This policy has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation) and it describes how we use and process your personal data. It also tells you how you can contact us if you have questions about your personal data.
Hotel Ancora Bieno S.r.l. Socio Unico Intra (VB) 28921 - Italy
Ericsoft Srl Via Adriatica, 62 - Misano Adriatico (RN) 47843 - Italia
Data Controller (or Data Supervisor)
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
Data Owner (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The individual using this Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
The legal or natural person to whom the Personal Data refers.
Personal Data (or Data)
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
Information collected automatically from this Application (or third party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The hardware or software tool by which the Personal Data of the User is collected.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
Small piece of data stored in the User's device.
What kinds of information do we collect?
When you visit our websites, even if you do not make a reservation, we may collect certain Device information as explained in the section below.
Personal data you give to us
Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies and Usage data, Name, Surname, Telephone number, Address, ZIP code, Province, State, Country and Email.
Personal data you give us about others
Users are responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.
We collect information from or about the computers, phones, or other devices where you access our Services, depending on the permissions you’ve granted. Here are some examples of the device information we collect:
- Attributes such as the operating system, hardware version, device-specific settings.
- Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, IP address.
Information about payments
If you use our Services for purchases (like when you make a reservation on our BookingEngine), we collect information about the purchase or transaction. This includes your payment information, such as your credit or debit card number and other card information.
Mode and place of processing the Data
Methods of processing
we guarantee that, in accordance with the law, your personal data will be processed in compliance with the basic rights and the dignity of the person involved, in particular for what concerns privacy, personal identity and the right to protect such data.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- Processing is necessary for compliance with a legal obligation to which the Owner is subject;
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
How do we treat personal data about children?
The services offered are not directed at children under 16 years old. For children younger than 16 years old, the use of any of our services is only allowed with the valid consent of a parent or a guardian. In limited cases as part of a reservation, purchase of other travel-related services, or in exceptional other circumstances (such as features addressed to families), The services may collect and use information of children only as provided by the parent or guardian or with their consent. If we become aware that we process information of a child under 16 years old without the valid consent of a parent or guardian, we reserve the right to delete it.
How is this information shared?
In certain circumstances, we may share your personal data with third parties:
The accommodation you booked
In order to complete your reservation, we need to transfer relevant reservation details to the accommodation you have booked. This may include information such as your name, your contact details, your payment details, the names of guests travelling with you and any preferences you specified when making a booking.
We may share personal information with credit institutes with which we maintain a relationship for managing credit/debts and carrying out financial intermediation.
We disclose personal data to law enforcement and other governmental authorities insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.
Advertising, Measurement and Analytics Services (Non-Personally Identifiable Information Only)
We may provide these partners with information about the reach and effectiveness of their advertising without providing information that personally identifies you, or if we have aggregated the information so that it does not personally identify you.
We may disclose personal data to all those physical and/or juridical persons, public and/or private (legal, administrative and tax consulting firms, judicial offices, Chambers of Commerce, etc.) when the communication is necessary or functional to carrying out our activity and according to the methods and for the purposes listed above.
How do we respond to legal requests or prevent harm?
We access, preserve and share your information with regulators, law enforcement or others:
- In response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
- When we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of the Products, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), you or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive information from third-party partners about the reliability of your account to prevent fraud, abuse and other harmful activity on and off our Products.
Information we receive about you (including financial transaction data related to purchases made with Facebook) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or investigations of possible violations of our terms or policies, or otherwise to prevent harm. We also retain information from accounts disabled for terms violations for at least a year to prevent repeat abuse or other term violations.
Additional information about Data collection and processing
Additional information about User's Personal Data
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
This Application does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Access rights of the interested party
The interested party has the right to obtain from the Data Owner or Data Controller the confirmation that the processing of his or her personal data is in progress and, in this case, have access to his personal data and the following information:
- The purpose for processing such data;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom personal data has been or will be communicated to, in particular if these recipients are located in other countries or are part of international organizations;
- When possible, the retention period of the personal data provided. If this is not possible, the criteria used to determine this period;
- The existence of the right of the interested party to request the Data Controller to rectify or delete his personal data; limit the processing of such information or oppose himself to this treatment;
- The right to file a complaint with a supervising authority;
- If data has not been collected from the interested party, all information available regarding their origin;
- The existence of an automated decision-making process, including profiling.
