top of page

PRIVACY

Lake Garda

In the following section you will find information on the handling of your personal data, which is collected during your navigation on the website and when using the services we offer. In order to be able to provide you with all functions and services of our website, it is necessary for us to collect and process personal data about you. The processing of your personal data can include any type of action, including collecting, organizing, storing, querying, evaluating, changing, selecting, reading out, comparing, using, linking, blocking, communicating, deleting and destroying. Your personal data is always processed in accordance with the principles of legality and fairness, taking into account all applicable regulations and in accordance with EU Regulation 679/2016 of the European Parliament and Council. We explain what data we collect, why it is necessary and what rights you have in relation to your data.

responsibility for data processing

Responsible for the processing of personal data on this website

Ca Nova Agriturismo

Strada Castellaro Cavriuana 17,

46040 Monzambano,

VAT no. FREJSF65T02A022I

If you have any questions, you can also contact us at any time.
Email: info@canovaagriturismo.com
Internet: www.canovaagriturismo.com

purpose of data processing

The controller processes data

  1. to fulfill legal obligations

  2. to fulfill the obligations arising from contracts

  3. to provide you with the information and services you have requested

  4. to check the efficiency of the system

  5. to carry out marketing campaigns such as sending commercial information, advertising material and market research

  6. to protect liabilities (e.g. payments)

  7. to determine customer satisfaction with regard to the quality of products and services

type of data processing

Your personal data will be processed manually, telematically, but mainly with automated means and processes adapted to the respective purposes. Databases and electronic platforms managed by us or by third parties are mainly used here. Any type of data processing ensures the security and confidentiality of the data.

When connecting to the website, computer systems and software procedures automatically and indirectly manage and/or acquire a series of general data and information. The following data can be recorded:

  • browser types and versions used

  • the operating system used

  • the website from which an accessing system reaches our website (so-called referrer)

  • the sub-websites, which are controlled via an accessing system on our website

  • Date and time of access

  • an internet protocol address (IP address)

  • other similar data and information

This general data and information is stored in the server's databases and log files to ensure you a stable and secure experience. The legal basis is Art. 6 in the GDPR.
This anonymously collected data and information is therefore evaluated statistically on the one hand and also with the aim of increasing data protection and data security in order to ultimately guarantee an optimal level of protection for the personal data we process.

Retention of data

In order to comply with the law, the holder has established different retention periods for personal data depending on the individual purposes:
 
1) For the management and response to your requests regarding products and initiatives, your personal data will be kept for as long as it is necessary to process your request.
2) For the management of activities related to your use of the website, your personal data will be kept for as long as it is necessary for the provision of the service you have requested.
3) For the administration and exercise of the service provision activities provided for by law (relating to billing, administration, taxation, etc.), your personal data will be kept for as long as is necessary for this purpose
4) For the management of disputes and possible litigation, your personal data will be kept for as long as is strictly necessary for the pursuit of these purposes and, in any case, no longer than the applicable limitation periods.

Dissemination of the data

The personal data processed by us are in principle not subject to dissemination. In certain cases, data will be transferred to the following recipients.

Subcontractors for technical checks, payments, identity and delivery services, analysis providers or credit insurance agencies.
Public administration and authorities, if provided for by law
Credit institutions with which we have business relationships for the management of receivables/payables and for the provision of financing
any natural or legal, public and/or private person (legal, administrative and tax consultancy offices, courts, chambers of commerce, etc.) if the forwarding of the data proves to be necessary or useful for the performance of our activities

Contactform

Should you choose to send an enquiry via the contact form, it is necessary to provide certain personal data in order to meet your requirements. This is also the reason why the respective fields of the form are marked with an asterisk or otherwise as mandatory data. The provision of further personal and sensitive data is entirely up to you. Failure to provide or incomplete provision of the personal data marked with an asterisk or otherwise as mandatory data will result in the performance or service requested by you not being able to be carried out. By submitting the form, you consent to the processing of your data. Your data will be processed for the administration and answering of your questions and will not be stored longer than necessary for the respective processing purposes.

Using Cookies

To improve the use of our website, we use cookies. Cookies are text information that is stored on a computer via the browser when you visit a website. This storage is used to recognise a session. You can delete stored cookies at any time via your web browser or adjust the settings so that no cookies are stored. Under certain circumstances, it may then be the case that not all our services and functions of our website are available.

Rights of User

The rights under discussion may be asserted by the party concerned or by a person appointed by him or her by means of a request sent by registered mail or e-mail and directed to the person responsible for the processing. The user has the right to obtain a copy of the personal data in our possession. The reply will be given within the period prescribed by law.
In certain cases, we may store some information for legal purposes (suspected fraud, breach of terms and conditions). If you believe that your rights have been violated, you also have the right to lodge a complaint with the relevant data protection supervisory authority or to take legal action.

