REASONS FOR THE INFORMATION
This privacy statement contains important information about personal data that is collected by visiting this Web site, as a registered or unregistered user, and describes how to use such data. Where applicable, it also explains how to process data provided by the user or collected during stays at our residence Casale Etrusco directly managed by the Company or by related companies, or during other contacts with the Company. This information is complementary to any other information received in such other circumstances.
This document contains important information on the following:
 
1. TREATMENT OF PERSONAL DATA
2. PERSONAL DATA COLLECTED
3. FINALITY OF THE PROCESSING OF PERSONAL DATA
4.COMMUNICATION OF PERSONAL DATA
5. PROTECTION OF MINORS ‘PRIVACY
6. ARCHIVING, ACCESSIBILITY AND TRANSFER OF DATIPERSONALS
7. SAFETY AND CONFIDENTIALITY OF PERSONAL DATA
8.DIRITTI OF ACCESS TO PERSONAL DATA – MANAGEMENT OF CHOICES
9. DATA CONSERVATION
10.POLITICS IN THE FIELD OF COOKIES AND SIMILAR PROCESSES
11. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
12. HOLDER OF TREATMENT – COMPANY CONTACTS
13. UPDATES OF THIS NOTICE -COMMUNICATIONS
 
ACCEPTANCE
By visiting the Website, using its services or interacting with the Company and the residence Casale Etrusco directly and / or Websites, you confirm that you have read and understood this Privacy Policy and accept that the Company collects, use, store, transmit and disclose personal data collected through the Websites, or directly at the in accordance with this Privacy Policy. Except in the case in which it is already registered, the Company may require the user to provide its consent (for example, by ticking a box), where it deems it appropriate to safeguard its rights or where required by current regulations. If you do not accept the terms of this Privacy Policy, you are requested not to visit this Website, do not create an account and do not otherwise use this Website or send it to us or do not give your consent when this option it is offered in accordance with the regulations in force.
 
1. TREATMENT OF PERSONAL DATA
In this Privacy Policy, the term “Personal Data” is used with reference to any information that allows the Company to identify the user (or a third party that the user provides the data), directly or indirectly, including any information connected to the purchase of goods or services, or that the user chooses to communicate to the Company or to share with it, or with third parties, during the use of the Websites or directly at our residence. The processing of personal data will be carried out in accordance with the General Data Protection Regulation (EU) 2016/679 “Reg. (EU) 2016/679 “and, where applicable, to the legislation of the country where the data should be collected. The Company reserves the right to perform further processing of data, where required by law or in the context of investigations or criminal or other proceedings.
 
2. PERSONAL DATA COLLECTED
Data source
The Company collects personal data from the user only if the latter voluntarily provides information, for example:
in the case of Web Sites that distribute and / or provide services of the Company: by making a reservation through the Website or the “Host”; opening an account or modifying it; doing research on the Website; by contacting the Company by sending a comment or a request; by subscribing to e-mail newsletters and updates regarding the latest products and services, events or promotions; or requesting to receive confirmation of a reservation;
in the case of online booking at the residence: filling out the Company’s customer card, conversing informally during the phone calls with our booking office, interacting with the same or purchasing services;
in the case of the Company’s customer service: requesting assistance, special services or post-stay assistance;
in the case of e-mail, SMS and other electronic messages: exchanging communications between the Company and the user.
If the user provides the Company with personal data of third parties (for example, family members, other customers or potential customers), the same should ensure that such third parties are informed and have authorized the use of their data as described in this Privacy Policy .
Data types
The Company may collect and use different types of personal data according to the specific purposes pursued and described below:
1. personal information, such as name, surname, gender, age / date of birth, country of origin and other personal data that the current regulations allow to collect;
2. contact information, such as address, e-mail address, telephone number, mobile number, fax number and other contact information that current regulations allow to collect;
3. payment information, such as payment instrument (credit or debit card), if applicable, and passport number, if required for tax reasons or in relation to anti-money laundering legislation;
4. information relating to the sale, such as data, products or services provided, amount, total sale, VAT number, claims, refunds or other information relating to the sale that the current regulations allow to collect;
5. habits and profiles, such as purchase data (overnight stay history), information on activities and initiatives relating to the management of relationships with customers (date and categories of such actions implemented or to be achieved and their results), habits and preferences of purchase (wish list, preferred categories of services), other information (information on work activity, education, hobbies and lifestyle) that the current regulations allow to collect; is
6. Family-related information such as marital status, anniversary date, number of children, information about children and other family-related information that current regulations allow you to collect.
 
