INFORMATION NOTICE PURSUANT TO THE TERMS AND EFFECTS OF THE GENERAL DATA PROTECTION REGULATION (REFERRED TO BELOW AS THE “GDPR”)
Under the terms of the GDPR, Compagnia Gestione Turistiche Srl (also referred to below in brief as “COGEST”, the “Company” or the “Data Controller”), with registered office at Via Pendege 7, 38026 Ossana (TN), in its position as data controller, hereby provides you with information on the processing of the personal data – as defined in the GDPR – of the users of www.campingcevedale.it (also referred to below in brief as the “Website”), which is necessary to enable it to provide information on the services offered at Camping Cevedale.
The Company asks you to read this information notice carefully. If you should have any doubts or comments, you should contact the Data Controller on +39 0463 751360 or by email at firstname.lastname@example.org.
1. Sources of procurement, personal data and reasons for its processing, legal base and conferral of personal data
1.1 Registration data
The personal data which you supply through the Contacts section of the website may be processed by the Company for the following purposes:
a) For purposes linked to your requests for information, as presented in the data collection form, to ensure that you are offered a valid service
Legal base: execution of an agreement
b) For marketing purposes linked to the presentation of offers, promotional activities in general and the publication of a regular newsletter on events and new business initiatives
Legal base: consent
You may withdraw your consent at any time by means of the contact information set out in the relevant section.
2.2 Browsing data
The IT systems and software procedures used in the website acquire certain items of your personal data during their normal operation, whose transmission is implicit in the use of internet communication protocols. Although this information is not collected with a view to identifying any users, it may by its very nature enable the users to be identified through the processing of and combination with data held by third parties.
This category of data includes IP addresses or domain names of the computers used by those connecting to the website, the addresses in URI (Uniform Resource Identifier) notation of the resources sought, the time of the request, the method used to present the request to the server, the size of the file received in reply, the numerical code indicating the server response status (successful, error, etc) and other parameters relating to the operating system and your IT environment. These data are used solely to obtain anonymous statistical information for the use of the website and to carry out operating checks, and are cancelled immediately after they have been processed. The data could be used to ascertain liability in the event of electronic offences against the website. The data will in any case be kept for the periods strictly necessary in law to supply the user with the service required and guarantee the transmission of the messages sent.
The optional, explicit and voluntary supply of information to the addresses indicated in this website
Cookies are short text fragments (letters and/or numbers) which enable web servers to memorise information on the client (browser) which can be reused the next time the Website is visited (session cookies) or at a later date (persistent cookies). The cookies are memorised by the browser in the specific device used (computer, tablet or smartphone).
Cookies are useful because they enable a website to recognise the user’s device. They have various purposes. For example, they enable the user to surf the pages efficiently, remember favourite websites, and enhance the browsing experience in general. They are also used to guarantee that the advertising content displayed online is targeted towards yourself and your interests. Depending on their function and type of use, cookies may be classified as technical, profiling or third party. This website uses only technical and third party cookies.
1.1 Technical cookies. Technical cookies are only used to “transmit a message over an electronic communication network, or to the extent which is strictly necessary to provide a supplier of a service with the information explicitly necessary to provide a service to the subscriber or user” (article 122, subparagraph 1, of the Code of Privacy). They are not used for any other purposes and are normally installed by the owner or manager of the website directly. They may be subdivided into surfing or session cookies, which are used to ensure that the website can be consulted and used correctly, cookie analytics, which are similar to technical cookies when used by the website manager to obtain information on the number of users and the ways in which they visit the site, and functionality cookies, which enable the user to browse in the website on the basis of a series of criteria selected to improve the service rendered.
The prior consent of the users for the installation of cookies of this kind is not required.
These cookies may be deactivated or eliminated through the browser settings. All modern browsers enable the users to modify the cookie settings. These settings can normally be found in the “options” or “favourites” settings of the user’s browser. The following links may be useful as a guide to these settings. Alternatively, you may use the help option in the browser to obtain further information.
