This document contains a disclosure made pursuant to Art. 13 of EU Regulation 679/2016 (GDPR).
1 – Data controller
Capri Property, Capri, Via G.Orlandi, booking@capri-property.com.
2 – Types of data processed
2.1 – Navigation data
Computer systems and software procedures acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified individuals, but by its very nature could allow users to be identified.
This category of data includes. (i) IP addresses or domain names of computers used by users connecting to the Site, (ii) the Uniform Resource Identifier (URI) notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii) other parameters related to the user’s operating system and computing environment.
2.2 – Cookies
For data processing via cookies, please review the relevant policy, available at the following link.
2.3 – Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail and/or requests for information sent through the use of the “Contact” section or, again, the communication of one’s data for the receipt of promotional communications and/or informative newsletters, entail the acquisition and processing by the Data Controller of such data and any other information contained in such communications for the purposes indicated in paragraph 3 below.
3 – Purpose and legal basis for processing
The processing of the User’s personal data by the Controller is for the purpose of:
(a) pursue, in accordance with Art. 6.1(f) of the GDPR, a legitimate interest of its own, consisting in ensuring the security of the Site and the information exchanged on it, i.e., the ability of such Site to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible;
(b) with the User’s consent, pursuant to Art. 6.1(b). a) of the GDPR, send by e-mail promotional communications and/or informative newsletters concerning products and/or services of Capri-Property.com;
c) allow the User to request information regarding the services promoted by the Owner on the Site and provide the User with, pursuant to Art. 6.1, lett. (b) of the GDPR, any feedback and/or quotation requested.
4 – Consequences of refusal to respond
Apart from what is specified with reference to navigation data, which are necessary in order to enable the proper functionality of the Site, cookies, in relation to which please see the relevant cookie policy, and data contained in requests for information, Users are free to provide their personal data:
(i) to receive, by e-mail, promotional communications and/or informative newsletters regarding goods and/or services of Capri-Property.com.
Failure to provide such information will result in the User being unable to stay updated on Capri-Property.com’s news and/or services.
The Data Controller, in any case, informs Users of the existence of the right to revoke at any time the consent given for the processing of the data referred to in (i) above, without affecting the lawfulness of the processing based on the consent given before revocation.
5 – Method of treatment
Personal data are processed by manual, computer and automated systems for as long as necessary to achieve the purposes for which they are collected. .
It should be noted, in particular, that the User’s personal data are subject to processing by persons duly entrusted with the performance of such tasks, constantly identified and/or appointed, duly instructed and made aware of the constraints imposed by law, as well as through the use of security measures designed to ensure the protection of your confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized processing or processing that does not comply with the above purposes.
6 – Communication and dissemination of data
The personal data collected will not be disclosed, sold or transferred to third parties, except as required by law.
It is without prejudice, in any case, to the communication of data to companies expressly appointed to perform certain services within the scope of the activity carried out by the Data Controller and/or, in general, on its behalf, which will operate as autonomous data controllers and/or data processors, as well as the communication and/or dissemination of data required, in accordance with the law, by police forces, judicial authorities, information and security bodies or other public entities for purposes of defense or state security or the prevention, detection or repression of crimes.
7 – Rights of the data subject
Pursuant to Articles 15 et seq. of the GDPR:
1. confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in intelligible form;
2. A copy of your personal data;
3. The rectification of any of your personal data that may be inaccurate;
4. The deletion of your personal data;
5. The restriction of the processing of your personal data;
6. in a structured, commonly used and machine-readable format the personal data that you have provided to us or that you yourself have created – excluding judgments created by the Data Controller and/or by the persons in charge ex art. 4 of the Privacy Code / by the persons authorized to process the data on behalf of the Data Controller ex art. 4 of the GDPR – and to transmit them, directly or through the Data Controller, to another data controller;
7. ‘indication:
(a) of the origin of personal data;
(b) of the categories of personal data processed;
(c) of the purposes and methods of processing;
(d) of the logic applied in the case of processing carried out with the aid of electronic instruments;
(e) of the identification details of the Owner and any responsible parties;
(f) the retention period of your personal data or the criteria useful for determining this period;
g) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees ex art. 4 of the Privacy Code / persons authorized to process the data in the name and on behalf of the Controller ex art. 4 of the GDPR;
h) updating, rectification or, when interested, integration of data;
(i) transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
(j) a statement that the transactions referred to in subparagraphs. (a) and (b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected.
8 – The User also has the right to object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of collection;
b) the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
To exercise the aforementioned rights, Users may send a communication to the Holder’s e-mail address, mentioned in art. 1 above, indicating in the subject line “Privacy – exercise of rights ex art. 7 of Legislative Decree 196/2003 and ex art. 15 et seq. of the GDPR”.
Finally, we inform you that if you believe that your rights have been violated by the Controller and/or a third party, you have the right to file a complaint with the Data Protection Authority and/or other competent supervisory authority under the GDPR.
9 – Duration of processing and storage of personal data
The User’s personal data will be processed by the Data Controller only for the period of time necessary to achieve the purposes of the processing referred to in Article 3 above, after which it will be kept only in execution of the relevant legal obligations, for administrative purposes and/or to assert or defend one’s right, in case of litigation and pre-litigation. Personal data processed for the purpose of sending newsletters, on the other hand, will be processed until the Data Controller receives a revocation of the consent that the User may have provided.