3. PURPOSE OF THE PROCESSING OF PERSONAL DATA
Depending on the specific circumstances in which the interaction between the user and the Company occurred, personal data could be used for the following purposes.
For online sales directly from our site. The personal data provided by the user or collected at the time of booking, whether or not made as a registered user, namely basic personal data, contact information, data regarding the individual reservation, tax data, payment details, sales information and any other data strictly necessary for the sale of the stay, will be used for:
1. manage, administer and process the purchases of overnight stays, sales and after-sales services, for example administrative activities, accounting, guarantees, refunds, where applicable, fraud prevention and communication with the user, also by email, for any problem relating to the management of the overnight stay or subsequent requests relating to the stay;
2. comply with obligations imposed by EU laws, regulations or legislation (including anti-money laundering legislation) and make a legal claim or defend against it.
It is necessary to provide personal data for the aforementioned purposes and the refusal would make it impossible to complete the purchase. Except where otherwise required to comply with local regulations in force, the processing of data for these purposes, as necessary to fulfill contractual and legal obligations, may be made without requesting the user’s consent.
For the specific purposes for which the data were provided voluntarily
The personal data provided by the user or collected when the same requires a specific service (for example, by registering his account on the Website, handling complaints or requesting information), namely personal information, contact information and data strictly necessary to follow up at the request, they will be used for:
1. provide the required services (for example, perform account registration processes, manage authentication on the Website and user accounts, assist with and manage any complaints and wish lists and respond to a request or request for contact eventually forwarded by the user);
2. manage subscription to the newsletter where the user is not registered.
Personal data must be provided for the aforementioned purposes and the refusal would make it impossible to complete the request. Except where otherwise required to comply with applicable local regulations, the processing of data for these purposes could be carried out without requiring the user’s consent, as it is necessary to follow up on the request.
For the purposes of managing customer relations (CRM) if the user registers
The personal data provided by the user by filling in the Company’s forms or collected at the time of the check-in of the stay or the interaction with the Company, namely personal and contact information and data concerning the user’s habits and profile and details about his family, will be included in the centralized CRM system for:
1. offer promotions, discounts and other personalized services and send newsletters, other marketing and commercial communications on the Company’s products and services (organized by it), surveys and research, market analysis, or other initiatives for users or customers registered on other sites of the Company (“marketing”). The Company may use traditional means of contact (ordinary mail and telephone) and / or digital and automated (e-mail, SMS, MMS, telephone and other digital channels, such as social media) and may send the user such communications on the basis of its profile, if it has given its consent to profiling;
2. analyze the user’s contacts with the Company, interests, preferences and purchasing habits, and create individual or aggregated profiles based on them, understand how to provide a better service, also to offer a better sales experience at the other tourist facilities of the same company (“profiling”). The Company may also use personal data to create groups and perform statistical and market analyzes aimed at identifying services of interest to customers of its brands and improving its services (including Web sites). The data collected on the Websites will be combined with any information obtained by the Company through interactions with the staff present at the various structures of the Company. The processing of personal data for profiling is carried out respecting the guarantees and parameters established by the law in force.
The inclusion of data in the CRM system is optional and free (being based on the consent that the user can choose to lend) and can only take place where personal data are provided for both marketing and profiling purposes or only for one of the two . The user can cancel the registration or withdraw his consent at any time (see the following point 8). In any case, the refusal to provide personal data for one or both of these purposes CRM does not prevent the user from using the Company’s services or making purchases, but the Company can not inform him of the marketing initiatives and events described above and not he will understand his interests and offer him a more personalized shopping experience.
 
