Privacy Information Notice for Users

S.I.T.L.A. S.r.l. – with headquarters in Via C. Battisti, 16 – 35121 Padua (Italy), tax code and VAT no. 00373980283 (hereafter, the “Data controller”), owner of the website http://www.unionlido.com (hereafter, the “Website”), in its capacity as data controller of the personal data belonging to users who navigate and register with the Website (hereafter, the “Users”), hereby provides this privacy information notice pursuant to article 13 of (Italian) Legislative Decree no. 196/2003 (hereafter, the “Personal Data Protection Code”) and pursuant to article 13 of EU Regulation no. 2016/679 dated 27th April 2016 (hereafter, “Regulation” or “GDPR”, the Regulation and the Personal Data Protection Code are together defined as “Applicable Legislation”). 

 This Website and any services offered through the Website are reserved for individuals who are eighteen or over. The Data Controller does not collect personal data relating to individuals under the age of 18, unless inserted by adult users who declare that they have parental responsibility. Upon request of the Users, the Data Controller shall promptly eliminate any personal data involuntarily collected that refers to individuals under the age of 18. 

 The Data Controller pays the utmost attention to the right to privacy and to protecting its Users’ personal data. For any information relating to this privacy information notice, Users may contact the Data Controller at any time, using one of the following methods: 

• By sending a registered letter with acknowledgement of receipt to the Data Controller’s legal headquarters  

• By sending an e-mail to the address privacy@unionlido.com

1.Purposes of the processing

Users’ personal data will be lawfully processed by the Data Controller pursuant to article 6 of the Regulation for the following purposes:  

1. website navigation, relating to the possibility to record Users’ data that is necessary for technical reasons,such as the IP address during navigation of the Website. 
2. contractual obligations and service provision in the case of online bookings, to perform the General Terms and Conditions of Sale, which Users accept when they register with the Website and to fulfil specific requests from Users. Users’ personal details collected by the Data Controller in order to register them with the Website include:  
   1. Mandatory: E-mail, Name, Surname, Address, Country, date of birth (to check they are over 18); 
   2. Optional: all personal details that Users may voluntarily provide on the contact forms available on the Website.  
   3. Unless Users provide the Data Controller with specific and voluntary consent for their data to be processed for the additional purposes described in the paragraphs below, then their personal details will only be used by the Data Controller for the exclusive purpose of checking their identity (also by validating their e-mail address), thereby avoiding possible fraud or abuse, and contacting Users for service reasons only (e.g. to send notifications relating to services offered by the Website). Without prejudice to the other provisions stated in this privacy information notice, under no circumstances shall the Data Controller make Users’ personal data accessible to other Users and/or to third parties.  
3. administration-accounting purposes, i.e. to carry out organisational, administrative, financial and accounting activities, such as in-house organisation and activities necessary to fulfil contractual and pre-contractual obligations;
4. legal obligations, i.e. to comply with obligations provided for by applicable law, by authorities, by a regulation or by EU legislation. 

Providing personal data for the processing purposes stated above is optional but necessary, as failing to provide data for these reasons will make it impossible for Users to navigate on the Website, register with the Website or use the services that the Data Controller offers on the Website. 

2. Additional purposes of processing: marketing and newsletters (sending advertising and promotional material) 

With Users’ free and voluntary consent, some of their personal data (i.e. name, surname, e-mail address, address) may be processed by the Data Controller also for marketing and newsletter purposes (sending advertising material, direct sales, commercial communications, sending newsletters containing information on significant news in the industry relating to the Website’s activity), or so that the Data Controller can contact Users via post or e-mail in order to propose the purchase of products and/or services offered by said Data Controller, or to present special offers, promotions and business opportunities.   Failure to provide consent shall in no way affect the possibility to register with the Website. 

Should consent be given, Users may withdraw it at any time, by sending a request to the Data Controller using the methods indicated in paragraph 7 below. 

Furthermore, Users can easily object to any further promotional material and newsletters being sent via e-mail by clicking on the dedicated link to withdraw consent, which is provided in each promotional and newsletter e-mail. Once consent has been withdrawn, the Data Controller will send the User an e-mail to confirm that consent has been duly withdrawn. Should the User wish to withdraw consent to receive promotional communications over the telephone, but wishes to continue receiving promotional material via e-mail, or vice-versa, then they are kindly requested to send a request to the Data Controller using the methods indicated in paragraph 7 below. 

 The Data Controller hereby informs Users that, once they have exercised their right to object to promotional material and newsletters being sent via e-mail, they may still possibly receive some further promotional messages and newsletters due to technical and operational reasons (e.g. the contact lists being completed just before the Data Controller receives the objection request). Should Users continue to receive promotional messages and newsletters 24 hours after exercising their right to object, then they are kindly requested to report this issue to the Data Controller, using the contact details indicated in paragraph 7 below. 

It should be noted that the Data Controller’s newsletter is managed on the MailUp platform, belonging to the company MailUp S.p.A., with legal headquarters in Viale F. Restelli 1, 20124 Milan (Italy), which guarantees compliance with personal data protection regulations (please refer to the relative privacy information notice available from: https://www.mailup.it/informativa-privacy). 

