicable regulations on the protection of personal data and, for this reason, ensures the necessary formalities for its correct adaptation to the Regulation (EU) 2016/679 on the subject (hereinafter also GDPR).
PURPOSE OF DATA PROCESSING
The processing of personal data c.d. municipalities (previously and later data) is aimed solely at the execution:
- of the tourist accommodation services which the Guest has requested and adhered to, or the execution of the pre-contractual measures adopted or of the contract of which the Data Subject (The Resident or the Guest) is a party
- the stay, or the use of badges for access control in the common areas and in the room assigned to the interested party
- of the daily communication to the local competent police headquarters of the interested party and its so-called generality
- of daily and periodic statistics to measure the satisfaction and understanding of the current and potential needs of the interested party, with the aim of improving the offers of tourist accommodation services
- of video surveillance for the protection of property, as well as for the protection and safety of the interested parties
- sending information on informative tourist accommodation services
- the publication of audio and video recordings of a public nature
- access to Wi-Fi, navigation on the site of the owner and third parties, as well as the use of third-party plugins.
The Organization does not provide for the processing of particular categories of personal data (so-called sensitive).
For point 1 see also the following § "Contact form management".
For point 2 see also the following § "Access control management".
For point 5 see also the following § "Video surveillance management".
For point 8 see also the following § "Wi-Fi management, cookies and plugins".
METHOD OF DATA PROCESSING
The treatment is carried out through operations, carried out with or without the aid of electronic tools, consisting in the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, blocking, communication, cancellation and destruction of data. The processing is carried out by the Data Controller and by the persons in charge expressly authorized by the Data Controller.
Il Titolare non trattiene originale del documento di riconoscimento dell'Interessato.
The Data Controller does not keep the original of the identification document of the interested party. The data will be processed by internal or external staff of the Data Controller in charge of pursuing the activities in § "Purpose of data processing". These resources have been designated as external persons in charge of processing and have received adequate operating instructions in this regard.
LEGAL BASIS OF DATA PROCESSING
The legal basis that legally authorizes the Data Controller to process data in the activities in § "Purpose of data processing" is for:
- Points 1, 2, 3, 4 and 5, Community legislation and / or regulation, national legislation, or the obligations that the Owner himself has to fulfill the application of the Shengen agreement and in the field of tourist accommodation services , public safety, control and alarm for the safety of the interested party in the swimmers area
- Points 6, 7 and 8, are the legitimate interest of the Owner to promote the offers of tourist accommodation services.
The legal basis is collected in the Register of treatments, available for consultation at the headquarters of the Data Controller.
CONSENT, CONFERRAL OR REFUSAL OF DATA PROCESSING
The provision of data is essential for carrying out the activities referred to in Points 1, 2, 3, 4 and 5 of the § "Purpose of data processing"; for them, the processing is lawful for the aforementioned obligations to which the Data Controller is subject. The Data Controller asks the interested party for consent as evidence of information and that the same freely lends it.
Any lack of consent and refusal of the interested party to the processing of data for the activities referred to in Points 2 and 5 of the § "Purpose of data processing", makes it impossible for the interested party to access the operational headquarters of the Data Controller in a lawful manner.
Any lack of consent and refusal of the interested party to the processing of data for the activities referred to in Points 6, 7 and 8 of the § "Purpose of data processing", makes it impossible for the Data Controller to carry out the aforementioned Points.
COMMUNICATION OF DATA
The data may only be disclosed to the persons in charge of the processing and may be communicated, for the activities referred to in § "Purpose of the data processing", to public or private authorities or control bodies, external collaborators, domiciliary holders, counterparties and their defenders , to any arbitrators and, in general, to all subjects whose communication is necessary for the correct performance of the requested service and to fulfill the activity of the aforementioned §.
TRANSFER OF DATA ABROAD
The data may be transferred to countries of the European Union or to third countries with respect to those of the European Union or to an international organization, to carry out the activity referred to in § "Purpose of data processing".
It will be communicated to the interested party whether or not there is an adequacy decision of the European Union.