4. COMMUNICATION OF PERSONAL DATA
The Company shares your personal data with its affiliated companies, its distributors and affiliates, including those located in other countries, and with other companies that provide services on its behalf (as detailed below), under its direction or that of third parties. These companies and organizations will only receive the personal data necessary to perform the services and will not be authorized to use them for any other purpose.
Communication of personal data to data controllers
Your personal data may be shared with third parties to monitor and analyze the activity of the Website, host the contents of the Website, provide technical and organizational services functional to the aforementioned purposes, maintain the customer database, provide marketing assistance and manage email, market analysis, surveys, prize initiatives or promotions. These third parties may have access to the user’s personal data or store them or process them in order to provide such services on behalf of the Company in Italy, in the country in which the user is located or abroad. The Company’s service providers are not authorized to use personal data for purposes other than providing the contracted services.
Dissemination of personal data
Your personal data may need to be shared with payment processing and fraud control companies, which operate independently as data controllers in order to provide you with online sales services. In the case of patrimonial or corporate transactions (for example, mergers or acquisitions, corporate restructuring or liquidation), customer data will probably be one of the transferred assets and may be shared with legal successors, to the extent permitted by law based on legitimate interest of society. Personal data will remain subject to the pre-existing privacy policy, except where the user decides otherwise.
The Company may also disclose your personal data to third parties (i) where required by EU or Member State legislation; (ii) in the case of legal proceedings; (iii) in response to a request from law enforcement agencies based on legitimate grounds; or (iv) to protect the rights, privacy, security or property of the Company or the public.
In addition, to the extent permitted by law, the Company may disclose personal data to third parties in case of complaints related to the use of the Website, where deemed necessary to investigate, prevent or take measures regarding illegal activities, suspected fraud or in the event that the Company, in its sole discretion, considers that the use of the Website by the user is incompatible with the terms of the Website itself.
 
5. PROTECTION OF THE PRIVACY OF MINORS
This Website is intended for general public, however its services are intended for persons aged 18 and over. The Company does not require, collect, use or disclose personal data provided by persons under the age of 18 online or at your Hotel. If the Company learns that it has personally collected data from a minor, it will delete them.
In the event that the user is not of the required age, please do not register or proceed with the online purchase and ask an adult (or their parents or guardian) to perform the necessary procedures.
 
6. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA
The processing of personal data collected through the Websites takes place primarily using electronic or web-based means, including web analytics services hosted by servers of selected suppliers of the Company operating. At the Hotel the processing of personal data can also be performed on paper. In both cases, personal data, for CRM purposes, are inserted in the centralized database and made safe by the Company located in Italy and managed by the CRM Managers and by the marketing team in Italy.
Access to personal data will be allowed only to authorized personnel of the residence, according to the actual need to know this information and using access control tools on several levels. This personnel is committed to respecting the obligations of confidentiality and has been expressly designated as responsible for the treatment, as required by the law in force. In particular, where the user has given his consent to the processing of his personal data for the purposes of CRM, the related data may be read, modified and updated by the staff of the Company and that used at the Hotel. The present staff has received special training and is obliged to respect the confidentiality obligations. The Company may use it to collect, use and disclose information according to its instructions.
If the Company needs to transfer personal data abroad in order to pursue the purposes set out in this Privacy Policy, even where the personal data legislation differs from that applicable in the country where the user is located, the same will adopt measures to ensure that such communications occur in accordance with European data protection standards or other local standards used in the country where data is collected, so that user data remains secure and confidential.  The Company has implemented appropriate measures to protect the user’s personal data from accidental loss and from unauthorized access, use, modification and disclosure. For example, when the user provides order information, the Company uses SSL (Secure Socket Layer) technology, an encryption tool that ensures security when transmitting information over the Internet. In the management of this Web site, password controls, a firewall technology and other technological and procedural security measures are also used. Although the Company has implemented the aforementioned security measures for the Website, the user must be aware that 100% security can not be guaranteed. Therefore, the user provides his personal data at his own risk and, to the fullest extent permitted by applicable law, the Company will not be in any way responsible for their disclosure due to errors, omissions or unauthorized third party actions during or after their transmission to the same. The Company recommends that the user (i) periodically update the software to protect the transmission of data on networks (for example, anti-virus software) and check that the provider of electronic communication services has adopted appropriate means for the security of transmission of data. data on networks (for example, firewalls and anti-spam filters); (ii) to keep confidential and not to communicate to anyone the username and password to access the account; and (iii) change the password periodically.
In the unlikely event that the Company believes that the security of the personal data of the user in its possession or under its control has been or may have been compromised, the same will inform the user of.
 
7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
the incident according to the procedures established by law , using the methods prescribed by it (providing the Company with its email address, the user agrees to receive such communications in electronic format through this email address).
 
