This document (“Information”) intends to provide you with information regarding the processing of information, as specified below, which will be provided by you or otherwise available at our facility and which will be processed by the same and/or by other subjects identified for the purposes indicated below. The Information, in particular, is provided pursuant to EU Regulation no. 679/2016 (“GDPR”) and subsequent national adaptation regulations (together with the GDPR hereinafter “Applicable Regulations”). Specific information may be presented on the pages of the Site in relation to particular services or processing of data provided by the interested party and specific consent obtained (where necessary).

1. Identity and contact details of the Data Controller: The data controller, pursuant to articles. 4 and 24 of EU Reg. 2016/679, is RIOLA srls - Hotel Clorinda, with headquarters in Via Roma, 120 - 64011 ALBA ADRIATICA (TE), VAT number 01950300671, Tel. (0861) 751315, e-mail: info, in the person of the legal representative pro-tempore (hereinafter "Owner").

2. Contact details of the Data Protection Officer (so-called "RPD-DPO"): The Data Controller does not carry out activities that require the designation of the figure of the Personal Data Protection Officer.

3. Purpose and legal basis of the processing: The Personal Data collected will be processed for the purposes and under the legal bases set out below:

Purpose Legal basis of processing
point 3, letter. a): for the management of your contractual relationship or to execute pre-contractual measures (such as, for example, the request for information or the request for a quote); to allow navigation on this website and the technical management of connections to it; to manage any contact request from the interested party and respond to them and to follow up on requests for assistance and the needs of customers and users. In this case, you are free to provide your Personal Data, however failure to provide it will not allow you to establish the aforementioned relationship and satisfy your request and could make it impossible to use all the services provided by the site. the processing is necessary in relation to the execution of a contract of which you are a party, the provision of a service or the need to respond to requests from the interested party and is necessary to fulfill a legal obligation to which you are subject the Owner

4. Categories of personal data processed: Within the limits of the purposes and methods described in this Policy, information may be processed that can be considered as "Personal Data", which includes your personal details, your contact details (such as, for example, mobile number, e-mail address, IP address, cookies, etc.). Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected. Any use of Cookies (or other tracking tools) by this website or by the owners of third-party services used by this website, unless otherwise specified, has the purpose of providing the service requested by the User, in addition to further purposes described in this document and in the Cookie Policy.

4.1 Navigation data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the date and time of the request, the method used when submitting the request, the size of the response file, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the info environmentrmatic of the User. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used exclusively by the Judicial Authority to ascertain responsibility in the event of hypothetical computer crimes against the site.

4.2 Data Provided Voluntarily by the User: The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site, or the filling in of forms, involves the subsequent acquisition of the address of the sender, necessary to respond to requests, as well as any other personal data entered voluntarily by the User. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this website and guarantees that he or she has the right to communicate or disseminate them, freeing the Owner from any liability towards third parties.

4.3 Redirect via Social plug-in: It is possible that the so-called. social plug-ins. Social plug-ins are special tools that allow you to incorporate social network features directly into the Site (e.g. the Facebook "like" function). All social plug-ins present on the Site are marked with the respective logo owned by the social network platform. When you visit a page of the Site and interact with the plug-in (e.g. by clicking the "like" button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in in this case Facebook) and stored from there. For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as the methods through which to exercise your rights, please consult the privacy policy of the relevant social network network.

5. Recipients and categories of recipients: Personal data will not be disclosed, i.e. it will not be disclosed to indeterminate subjects. They may instead be communicated to well-defined subjects, in full compliance with legal requirements, for purposes strictly related to those previously indicated. Any access to your personal data is limited to persons authorized by the Data Controller. Communication to the identified recipients, only if involved and functional, is linked to the achievement of the purposes referred to in the previous point 3, therefore the personal data collected and processed may be:

  1. used anonymously for statistical purposes;
  2. made available to the Data Controller's collaborators, as managers or persons authorized to process personal data;
  3. communicated to third parties, whether natural or legal, public administrations, professionals, law enforcement agencies, government bodies, regulatory bodies, courts or other public authorities authorized by law;
  4. subjects that provide services for the management of the information system and communication networks including e-mail, newsletters and website management;
  5. studies or companies in the context of assistance and consultancy relationships;
  6. if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, also with regard to the right to data portability.

