If you are one of our customers, a subscriber to newsletters, or a visitor to our website, you entrust us with your personal data. We are responsible for protecting and safeguarding those data. Please familiarise yourself with personal data protection and with the principles and rights that you have in connection with GDPR (General Data Protection Regulation).
Who is the data controller?
The company J.B.P. Srl, having its registered office at Viale IV Novembre 65, Montecatini Terme, Italy, 51016, is the controller and operator of the website https://villaaurora-montecatini.net. We process your personal data as the controller, i.e. we determine how the personal data are to be processed and for which purpose and for how long, and we might also select a different processor to help us process the data.
If you want to contact us at any time we are processing your data, you can contact us by e-mail at email@example.com.
Declaration of the controller
We declare that, as the controller of your personal data, we comply with all statutory obligations required by the legislation in force, in particular the Act on Personal Data Protection and GDPR, i.e. that:
- we will only process your personal data on a valid legal ground, in particular legitimate interest, performance of a contract, statutory obligation, or given consent;
- we fulfil the obligation to inform before commencing personal data processing;
- we make it possible for you to exercise and perform your rights according to the Act on Personal Data Protection and GDPR and will support you in this.
The scope of personal data and the purposes of processing
We process the personal data that you entrust us with on the following grounds (in order to achieve the following objectives):
Marketing – sending newsletters
We use your personal data (e-mail, first name, surname), what you click on in an e-mail, and when you most frequently open e-mails for direct marketing purposes – sending you commercial communications.
We will only send you newsletters with your consent, until such time as you withdraw your consent. In both cases you can withdraw your consent by using the deregistering link in each e-mail that we send.
Advanced marketing subject to consent
Only when we have your consent will we also send you inspiring offers from third parties or use your e-mail address for remarketing and targeting advertising on Facebook, for a period of 5 years, or until you withdraw your consent using our contact details. We retain your personal data for the duration of limitation periods, unless the law determines a longer period of retention or we have not specified otherwise in particular cases. Even in this case you have the right to simply withdraw your consent at any time. You can withdraw your consent by using the deregistering link in each e-mail that we send.
Personal data safeguarding and protection
We protect your personal data to the maximum possible extent using modern technology which matches the level of technical advancement. We protect them as if they were our own. We have adopted and uphold all possible (currently known) technical and organisational measures to prevent the misuse of, damage to, or the destruction of your personal data. Not only do we regularly check the security of personal data, we also improve on their protection on an ongoing basis.
Transferring personal data to third parties
Our employees and colleagues have access to your personal data. In order that we may carry out certain processing operations that we cannot manage on our own, we use the services and applications of processors who are able to protect data even better than we are and who specialise in such processing.
These are the following providers:
- Facebook and Instagram – Facebook pixel
- Google – Google Analytics, Google Ads
- Seznam.cz, a.s. – Seznam Sklik
It is possible that we will in the future decide to use other applications or processors in order to simplify and improve the quality of processing. We expect, however, that in such case we would, when making our selection, place at least the same demands on security and the quality of such processing on those processors as we do on ourselves.
Transferring data outside the European Union
We only process data within the European Union or in countries that ensure the corresponding level of protection based on a decision by the European Commission.
Your rights in connection with personal data protection
You have a number of rights in connection with personal data protection If you wish to exercise any of these rights, please contact us by e-mail at: firstname.lastname@example.org.
You have the right to information, which has been satisfied by this information sheet stating the principles of personal data processing.
The right of access means that you can call on us in writing, at any time, and we will inform you of which of your personal data we process, where we store such data, on what ground, for which purpose, and for how long. This we will do within a time limit of 14 days of delivery of your inquiry.
If there is a change on your part or you find that your personal data are outdated or incomplete, you have the right of supplementation and rectification of personal data.
If you believe that the personal data that we process about you are incorrect, you can contact us using our contact details (the right of rectification).
You may use the right of restriction of processing if you believe that we are processing inaccurate data about you or if you believe that we are carrying out unlawful processing, but you do not want to erase all data or if you have lodged an objection to processing. You may restrict the scope of personal data or the purposes of processing. (For example, by deregistering from a newsletter you restrict processing for sending commercial communications.)
The right of data portability
If you would like to take your personal data and transfer it to someone else, we will proceed in the same way as if you were exercising the right of access, with the difference that we will provide you with the information in machine-readable format. We will need 30 days from the delivery of your written request to be able to do this.
The right of erasure (the right to be forgotten)
Another of your rights is the right of erasure (the right to be forgotten). We don’t want to forget you, but if that is what you wish, it is your right. In such case we will erase all of your personal data from our system and from the system of all sub-processors and back-ups. We need 30 days to ensure the right of erasure.
In certain cases, we are bound by statutory obligation and, for example, must keep issued tax documents for the length of time laid down by law. In such case we will erase all such personal data that are not bound by another law. We will inform you of having completed erasure by e-mail.
Complaint at the Office for Personal Data Protection
If you feel that we are not handling your personal data according to the law, you have the right to contact Úřad pro ochranu osobních údajů (Office for Personal Data Protection) with your complaint at any time. We would be happy if you were to inform us of your suspicions first, by e-mail at email@example.com, so that we can do something about it and rectify any mistakes.
Deregistering from the sending of newsletters and commercial communications
If you are one of our customers, we send you e-mails with inspiration, articles, or products and services in our own legitimate interest.
If you are not one of our customers, we will only send them to you if you have given us your consent. In both cases you can stop us sending you e-mails by using the deregistering link in each e-mail we send.
We assure you that our employees and colleagues who process your personal data are obliged to maintain confidentiality with regard to personal data and with regard to security measures, whose disclosure could jeopardise the security of your personal data. Such confidentiality remains in place even after your relationship of obligation with us has come to an end. Your personal data will not be provided to any third party without your consent.
These principles of personal data processing are valid as of 15. 5. 2020.
J.B.P. Srl, firstname.lastname@example.org
Operator of the website https://villaaurora-montecatini.net