Privacy Policy of www.calabeachclub.com

Pursuant to and by effect of the current personal data protection legislation (the “Privacy Legislation”), including the EU Regulation 2016/679 (the “GDPR”), as well as Legislative Decree no. 196 of 30 June 2003 as amended by Legislative Decree 101/2018 (the “Privacy Code”), Sardegna Resorts S.r.l., as the data controller (hereinafter the “Company” or the “Data Controller”), wishes to inform the users (hereinafter the “Users” or the “User”) of the website www.calabeachclub.com (the “Website”) that it will process their personal data collected through the Website with the methods and for the purposes described below in this privacy policy (the “Privacy Policy”).

The Privacy Policy only applies to the Website and does not apply to other websites owned by the Company or by third parties which the User should access through any links contained in the Website. Whether the User accesses another website, the Company recommends to read the information on the processing of personal data available on that website.

At the end of this Privacy Policy there is a glossary of the legal terms used therein.

By visiting the Website, the User acknowledges that he has read and understood the content of this Privacy Policy.

1. Type of data processed

The Company will process the following personal data of the Users who browse the Website and interact with the web services offered through the latter, in particular:

(i) Data collected while the User is browsing the Website

The computer systems, cookie technology and software procedures used to operate the Website acquire, during their normal operation, some data whose transmission is automatic in the use of the Internet. These data are not collected to be associated with a specific User. However, they could, by their very nature, lead to the identification of the Users, by means of processing and associating them with different data held by third parties.

This category of data includes, for instance, IP addresses or domain names of computers used by Users to connect to the Website, Website pages visited by Users, domain names and addresses of websites from which the User has accessed the Website (by referral), the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numeric code indicating the status of the response sent by the web server, and other settings regarding the browser (e.g. Internet Explorer, Google Chrome, Firefox), the operating system (e.g. Windows) and the User’s computer environment.

These data are also collected using cookie technology, i.e. text files and numbers which are installed through the browser application in the memory of the User’s device (PC, smartphone or tablet) connected to the Internet. For further information on the cookies used on this Website, Users are invited to consult the Cookie Policy.

(ii) Data voluntarily provided by the User to communicate with the Company

These are the data voluntarily provided by the User to the Company (e.g. name, surname, e-mail address, other personal data included in e-mails or attachments thereto, mobile number, etc.) following the sending of an e-mail or other communications, through the Company contacts available on the Website.

2. Legal basis and purposes of the processing

The personal data ‑ automatically or voluntarily ‑ provided by the User will be processed for the following purposes without the prior consent of the User:

  1. to allow Users to browse the Website;
  2. to carry out the necessary maintenance and technical assistance to ensure the correct operativity of the Website and related services;
  3. to take legal action for the protection of Company’s rights and to tackle unlawful behaviours;
  4. to comply with legal and/or regulatory obligations;
  5. for the pursuit of the Company’s legitimate interest to: (a) prevent the occurrence of fraud or other crimes through the use of the Website; (b) inform the User about the activities carried out by the Company through the contents of the Website; (c) improve the quality and structure of the Website, as well as to create new services, features and/or functions thereof; (d) carry out statistical surveys (following prior anonymisation of User’s personal data) regarding the use of the Website; (e) interact with Users interested in the services of the Company through the contact details available on the Website.

Should the Company use the personal data collected for any other purpose incompatible with the purposes for which these data were originally collected and processed, the Company will inform in advance the User who may deny or withdraw his consent.

3. Nature of the provision of data

The provision of personal data automatically provided by the User occurs by merely browsing the Website. Therefore, whether the User does not intend to provide any personal browsing data, he should not visit or otherwise use the Website or send requests or communications through the Website or give his consent when the option is proposed to him in accordance with the Privacy Legislation.

The provision of personal data voluntarily provided by the User is optional. However, failure to provide such data may result in the impossibility to receive replies to communications sent by any means to the Company through the Website.

4. Methods of data processing

The processing of Users’ personal data is carried out by means of the operations set out in article 4 GDPR and, in particular: the collection, recording, storage, retrieval, consultation, use, disclosure by transmission, restriction, erasure of data.

We also inform you that User’s personal data:

  • will be processed in accordance with the principles of lawfulness, fairness and transparency;
  • will be collected only for the legitimate purposes referred to in § 2;
  • will be adequate, relevant and limited to what is necessary for the purposes for which they are processed;
  • will be kept in a form that allows the identification of the User for a period of time not exceeding the achievement of the purposes and better defined under § 8 below;
  • will be processed in such a way as to ensure adequate security from the risk of destruction, loss, alteration, disclosure or unauthorized access by means of technical and organizational security measures.

User’s personal data are processed by means of paper, automated or information technology tools as well as by adopting organizational methods and logic which are strictly related to the purposes of the processing.

The Company uses the most appropriate technological and security measures (information technology, physical, organizational and procedural) to ensure the security and confidentiality of the data processed.

The User acknowledges, however, that the disclosure of personal data by means of websites presents risks associated with the communication of such data and that no system is totally secure or tamper-proof or immune to information theft.

5. Access to data

The User’s personal data may be made accessible only for the purposes referred to in § 2 to the following authorized subjects: employees and collaborators of the Company or of its associated companies, subsidiaries and affiliates duly authorized by the Company.

6. Disclosure of data

The Company may, even without the express consent of the User and for the purposes referred to in § 2, disclose the User’s personal data to: supervisory and/or control bodies of the Company, judicial authorities and all other persons to whom disclosure of data is required by law for the achievement of the abovementioned purposes, as independent data controllers.

