- Borgo
-
Resort
-
Rent your apartment - coming soonExperience an unforgettable stay
-
Buy your apartmentTo live in the Gulf of Trieste
-
Tivoli Portopiccolo Sistiana Resortthe beachfront hotel
-
Portopiccolo Spayour wellness and natural beauty oasis
-
Marinaexplore the coast from your own yacht
-
Yacht Clubevents and regattas
-
The Club by Puro Beacha fully comfort seaside experience
-
Portopiccolo Art GalleryExhibitions and installations in the Borgo
-
Restaurants & Bars
-
The Club by Puro Beach
-
- Our Services
- Real Estate
- Christmas
- Contact Us
Privacy Policy
INFORMATION NOTICE
PURSUANT SECTION 13 OF REGULATION (EU) 2016/679
Dear User,
in compliance with sections 13 and 14 of Regulation (EU) 2016/679 (so called GDPR), Portopiccolo Management S.r.l. informs you about the processing of your personal data in the context of your visit to the website www.portopiccolosistiana.it
Who will process your personal data?
Your personal data will be processed by Portopiccolo Management S.r.l. (hereinafter, also “Portopiccolo”), with registered office in 20121 Milano (MI), Via S. Prospero n° 4, Italy, which will act in quality of “Data Controller”; you will be able to contact the Data Controller at the following email address: marketing@ppst.it.
Personal data can be processed in the name and on behalf of Portopiccolo also by others subjects who will be duly appointed “Data Processors”, belonging to the following categories: IT service providers, business service providers, social media.
The Data Controller does not carry out large-scale processing, therefore there are no conditions for the obligation to appoint a Data Protection Officer (called DPO).
How and why we will process your personal data?
Your data – with reference to each specific purpose – will be processed as following:
-
PURPOSE
LEGAL BASE
PERIOD OF STORAGE
1
Evaluation of job applications.
– Execution of a contract
– Section 111-bis Legislative Decree 196/2003
1 year from the receiving of the Curriculum Vitae
2
Sending promotional communications also by storing data on servers located in non-EU countries.
Consent
Up to withdrawal of the consent
3
Feedback of contact requests.
Execution of a contract
10 years from the termination of the contract
4
Facilitation in navigation (cookies) – for more details please refer to the Cookie Policy.
Legitimate interest
Up to the end of the session
5
Social media marketing (interaction with the user on social pages).
Consent
Up to withdrawal of the consent
6
Maintenance, operation and security of IT services
– Legitimate interest of Data Controller
– Legal obligation of Data Controller
Up to the end of the intervention
Furthermore, please take in due consideration the following information:
-
DATA PROVISION -
In all those cases in which we ask for consent to the processing of your personal data, their provision is purely optional. Consequently, failure to provide your personal data will have no consequences, other than in terms of the impossibility of processing the data for such specific purposes.
-
In all other cases where we do not require consent to the processing of your personal data, their provision is mandatory and necessary to comply with contractual or legal provisions and for the purpose of the proper conduct of business. Consequently, failure to provide such information would not make it possible to comply with these requirements and to carry out business activities properly.
-
If the data subject is a legal person, PPM does not consider it necessary to acquire personal data relating to its representatives or collaborators; however, in the knowledge that, the characteristics of the email address entered during registration (for example, composed of the string name.surname), may lead to the occurrence of such circumstance, it will also process such data in the manner indicated in this statement that the user therefore undertakes to deliver to all its representatives / collaborators who, for the reasons outlined above, are to transmit to PPM their personal data.
CATEGORIES OF RECIPIENTS The processing could also be carried out by additional subjects with respect to the Data Processors, who will act as autonomous Data Controllers (for example, companies operating at the complex of Portopiccolo, if you ask us to be put in contact with them for specific services). AUTOMATED DECISION- MAKING PROCESS There are no automated decision-making procedures. TRANSFERS EXTRA EU OR TO INTERNATIONAL ORGANIZATIONS
Some Data Processors, in providing their services to the Data Controller, may transfer your personal data to servers located in non-EU territory. Please note that not all non-EU countries guarantee the same European safety standards; by giving consent to the processing of your data, you also explicitly consent to their transfer to servers located in these territories. LEGITIMATE INTEREST OF DATA CONTROLLER The legitimate interest od Data Controller indicated for the purpose referred to in the number
4: is the correct and fluid operation of the site;
6: is the proper and safe conduct of the business activity.
-
Which are your rights?
You can exercise the following rights by sending a specific request to the Data Controller at the following email address: marketing@ppst.it.
-
RIGHT DESCRIPTION ACCESS (see Article 15 GDPR)
The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and to the following information: purpose of management, categories of processed data, recipients (if any), transfer and adequate guarantees (if any), period for which personal data will be stored, rights of data subjects, existence of an automated decision-making process (if any). The Data Controller provides a copy of personal data. If the request is made by electronic means, information are supplied in a commonly used electronic format, unless otherwise indicated. RECTIFICATION (see Article 16 GDPR)
The data subject has the right to obtain the rectification of wrong personal data and the integration of incomplete personal data. ERASURE (see Article 17 GDPR)
The data subject shall have the right to obtain from the Data Controller the erasure of his personal data in the following cases: the personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed, withdrawal of consent (and there is no other legal bases for the processing), he opposes the processing for the reasons related to his particular situation (and the are no overriding legitimate grounds for the processing), he opposes the processing for direct marketing purposes, the personal data have been unlawfully processed, the personal data have to be erased for compliance with legal obligation, the data have been collected in relation to the offer of information society services. The right shall not apply if the processing is necessary for exercising the right of freedom of expression and information, for compliance with legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority, for reasons of public interest in the area of public health, for archiving purpose in the public interest, scientific and historical research purpose or statistical purpose, for the establishment, exercise or defence of legal claim. RESTRICTION OF PROCESSING (see Article 18 GDPR)
The data subject shall have the right to obtain from the Data Controller the restriction of processing if: the accuracy of the personal data is contested by the the data subject (for a period enabling the Controller to verify the accuracy), the processing is unlawful (but the data subject opposes the erasure of the personal data and requests the restriction of their use rather than erasure), the personal data are required by the data subject for the establishment, exercise or defence of legal claim e, although the Data Controller no longer needs it, he exercised the right to object (while the Data Controller verifies the existence of legitimate and prevailing reasons). OBJECTION (see Article 21 GDPR)
The data subject shall have the right of object to processing of personal data if (i) it is based on public interest or legitimate interest and (ii) if personal data are processed for direct marketing purpose, including profiling. DATA PORTABILITY (see Article 20 GDPR)
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a data Controller, in a structured, commonly used and machine- readable format (applicable to automated decision- making processes). WITHDRAWAL (see Article 13, d.2, d)
The data subject has the right to withdraw the consent any time without affect the lawfulness of processing based on the consent before withdrawal. COMPLAINT (see Article 13, d.2, d)
The data subject has the right to pledge a complaint with a supervisory authority.
Trustly,
Portopiccolo Management S.r.l.