If personal data is transferred to another country or to an international organization, the interested party has the right to be informed on the existence of adequate guarantees in accordance with current regulations on the matter, related to data transfer.
The Data Owner or Data Controller provides a copy of the personal data being processed. In case further copies are requested by the interested party, the Data Controller or Data Processor may charge a reasonable contribution fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise stated by the interested party, the information will be provided in a commonly used electronic format. The right to obtain a copy of the personal data being processed must not damage the rights and freedom of others.
Cookies are small pieces of information installed in the browser when you visit a website or use a social network with your PC , tablet or smartphone. Each cookie contains various information that assist the Owner in providing the service according to the purposes described . Cookies can stay in the system for the duration of a session (that ends when the browser is closed ) or for a prolonged period of time. Some of the purposes of installation may require the User consent.
How can I manage cookies ?
The User has the ability to manage Cookies preferences directly from within their browser and prevent third parties from installing them. It is important to note that disabling all Cookies can alter the correct functioning of this Site.
More information about online advertising
Browser cookie controls
In addition, your browser or device may offer settings that allow you to choose whether browser cookies are set and to delete them. For more information about these controls, visit your browser or device's help material.
Cookies help us provide, protect and improve the Service, such as by personalizing content and providing a safer experience. While the cookies that we use may change from time to time as we improve and update the Service, we use them for the following purposes:
Essential session Cookies
This Application uses session cookies with the only purpose of carrying out tasks that are essential for the Site to operate correctly.
Saving preferences, experience optimization and statistical reports
Site features and services
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services.
Registration and authentication
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Facebook Authentication (Facebook Inc.)
Facebook Authentication is a registration and authentication service provided by Facebook, Inc. This service allows this Application to connect with the User's account on the Facebook social network.
Google OAuth (Google Inc.)
Google OAuth is a registration and authentication service provided by Google Inc. This service allows this Application to connect with the User's account on the Google network.
Payment processing services enable this Application to process payments by credit card, bank transfer or other means. To ensure greater security, this Application shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning the payment.
PayPal is a payment service provided by PayPal Inc. which allows Users to make online payments using their PayPal credentials.
Displaying content from external platforms
These services allow you to view content hosted on external platforms directly from the pages of this Application and interact with them. If a service of this kind is installed, it may still collect web traffic data for the pages where the service is installed, even when users do not use it.
GoogleFonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.
Contacting the User
Contact form (This Application)
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
- Personal data collected: Name, Surname, Telephone number, Address, ZIP code, Province, State, Country and Email
- Place of processing: Europe
These services allow this Application to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Azure Applications Insights (Microsoft Inc.)
Azure Applications insight is a monitoring service provided by New Microsoft Inc. The way it is integrated means that it filters all traffic of this Application, i.e., communication between the Application and the User's browser or device, while also allowing analytical data on this Application to be collected.
- Personal data collected: Cookie and Usage data
- Place of processing: USA
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.AdWords Conversion Tracking (Google Inc.)
Google AdWords conversion tracking is a statistics service provided by Google Inc. that connects data from the network of Google AdWords ads with the actions within this Application.
TripAdvisor Conversion Tracking (Google Inc.)
- Personal data collected: Cookie and Usage data
- Place of processing: 141 Needham Street, Newton, MA 02464, USA
Remarketing and Behavioral Targeting
These services allow this Application and its partners to inform, optimize and serve advertising based on past use of this Application by the User. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
AdWords Remarketing (Google Inc.)
AdWords Remarketing is a Remarketing and Behavioral Targeting service provided by Google Inc. that connects the activity of this Application with the Adwords advertising network and the Doubleclick Cookie.
Widgets and third party services
Google Maps (Google Inc.)
Google Maps is a maps visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.
- Personal data collected: Cookie and Usage data
- Place of processing: 1600 Amphitheatre Parkway Mountain View - CA94043 USA
Changes to this policy
Last updated: May, 24th 2018