Setting the cookies in Internet Explorer
Setting the cookies in Firefox
Setting the cookies in Chrome
Setting the cookies in Safari and iOS
If you deactivate the cookies, the service offered to you through the website will be restricted, and will therefore have an impact on your browsing experience.
|Technical cookies in the website||Purpose||Duration|
|all_language||To memorise the surfing language||365 days|
|SSC_campingcevedaleit||To store session information (home page)||180 days|
|SN_campingcevedaleit||To store session information (click on privacy)||180 days|
|SSID_campingcevedaleit||To store session information||until the browser is closed|
|SV_campingcevedaleit||To store session information||until the browser is closed|
|displayCookieConsent||To store session information (no click on privacy)||until the browser is closed|
This website contains no proprietary or third party profiling cookies.
While browsing, you may receive cookies from other websites or servers (third party cookies). This can occur if the website contains materials such as images, maps, sounds or specific links to web pages in other domains resident in servers other than that in which the page required is located. These cookies are imposed directly by managers of other websites or servers. In theory, these third parties could impose cookies while you are consulting the website, as a result of which they could obtain information on the fact that you consulted the COGEST website.
Social Networks, Facebook and Twitter
This Website grants access by means of links to Facebook and Twitter, but their profiling cookies, if any, will only be installed in the user’s browser after he/she has left the Website and set up access to those social network sites. For further information on the cookies of those two social networks, go to:
https://www.facebook.com/about/privacy/ and http://support.twitter.com/privacy
2.3 Google Analytics
For further information, go to https://www.google.it/policies/privacy/partners/. The user may selectively disable the action of Google Analytics by installing the opt-out component supplied by Google in his/her browser. To disable the action of Google Analytics, go to https://tools.google.com/dlpage/gaoptout
2.4 Shinystat Analytics
You may selectively disable the action of Shinystat Analytics by installing the opt-out component supplied by Shinystat in your browser. To disable the action of Shinystat Analytics, go to http://www.shinystat.com/it/opt-out_free.html.
3. Processing methods
The data is processed with or without the use of electronic and automatic systems based on logic strictly linked to the purposes concerned, and in such a way as to ensure the security and confidentiality of the data obtained.
4. Conferral of data
The conferral of Registration Data for the purposes described in section 1.1 a) of this information notice, in relation to the requests forwarded by you through the Contacts section of the website, is mandatory. If you should fail to provide the data expressly indicated as mandatory by means of an asterisk alongside the field, in whole or in part, it will be impossible for the Company to proceed as indicated. The supply of the Registration Data indicated in this information notice for marketing purposes is optional, and the only possible consequence if you should fail to provide them is that it may be impossible for the Company to proceed as indicated.
5. Forwarding of data
Without affecting the mandatory disclosure in law, none of the data will be passed on to third parties other than in the situations described in the previous sections.
The personal data will not in any case be divulged other than when it is necessary to do so in law.
6. Data transfer
The data obtained through the website will not be passed on to countries outside the European Union.
7. Duration of the processing
The personal data referred to in section 1.1 a) will be processed throughout the duration of the contractual relations set up. Subsequently, they will be processed only for purposes of compliance with the law, and in any case for the period of time necessary to complete the formalities indicated. The personal data referred to in section 1.1 b) which are processed for marketing purposes may be kept for 24 months as of the date when we obtain your most recent consent.
8. Data controller and manager
The data controller is COGEST Compagnia Gestioni Turistiche S.r.l., with registered office at Via Pendege 7, Ossana (TN), phone and fax +39 0463/751630, email email@example.com, which you may contact to exercise your rights under the terms of the GDPR.
The constantly updated list of data managers can be obtained from the registered office of the Company.
