Privacy
PRIVACY POLICY PURSUANT TO EU GDPR 2016/679
Welcome to our website. Please carefully read our Policy, which applies both if you access the website and simply decide to browse within it and also if you use its advanced services. This information is provided pursuant to European Regulation for the Protection of Personal Data (General Data Protection Regulation, also GDPR) 2016/679, which envisages the protection of individuals with respect to the processing of personal data. According to the regulations indicated, this processing will be based on the principles of correctness, lawfulness and transparency and the protection of your privacy and your rights.
Data Controller:
Infinito Resort:
MM DEVELOPMENT PROJECTS S.R.L.
Via Giovanni XXIII 18-20, 72017 Ostuni (Brindisi)
VAT Number 08480010720
Tel. +39 376 0038766 – Email reception@infinitoresort.com
Masseria Il Pioppo:
INFINITO MM S.R.L.
Via Giovanni XXIII 18-20, 72017 Ostuni (Brindisi)
VAT Number 08319480722
Tel. +39 376 0038766
Type of Data collected
The Personal Data collected, independently or through third parties, includes: Cookies, Usage data, email, various types of Data, telephone number, country, city, province. Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of the portal.
Unless otherwise specified, all requested Data is mandatory. If the User refuses to communicate this data, it may be impossible to provide the Service. In cases where the portal indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation. Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller.
Any use of Cookies - or other tracking tools - by the portal or by the owners of third-party services used by the portal, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through the portal and guarantees that he or she has the right to communicate or disseminate this data, freeing the Data Controller from any liability towards third parties.
Method and place of processing of the Data collected
How we process your personal data
The Data Controller adopts appropriate security measures aimed at preventing unauthorised access, distribution, modification or destruction of the Personal Data. The processing is carried out using IT and/or telematic tools, with organisational methods and with logic strictly linked to the purposes indicated. In addition to the Data Controller, in some cases, other individuals involved in the organisation (administrative, commercial and marketing personnel, lawyers and system administrators) may have access to the data, that is external individuals (like third party technical services providers, postal couriers, hosting providers, IT companies, communication agencies, consulting agencies) also appointed, if necessary, as Data Managers by the Data Controller. The updated list of Data Managers can always be requested from the Data Controller.
Legal basis for data processing
The Data Controller processes the User’s Personal Data when one of the following conditions occurs:
- the User has given consent for one or more specific purposes; Note: in some jurisdictions the Data controller may be authorised to process Personal Data without the User’s consent or any other of the legal bases specified below, until the User objects (“opt-out”) to this data processing. However, this is not applicable if the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
- the data processing is necessary for the performance of a contract with the User and/or the performance of pre-contractual measures;
- the data processing is necessary in order to fulfil a legal obligation to which the Data Controller is subjected;
- the data processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the Data Controller;
- the data processing is necessary for the legitimate interests pursued by the Data Controller or by third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of all data processing and in particular to specify whether the processing is based on the law, envisaged by a contract or necessary for concluding a contract.
Where we process the data
Personal data is processed at the Data Controller’s operational headquarters and wherever the parties involved in the processing are located. For further information, contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on where the data processing takes place, the User can refer to the section regarding the details on the processing of Personal Data. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation governed by public international law or consisting of two or more countries, such as the UN, for example, as well as regarding the security measures adopted by the Data Controller to protect the Data. If one of the transfers just described takes place, the User can refer to the respective sections of this document or request information from the Data Controller by contacting him using the details indicated at the beginning.
Retention period
The Data is processed and stored for the time required to fulfil the purposes for which it was collected. Therefore: Personal Data collected for purposes linked to the performance of a contract between the Data Controller and the User will be retained until the performance of this contract is completed. Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller. When the data processing is based on the User's consent, the Data Controller may retain the Personal Data for longer, until the consent is revoked. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this deadline, the right to access, delete and amend the Data and the right to Data portability can no longer be exercised.
