INFORMATION ON THE PROCESSING OF PERSONAL DATA
(pursuant to EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent amendments)
Pursuant to EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (abbreviated as GDPR) and of Legislative Decree 196/2003 and subsequent amendments concerning personal data protection, we inform you that:
The Data Controller provided by the Customer SPA MANAGEMENT SRL p.i./r.i. n.08439321004 Via S .Egidio 12 Florence, Italy (hereinafter referred to as “the Holder”).
Personal data are processed in full compliance with EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent modifications and integrations.
Purpose of the treatment
All data provided by the Customer (or “the Interested Party”) will be used for the sole purpose of following up his requests or for the execution of a contract of which the interested party is a party and may be disclosed to third parties only in the case where this is necessary for this purpose, or with the explicit consent of the interested party.
In particular, the treatment will be performed in the execution of:
1. Contractual obligations, such as the supply of goods and services to guests (ex: reservations for stays, bookings in beauty and wellness departments);
2. Legal obligations, such as invoicing, obligatory accounting records and registrations, communications to the requesting authorities;
3. Communications to banks and similar institutions, for the collection of receivables and for other activities related to contractual obligations.
For the processing of data for such purposes, the Client’s consent is not necessary as the processing is necessary for the execution of a contract for which the Customer is a party or for the execution of pre-contractual measures adopted at the Customer’s request (Article 6, paragraph 1, letter b) of the Regulations), as well as, where applicable, to fulfill a legal obligation (Article 6, paragraph 1, letter a) of the Rules).
Additional purposes for which consent is required
The processing of data may also take place for the following purposes:
4. “Contact” page. The data collected by this website on the “Contact” page, subject to the explicit consent of the interested party, will be used exclusively to meet your requests and will not be used for other purposes, even after your request.
5. Marketing communications. We may submit to the Customer’s attention advertising material, catalogs, newsletters, direct mailing, price lists, and anything else related to the activity of the Owner, as well as to keep the Customer updated on initiatives and promotional offers. Marketing communications will be sent (via e-mail or mail or telephone) only if the user has expressly consented to these operations pursuant to art. 7 of EU Regulation 679/2016.
6. Collection of candidacies and Curriculum Vitae. We may collect spontaneous applications by filling in the form on this Site or by specific search and selection posts, published on websites, in the local or national press, or advertised through other means of communication. Information, including through the transmission (post, fax, e-mail) of personal data and professional experiences organized in the form of curriculum vitae. The collection only concerns personal data that are processed within limits strictly relevant to the purposes indicated below.
The data subject should not, therefore, transmit sensitive or particular data, or data that, pursuant to art. 9 of the 2016/679 EU Regulation, are suitable to reveal the racial and ethnic origin, political opinions, religious or philosophical convictions, union membership, as well as data related to health or sexual life or sexual orientation of the person. The interested party must not also transmit judicial data, or data that, pursuant to art. 4 letter e) of Legislative Decree no. 196/2003, are suitable to disclose the measures referred to in Article 3, paragraph 1, letters a) to o) and r) to u), of the D.P.R. November 14, 2002, n. 313, on the subject of criminal records, the register of administrative sanctions depending on the offense and the related pending charges, or the status of defendant or suspect under articles 60 and 61 of the criminal procedure code.
The sending to the owner of their data, if not made through the aforementioned form that provides for the release of specific consent, must take place after viewing this information on this site, according to the following formula (or equivalent formula) “According to the Regulation EU 2016/679, having read the information provided by “SPA MANAGEMENT SRL p.i./r.i. n.08439321004 Via S. Egidio 12 Florence, Italy” on the website “www.soulspace.it,” I agree that the same treats my data for the purposes and with the methods specified in the information itself”.
The processing of data will be carried out by staff appointed by the Controller with procedures, technical and its tools to protect the confidentiality and security of Customer Data and consists in their collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, the destruction thereof including the combination of two or more of the aforementioned activities.
Strict operating procedures and appropriate technical and organizational security measures are in place to prevent any access, modification, deletion or unauthorized transmission of such personal information.
These data will be kept for the time strictly necessary to provide the requested services to the Customer and will, in any case, be eliminated as a result of the Customer’s request, without prejudice to further conservation obligations established by law. From the moment of termination of the contract and / or the expiry of the statutory deadlines for data retention, these will be destroyed in such a way as not to make the reconstruction of the data possible.
