This policy describes how the site is managed with regard to the processing of personal data of users who consult it, as well as the data processing practices through this site.

In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (GDPR), the following information is made available to Users of this Website, which refers exclusively to the processing performed through said Website and not through other websites that may be visited through links from this one, for which it is suggested that they read the relevant disclosures made by the respective Data Controllers.

This Web Site and any services offered through the Web Site are restricted to individuals who are 18 years of age or older. Therefore, the Holder does not process personal data related to individuals under the age of 18. Upon request of such Users, the Controller will promptly delete all personal data involuntarily collected from them.

1. Data controller

The data controller is Ischia Hotel Broker SRL with registered office at Corso Angelo Rizzoli 32, Lacco Ameno (NA) 80076.

The Owner reserves the right to appoint a web agency or consultant as the Data Processor of personal data managed for the purposes of technical support, maintenance, technical management and the like of this Site, whose references may be communicated upon request to the above addresses. The Owner and the Manager also process Users’ data through their own in-house appointees, specially designated with instructions to authorized processors.

The Data Protection Officer (DPO) can be contacted by email: info@ischiaredcarpet.com.

2. Category of data processed and sources of origin

• Data provided voluntarily by the user, including: first name, last name, email, and phone/cell phone number.

We process data voluntarily provided by the user through the contact form or by sending an e-mail communication, including common personal data (identification, biographical, contact and similar data) and exceptionally special data in accordance with Art. 9 GDPR or penalties under Art. 10 GDPR to the strict extent that this is made necessary by the request for information received.

3. Purpose  of processing

Specifically, personal data provided to the Controller will be processed for the following purposes:

• to follow up on specific requests made to the Owner by the User through the Website and its communication tools (contact forms, information request forms and the like)
• for communications of an informative nature related to the services of the same Holder, following the request for information through e-mail messages or filling in the contact form and other communication tools
• For other purposes incidental or related to those indicated above and otherwise within the scope of the Website’s activities
• for the processing of the e-mail address, provided by the data subject in the context of the sale of a product or service, also aimed at sending, without further consent, communications for the subsequent direct sale of products or services similar to those object of the sale itself (“soft spam” as provided for under art. 130.4 of the Privacy Code); the data subject may in any case express his or her refusal and object to such processing, both initially and subsequently, easily and free of charge, by following the instructions given in any subsequent communication.
  
  

4. Legal basis for processing

The processing of personal data is based on the fulfillment of contractual or pre-contractual obligations inherent in the request made by the User (e.g. requests for information about the services carried out by Ischia Hotel Borker, requests for quotations, etc.), as well as, where necessary, consent through the free and conscious compilation of the appropriate information fields in the form dedicated to the collection and conferment of data and the ticking of the appropriate checkbox where provided.

It should be noted that the completion of appropriate fields provided in forms for the request for information is inherent to the request itself and that therefore this implies the fulfillment of a pre-contractual or contractual obligation, depending on the context. Consent may be required later for the processing of additional data.

In any case, processing is also based on legitimate interest, including the right to information, for which please refer to the next paragraph.

5. Legitimate interest of the Holder

The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of its rights in the context of the information society, the performance of contractual services and the implementation of direct marketing operations.

6. Compulsoriness of transfer

The provision of data related to the optional data through the completion of the form will be preceded by an approval checkmark.

The provision of the e-mail account is necessary in order to be able to respond to the request made through the contact form, as well as other mandatory data indicated therein with an asterisk. 

Failure to provide the data necessary for the requested action (e.g., of the e-mail account via form for requesting information by this means) makes it impossible for the Holder to process the request.

7. Possible recipients of personal data

The data may be disclosed to companies related to, connected with or controlled by the Controller, as well as to consultants, or even third parties operating, also on behalf of the Controller, for the fulfillment of the services related to the purposes indicated in this policy, both intra-EU and extra-EU (in the latter case, it will be exclusively subjects adhering to the Privacy Shield pro-college).

In any case, data may be communicated to Data Processors, as well as to persons authorized to process and duly instructed, always within the scope of the purposes of processing

8. Retention period

Data voluntarily provided by the Data Subject will be retained until expressly revoked by the Data Subject, expressly requested or otherwise manifested. Browsing data will be kept for the technical time necessary to fulfill the functions for which they were collected. 

9. Rights of the data subject 

Each Data Subject has the right of access, rectification, erasure (forgetting), restriction, receipt of notification in case of rectification, erasure or restriction, portability, objection, and not to be subject to automated individual decision-making, including profiling, under Articles 15 to 22 of the GDPR. These rights may be exercised in the form and under the terms set forth in Art. 12 GDPR, by written notice sent to the Holder via e-mail to info@ischiaredcarpet.com.

The Holder will render an appropriate response as soon as possible but no later than 1 month after receipt of the request.

10. Right to withdraw consent

You can withdraw consent, where provided, at any time via

• Sending an email to the Holder’s address info@ischiaredcarpet.com
• express communication at the Holder’s place of business

11. Complaints

Each Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for the Italian state is identified in the Garante per la protezione dei dati personali.
 The forms, methods, and time limits for filing grievance actions are provided for and governed by current national legislation. The complaint is without prejudice to administrative and jurisdictional actions, which for the Italian state can be brought alternatively to the same Guarantor or to the competent Court.