The data are kept for the minimum period required by current legislation referred to in § "Legal basis of data processing" and no longer than that necessary to fulfill the obligations or activities referred to in § "Purpose of data processing".
RIGHTS OF THE INTERESTED PARTY
The interested party has the right to exercise the:
- Right of access, to know which data are processed and all information relating to the processing
- Right of rectification, to be able to request the modification of data, as inaccurate, incomplete or obsolete, without undue delay, also by providing a supplementary declaration
- Right to portability, to obtain a copy of the data that are processed, in a structured format, commonly used and readable by an automatic device, in order to facilitate a possible transfer of data to a Data Controller other than the Organization
- Right to limit the processing, to be able to limit the processing of data, provided that one of the hypotheses provided for by the applicable regulations occurs
- Right to be forgotten, to request the deletion of data, without undue delay, provided that one of the hypotheses provided for by the applicable regulations occurs
- Right to object, to request the termination of data processing (eg: termination of commercial communications)
- Right to lodge a complaint with the supervisory authority, to promote any reports, complaints or appeals to the Guarantor for the Protection of Personal Data
CONTACT FORM MANAGEMENT
Data Controller, as far as not expressed here, refers to the relative section for the management of the Contact Form.
MANAGEMENT OF ACCESS CONTROL
Data Controller, as far as not expressed here, refers to the relative section for the management of Access Control.
MANAGE VIDEO SORVEILLANCE
Data Controller, for as long as not expressed here and for as much as indicated by information signs installed at the operative headquarters, refers to the relative section for the Image Management.
MANAGE Wi-Fi, COOKIE AND PLUGIN
Data Controller, for as long as not expressed here refers to the relative section for the section for WiFi, Cookie and Social Network Plugin Management.
The Data Controller is I Tre Bacili S.r.l., with registered office in Via Francesco de Mura 40, I-73100 Lecce (LE) and with operational headquarters in Via Congregazione, 31, 25 and 50, I-73039 Spongano (LE).
This site has installed an IT contact form with which the User can request information from the Data Controller regarding the services offered. With the compilation of the same, the interested party provides and the Data Controller collects with the Application personal data such as name, surname, e-mail, cookies (see also following § Cookies) usage data.
The treatment is consistent with what is expressed in the aforementioned information.
The Data Controller, in its operational headquarters in Via Congregazione, 31, 25 and 50, I-73039 Spongano (LE), has installed, activated and maintains an integrated system of software and electronic equipment and badges, bracelets, mobile-keys or tags ( previously and later also and only badges) to carry out an access control activity on the controlled gates.
The data collected includes name, surname and identification code associated with the room assigned during the stay, that is to say, the information is processed for the generation and activation of the access keys and for the recognition of the Guest during transit through the controlled gates.
The aforementioned processing can be carried out manually and / or through automated methods designed to store, process and transmit them, keep them for as long as necessary to pursue their purposes (and in any case no later than 13 months) and takes place through appropriate technical and organizational measures.
Purpose of the images
The Data Controller, in its operational headquarters in Via Congregazione, 31, 25 and 50, I-73039 Spongano (LE), has installed, activated and maintains an integrated system of video intercoms and video surveillance (hereinafter equipment/s) for the purpose of protect company assets, property assets and people hosted in common areas, or to prevent illegal or fraudulent behavior.
The equipment is aimed at shooting, with or without image recording, areas outside the buildings and parking areas (perimeter, common areas such as gardens, courtyards, terraces, etc., as well as emergency exits), but not the interiors guest rooms or staff workstations.
Among the equipment we point the camera oriented to the pool of water with specific function of alternative control and alarm system able to guarantee the safety of bathers.
Legal basis for image processing
The processing of images is lawful as it is functional to the protection of property, respecting the legal obligations and the provisions of the Guarantor and, specifically, the General Provision of 08-04-2010 and subsequent amendments.
