Information on the processing of personal data according to Article 13 of EU Regulation 2016/679 for users / surfers who consult the website www.topstay.it.
Why do we provide this information?
According to the EU Regulation 2016/679 (hereinafter the “Regulation”) the contents of the disclosure describe the methods of treatment of personal data that the website www.topstay.it acquires while browsing or are conferred directly by the user. This information does not concern other sites, pages or online services that can be reached through hypertext links published on the sites but referred to resources outside the domain of www.topstay.it.
Who is the Data Controller?
The data controller is e.RATIO s.r.l. with registered office in Via Bari 150 int.19 – 70022 Altamura BA P.Iva 06755470728 (hereinafter “Owner”).
The processing of personal data takes place internally in the owner’s business structure and / or in the business group belonging to the owner.
The user who supplies his personal data may contact the Data Controller, for the exercise of his rights, at the following address:
The owner, or a person authorized by him, is obliged to respond to the user’s requests without undue delay and / or at the latest within a month.
The contacts of the eventual Data Protection Officer (DPO) will be indicated, following a possible appointment, on the website at the address https://www.topstay.it/privacypolicy.
What is meant by the legal basis of the treatment?
It seems appropriate to explain, with clear and simple words, what is meant by “legal basis”.
Personal data cannot be used by anyone except by the rightful owner. However, there are cases in which the ordering allows the processing by other subjects, such as, for example, when the user / navigator decides to request information on our site, he contacts us through the appropriate section entering your data and these they will subsequently be used to fulfill your specific request. In a similar way, the user / navigator may decide to also provide his e-mail address to receive information about our specific activities.
What is the legal basis for the processing?
The user / navigator of the site, after reading the information, is free to confer or not the personal data requested in the service registration forms. These data are necessary for the provision of the requested service so that, if these data are not provided, the requested service cannot be provided and the relative opportunities cannot be used.
The owner processes personal data relating to users if one of the following conditions exists:
- The user has given consent for one or more specified purposes;
- Processing is necessary for the fulfillment of a legal obligation to which the Owner is subject;
- Processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.
The user can however ask the Data Controller to clarify the concrete legal basis of each treatment by contacting him at the aforementioned address.
What data are processed and how?
The data we collect is processed in full compliance with the provisions of the law regarding the protection of personal data and exclusively for the purposes indicated in this informative document, pursuing logics and methods aimed at guaranteeing the confidentiality, integrity and availability of the information communicated by users.
User data is collected to allow the site to provide its services as well as for the following purposes:
- Contact the user
The types of personal data used for the aforementioned purposes are:
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning. Access log data with IP addresses are stored on the server hosting the site for 3 (three) months.
The webserver log data could be used, in the cases provided for by the law, to ascertain responsibility in case of hypothetical computer crimes against the site.
The systems hosting the site are protected by a firewalling system and are replicated to ensure proper storage and availability.
The Google Analytics tracking code is installed on the site. The data is recorded by the Google Analytics service and is stored on Google’s servers for a standard period of 26 (twenty-six) months.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of the e-mail address on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
No data sent to e-mail addresses or sent via forms is saved on the servers where the website resides. These data are stored by e.RATIO srl, located on the Italian territory, at the company datacenter and at an external datacenter. Specific summary information will eventually be progressively reported or displayed on the pages of the site set up for particular services on request and in the related fields of collection of the same data.
Personal data is processed by automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or the adjustment after contact as previously reported.
Under the Regulation, you have the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their treatment as subsequently illustrated.
Details on the processing of Users’ Personal Data
- Contact forms
- By compiling the forms on the site with their data, you consent to their use to respond to requests for information. That is, by flagging the specific box, you consent to the processing of the data entered to fulfill the related request.
Can the data be transferred outside the EU?
In the event that personal data is transferred outside the European Union, for technical and operational purposes and to guarantee a high level of continuity of service, the Data Controller guarantees that the transfer will be carried out ensuring the non-prejudice of the level of protection of natural persons guaranteed by current legislation and in particular by EU Regulation 2016/679 is not affected.
Who is the data communicated to?
The personal data provided may be communicated to appropriately appointed recipients who will process the data as data processors and / or as appointees.
The Data Controller does not disclose any information of the interested parties to third parties without their consent, except where required by law. In any case, the dissemination of the personal data processed is excluded. The complete list of data processors, co-owners and persons in charge of processing personal data can be requested by sending a request to the email address email@example.com
or contacting the owner in the aforementioned ways.
What are the rights of the site user?
The user who has given the data, by virtue of the principle of transparency, has the right to:
- Obtain the revocation of the consent given;
- obtain, from the Owner, confirmation of the existence or not of personal data concerning him;
- to obtain clear and intelligible communication of the data;
- obtain the indication:
- of the origin of personal data;
- of the purposes and methods of processing;
- of the logic applied in the case of processing carried out with the aid of electronic means;
- of the identity of the Data Controller, of the data processing manager (s) and / or appointees;
- of the subject (s) to whom the data may be communicated and / or who can learn about them as appointed representative in the State, as manager or person in charge.
- To obtain the update, correction and / or integration, if there is interest, of the data provided;
- Obtain the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data that does not need to be kept for the purposes for which the data was collected or subsequently processed;
- Obtain certification that the updating, rectification and deletion of the data, as already defined in the previous points, have been brought to the attention, also with regard to their content, of those to whom the data have been communicated, except for the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate with respect to the protected right.
- Obtain the limitation of the processing of the data provided;
- Make a complaint to the National Supervisory Authority.
The deadline for the user reply is, for all exercisable rights, 1 (one) month extendable up to 3 (three) months in particularly complex cases. The Owner is in any case obliged to provide feedback to the user, in writing, within 1 (one) month, even in the case of denial, in a concise, transparent and easily accessible manner, with simple and clear language.
The exercise of the rights can involve the burden of a contribution to the expenses of the user related to the difficulty for the Owner to follow up the requests in relation to the resources available.
These rights may be limited by a community or national regulation or regulation, when the exercise of these rights may result in an actual and concrete prejudice.
Additions, updates and changes to current information
The Data Controller reserves the right to modify, supplement or update this Notice periodically in compliance with the applicable legislation or the provisions adopted by the Guarantor for the Protection of Personal Data in its capacity as Control Authority.