Privacy Policy of www.bedandbreakfastpisatower.com

This Application collects some Personal Data from its Users.

Data Controller: Elisa Meoni, Via C. Matilde, 54, 56127 Pisa (PI)

Email address of the Owner: info@bedandbreakfastpisatower.com

Types of Data collected

Among the Personal Information collected by this Application, either independently or through third parties, there are: phone number, Cookies, Usage data, email address, first name, last name, address, username, password, fax number, country, province, ZIP code and city, date of arrival and departure, number of traveling guests as a result, special needs that could be sensitive personal data (which the user spontaneously communicates to the holder for the achievement of the purposes of the Application itself).

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data are collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
All the Data required by this Application are mandatory and, in the absence of their provision, it may be impossible for this Application to provide the service. In cases where this Application indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the service or on its operation.
Users who have doubts about which data are mandatory, are encouraged to contact the owner.
Any use of Cookies – or other tracking tools – by this Application or by third party service providers used by this Application, unless otherwise specified, is intended to provide the service requested by the User, in addition to the additional purposes described in this document and in the Cookie Policy, if available.

The User assumes the responsibility of the Personal Data of third parties published or shared through this Application and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Mode and place of processing of collected data

Method of treatment

The Data Controller processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may have access to the Data subjects of the persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.

Place

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the owner.

times

The Data are processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document, and the User can always ask for the interruption of treatment or deletion of data.

Purposes of the processing of collected data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Contacting the User, Payment Management, Analytics, Interaction with external social networks and platforms, Registration and authentication, Interaction with live chat platforms and viewing content from external platforms.

The types of Personal Data used for each purpose are indicated in the specific sections of this document.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

CONTACT THE USER

Contact by phone (This Application)

Users who provided their telephone number may be contacted for commercial or promotional purposes related to this Application, as well as to satisfy requests for support.

Personal Data collected: telephone number.

Mailing List or Newsletter (This Application)

By registering with the mailing list or the newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this Application may be transmitted. The email address of the User could also be added to this list as a result of registration to this Application or after making a purchase.

Personal Data collected: email.

Contact Form (This Application)

By filling out the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other kind indicated by the form header.

Personal Data collected: surname, email address, first name, phone number.

BOOKING ROOMS OF THE B & B

With the reservation allows the Application to identify it and give it access to dedicated services.
Depending on the following, the booking and authentication services could be provided with the help of third parties. If this happens, this application will be able to access some data stored by the third party service used for registration or identification.

Direct Booking (This Application)

The User books by filling out the registration form and providing this Personal Data directly to this Application, after selecting the room, arrival date, departure date and number of travelers in tow.

Personal Data collected: ZIP code, city, surname, email address, country, name, fax number, phone number, password, province, username and various types of Data as specified in the privacy policy of the service.

DISPLAY OF CONTENTS FROM EXTERNAL PLATFORMS

This type of service allows you to view content hosted on external platforms directly from the pages of this application and interact with them.
In the event that a service of this type is installed, it is possible that, even if the Users do not use the service, the same collect traffic data relating to the pages in which it is installed.

YouTube Video Widget (Google Inc.)

YouTube is a video content display service managed by Google Inc. that allows this application to integrate such content within its pages.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy Policy

PAYMENT MANAGEMENT

The payment management services allow this Application to process payments by credit card, bank transfer or other instruments. The data used for payment are acquired directly by the payment service provider requested without being in any way treated by this Application.
Some of these services may also allow the sending of messages to the User, such as emails containing invoices or notifications regarding payment.

PayPal (Paypal)

PayPal is a payment service provided by PayPal Inc., which allows the User to make payments online.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Privacy Policy

INTERACTION WITH THE SOCIAL NETWORK AND EXTERNAL PLATFORMS

This type of services allow interactions with social networks, or other external platforms, directly from the pages of this Application.
The interactions and information acquired by this Application are in any case subject to the User’s privacy settings related to each social network.
If an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, the same collect traffic data relating to the pages in which it is installed.

Like button and Facebook social widgets (Facebook, Inc.)