We summarise the rights of the affected user again as follows:

Right to confirmation
Every data subject has the right to obtain confirmation from the controller that personal data in question are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact us at any time.
Right of access
Every data subject has the right to obtain, at any time and free of charge, information about the personal data stored about him or her. The information includes the following information:
the purposes of processing
the categories of personal data processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations. Moreover, if the data are transferred to a third country, the data subject shall have the right to obtain information on the guarantees of the data processing.
the planned duration for which the personal data will be stored
the existence of a right of appeal to a supervisory authority
if the personal data are not collected in the company concerned: Any available information about the origin of the data
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Right of rectification
Any person affected by the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him or her.
Right to erasure
Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:
The personal data have been collected or otherwise processed and are now no longer necessary.
The data subject revokes his/her consent on which the processing is based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO or the processing is contrary to any other legal basis.
The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data have not been collected in relation to services offered pursuant to Article 8(1) of the GDPR - Protection of Minors.

  1. Right to restriction of processing
    Any person concerned by the processing of personal data has the right to obtain from the controller the restriction of processing where one of the following conditions is met:
    The accuracy of the personal data is contested by the data subject. The restriction shall apply for a period enabling the controller to verify the accuracy of the personal data.
    The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
    The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defence of legal claims.
    The data subject has objected to the processing pursuant to Article 21(1) DS-GVO and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
    Right to data portability
    Every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, common and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.

  2. Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
    Right to object
    Any person concerned by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her. This also applies to profiling based on these provisions.

  3. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

  4. If we process personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing.
    Automated decisions in individual cases including profiling
    Any data subject concerned by the processing of personal data shall have the right to object to a decision based solely on automated processing - including profiling - which produces legal effects concerning him or her and significantly affects him or her, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller. If the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or if it is made with the data subject's explicit consent, we shall take reasonable steps to safeguard the data subject's rights and freedoms.
    Right to withdraw consent under data protection law
    Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

Place of processing of your personal data

Your personal data will be processed mainly on our premises and in those departments where the data processing controllers are located. The contractually agreed service is provided exclusively in a member state of the European Union or in a contracting state of the Agreement on the European Economic Area. Any relocation of the service or parts thereof to a third country requires the prior consent of the client and may only take place if the special requirements of Art. 44 et seq. DS-GVO are fulfilled (e.g. adequacy decision of the Commission, EU standard data protection clauses, approved codes of conduct).

Please contact us for further information at the addresses given in the "Imprint" section.

Using of Request or Bookingtool

Data processing when using PMS systems (widgets) Widgets of the company zadego GmbH (easybooking) may be implemented on these pages. zadego GmbH Anton-Melzer Straße 10 6020 Innsbruck Austria The provider is a PMS system, which represents the provider of the hotel software of the responsible person. Depending on the tourism business, the widgets can be the following: • Enquiry form • Booking engine • Small Search (enquiry, booking) • Category View • Room view • Packages Widget • Price overview • Price comparison • Availability calendar • Online Check-In a. General information In order to process your enquiry or booking, it is necessary that the data provided by you to the responsible person is processed. The above-mentioned person in charge and zadego GmbH (both jointly also referred to as "provider") have a contractually regulated business relationship. The person responsible obtains his hotel administration or booking software from zadego GmbH. The personal data provided by you will be transferred to the administration system and to companies in business relations with the administration system. This transfer takes place in particular to the aforementioned landlords, possibly also to tourism associations, registration providers, payment providers and other companies that are linked to the administration system and/or landlord and must be consulted for the fulfilment of postcontractual obligations. The use of personal data by the providers is governed by the applicable statutory provisions and the consent given by you to the use of your data. zadego GmbH • Anton-Melzer Straße 10 • 6020 Innsbruck ✆ +43 5 0908 • ✉ office@easybooking.euwww.easybooking.eu b. Collection of data Within the framework of an enquiry or booking with the tourism company, you provide relevant data for the execution of the same. As a rule, this involves the following: • First name and surname • E-mail address • Address • Telephone • Payment data (bank details, credit card details) • birth data (for the identification of children) This data is only collected to the extent permitted by law and only with your consent and active participation. As far as the consent is declared electronically within the scope of the services, the legal obligations to provide information are taken into account and this consent is recorded by suitable technical systems. c. Purpose of this data processing The person responsible will process your personal data in this context for the following purposes: • Offering • Online Check-In • Fulfilment of reporting obligations • Payment processing • Accounting If you enter personal data (contact data, e-mail, data of the desired stay in our house) in one of these widgets, this is always done on a voluntary basis and only for the purpose of being able to make an appropriate offer for your desired stay. If there is no contractual relationship between the parties (i.e. there is no stay in the business of the responsible person), the data of the person concerned will be deleted automatically from the systems immediately. In individual cases, legal storage and deletion periods must be observed.

bottom of page