The activity in question is carried out in the so-called principle of proportionality of shooting methods with fixed cameras with varifocal optics equipped with optical zoom and location along the perimeter of the buildings and in the common areas inside them (e.g. areas outside the buildings and parking areas), as well as the treatment of images not exceeding the aforementioned purposes.
The integrated video intercom and video surveillance system in question is not subject to preliminary verification or notification to the competent Authorities on the subject, as the images are exclusively consistent with the aforementioned purposes and are treated temporarily.
Information to the interested party about the processing of images
Persons hosted in the aforementioned operational headquarters (for overnight stays or for the administration of food and drinks) or passing through the aforementioned outdoor parking areas are informed that they are about to access video-monitored areas by means of one or more information signs placed before the range of action or in the immediate vicinity of the equipment.
The Data Controller and the officers are trained and can also provide this information verbally to anyone who requests it.
The integrated system of video intercoms and video surveillance in question, if connected to the police forces, is made known to the interested party through the aforementioned information signs.
Integrated system management
The operational headquarters are protected by an anti-intrusion and access control system.
The hardware equipment and programming software are stored in cabinets suitable for the purpose and protected by electronic keys.
The equipment is installed at adequate heights in order to be sufficiently preserved from vandalism, suitable and protected from atmospheric agents and are not designed to display or store images.
The equipment and hardware devices are connected by cable (generally underground or inside the walls) and not by wireless connections (eg: Wi-Fi, Gprs).
The terminals and portable devices equipped with screens for viewing images are protected by suitable access systems (i.e. authentication credentials).
The processing of images is carried out in such a way as to limit the angle of view to the area actually to be protected, avoiding / hiding, as far as possible, the shooting of surrounding places and details that are not relevant to the aforementioned purposes.
The transmission of images from the shooting points to the equipment takes place via cable and not for wireless connections (eg: Wi-Fi, Gprs).
The images are never taken and recorded by associating them with the personal data of the interested party.
The images are:
- collected and accessible at the time of use only in the case of video intercom, to open or not the entrance doors or gates to buildings and parking areas
- collected, accessible and stored in the case of cameras, with the aim of preventing their destruction, loss (even accidental), etc.
- collected, accessible and stored in the aforementioned hardware devices, with the aim of preventing their destruction, loss (even accidental), etc.
- constantly visible on the aforementioned screens
- protected by suitable access systems (or authentication credentials)
- protected from unauthorized processing (ie cryptography)
- stored with these limits:
- 24 hours after shooting from the cameras
- or over 24 hours on the occasion of holidays or periods of closure, or in case of need (eg: following the detection of illegal or fraudulent behavior), but in any case below one week period,
- or according to the provisions of the judicial authorities or the police forces, firefighters, etc. .
After the aforementioned time limits, the images are automatically and completely deleted, without the possibility of being able to be recovered or reused.
The images can be visible, transmitted and / or made available to the police.
Responsible and in charge of the treatment
All the personnel involved in the management of the equipment have their own authentication credentials (user id and password dedicated to the Data Controller, to the internal and external Appointees) and who, depending on the assigned tasks, can carry out the operations within their competence.
As far as equipment is concerned, he can turn the entire integrated system on or off, but not change the settings except for the exclusion of equipment that is not functioning properly which could make the remaining part of the integrated system ineffective.
As for the images, he can view them, in synchrony with the shooting and on a delayed basis, but he cannot delete or duplicate them.
- Responsible for the reception
As regards the equipment, he can carry out any operation, except for authorization and qualification registered by the Manager.
As for the images, he can view them, only in synchrony with the shooting, but he cannot carry out operations of deletion and duplication of the images.
- As regards the equipment, he can carry out, on site or from the service center, all the installation operations, ordinary or extraordinary maintenance on the entire integrated system, including switching on, setting (e.g .: shifting the viewing angle, change the zoom), the initial and subsequent testing, and shutdown.
As regards the images, in addition to what is strictly necessary in the aforementioned phases and only in synchronicity with the shooting in the absence of any interested parties, he can access the images in the presence on site or remotely of subjects with authentication credentials enabled to view the Images.