Purposes of the Processing of Data Collected
The User’s Data is collected to allow the Data Controller to provide their Services, as well as for the following purposes: Statistics, Remarketing and behavioural targeting, Management of support and contact requests, Content and functionality performance testing (A/B testing), Contacting the User, Social functions, User database management, Tag management, Heat mapping and session recording, Hosting and backend infrastructure, Interaction with online survey platforms, Interaction with data collection platforms and other third parties, Infrastructure monitoring and Contact management and sending of messages.
To obtain further detailed information on the purposes of the data processing and on the Personal Data actually relevant for each purpose, the User can refer to the relative sections of this document.
Details of the Personal Data processing
Personal Data is collected for the following purposes and using the following services:
Contacting the User
Social functions
Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services may also allow the collection of data regarding the date and time of viewing of messages by the User, as well as the User’s interaction with them, such as information on clicks on links included in messages.
Management of support and contact requests
This type of service allows the portal to manage support and contact requests received via email or other tools, such as the contact form. The Personal Data processed depends on the information provided by the User in the messages and on the tool used for communication (for example the email address).
Hosting and backend infrastructure
This type of service has the function of hosting Data and files that permit the portal to function, allow its distribution and provide a ready-to-use infrastructure in order to provide specific portal functions. Some of these services work through servers that are geographically located in different locations, making it difficult to determine the exact location in which the Personal Data is stored.
Interaction with data collection platforms and other third parties
This type of service allows Users to interact with data collection platforms or other services directly from the pages of the portal for the purpose of saving and reusing the data. If one of these services is installed, even if Users do not use it, the service may nevertheless collect Usage Data relative to the pages on which it is installed.
Infrastructure monitoring
This type of service permits the portal to monitor the use and behaviour of its components, in order to allow the improvement of performance and functionality, maintenance or resolution of problems.
The Personal Data processed depends on the characteristics and implementation methods of these services that, by their nature, filter the activity of the portal.
Statistics
The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited. Google uses Personal Data collected for the purpose of tracking and examining the use of the portal, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalise the advertisements in its advertising network.
Facebook Analytics for Apps (Facebook, Inc.)
Facebook Analytics for Apps is a statistics service provided by Facebook, Inc. Personal Data collected: Usage data and various types of Data as specified in the privacy policy of the service.
Device-unique identification
The portal can track Users by saving an identification code unique to their device, for statistical purposes or to store User preferences.
User’s rights
Users can exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User is entitled to:
withdraw consent at any time. The User may revoke previously expressed consent to the processing of their Personal Data.
object to the processing of their Data. The User has the right to object to the processing of their Personal Data, when this is carried out on a legal basis other than consent. Further details on the right to object are indicated in the section below.
access their personal Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the data processing and to receive a copy of the Data processed.
verify and ask for it to be amended. The User can verify the accuracy of their Data and request that it be updated or corrected
obtain restriction of the data processing. When certain conditions apply, the User can request restriction of the processing of their Personal Data. In this case, the Data Controller will not process the Data for any purpose other than its retention.
obtain deletion or removal of the Personal Data. When certain conditions apply, the User can request the deletion of their personal Data by the Data Controller
receive personal data or have it transferred to another Data Controller. The User has the right to receive their Data in a structured, commonly-used and machine-readable format and, where technically feasible, to obtain its transfer unhindered to another Data Controller. This provision is applicable when the Data is processed by automated means and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures related thereto.
lodge a complaint. The User can lodge a complaint with the personal data protection supervisory authority or take legal action.
Details on the right to object
When Personal Data is processed in the public interest, in the exercising of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons linked to their particular situation.
Users are reminded that, if their Data is processed for direct marketing purposes, they can object to the processing without providing any reason. To find out whether the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to exercise your rights
Users can exercise their rights by sending a request to the Data Controller using the contact details indicated in this document. Requests are filed free of charge and processed by the Data Controller as quickly as possible and, in any case, within one month.