PERSONAL DATA PROTECTION POLICY
Updated as of 05-06-2019
This information is provided, in compliance with articles 13 and 14 of EU Regulation 679/2016 (hereinafter the "Regulation"), for the users (hereinafter: "Users" or "User") of the websites www.casevacanza.it , www.feries.com, www.agriturismo.it and any mobile application related to them (hereinafter: "Website and App"), owned by Feries S.r.l. The Data Controller of the processing of personal data (hereinafter: "Controller"), and has the purpose of describing the management methods of the Website and App with reference to the processing of personal data, as well as allowing the website Users and App to know the purposes and methods of processing personal data by the Controller in the event of their provision.
As specified in the Service Terms and Conditions, the services offered by the Data Controller are aimed at persons over the age of 18. If the website becomes aware of the data processing of children under the age of 18 without valid parental or legal guardian’s consent, it reserves the right to unilaterally interrupt the use of the service offered, as well as to cancel the acquired data.
PRINCIPLES RELATING TO PERSONAL DATA PROCESSING
The Controller, pursuant to and for the purposes of the EU Regulation, informs you that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data and that such processing will be based on principles of correctness, lawfulness, transparency and protection of confidentiality and of fundamental rights.
In relation to the use of the Website and App, the following categories of users are distinguished:
- Traveller user: Website and App users looking for properties to rent;
- Advertiser user: natural and / or legal persons who offer to lease a property, such as: owners, usufructuaries and tenants in sublease cases; natural and / or legal persons who advertise the rental of buildings, such as: intermediaries, tour operators, intermediary entities in the tourism and / or real estate sector such as tourist agencies, travel agencies, property managers and other similar professionals.
ACCESS TO WEBSITES AND APPLICATIONS
The User can anonymously access the rental property search service. For other services such as the publication of an announcement, the request for a reservation, the reception of information and updates automatically, all Users, whether simple or professional, must register.
Regarding anonymous access, navigation data is still collected, as specified below. The personal data necessary for the User Registration are:
For Travelers Users:
- first and last name;
- email address
In case the Advertiser is a natural individual:
- First and last name
- date of birth;
- email address
- telephone number;
- Tax Code;
- residence address including City and Postal code;
- photo identity document.
In case the Advertiser is a legal person:
- company registered name;
- email address;
- telephone number;
- Vat number;
- registered office address including City and Postal code;
- personal data (as for private advertisers) of the Owner / Legal Representative.
If the registration is done using Facebook (social access: Facebook Connect), the public information of the Facebook account will also be saved.
If the registration is done using Google, the information transmitted by the Google account will also be saved.
Furthermore, at each access, technical information is stored on the device and the browser used for access, as well as information on the research carried out. This helps us improve the overall user experience on the website, as well as services in general.
Pursuant to the law on residential leases for tourist purposes, the Controller also reserves the right to request additional data to advertiser users, such as the property ownership certificate.
The terms that are not defined in this Information on the protection of personal data have the same meaning as described in the General Conditions of Use (hereinafter the "GCU").
Logins via Facebook Connect creates a direct connection to Facebook's servers, 1601 South California Avenue, Palo Alto, CA 94304, USA ("Facebook").
If consent to Facebook has been provided in accordance with Article 6.1 of the Rules, personal data will be transmitted as part of the registration process via social login. The following information received from the transmitted data is used and stored until it is automatically deleted:
- Facebook profile name (first and last name)
- profile and cover image used on Facebook
- age group (over 18, over 21)
- Facebook profile link
- generic domain of your connected Facebook profile
- time zone
The connection can be blocked through the Facebook profile.
By accessing via Google by selecting "G continues with Google", a direct connection is established with the servers of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google account information is not transferred at this stage. Google therefore informs you that the Google account data will be made available and indicates the specific data in question.
If consent to Google has been provided in accordance with Article 6.1 of the Rules, personal data will be transmitted as part of the registration process via social login. The following information received from the transmitted data is used and stored until it is automatically deleted:
- name in Google account (first and last name)
- profile picture (or avatar) used on Google
- Google account link
- generic domain of the linked Google account
- user domain managed on Google (hosted domain, HD)
The connection can be blocked through the Google account.