In addition, the Company may entrust certain personal data processing operations – carried out for the purposes referred to in § 2 above – to categories of third parties, specifically appointed, if necessary, as data processor by the Company, including, but not limited to:

  • providers of the technical services of the Website;
  • providers of the hosting service of the Website;
  • IT companies responsible for the maintenance and management of the Website;
  • communication agencies involved in any market research carried out by the Company using the anonymised browsing data of the Users;
  • the companies which form part of the Smeralda Holding Group, to which the Company belongs (for management, statistical and data consolidation needs).

The User’s personal data will not be transferred to third parties other than those indicated in this Privacy Policy.

The User’s personal data will not be disseminated to the public or to indeterminate subjects.

7. Transfer of data outside the EU

User’s personal data will be handled and stored using Company’s or third party’s servers located within the European Union. In case the Company uses third party’s servers to handle and store data the third party will be appointed as data processor.

The User’s personal data will not be transferred to non-EU countries or international organisations.

Any transfer of the User’s personal data to non-EU countries or international organisations may only take place under the terms and with the safeguards provided by the Privacy Legislation.

8. Period of data storage

User’s personal data will be stored and processed until the end of the browsing session. After the end of the browsing session, personal data will not be stored and/or processed, for any reason whatsoever, for a period exceeding 24 months (the “Storage Period”), unless a different storage period is provided for under the applicable law.

At the end of the Storage Period your personal data will be deleted, unless there are further Company’s legitimate interests and/or legal obligations for which – following their prior minimisation -this storage of personal data is mandatory.

9. User’s Rights

Pursuant to the Privacy Legislation, the User shall always be granted the right to withdraw his consent, and may at any time exercise the following rights:

  1. the “right of access” and specifically of obtaining confirmation as to whether or not personal data concerning the User are being processed, the communication of such data in an intelligible form as well as the following information:
    1. the purposes and methods of the processing of User’s personal data (including the existence of an automated decision-making, including profiling, referred to in article 22 par. 1 and 4 GDPR and, at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User), the categories of personal data processed, the origin of the personal data, the period for which the personal data will be stored (where possible), or the criteria used to determine such period;
    2. the identification details of the Data Controller, the data processors and the representative designated pursuant to article 27 GDPR, of all subjects or categories of subjects to whom the personal data have been or will be disclosed on Italian territory, particularly if data will be disclosed to recipients from third countries or international organizations (in this case, the User is also entitled to be informed of the existence of adequate safeguards pursuant to article 46 GDPR);
    3. the existence of the right of the User to obtain from the Data Controller the rectification, erasure or restriction of the processing of personal data or to object to their processing;
    4. the existence of the right to lodge a complaint with the Italian Data Protection Authority (the “Garante Privacy”);
  2. the “right to rectification”, which means the right to obtain the rectification of inaccurate personal data concerning the User or, if it is in his interest, the integration of personal data, from the Data Controller;
  3. the “right to erasure” (or “right to be forgotten”), which means the right to request the erasure or the anonymization of personal data that were or have been processed unlawfully, including data whose storage is unnecessary for the purposes for which they were collected or further processed;
  4. the “right of restriction of processing”, that is the right to obtain – from the Data Controller – the restriction of processing in certain cases provided for by the Privacy Legislation;
  5. the right to request from the Data Controller the identification of the recipients to whom the Data Controller has notified any rectification, erasure, or restriction to the processing (carried out pursuant to articles 16, 17 and 18 GDPR, in compliance with the obligation to notify, unless it proves to be impossible or would involve a disproportionate effort);
  6. the “right to data portability”, i.e. the right to receive (or transmit directly to another controller) personal data in a structured, commonly used and machine-readable format;
  7. the “right to object”, which means the right to object, in whole or in part:
    1. the processing of personal data carried out by the Data Controller for his own legitimate interest;
    2. the processing of personal data by the Data Controller for the purposes of direct marketing or profiling.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the User’s personal data were disclosed of any exercise of Users’ rights, unless it proves to be impossible or unduly burdensome.

10. Exercise of User’s rights and complaint to the Garante Privacy

The User may at any time exercise the rights referred to in the previous paragraph as follows:

  1. by sending a registered letter with acknowledgement of receipt to the Company address in Arzachena, Porto Cervo, Casa Il Ginepro 1/A;
  2. by sending an e-mail to: privacy@smeraldaholding.com and to the DPO to: dpo@DP-Advisory.eu.

Pursuant to the Privacy Legislation, the User has also the right to lodge a complaint with the Garante Privacy by:

  1. lodging the complaint by hand to the offices of the Garante Privacy (using the address referred to in lett. b) below);
  2. forwarding a registered letter with acknowledgement of receipt addressed to “Garante per la protezione dei dati personali”, Piazza Venezia n. 11 – 00187 Rome;
  3. sending an e-mail at the following address: garante@gpdp.it, or protocollo@pec.gpdp.it or a fax to the following number: 06-696773785.

For further information, please visit the website of the Garante Privacy: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

11. Data Controller and data protection officer

The Data Controller of the personal data collected and processed through this Website is Sardegna Resorts S.r.l., with registered office in Arzachena, Porto Cervo, Casa Il Ginepro 1/A.

The Data Controller can be contacted by e-mail at the following address: privacy@smeraldaholding.com.

The data protection officer is Data Protection Advisory S.r.l., domiciled for the assignments at the registered office of the Company (the “DPO”). The DPO can be contacted at the following e-mail address: dpo@DP-Advisory.eu.

12. Updates to the Privacy Policy

We inform you that this Privacy Policy will be subject to periodic updates which will be published on the Website.

Definitions and legal references

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

The natural person to whom the Personal Data refers.

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.

The means by which the Personal Data of the User is collected and processed.

The service provided by this Application as described in the relative terms (if available) and on this site/application.

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Small sets of data stored in the User’s device.

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this Application, if not stated otherwise within this document.

Latest update: February 25, 2019