The information may also be communicated whenever communication may be necessary to comply with requests from the Judicial or Public Security Authorities. The data collected will under no circumstances be disclosed.

The list of those responsible for processing personal data is available at the headquarters of the Data Controller.

6. Transfer of data abroad:The data will not be transferred outside the European Union.

7. Data retention period (determination criteria): Below is a table containing indications of the retention times (i.e. determination criteria) of Personal Data:

Purpose Preservation times
point 3, letter. a): contract management For the entire duration of the relationship and subsequently for 10 years (ordinary prescription).

8. Data processing methods: The processing of Personal Data will take place using manual, IT or telematic tools, suitable to guarantee its security and confidentiality.accuracy and will be carried out by personnel duly trained in compliance with the Applicable Regulations. There is no automated decision making. In addition to the Owner, in some cases, other parties involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers) may have access to the Data. , hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. In cases where it is necessary to contact you for needs related to the management of your position, you may be contacted via e-mail, text message, instant messaging systems or through any equivalent electronic tool or by paper mail or call via operator at all contact details provided. If you prefer to be contacted only at one or some of these addresses, you may make an express written request addressed without formalities to the Data Controller.

8.1 Defense in court: The User's Personal Data may be used by the Owner in court or in the preparatory stages of its possible establishment for the defense against abuse in the use of this website or related services by the User. The User declares to be aware that the Owner may be obliged to reveal the Data by order of public authorities.

8.2 Specific information: Upon request of the User, in addition to the information contained in this privacy policy, this website may provide the User with additional and contextual information regarding specific services, or the collection and the processing of Personal Data.

8.3 System logs and maintenance: For needs related to operation and maintenance, this website and any third-party services it uses may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User IP address.

8.4 Information not contained in this policy: Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

8.5 Response to “Do Not Track” requests: This website does not support “Do Not Track” requests. To find out whether any third-party services used support them, the User is invited to consult the respective privacy policies.

8.6 Changes to this privacy policy: The Owner reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, by sending a notification to Users through one of the contact details held by the Data Controller. Please therefore consult this page regularly, referring to the date of last modification indicated at the bottom. If the changes affect processing whose legal basis is consent, the Owner will collect the User's consent again, if necessary.

9. Rights that are recognized to you: We inform you that you can exercise the rights recognized by the Applicable Regulations including, by way of example, the right:

  1. to access their Personal Data and know its origin, the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the data retention period or the criteria useful for determining it (art.15);
  2. to request rectification (art.16);
  3. cancellation (“oblivion”), if no longer necessary, incomplete, incorrect or collected in violation of the law (art.17);
  4. to request that the processing be limited to part of the information concerning you (art.18);
  5. to the extent that it is technically possible, to receive in a structured format or to transmit to you or to third parties indicated by you the information concerning you (so-called "portability") or that which has been voluntarily provided by you (art. 20);
  6. to oppose their processing based on legitimate interest (art. 21);
  7. as well as to revoke your consent at any time, in the event that this constitutes the basis of the processing (the revocation of consent in any case does not affect the lawfulness of the processing based on the consent carried out before the revocation itself).

The aforementioned rights may be exercised by means of a written request addressed without formalities to the Data Controller at the contacts indicated in point 1.

The Data Controller must proceed in this direction without delay and, in any case, at the latest within one mfrom receipt of the request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you and inform you of the reasons for the extension within one month of receiving your request.

We remind you that, if the response to your requests has not been satisfactory in your opinion, you can contact and lodge a complaint with the Guarantor Authority for the Protection of Personal Data ( in the ways provided for by the Applicable Regulations.

Reviewed May 2021

The Data Controller