9. Your rights under the terms of the GDPR
Under the terms of the GDPR, the Company also informs you that you may exercise the following rights when the relevant conditions have been satisfied:
– the right of access to your personal data
– the right to obtain a copy of the personal data supplied by you (portability)
– the right to make changes to the data in our possession
– the right to the cancellation of any data which the Company no longer has any legal right to process
– the right to raise objections to the processing, when the regulations in force so permit
– the right to withdraw your consent, if the processing is based on that consent
– the right to restrict the ways in which the Company processes your personal data, subject to the limits laid down in the regulations in force
The exercise of these rights is subject to a number of exceptions aimed at safeguarding the public interest (the prevention and detection of criminal offences, for example) and the interests of the Company. If you should exercise any of the rights listed above, the Company will be obliged to carry out checks to ensure that you are legally entitled to do so, in respect of which you will normally be contacted within a maximum of one month.
If you should have any comments or complaints as to the way in which your data have been processed, the Company will do everything in its power to respond to your concerns. Should you so require, however, you may present any complaints that you may have to the data protection authority, known as the Personal Data Regulator, using the contact data available at www.garanteprivacy.it.
CONDITIONS FOR THE USE OF THE WEBSITE
The conditions for the use of www.campingcevedale.it (referred to below as the “Conditions for Use” and the “Website” respectively) are set out below.
Access to the Website and any action carried out which involves browsing the web pages imply full acceptance of these Conditions for Use.
If the user does not intend to accept the Conditions for Use, he/she need merely refrain from browsing the web pages.
Any party gaining access to the Website implicitly declares that he/she will not use it or the materials contained therein for any unlawful purposes or in any case in breach of the legislation in force.
The Conditions for Use may be modified by the Website owner, Compagnia Gestioni Turistiche Srl (also referred to below as “COGEST”), at any time, without the need to inform the users, and without affecting the obligation of these latter to consult such conditions prior to gaining access to the Website contents. Access to the Website after such modifications have taken place implies full and unconditional acceptance of the Conditions for Use as modified.
• Contents of the Website
The Website is used for the online booking of pitches and chalets. The Website presents information, images and other materials to describe the services offered to the users.
The services and their content are provided by COGEST and its suppliers. The content of the services is monitored with the most careful attention and diligence.
The services offered through this Website are completely free of charge. The only cost for the user is the internet connection, which is entirely at his/her expense.
All the contents of the Website (photographs, videos, trademarks, logos, domain names, application software, graphic layouts, and so on) and the rights relating thereto are reserved, and may therefore only be consulted for purposes of personal information. No other use of such contents may be made without the prior written consent of COGEST.
The Website may contain links to third party websites.
COGEST has no relations whatsoever with the third parties to which the information service supplied through this Website is connected in any way, whether directly or indirectly.
None of the contents of the Website may be interpreted as an invitation, offer or recommendation to engage in any transaction with such parties, which may be carried out entirely at the discretion of the users of the Website.
Ctoutvert, VAT no. FR67433265618, Tel +33 561 47 23 53 – Fax +33 534 40 84 77 – email firstname.lastname@example.org
10 Place Alfonse Jourdain, 31000 Toulouse, France.
• Non-warranty and disclaimer clause
All the contents of the Website are presented for purposes of general information only.
COGEST expressly rules out any implicit or explicit warranty for the information contained in the Website. Neither COGEST nor its content suppliers will in any circumstances be held responsible for any direct or indirect damage which might be sustained as a result of the use of the Website or the contents thereof.
COGEST also declines all liability for the content of the messages and audiovisual texts not issued by it directly or for the reliability and precision of the information, data and advertising contained or presented in the form of links or downloaded as information files from its Website.
More precisely, COGEST will in no circumstances accept liability for the correct and complete nature of the information divulged through the Website under the terms of the regulations which apply (including the copyright legislation, regulations on correct conduct, public order, privacy, and similar).
