Privacy Policy to Users(pursuant to Article 13 of EU Regulation 2016/679 "GDPR")DEO SAS DI EDOARDO DUSSIN AND C. with registered office in Asolo via Castellana, 9 31011, VAT no. 03415210263 (hereafter referred to as, "Data Controller"), owner of the website http://www.hotel-asolo.com (hereinafter referred to as the "Site"), as the Data Controller for the processing of personal data of users who browse and are registered on the Site (hereinafter referred to as the "Users") provides below the privacy policy pursuant to Art. 13 of Legislative Decree 196/2003 (hereinafter referred to as the "Privacy Code") and pursuant to Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter referred to as "Regulation". The Regulation and the Privacy Code are together defined as "Applicable Law").

The Data Controller takes the utmost account of Users' right to privacy and personal data protection. For any information relating to this privacy policy, Users may contact the Data Controller at any time, using the following methods:By sending a registered letter with return receipt to the Data Controller's registered office By sending an email to the email address info@hotel-asolo.com

1. Purpose of the processing The personal data of Users will be processed lawfully by the Data Controller pursuant to Art. 6 of the Regulation for the following processing purposes: a. navigation of the site, in relation to the possibility of detecting User data necessary on a technical level, such as the IP address for example, while browsing the site.
The computer systems and software procedures used to operate this website, during their normal operation, acquire some data. Transmission of such data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment. This data is used anonymously for the sole purpose of obtaining statistical information on site use, as well as to check its proper functioning. Such data could be used only by the judicial authority in case of investigations aimed at establishing liability for hypothetical computer crimes, committed for example against the site. The persistence of such data is regulated by law by the provider who provides connectivity to the site in question. b. Sending informative newsletters, following your specific request. c. Response to your requests for information, sent to us through the appropriate contact form. d. Registration to the reserved area of the site, through which you can access, for example, technical and commercial documents, Operational support, Declarations and certificates, Specifications, Access to the programme to make estimates, Catalogues and price lists. e. Legal Obligations, or to fulfil obligations under the law, an authority, a regulation or European legislation. f. Reception of curricula used for personnel selection, through the appropriate insertion form. A specific policy will be conveyed in the relevant page.

2. Legal basis for processing The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide the same will make it impossible for the User to browse the site, subscribe to the site and use the services offered by the Data Controller on the site.
With reference to the purposes set out in points 1/a, 1/c, 1/d, 1/f, the legal basis of the processing is in fact the execution of the services provided through the Site and requested by you (pursuant to Article 6, paragraph 1, letter b of the 2016/679 Privacy Regulation);with reference to the optional purposes referred to in paragraph 1/b of the previous paragraph, the legal basis of the processing is your consent, freely expressed (pursuant to Article 6, paragraph 1, letter a of the 2016/679 Privacy Regulation);with reference to the purposes referred to in point 1/e of the previous paragraph, the legal basis of the processing is to fulfil a legal obligation to which the data controller is subject (pursuant to Article 6, paragraph 1, letter c of the Regulation Privacy 2016/679).

3. Processing methods and data storage times The Data Controller will process User personal data by way of manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data itself.
The personal data of Site Users will be kept for the time strictly necessary to carry out the purposes described in paragraph 1 above, or in any case as necessary for the civil protection of the interests of both the Users and the Data Controller. In relation to the purpose referred to in point 1.b, the data will be kept until you object to the sending of the newsletter, through the appropriate link contained in the same or through the procedures for exercising the rights referred to in paragraph 4.

4. Scope of data communication and dissemination User personal data may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Site. These subjects, who are formally appointed by the Data Controller as "data processors", will process the User's data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
User personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller as "External Processors", such as, for example, providers of IT and logistics services functional to the operation of the Site, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in paragraph 4 below.

5. Rights of Data Subjects Users may exercise the rights guaranteed to them by the relevant legislation, by contacting the Data Controller as follows:  by sending a registered letter to the registered office of the Data Controller by sending an email message to the address info@hotel-asolo.com; In accordance with the Applicable Law, the Data Controller informs that Users have the right to obtain indication of (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic means; (iv) the identity of the data controller and data processors; (v) the entities or categories of entity to whom or which the personal data may be communicated and who or which may come to know said data in their capacity as data processors or persons in charge of the processing.
Furthermore, Users have the right to obtain: a. access, updating, rectification or, when interested, integration of data; b. the cancellation, transformation into anonymous form or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed; c. certification to the effect that the operations as per letters a) and b) have been made known, as also related to their content, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
Furthermore, Users have:a. the right to revoke consent at any time, where the processing is based on their consent;b. the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic devices), the right to limit the processing of personal data and the right to cancel ("right to 'oblivion");c. the right to object: i. in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection; ii. in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication; iii. if personal data is processed for direct marketing purposes, at any time, to the processing of their data for this purpose, including profiling insofar as it is related to such direct marketing. d. if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Control Authority is Guarante per la protezione dei dati personali, with registered office in Piazza di Monte Citorio 121, 00186 - Rome (http://www.garanteprivacy.it/)..