The criterion for determining the applicable retention period is to preserve the personal information subject of this information for the time:
- necessary for its purpose;
- necessary for the commercial relationship with the user;
- accepted by the user;
- required by law.
The data provided by the interested party through specific consent pursuant to art. 7 of EU Regulation 679/2016, for marketing purposes will be retained for the period of 2 years, as per the Provision of the Guarantor of February 24, 2005. At the end of this period, unless the renewal of consent, the data will be deleted.
The data provided by the interested party through specific consent pursuant to art. 7 of EU Regulation 679/2016, to speed up subsequent check-ins, within the “Contacts” page or related to the collection of spontaneous applications will be kept for the period of 5 years, a term deemed appropriate in relation to the purpose of said processing and of the type of structure. At the end of this period, the renewal of consent will be required, failing which the data will be deleted.
The Data Controller may use services rendered by third parties that operate on behalf of the Data Controller and according to its instructions, as data controllers. These are subjects that provide the Owner with processing or instrumental services (ex. services for the operation of the platform) or in any case, provide a service that is strictly and necessarily linked to the activity of the Owner: tax consultants; public and private bodies, including in relation to inspections or audits; subjects that can access the data by law; external companies supplying goods or services. The interested party may request a complete and updated list of the persons nominated responsible for the treatment by contacting the contact indicated below.
The data of the interested party will not be disclosed.
The data may be transferred within the European Union, where the Data Controller or its suppliers are based or have their own servers. Data will not be transferred outside the European Union.
Rights of the interested party
The interested party has the right, at any time, to exercise against the Data Controller:
the right of access (Article 15 GDPR); the right to request the rectification of data concerning him (Article 16 of the GDPR); the right to obtain the cancellation of their data (Article 17 of the GDPR); the right to obtain the processing limitation (Article 18 of the GDPR); the right to object to the processing (Article 21 of the GDPR) and the right to data portability (Article 20 of the GDPR).
In case of rectification or deletion or limitation of the data, the Controller will communicate any changes to the recipients to whom the data are transmitted (Article 19 of the GDPR).
The interested party also has the right not to be subjected to any automated processing that produces legal effects that affect him or that significantly affects his person (art. 22 GDPR).
In any case, the interested party may contact the Guarantor or the Judicial Authority.
The contact details of the Data Controller are as follows: name: SPA MANAGEMENT SRL p.i./r.i. n.08439321004 Via S. Egidio 12 Florence, Italy; phone: 00392001794, email@example.com
COOKIES AND USE OF THE SITE
During the consultation of our web pages, it is possible that personal information and data are collected through the voluntary compilation of forms in it; in this case, the interested party must first read the information for the treatment of the data associated with this processing and consent to its management by our company, in the manner indicated in the same information.
To provide more information or facilitate user browsing, it is possible that we host on our web pages links to other sites not of our own creation (example search engines, suppliers of connected solutions, etc.). The policies for the processing of data applied by these sites are not under our control and do not extend to them the protections provided by this information note; Our company assumes no responsibility for the personal data that may be collected there.
It is also possible to access the Website without requiring the user to provide any personal data.
However, the computer systems and software used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols, through the action of files stored temporarily or permanent on your hard-disk (so-called Cookies) and thanks to the use of other software components downloaded or activated during navigation.
This information is not collected to be associated with identified interested parties, but also due to their very nature could, through processing or association, allow the identification of the user.
This category includes the IP addresses of the computers used by the users who connect to the Site, the URL of the requested resources, the time of the request, the size of the file obtained in response, etc.
These data are used only to obtain anonymous statistical information on the use of the Site (such as, in particular, the number of accesses), to check its correct functioning, to speed up, improve or customize the level of service to users and are deleted immediately after processing.
The provision of data is optional; any refusal to provide such data, blocking cookies or other software components could make it impossible for us to send the requested information and/or a not completely correct site functionality.
The collected data will be processed exclusively by the company personnel appointed for this purpose and will not be transferred or communicated to other subjects.
The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Website or to third parties. Except for this possibility, the data on web contacts are not permanently stored.