The “Like” button and Facebook social widgets are services of interaction with the social network Facebook, provided by Facebook, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy Policy

STATISTICS

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

Google Analytics (Google)

Google Analytics is a statistical service provided by Google.

Personal Data collected: Cookies and Usage Data.

Place of processing: USA – Privacy Policy

Statistics collected directly (This Application)

This application uses an internal statistics system, which does not involve third parties.

Personal Data collected: Cookies and Usage Data.

COMMENTS TO THE POST

Commenting on posts and articles of this application will be required, for the publication of the comment: Name, Surname, Email and Website (optional), as well as data connection and web browser used.

Further information on Personal Data

SALE OF GOODS AND ONLINE SERVICES

The Personal Data collected is used for the provision of services to the User or for the sale of products, including payment and any delivery. The Personal Data collected to complete the payment may be those relating to the credit card, the bank account used for the transfer or other payment instruments provided. The payment details collected by this application depend on the payment system used.

Cookie Policy

This application uses cookies. To learn more and for detailed information, you can consult theCookie Policy .

More information on treatment

Defense in court

The User’s Personal Data may be used by the Owner in court or in the stages leading to his possible establishment for the defense against abuse in the use of this Application or related services by the User.
The User declares to be aware that the Data Controller may be required to disclose the Data at the request of the public authorities.

Specific information

At the request of the User, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.

System logs and maintenance

For needs related to operation and maintenance, this Application and any third party services used by it may collect System Logs, which are files that record the interactions and which may also contain Personal Data, such as the User IP address.

Information not contained in this policy

More information in relation to the processing of Personal Data may be requested at any time to the Data Controller using the contact information.

Exercise of rights by Users

The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or otherwise of the same with the Data Controller, to know its content and origin, to verify its accuracy or request its integration , the cancellation, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their processing. Requests should be addressed to the Data Controller.

This Application does not support “Do Not Track” requests.
To know if any third-party services used support them, the User is invited to consult their respective privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom. In case of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Application and may request the Data Controller to remove his Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected until then.

Request and cancellation of personal data (GDPR)

 

By using this form you agree with the storage and handling of your data by this website.

HOSTING

This application is hosted by WebServiceStudio LLC, with registered office at 30 N GOULD ST STE R, SHERIDAN WY 82801, EIN: # 61-1867672, USA.

We guarantee the strict application of the standard security measures provided by the industry for the protection of personal data of the User. These measures include without limitation: firewall, data encryption, password protected access to the confidential information of the Users, limited access to authorized personnel and / or collaborators, if necessary for the fulfillment of the obligations of KarmaHost under the agreements established and to which the company is bound by terms of confidentiality, the coded transfer of data communicated by the User using the order forms, access, etc. diKarmaHost. Security and privacy restrictions that will go beyond our control may apply. By communicating their data to KarmaHost, the User understands and accepts that the security, integrity and confidentiality of such data may not be 100% guaranteed.

In detail:

I. Confidentiality

• Control over physical access

• electronic access control with register

• high security fence around data centers

• documented distribution of keys to employees and customers in colocation (each customer for their own rack)

• Procedures to accompany visitors within the datacenter

• staff present within the 24/7 datacenter

• Monitored video inputs and outputs, security ports that block the various rooms that host the servers

• Access to visitors is allowed only in the presence of an employee

• Monitoring

• electronic access control with register

• video surveillance of all inputs and outputs

• Electronic access control

• For dedicated servers, colocation servers and cloud servers

• server passwords that after the first activation can only be changed by the customer and are not known by the provider

• the client’s administrative passwords are only known by the client itself, the password must be robust and respond to our guidelines. The customer can also set up two-factor authentication to increase the security of his account

• for managed servers and hosting

• access is password protected and only the customer and the provider know about it.Passwords must be robust and must be changed regularly

• internal access control

• for the internal administration systems of the provider

• The provider prevents authorized access by keeping the systems up-to-date with security updates