PURPOSE, LEGAL BASIS OF THE PROCESSING AND OPTIONALITY OF THE TRANSFER
The personal data collected by the Data Controller through the use of the Website and App will be processed, with the consent of the Interested Parties, for the purposes described below:
- A. to provide The Website and App “advertisers” and professional Users with a management service for their rental advertisements, allowing them to respond to requests for information received and finalize the stipulation of lease contracts with the users concerned;
- B. to provide the Website and App "traveller" with information, including about advertising, and suggestions about commercial proposals in the tourism sector, and manage the booking, sending, via email and SMS, all the information necessary for the stay at the relevant premises and allowing to save ads, to publish reviews on rented properties, to express the degree of satisfaction with the quality of the services used.
- C. Provide information and commercial promotions of products and services provided by the Data Controller and other companies.
For the provision of services related to the purposes referred to in letters A and B, in addition to the data requested during registration, the Controller may become aware of the bank details (IBAN) identifying the current accounts of advertiser Users.
For the purposes referred to in letters A and B, the Data Controller applies, as the legal basis of the processing, the need to process personal data for the purposes of the execution of the Contract, in particular to allow a complete management of the Booking process, pursuant to art. 6.1, letter b) of the EU Regulation.
For the purposes referred to in letter C, the Data Controller applies, as the legal basis for processing, the express consent of the interested party for one or more specific purposes, pursuant to art. 6.1, letter a) of the EU Regulation.
The provision of data for the purposes referred to in letters A to C is optional. In particular, for the purposes referred to in letters A and B, consent, although optional, is strictly necessary to allow the correct management of the Booking process and therefore the provision of the services itself.
With reference to the purposes referred to in letter C it is possible to cancel at any time the registration for marketing communications or the receipt of notification SMS, by deselecting the appropriate entries in the User Profile.
PROCESSING AND STORAGE OF PERSONAL DATA
The Data Controller ensures that personal data is processed in full compliance with the Rules, in paper and / or electronic format, also with the aid of automated procedures. The processing of the data, therefore, may also take place through automated instruments able to store, manage and transmit them.
The data collected and processed will be protected with physical and logical methods that reduce to a minimum the risks of unauthorized access, dissemination, loss and destruction of data, pursuant to art. 25 and 32 of the Regulations.
Data processing will last no longer than the time required to fulfil the purposes for which the data were collected.
Pursuant to art. 7 paragraph 3 of the EU Regulation, the interested party will have the faculty at any time and in an easy and fast way to withdraw the consent to the processing and request the cancellation of their personal data, by sending a specific communication to the Controller at email@example.com. Following the request for cancellation by the User, all personal data of the same will be deleted, subject to the further storage required by regulatory obligations.
However, in the event that a User has made or received reservations or booking requests, in order to allow the correct management of the booking as well as the provision of the service, the personal data relating to such User will be deleted only after 30 days from the date of check-out from the structure where the stay took place.
Furthermore, in the event that the User has been recalled, suspended or sanctioned for fraudulent or suspicious behaviour, or if a User has requested cancellation after publishing an announcement, the Controller reserves the right to keep the personal data relating to such User for a period of 2 (two) years from the cancellation request, in order to prevent the occurrence and / or repetition of any frauds against the Controller.
If, on the other hand, the Controller does not receive a cancellation request, the personal data will be stored for a period not exceeding 10 (ten) years, with effect from the date of the last access to the Website and/or App by the User.
RECIPIENTS OF PERSONAL DATA
The personal data collected may be processed, in addition to the Data Controller, by subjects or categories of subjects who act as Data processing managers pursuant to art. 28 of the EU Regulations or who are authorized to process data pursuant to art. 29 of the EU Regulation.
In addition, for some services, the data may be communicated to companies that collaborate or use the services of the Data Controller with the sole intention of providing the services requested by the User. In these cases, the Partners are independent Data Controllers, therefore, the Controller is not responsible for the processing of the data they carry out. Furthermore, the Controller is not responsible for the content and compliance with the legislation on the protection of personal data by websites not managed by the Controller.
