INFORMATION COMPLIANT with EU Regulation GDPR UE NR. 679/2016- art. 13. Web site

Pursuant to art. 13 EU Regulation no. 679/2016 (hereinafter, “GDPR”), the company SMART VENICE srl based in Cannaregio 980 30121 Venice P.IVA and C.F. 04240110272 (hereinafter, “Data Controller”), as Data Controller of the personal data supplied by you as an interested party when using the Data Controller’s website (subscribing to the newsletter or sending reservation requests), informs you that the processing of data will be based on principles of correctness, lawfulness, transparency and the protection of privacy and rights, and that your data will be processed in such a way as to guarantee adequate security of the same through adequate technical and organizational measures pursuant to art. 32 of the GDPR.

Should you provide personal data of third parties (therefore not directly referring to you) you act as independent data controller, assuming all the obligations and responsibilities of the law. In this sense, you grant the widest indemnity on this point with respect to any objection, claim, request for compensation for damage from treatment, etc. that should reach the Data Controller from third parties whose personal data have been processed through your spontaneous submission in violation of the rules on the protection of applicable personal data. In any case, if you provide or otherwise process personal data of third parties, you guarantee from now on – assuming all connected responsibility – that this particular hypothesis of treatment is based on an appropriate legal basis pursuant to art. 6 of the GDPR which legitimizes the processing of the information in question.

This information is provided only for the website www.smartvenice.org (“Site”) while it does not apply to other websites that may be consulted via external links and is to be understood as information provided to those who interact with the Site.

1. AIMS AND LEGAL BASIS OF PERSONAL DATA TREATMENT

The sensitive personal data you provide is collected:

• only with your specific and distinct consent (art. 7 of EU Regulation 679/2016) for the purposes of responding to questions or requests placed through the website of the Data Controller.

• Only with your specific and distinct consent (art. 7 of EU Regulation 679/2016), for marketing purposes by sending newsletters by sending e-mail in order to provide information on products and/or services of the owner.

The legal basis for the processing of your personal data for the purposes indicated above is art. 6(1)(a) of EU Regulation 679/2016, or the consent expressed by the interested party. Consent may be freely revoked at any time in the manner indicated in section 7.

These data are processed by means of the computer system, on which they are stored and will be canceled from this system when the deadline for checking and ascertaining the above obligations is prescribed by law.

1. DATA TREATMENT MODALITIES

Pursuant to and for the purposes of articles. 12 and following. of the GDPR, we wish to inform you that the personal data you communicated to us will be recorded, processed and stored in our archives in compliance with the appropriate technical and organizational measures pursuant to art. 32 of the GDPR. The processing of your personal data may consist of any operation or set of operations among those indicated in art. 4, paragraph 1, point 2 of the GDPR.

The processing of personal data will take place through the use of tools and procedures suitable for guaranteeing their security and confidentiality and may be carried out directly and/or through delegated third parties with the aid of IT means or electronic instruments.

1. NATURE OF DATA PROVISION AND CONSEQUENCES IN CASE OF DENIAL

The provision of data, for the purposes referred to in art. 1 is optional. Explicit consent is required for each specified purpose. The interested party can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided, in this case not receiving the related services.

1. POTENTIAL BENEFICIARIES AND/OR CATEGORIES OF BENEFICIARIES

 

Exclusively for the purposes specified above, all data collected and processed may be communicated to internal figures in charge of processing according to their respective duties, system administrators as well as companies affiliated with the Data Controller or external subjects who carry out outsourcing activities on behalf of the Data Controller in their capacity as Data Processors. The complete list of the aforementioned subjects can be requested by you at the addresses indicated below. In any case, personal data may be communicated to judicial authorities in the exercise of their functions when required by the Applicable Regulations.

1. DATA STORAGE/PRESERVATION PERIOD

The data provided in relation to the purposes specified above will be kept for the time necessary for the pursuit of the specific purposes of the processing for which the user has given his consent and in any case no later than 24 (twenty-four) months.

1. 6.DATA TRANSFER to THIRD COUNTRIES AND/OR INTERNATIONAL ORGANIZATIONS

Your personal data will not be subject to/transferred to a third country and/or an international organization. However, the Data Controller reserves the right to use cloud services or services that provide for transfer to non-European countries: in this case, the suppliers of these services will be selected from among those who provide adequate guarantees, as required by art. 46 of the GDPR.

1. RIGHTS OF DATA OWNERS/INTERESTED PARTIES

In your capacity as an interested party, you have the rights referred to in art. 15 – 22 of the GDPR and precisely the rights of:

1. Access personal data: obtain confirmation whether or not data concerning you is being processed and, if so, access to the following information: purposes, data categories, recipients, retention period, the right to lodge a complaint with a supervisory authority, the right to request rectification or cancellation or limitation of treatment or opposition to the treatment itself as well as the existence of an automated decision-making process;
2. Request rectification or cancellation of the same (“right to be forgotten”) or limitation of the treatments that concern it; “limitation” means the marking of stored data with the aim of limiting its processing in the future;
3. Propose opposition to  processing: object for reasons connected to your particular situation to the processing of data for the execution of a task of public interest or for the pursuit of a legitimate interest of the Data Controller;
4. Data portability: in the case of automated processing carried out on the basis of consent or in execution of a contract, to receive the data concerning him in a structured format, commonly used and readable by an automatic device; in particular, the data will be provided to you by the Data Controller in .xml format, or similar;
5. e.Withdrawal of consent to treatment; the exercise of this right does not in any way affect the lawfulness of the processing carried out before the revocation;
6. f.Propose a complaint pursuant to art. 77 of the GDPR to the competent supervisory authority based on your habitual residence, place of work or place of violation of your rights; for Italy, the Guarantor for the protection of personal data is competent, who can be contacted via the contact details indicated on the website http://www.garanteprivacy.it.

The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated below.

Requests relating to the exercise of user rights will be processed without unjustified delay and, in any case, at the latest within one month of receipt of the request. This deadline may be extended by two months, if necessary, taking into account the complexity and number of requests.

You may exercise your rights at any time by sending:

• an email to: info@smartvenice.org

1. PERSONS AGED LESS THAN 18

This site and the services of the Data Controller are not intended for minors and the Data Controller does not intentionally collect personal information relating to minors. In the event that information on minors is involuntarily recorded, the Data Controller will promptly delete it at the request of the users.

1. COMUNICAZIONE IN CASO DI VIOLAZIONE DEI DIRITTI DEGLI INTERESSATI

Should a violation of your personal data occur such as to present a high risk for the rights and freedoms, the Data Controller will proceed to communicate the violation to the interested party without justified delay in compliance with the provisions of art. 34 of the GDPR.

1. COOKIES

The information related to cookies on this website is available at https://www.smartvenice.org/cookie-policy-ue/ 

1. DATA CONTROLLER, DATA PROCESSORS AND PERSONS IN CHARGE  

The Data Controller is SMART VENICE srl with headquarters in Cannaregio 980 30121 Venice VAT number 04240110272 tel 3407997555 email info@smartvenice.org. The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.

1. MODIFICATIONS TO THE PRESENT RULES

This information may be subject to changes. It is therefore advisable to check this information regularly and to refer to the most updated version.