• processes to distribute the necessary permissions to the provider’s employees

• For dedicated servers, colocation servers and cloud servers

• the responsibility for access control is the responsibility of the customer

• for managed servers and hosting

• The provider prevents authorized access by keeping the systems up-to-date with security updates

• processes to distribute the necessary permissions to the provider’s employees

• Data control

• discs that were previously used will be deleted more than once as required by data protection policies at the end of the contract. After testing the deleted disks will be reused

• Defective discs that can not be deleted will be destroyed directly inside the datacenter

• insulation control

• for the internal administration system of the provider

• data is physically or logically isolated and saved separately from other data

• backups are created using similar systems of isolation, physical or logical

• For dedicated servers, colocation servers and cloud servers

• The customer is responsible for checking the insulation

• for managed servers and hosting

• data is physically or logically isolated and saved separately from other data

• backups are created using similar systems of isolation, physical or logical

• pseudonymisation

• the customer is responsible for pseudonymisation

II. Integrity (Art. 32 Par.1 clause b GDPR)

• Control of data transfer

• all employees have been trained on the basis of Article 32 Par. 4 GDPR and are obliged to ensure that personal data are managed in compliance with the Data Protection Regulation

• in accordance with data protection, all data will be deleted after the end of the contract

• there is the possibility of transmitting data in an encrypted manner

• control on data entry

• for the internal administration system of the provider

• data are entered by the customer

• changes are kept in our records

• For dedicated servers, colocation servers and cloud servers

• responsibility for entering data is the responsibility of the customer

• for managed servers and hosting

• Data is entered by the customer

• changes are kept in our records

III. Availability and resilience (Art. 32 Par. 1 Clause b GDPR)

• availability check

• for the internal administration system of the provider

• daily backups and the possibility to restore relevant data

• professional use of security software (antivirus, firewall, spam filters, encryption software)

• use of disk mirroring on all servers where relevant

• monitoring of servers where relevant

• use of an emergency system in the event of a blackout

• permanent DDoS protection

• For dedicated servers, colocation servers and cloud servers

• Data backup is the responsibility of the customer

• use of an emergency system in the event of a blackout

• permanent DDoS protection

• for managed servers and hosting

• daily backups and the possibility to restore relevant data

• use of disk mirroring on all servers where relevant

• use of an emergency system in the event of a blackout

• use of firewall software and locked ports

• permanent DDoS protection

• rapid restoration measures (Article 32 Par. 1 Clause c GDPR)

• for all internal systems there are specifications that inform the most suitable person in case an error occurs to restore the systems as quickly as possible

IV. Procedures for testing, verifying and evaluating the effectiveness of technical measures (Art. 32 Par. 1 GDPR clause; Art. 25 Par. 1 GDPR)

• the data protection management system and the information security management system have been combined into a data protection information security management system (DIMS).

• incident response management is available

• we use default settings that are Data-protection-friendly during software development (Art. 25 Par. 2 GDPR).

• Agreement or control of the contract

• Our employees are trained according to data protection laws and are familiar with the procedures and guidelines on the personal data management of our customers.

DEFINITIONS AND LEGAL REFERENCES

Personal Data (or Data)

It constitutes personal data any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.

Usage Data

This information is collected automatically by this Application (or by third-party applications that this Application uses), including: IP addresses or domain names of the computers used by the User that connects with this Application, the addresses in Uniform Resource Identifier (URI) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc. ) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, to the parameters relating to the operating system and to the user’s IT environment.

User

The individual who uses this application, which must coincide with the interested party or be authorized by him and whose personal data are being processed.

Interested

The natural or legal person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other body, association or body appointed by the Data Controller to process Personal Data, as prepared by this privacy policy.

Data Controller (or Holder)

The natural person, legal entity, public administration and any other body, association or body to which they are responsible, even together with another owner, decisions regarding the purposes, methods of processing personal data and the tools used, including the profile of the security, in relation to the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

This Application

The hardware or software tool through which the Personal Data of Users are collected.

Cookie

Small portion of data stored in the User’s device.

Legal references

Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under Art. 10 of the Directive n. 95/46 / EC, as well as the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC, concerning Cookies.

This privacy statement only concerns this Application.