Specifically, the data provided by the User may be shared by the Controller with the following third parties exclusively to provide the services requested by the User or to comply with other regulatory obligations:
- Companies or Individuals that offer properties for tourist rentals, with the intention of allowing the User to receive all the information requested about their search;
- Service Companies that the Controller uses to manage, on his/her own account, the User's data for purposes such as sending promotional material, sending SMS and notification messages relating to the services offered by the Controller and verifying the correctness of the e-mail address provided during registration;
- Payment Service Providers and financial institutions. The Controller does not collect any payment information of the User but may share some information on the booking (for example the booking confirmation) with the payment service provider or the specific financial institution in such cases as fraud detection and prevention;
- Business partners, particularly in the tourism industry, with whom the Controller shares specific User data exclusively for marketing purposes and subject to the User's consent.
Apart from the aforementioned cases, personal data will not be communicated except to subjects, entities and Authorities to whom communication is mandatory in accordance with the provisions of current laws or regulations.
TRANSFER OF DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION
Personal data collected through the Website and App, may be transferred outside the national territory, only and exclusively for the execution of the services requested through the Website and the App and in compliance with the specific provisions of the Regulation.
Some of Your personal data may be shared with recipients located outside the European Economic Area. The Controller ensures that the processing of personal data by these recipients is carried out in compliance with the EU Regulation.
NAVIGATION DATA COLLECTION
During regular operation, the information systems and technical procedures and software which support website operation collect some personal data; transmission of this data is implicit in the functioning and user protocols in use on the Internet.
Each time the User connects to the Website and the App and every time it brings up or requests content, the access data is stored in the Data Controller's systems, in the form of tabular or linear data files.
This category of data includes, for example, IP addresses, domain names of computers used by Users who connect to the Website and App, the request by the User's browser, in the form of URI notation (Uniform Resource Identifier), the date and time of the request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numeric code indicating the status of the response given by the server and other parameters relating to the operating system and to the IT environment of the User.
This data can be used by the Controller for the sole purpose of obtaining anonymous statistical information about the Website to identify Users' favourite pages, provide more adequate content and monitor proper functioning. At the request of the Authorities, the data could be used for the establishment of liability in case of computer crimes against the Website and App or its Users.
The Website is optimized for browsing using mobile devices, for which special apps are offered by the Controller. These Apps manage the personal data provided by the User in the same way as the Website and, like the Website, allow the User to use geolocation services to search for properties based on location. With the User's consent, the Controller can send him notifications (in push mode) with information about the Booking. The User has the right to authorize the Controller's Website and App to access their position in order to receive the requested service. The Controller invites Users to carefully read the instructions of their mobile devices to change the settings and activate (or disable) the sharing of these data or the reception of push notifications.
COOKIES, REMARKETING AND GOOGLE ANALYTICS
The Controller has implemented advertising mechanisms on the Display network and therefore uses the functions that Google Analytics makes available for this purpose, such as remarketing lists.
The remarketing carried out through Google Analytics makes it possible to monitor the Users of the web who have already visited the Website and to show them contents specifically oriented to the interests expressed during the aforementioned visits. For example, a group of visitors who have spent time looking for a particular property or facility, will be able to view further ads related to that particular property or facility on the Display network.
It is possible to disable Google Analytics and customize the display of ads on the Google Display Network through the "Settings for Google Ads" at the link https://www.google.com/settings/u/0/ads or use the opt-out Google Analytics browser at the link https://tools.google.com/dlpage/gaoptout/
The Controller uses different remarketing platforms offered by both Google and other suppliers for online ads, so that the ads published on other websites are shown on our portals. To this end, the Controller and the other suppliers, including Google, use "proprietary cookies" (such as Google Analytics cookies) and "third-party cookies" combined together in order to inform and optimize ads on the basis of previous visits to this website.