The Data Controller is SPA MANAGEMENT SRL p.i./r.i. n.08439321004 Via S. Egidio 12 Florence, Italy. To exercise your rights listed above, you can contact the phone number +39 0552001794 or the e-mail address firstname.lastname@example.org.
Cookies are short fragments of text (letters and/or numbers) that allow the web server to store on the client (the browser) information to be reused during the same visit to the site (session cookies) or later, even after days (persistent cookies). Cookies are stored, according to user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies can be used to gather information on user behavior and use of services.
In the following of this document, we will refer to cookies and all similar technologies simply by using the term “cookies”.
Types of cookies
• Strictly necessary cookies. These cookies are essential for the proper functioning of our site and are used to manage the login and access to the reserved functions of the site, in general, to speed up, improve or customize the level of service to users. The duration of cookies is either strictly limited to the working session (closed the browser are deleted), or of longer duration, aimed at recognizing the visitor’s computer. Their deactivation may compromise the use of services accessible by login, while the public part of the site is normally usable.
• Analysis and performance cookies. These cookies are used to collect and analyze the traffic and use of the site anonymously. These cookies, even without identifying the user, allow, for example, to detect if the same user returns to connect at different times. They also allow you to monitor the system and improve its performance and usability. The deactivation of these cookies can be performed without any loss of functionality.
• Profiling cookies. These are permanent cookies used to identify (anonymously or not) user preferences and improve their browsing experience, in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net.
By visiting a website you may receive cookies from both the visited site (“owner”) and sites managed by other organizations (“third parties”). An example is the presence of “social plugins” (for example, Facebook, Twitter, Google+) aimed at sharing content on social networks. The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of information collected by “third parties” is governed by the relevant information to which reference is made.
The user can decide whether or not to accept cookies using the settings of his browser.
Attention: the total or partial disabling of technical cookies can compromise the use of the site features reserved for registered users. On the contrary, the usability of public content is also possible by completely disabling cookies.
The disabling of “third-party” cookies does not affect the navigability in any way. The setting can be defined specifically for different websites and web applications. In addition, the best browsers allow you to define different settings for cookies “owners” and those of “third parties”.
As an example, with Google Chrome, click the wrench in the upper right corner and select “Settings”. At this point, select ‘Show advanced settings’ (“Under the hood”) and change the Privacy settings.
This site uses
The site operator has activated the function of anonymization of the IP address and signed the amendment on the processing of data in accordance with the European regulations dictated by Directive 95/46 / EC.
Advertising cookies (remarketing, segmentation and targeting) of Google and Facebook
These cookies are intended to provide the user with advertising space that can be installed by third parties. Some are used to recognize individual advertising messages and to know what they have been displayed and when, then allowing to appear, during the visit on other affiliated sites, banners and/or advertising related to certain products based on the browsing history of the user. Users are given a technical identifier but in no case are personal identifying data such as the user’s name or address collected.
Other advertising cookies are used to hypothesize a “profile” of the user’s navigation in order to propose advertising messages in line with his behavior and interests in the network. This “profile” is anonymous, and the information collected through these cookies does not allow us to trace the identity of the user.
In particular, the use of “Google Analytics” and “Facebook Ads”, including the so-called “Advertising function”.
This is a web analytics service provided by Google and Facebook that use analytical cookies that are installed on the user’s computer to perform statistical analysis in aggregate form on the use of the website visited, as well as to allow visitors to profile the sites. (which are identified by “detection cookies”) on the basis of the information contained in their “advertising cookies”, which concern three categories: age group, gender, marketing segments.
On the web page https://www.google.com/analytics/learn/privacy.html?hl=it you can find more information about the Google service.
On the web page https://it-it.facebook.com/privacy/explanation you can find more information about the Facebook service.
The list of cookies used by Google Analytics is, finally, available at the following address:
At the following link, https://tools.google.com/dlpage/gaoptout?hl=it is also made available by Google the browser add-on for the deactivation of Google Analytics.
To ensure greater transparency and convenience, for each of these sites we report the web address of the information and how to manage cookies, in addition to the possible denial of consent to the installation of cookies:
Google Analytics – web services (statistics and profiling): CLICK HERE
Facebook.com – social (profiling and marketing): CLICK HERE
To learn more about cookies and how to manage them or disable those of third parties or marketing/retargeting, visit: