Information Notice pursuant to Article 13 of EU Regulation 2016/679 – Article 13 of Legislative Decree 196/2003 (Personal Data Protection Code)
In accordance with European Regulation No. 679 of 2016 and Legislative Decree No. 196 of 2003 on the protection of personal data, you are hereby informed that the Data Controller is Bellagio Lake Como – Piazza della Chiesa, 14 – 22021 Bellagio (Como), Tax Code 01640630131 (hereinafter referred to as “the Controller”).
Personal data is processed in full compliance with EU Regulation 679/2016 and Legislative Decree 196/2003.
INFORMATION COLLECTED AND USED
“Personal information” or “personal data” refers to data that identifies, relates to, describes, can be used to contact, or can be linked, directly or indirectly, to the user. For the purposes of this Privacy Notice, there is no substantial difference between the terms “personal information” and “personal data.”
Personal information collected directly from the user. When the user visits or uses our Services, we collect the following categories of personal information directly from the user:
- Personal data (such as name, age, date of birth, gender)
- Contact details (such as email address, telephone number, postal address)
- Booking information
- Billing information (such as credit card, debit card or other payment card details and billing address)
- Reviews posted by the user (including any pseudonym under which the user publishes their reviews, or any personal information provided by the user about themselves or others in such reviews)
- Communications sent to us by the user (such as queries, conversations, complaints, or other information submitted to our support team)
- Information related to promotions (we collect any information provided by the user in relation to such activities)
- Other information the user may provide (including other information given about themselves or others through our Services or made accessible to us via third-party platforms)
The user may choose not to provide certain personal information as described above. However, please note that many of our Services require some personal information to function properly; therefore, if the user chooses not to provide the necessary data, they may not be able to use the Service or some of its features.
USE OF USER INFORMATION
We use the user’s personal data for the following purposes (“Purposes”):
- To provide the Services, including services, products, and features offered through our Services, and to fulfil the user’s requests.
- To communicate with the user regarding the use of our Services, products and/or features (e.g., to request reviews and feedback, send alerts and notifications, confirmations of bookings, administrative and data-handling emails, or other legally required notifications); to respond to the user’s comments and questions; to provide any form of customer support
- To send the user marketing communications, including those related to services or products offered by Bellagio Lake Como, its business and production partners, and intermediaries.
- To disclose the user’s data to intermediaries, technical and medical consultants, and other such parties collaborating with our organisation to fulfil contractual obligations; to parties providing services strictly related to the Controller’s activities, such as tax consultants, banks, couriers, insurers, public and private entities (including for inspections or audits); and to entities entitled to access the data by law
- To manage and improve our Services and develop new products and services, including through statistics to better understand how users interact with our Services.
- To process the user’s payment information
- To personalise the user’s experience with our Services, for example by drawing conclusions or combining various data we have collected about the user to offer improved search results or tailor our Services to their preferences or limitations.
- To provide the user with more relevant advertising both on and off our Services, such as personalised advertisements and offers
- To investigate, prevent, and protect against fraudulent, unauthorised, or illegal activities.
- To comply with directives, procedures, and legal obligations, including responding to requests from governmental or law enforcement authorities, managing legal disputes, and exercising rights or obligations as required by law
- In other ways authorised by the user or as required or permitted by applicable law. If the user consents to additional uses of their personal data, such consent may be withdrawn at any time by contacting us at the details below.
The user has options concerning their personal data and, in certain circumstances, may have the right to refuse or object to our use of their data for these purposes.
• Electronic communications. In line with the above Purposes and as permitted by applicable law, we may communicate with the user via electronic means, including email or SMS, to:
- Send information related to our products and Services, including confirmations and updates of bookings, receipts, technical notifications, updates, security alerts, and administrative or support messages.
- Send marketing communications and updates about products and Services offered by us, our affiliated companies, or business partners.
SHARING OF USER INFORMATION
We disclose the personal data we collect (or generate or receive) in the following ways:
- With our business and production partners, to provide the Services and for their purposes, which may include advertising or marketing.
- With intermediaries, technical and medical consultants, and other such parties collaborating with our organisation to fulfil contractual obligations; with parties providing services closely and necessarily linked to the Controller’s activities, such as tax consultants, banks, couriers, insurers, public and private entities (including for inspections or audits); and to entities entitled to access the data by law
- To process payments. Credit or debit card information may be required to process certain transactions such as bookings or purchases, in which case the user’s payment data is shared with travel partners and third-party payment providers (including fraud detection services)
- With other service providers. We share information with agents, consultants, and third-party service providers that perform services or functions on our behalf.
- To fulfil legal obligations. We may disclose the user’s personal data to government authorities or other relevant third parties to comply with legal requirements, court proceedings, legal processes, or legitimate governmental requests.
- Upon user request. We also share the user’s information in accordance with their instructions or with their explicit consent.
In certain cases, the user may have the right to refuse or object to the sharing of their personal information with specific third parties.
STORAGE AND PROTECTION OF USER INFORMATION
Bellagio Lake Como adopts commercially reasonable physical, administrative, and technical security measures designed to protect the user’s information from loss, misuse, unauthorised access, disclosure, alteration, and destruction.
Data retention. Data will be stored only for the time strictly necessary to provide the requested services and will be deleted upon user request. The data will not be disseminated.
We may also retain personal data as necessary to:
- Maintain business records and archives for analysis, security, and/or audit purposes.
- Comply with data retention requirements prescribed by law.
- Manage any complaints related to the Services.
- Fulfil our legal obligations, protect or defend our rights, resolve disputes, and enforce our agreements.
USER RIGHTS AND CHOICES
- Right of access (Art. 15 GDPR): The user has the right to access their data and to lodge a complaint with the supervisory authority.
- Right to rectification (Art. 16 GDPR): The user has the right to obtain rectification of inaccurate personal data concerning them.
- Right to erasure (right to be forgotten) (Art. 17 GDPR): The user has the right to request the deletion of their personal data without undue delay.
- Right to restriction of processing (Art. 18 GDPR): The user has the right to restrict the processing of their data.
- Obligation of notification (Art. 19 GDPR): The Controller shall inform each recipient to whom personal data has been disclosed of any rectification, erasure, or restriction conducted in accordance with Articles 16, 17, and 18
- Right to data portability (Art. 20 GDPR): The user has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit such data to another controller.
- Right to object (Art. 21 GDPR): The user has the right to object to the processing of their personal data.
- Profiling (Art. 22 GDPR): The user has the right not to be subject to a decision based solely on automated processing, including profiling, that significantly affects them.
Contact details of the Data Controller:
Bellagio Lake Como – Piazza della Chiesa, 14 – 22021 Bellagio (Como)
Telephone number: +39.031.951.555
E-mail: info@promobellagio.it
INTERNATIONAL DATA TRANSFERS
Data may be transferred within the European Union, where the Controller or its suppliers and partners are located or have servers. Data will not be transferred outside the European Union.
CHILDREN
Our Services are not intended for or directed towards children. We do not knowingly collect data from individuals under the age of sixteen. If you become aware that your children or other minors in your care have provided us with personal data without your consent, please contact Bellagio Lake Como – Piazza della Chiesa, 14 – 22021 Bellagio (Como), telephone number +39.031.951.555, e-mail info@promobellagio.it.