RIGHTS OF THE DATA SUBJECT
Pursuant to the articles from 15 to 22 of the EU Regulation, the User, as an interested party, has the right to exercise specific rights regarding his personal data. In particular, the interested party has the right to obtain:
- 1. confirmation of the existence of their personal data, even if not yet recorded, in a concise, transparent, intelligible and easily accessible form, in simple and clear language;
- 2. indication of:
- a. the origin of personal data;
- b. the purposes and methods of treatment;
- c. the legitimate interests pursued by the Data Controller or by third parties;
- d. any recipients or any categories of recipients of the personal data;
- e. the eventual intention of the holder to transfer personal data to a third country or to an international organization;
- f. the period of storage of personal data;
- g. the logic applied, as well as the importance and the expected consequences of such treatment for the interested party, in the case of processing carried out with the aid of electronic instruments as part of an automatic collection and / or profiling process;
- h. the identification details of the Data Controller, Data Processors, any designated Representative and the Data Protection Officer (DPO);
- i. the people or categories of people to whom personal data may be communicated, or who could learn about it in their capacity as appointed representatives of the State, processors or officers;
- 3. the possibility of lodging a complaint with a supervisory authority;
- 4. the updating, rectification or, when relevant, the integration of data;
- 5. the deletion, anonymisation or blocking of data processed unlawfully, including data that do not need to be retained for the purposes for which they were collected or subsequently processed;
- 6. the limitation to the processing;
- 7. the portability of personal data concerning you to another Data Controller;
- 8. the suspension of the processing;
- 9. the attestation that the operations under letters a) and b), including the contents thereof, were brought to the attention of those to whom the data has been communicated or distributed, except in the event of such compliance proving impossible or requires the use of manifestly disproportionate means with respect to the protected right.;
- 10. the opposition, in whole or in part, for legitimate reasons, to the processing of your personal data, even if relevant to the collection purposes.
DATA CONTROLLER AND DATA PROTECTION OFFICER
To exercise the rights described in the above paragraph, the interested party may at any time contact the Data Controller and / or the Data Protection Officer for any communications regarding the processing of their Personal Data, or to know the updated list of any Data Processors Treatment appointed by the Company, writing to the following contacts:
- The data Controller:
- FERIES S.r.l.
- Viale Abruzzi, 94
- 20131 Milan (MI), Italy
- Tel +39 02 37058214
- The data Protection Manager:
- Avv. Valerio Lubello
This information may be subject to change. The Data Controller invites Users to periodically visit this page to be informed of any changes. Furthermore, if these changes have an impact on the data relating to the User (for example, if the Controller intends to process the User's personal data for purposes other than those previously communicated in this Statement), the Controller will inform the User before such changes take effect, publishing them as clearly as possible on its Website and App.
YOUR CALIFORNIA PRIVACY RIGHTS
In case the California Consumer Privacy Act (“CCPA”) applies, you are entitled to the following rights:
- Right to request disclosure of your personal information we collected and used over the past 12 months
- Right to request deletion under certain circumstances
If you exercise your access right in a verified way, we will disclose the following information in a portable and (if technically feasible) readily usable form to you: categories of personal information collected, categories of sources for that information, business or commercial purpose for the collection, categories of third parties with whom we share the information, and the specific pieces of personal information we collected on you.
We do not sell (as such term is defined in the CCPA) personal information and will not sell it without providing a right to opt out.
We will not discriminate against you for exercising the rights under CCPA. In particular, we will not, deny you goods or services, charge you different prices for goods or services, whether through denying benefits or imposing penalties, provide you with a different level or quality of goods or services, and/or threaten you with any of the above.
As a California resident you may make a request and exercise your rights under CCPA by contacting us at the email address or telephone number indicated at the top of this page (in our imprint). Please provide sufficient information that allows us to reasonably verify that you are either the person on whom we collected personal information or an authorized representative of that person.
We may have collected the following categories of personal information on California residents in the past 12 months:
- Identifiers (e.g. name, postal address, email address, IP address, etc.)
- Commercial information (e.g. booking inquiries, bookings)
- Internet activity (e.g. browser information, referral URL, usage of our website)
- Geolocation data (country and region)
- Inferences about personal preferences and attributes via cookies