8. RIGHTS OF ACCESS TO PERSONAL DATA – MANAGEMENT OF CHOICES
User rights
At any time and for free, the user can access their data, receive their electronic personal data in a structured and commonly used mechanically readable format and transmit them to another data controller (data portability), and have them corrected, updated, modify or delete (subject to any applicable exceptions). The user can update the data provided to the Company by contacting the same address provided below. Requests for cancellation of data are subject to current legal requirements and to the conservation of documents imposed on the Company.
If you believe there is a problem with how you handle personal data, you will have the right to file a complaint with your national personal data protection authority or any other country in the EU or the European Economic Area.
To exercise these rights, the user can send a request by contacting the Company or directly the hotel of the Company by sending an email to booking@ipiastroni.com or a letter by ordinary mail to the address of the Company’s registered office. When contacting the Company, you must ensure that you include your name, e-mail address, postal address and / or telephone number (s) to be sure that it can properly handle your request.
Accuracy – Updating of personal data
To enable the Company to better serve the user, he is invited to check and update his personal data on a regular basis. If registered, the user will be able to access their personal data and modify them using the user account settings on the Website; otherwise, you may contact the Company for assistance in updating personal data.
 Management of choices related to direct marketing and profiling
If the user wishes not to give his consent to the use of data for CRM, marketing and / or profiling purposes, or to manage his own advertising preferences, he can send a simple request to the Company indicated below or manage accordingly your account choices. The same procedure applies where the user wishes to withdraw his consent to profiling.
 
9. DATA CONSERVATION
Personal data will be kept for the duration of the commercial relationship and for all the time necessary to pursue the purposes described in this Privacy Policy (for example, where the user subscribes to a newsletter, for the duration of such registration, or where have a user account, until it is closed). After this period, the user’s personal data will be kept only to comply with legal and regulatory obligations (for example, for 10 years, for accounting purposes, for the duration of the mandatory conservation obligation, in the case of tax purposes , etc.) or to allow the Company to maintain evidence of their respective rights and obligations.
The personal data of the user that are processed for CRM purposes (point 3.3) will be kept until the account is closed or until the consent to their treatment for these purposes is withdrawn. Personal data relating to information on purchases that are processed for profiling and marketing purposes will be kept for a limited period, in line with the deadline allowed by the law in force, and will be erased or anonymized at the end of this deadline. permanent way.
 
10.POLITICS IN THE FIELD OF COOKIES AND SIMILAR PROCESSES
For more general information on cookies and their enabling and disabling, consult the section Cookies and Advertising Management on the www.casaleetrusco.com website.
 
11. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
This Website may contain links to various websites owned or controlled by the Company, as well as to websites of third parties. Where the user chooses to provide his or her personal data on such linked websites, such information will be subject to the privacy policy and security policies of such linked websites – including Web sites administered and managed by approved distributors of the Company, with the exception of the data collected by the Company’s distributors for CRM purposes if the Company’s privacy notice is published – and not to this Privacy Policy. Since the Company is not responsible for the information sent or collected, used, disclosed or otherwise subjected to processing by third party websites, the user should be aware of these other privacy policies.
 
12. TITLE OF TREATMENT – RESPONSIBLE FOR DATA PROTECTION – COMPANY CONTACTS
For the purposes of this Privacy Policy and the processing of data described herein, it is specified that the term “Company” refers to DEG SRL, with registered office in Via Lucchese 237 cap 50053 Empoli (FI) Italy.
The owner of the processing of data collected at the residence Casale Etrusco and / or the Local Website for purposes related to sales is the company DEG SRL.
For any comments or questions about this Privacy Policy and to talk to the local reference person in charge of handling data processing requests, you can also contact the Company’s customer service at: booking@casaleetrusco.com – 0565.773043.
 
13. UPDATES OF THIS INFORMATION – COMMUNICATIONS
The Company, at its discretion, reserves the right to change, modify, add or delete parts of this Privacy Policy at any time, publishing its revised version on this Web Site page and updating the date of the “last modification” below indicated. It is the user’s responsibility to review the Privacy Policy from time to time to be aware of any changes made. In some cases, the Company may provide further communications regarding significant changes to this Privacy Policy by posting a notice on the home page of this Website or, in the case of registered users, by sending a notification email or entering a notice on their page. account. By accepting this Revised Privacy Policy by clicking on the “accept” button in this notification email or in the communication published on the account page (where required to comply with current regulations), by completing a purchase on the Website or otherwise using or By sending information to the Website after the publication of the revised Privacy Notice, the user accepts this revised Privacy Notice. Following the changes, where required by current legislation, the user’s data will not be processed without the explicit consent of the user.
 
LAST EDIT
This information is effective from 25-05-2018