Hotel Resort Tonicello, with its registered office in Ricardi, 89866 (Vibo Valentia) (hereinafter referred to as "Data Controller"), as the data controller, informs you pursuant to Article 13 of Legislative Decree 30.06.2003 No. 196 (hereinafter referred to as the “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as the “GDPR”) that your data will be processed on the website www.tonicello.it in the following ways and for the following purposes:

1. Subject of the Processing

The subject of the processing is personal, identifying, and non-sensitive data (for example, but not limited to: name, surname, company name, address, phone number, email - hereinafter referred to as "personal data" or simply “data”) that the Data Controller processes because provided by you during registration on the website www.tonicello.it, when participating in opinion and satisfaction surveys, filling out forms on the Site, signing up for events organized by the Data Controller, online requests for support or general inquiries, and requests to join mailing lists for sending newsletters.

2. Purpose of the Processing

Your personal data will be processed in the following ways:

1. A) Without your explicit consent (Art. 24 letters a), b), c) Privacy Code and Art. 6 letters b), e) GDPR), for the following Service Purposes:

Manage and maintain the Site or ensure its proper functioning;
Allow the use of services that you may have requested;
Participate through the Site in initiatives organized by the Data Controller (such as events, etc.);
Process a request for a quote or general contact;
Comply with obligations imposed by law, regulation, community legislation, or authority orders;
Fulfill obligations related to managing the association and relationships with members;
Carry out activities related to the statutory purpose of Hotel Resort Tonicello;
Prevent or detect fraudulent activities or abuses harmful to the Site;
Exercise the Data Controller’s rights, such as the right to exercise a right in court.

1. B) Only with your specific and distinct consent (Art. 23 and 130 Privacy Code and Art. 7 GDPR), for the following Other Purposes:

Send emails for opinion and satisfaction surveys, newsletters, and/or event invitations or sign-ups for events organized by the Data Controller, promotional or commercial newsletters.

3. Methods of Processing

The processing of personal data is carried out through the operations listed in Article 4 of the Privacy Code and Article 4 n. 2) of the GDPR, namely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data will be processed both manually and electronically and/or automatically, through the use of a website hosted on Cloud or servers managed by the company ENGINE LAB srls in Italy or another European country and beyond. The Data Controller will process personal data for the time necessary to fulfill the purposes outlined above and, in any case, no longer than 10 years from the termination of the relationship for the Service Purposes, and no longer than 2 years from the collection of data for Other Purposes.

4. Security

The Data Controller has adopted various security measures to protect your data from the risk of loss, misuse, or alteration. Specifically, they have adopted the measures outlined in Articles 32-34 of the Privacy Code and Article 32 of the GDPR, as well as secure data transmission protocols known as HTTPS.

5. Access to Data

Your data may be made accessible for the purposes described in Article 2.A) and 2.B):

To employees and collaborators of the Data Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
To third-party companies or other entities (e.g., ENGINE LAB Srl, OVH Srl, Aruba Spa, NetSons Spa, Cycom China Ltd, and other website providers, Google LLC, Hotjar Ltd, other cloud providers, e-payment service providers, suppliers, technical support for hardware and software, shippers, carriers, banks, professional studios, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors.
Third-party companies providing newsletter systems and other customer satisfaction services (e.g., The Rocket Science Group LLC, Engine Lab Srl, Mailup Spa, Qualitando Srl)

6. Communication of Data

Your data will not be disclosed without your consent.

Without your explicit consent (pursuant to Art. 24 letters a), b), d) Privacy Code and Art. 6 letters b) and c) GDPR), the Data Controller may communicate your data for the purposes described in Article 2.A) to supervisory bodies, judicial authorities, and other entities to whom communication is required by law for the fulfillment of the said purposes.

The site may track navigation data for Keyword Advertising activities with remarketing functions, without identifying the individual concerned in any way.

7. Data Transfer

The management and storage of personal data will take place in Europe, on servers located in Italy (or another country) of the Data Controller and/or third-party companies duly appointed as Data Processors.

8. Nature of Data Provision and Consequences of Refusal

The provision of data for the purposes described in Article 2.A) is mandatory. Without it, we cannot guarantee registration on the Site or the Services of Article 2.A).

The provision of data for the purposes described in Article 2.B) is optional. You may choose not to provide any data or later refuse to allow the processing of data already provided. In this case, you will not receive event invitations, newsletters, opinion surveys, satisfaction surveys, or promotions via email. However, you will still have access to the Services of Article 2.A).

9. Rights of the Data Subject

As data subjects, you have the rights outlined in Article 7 of the Privacy Code and Article 15 of the GDPR, specifically to:

i. Obtain confirmation of whether or not personal data concerning you exists, even if not yet registered, and its communication in an intelligible form;
ii. Obtain information: a) about the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic tools; d) the identity details of the data controller, data processors, and the designated representative under Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them as designated representatives in the territory of the State, processors or persons in charge;
iii. Obtain: a) the updating, rectification, or, when you have an interest, the integration of data; b) the deletion, anonymization, or blocking of data processed in violation of the law, including data that is no longer necessary for the purposes for which it was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disclosed, except where such compliance is impossible or requires a manifestly disproportionate effort compared to the protected right;
iv. Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials, direct sales, or for conducting market research or commercial communication, by automated calling systems without human intervention, by email, or by traditional marketing methods such as phone and/or postal mail. It is noted that the right to object, as outlined in point b) for direct marketing purposes by automated methods, extends to traditional methods, and the data subject may choose to receive communications via only traditional methods, only automated methods, or neither.

If applicable, you also have the rights under Articles 16-21 of the GDPR (Right to Rectification, Right to Erasure, Right to Restrict Processing, Right to Data Portability, Right to Object), as well as the right to lodge a complaint with the Supervisory Authority.

10. How to Exercise Your Rights

You may exercise your rights at any time by sending:

Registered mail to Hotel Resort Tonicello, Ricardi, 89866 (Vibo Valentia)
An email to info@tonicello.it.

11. Minors

This Site and the Data Controller’s Services are NOT intended for minors under 18 years of age, and the Data Controller does NOT intentionally collect personal information about minors. If information about minors is unintentionally collected, the Data Controller will delete it promptly upon request from the users.

12. Data Controller, Processor, and Persons in Charge

The Data Controller is Hotel Resort Tonicello, with its registered office in Ricardi, 89866 (Vibo Valentia).

External data processors include Google LLC, which may process your data independently as separate data controllers for the purposes outlined in their own privacy policy.

The updated list of data processors and persons in charge of processing is kept at the Data Controller's office.

13. Changes to this Privacy Notice

This Privacy Notice may undergo changes. Therefore, it is recommended to regularly check this notice and refer to the most updated version.

Privacy

Amazing esperience in Costa degli Dei

A Jewel In Calabria

Beautiful