3.Additional processing purposes: profiling 

With Users’ free and voluntary consent, their personal data (i.e. their personal and contact details, purchases made and information relating to the services in which they have expressed an interest) may be processed by the Data Controller also for profiling purposes, i.e. to reconstruct their preferences and consumption habits, identifying a consumer profile, in order to be able to send Users commercial offers that are in line with the profile identified. 

Failure to provide consent shall in no way affect the possibility to register with the Website. Should consent be given, Users may withdraw it at any time, by sending a request to the Data Controller using the methods indicated in paragraph 7 below.  

4.Processing methods and period for which data will be stored 

The Data Controller will process Users’ personal data using manual and computerised means, with logic that is strictly linked to the processing purposes and, in any case, in order to guarantee the security and confidentiality of the data. 

 The personal data of Website Users will only be stored for the amount of time that is strictly necessary to complete the main purposes referred to by paragraph 1 above or, in any case, for the amount of time necessary to protect the interests of both the Users and the Data Controller in accordance with the (Italian) civil code. 

 In the cases referred to by paragraph 3 above, Users’ personal data shall only be stored for the amount of time that is strictly necessary to complete the purposes described therein and, in any case, within the limits set by Applicable Legislation. 

5.Legal basis for processing

With reference to the purposes referred to by points (1/a, 1/b, 1/c), the legal basis for processing is the provision of the services provided through the Website and requested by you (pursuant to article 6, paragraph 1, lett. b of EU Regulation no. 2016/679); with reference to the optional purposes referred to by points (2 and 3), the legal basis for processing is any consent that you give freely (pursuant to article 6, paragraph 1, lett. a of EU Regulation no. 2016/679); with reference to the purposes referred to by point (1/d) of the previous paragraph, the legal basis for processing is to comply with a legal obligation to which the data controller is subject (pursuant to article 6, paragraph 1, lett. c of EU Regulation no. 2016/679). 

6.  Scope of data disclosure 

The Data Controller’s employees and/or co-workers entrusted to manage the Website may become aware of Users’ personal data. These individuals, who the Data Controller has formally named “persons in charge of the processing”, shall only process Users’ data for the purposes indicated in this information notice and in compliance with the provisions of Applicable Legislation. 

 Third-parties who process personal data on behalf of the Data Controller, as “External Data Processors” may also become aware of Users’ personal data. These may include, for example, IT and logistics service providers that are necessary to make the Website work, outsourcing or cloud computing service providers, professionals and consultants. 

Users have the right to obtain a list of any data processors appointed by the Data Controller, by sending a request to the Data Controller using the methods indicated in paragraph 7 below. 

7.Rights of the Data Subject 

Users may exercise the rights that are guaranteed to them by Applicable Legislation, by contacting the Data Controller in one of the following ways: 

• By sending a registered letter with acknowledgement of receipt to the Data Controller’s legal headquarters. 
• By sending an e-mail to the address privacy@unionlido.com, filling in the dedicated form that can be downloaded HERE

Pursuant to Applicable Legislation, the Data Controller hereby informs Users that they have the right to obtain indication of: 

• the origin of their personal data; 
• the purposes of and methods used for processing; 
• the logic applied if processing is carried out using electronic tools; 
• the identification details of the data controller and data processors; 
• the individuals or categories of individuals to whom personal data may be disclosed or who may become aware of said data in their role as data processors or persons in charge of processing. 

Furthermore, Users have the right to obtain: 

1. access, updating and rectification or, if interested therein, integration of the data; 
2. erasure, anonymization or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected or subsequently processed; 
3. certification to the effect that the operations as per letters a) and b) have been
   notified, as also related to their contents, to the individuals to whom the data was
   disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; 

Furthermore, Users have: 

1. the right to withdraw consent at any time, should processing be based on their consent; 
2. the right to data portability (the right to receive all personal data concerning them, in a structured, commonly used and machine-readable format), the right to restrict processing of personal data and the right to erasure (“right to be forgotten”). 
3. the right to object: 
   1. to the processing of personal data concerning them, in full or in part, for legitimate reasons, even if this relates to the purpose for which said data was collected; 
   2. to the processing of personal data concerning them, in full or in part, for the purposes of sending advertising material or direct sales or to carry out market research or send commercial communications; 
   3. to the processing of their personal data, at any time, for direct marketing purposes, including profiling to the extent that this is connected to direct marketing. 
4. Should Users believe that the processing of data concerning them is in violation of the Regulation, then they have the right to lodge a complaint with a supervisory authority (in the EU member state where they normally reside, in the one where they work or in the one where the alleged violation occurred). The Italian supervisory authority is the “Garante per la protezione dei dati personali” (Personal data protection authority) with headquarters in Piazza di Monte Citorio no. 121, 00186 – Rome (http://www.garanteprivacy.it/). 

Form for data subjects to exercise their rights