Neither COGEST nor its information suppliers will be held liable for errors, inaccuracies or omissions in the publication of data. COGEST has the right, but is under no obligation, to improve, modify or correct any errors, inaccuracies or omissions in the Website at any time, without the need to issue advance notice.
COGEST will in no circumstances be held liable for damages of any kind, including but not necessarily limited to direct, indirect or non-contractual damages, whether effective or potential, deriving from or in relation to access to or use of the features of, browsing in or links to other websites.
COGEST also declines all liability for any system malfunctions and for any damages or loss of profits which these might cause.
COGEST declines all liability for any damages caused to its users and/or third parties as a result of the use of the Website.
The user is therefore fully responsible for any use of the Website and any consequences of a civil or criminal nature which might derive therefrom.
• Intellectual property
The names campeggiocevedale.it and campingcevedale.it, graphics, layout, structure of the audiovisual texts contained in this Website, and the technology necessary for its operation are the property of COGEST, which holds all the rights thereto, unless otherwise specified.
The Website, contents and software thereof are protected by the copyright provisions in force (law 633/1941) and the relevant industrial property safeguards.
For strictly personal purposes, the users are authorised to save, record, print and present the information and data obtained through the Website, on condition that they do not remove any copyright or other intellectual property notices and do not modify or alter the content thereof in any way whatsoever. The downloading or copying of the Website materials or software do not grant any rights to such materials or software. The user may not under any circumstances publish, retransmit, redistribute or reproduce any information in any format whatsoever to third parties. The use of the data or information for any business or commercial purposes is also prohibited. The materials contained in the Website may not be reproduced in whole or in part without the prior written authorisation of the holder of the reproduction and exploitation rights.
References to the Website and its content may only be divulged for advertising purposes and to catalogue the Website in search engines, index websites, reviews, magnetic media and any other means of disclosure.
Any act or attempted act of tampering with or intrusion in the systems linked to the Website will be prosecuted in accordance with the legislation in force.
The manager of this Website, which may be contacted for any further information, is Compagnia Gestioni Turistiche Srl, email email@example.com, tel. +39 0463 751630.
These Conditions for Use are also available in foreign languages. The aim of the translation is to assist the users in understanding the conditions in question. In the event of any discrepancy between the translation and the Italian version, this latter will take prevalence for legal purposes.
ADVANCED ELECTRONIC SIGNATURE
With a view to improving the efficiency of document storage and protecting the environment by avoiding the printout of documents to be filed, Compagnia Gestioni Turistiche s.r.l. (also referred to in brief below as “COGEST”) has introduced an Advanced Electronic Signature service under the terms of legislative decree 82 of 7 March 2005, known as the digital administration code, in accordance with the terms of the prime minister’s decree of 22 February 2013, containing “Technical rules on the generation, application and checking of advanced electronic, certified and digital signatures, pursuant to the terms of articles 20, paragraph 3, 24, paragraph 4, 28, paragraph 3, 32, paragraph 3 b), 35, paragraph 2, 36, paragraph 2, and 71” and the general measures on biometrics laid down by the personal data protection regulator under the terms of law no. 513 of 12 November 2014.
The technological solutions adopted enable paper documents to be replaced with electronic ones, which are able to speed up the signature process by the customers (referred to below as the “Customer/Customers”), while the documents have the same validity and effectiveness as evidence of the traditional paper documents, pursuant to the terms of articles 2702 and 1350, paragraph 1, point 13, of the civil code. In addition, the use of these systems helps prevent fraud and identity theft on the one hand and, on the other, reinforces the guarantees of authenticity of the electronic documents signed, a fact which can be significant in the event of any disputes that might arise over the refusal to recognise the signature applied to the documents.
Taking the above factors into account, COGEST decided to adopt a special service for the drafting and signature of documents known as the Advanced Electronic Signature Service (referred to in brief below as “FEA” or “Electronic Signature”), by means of which the signature may be applied using a special tablet and electronic pen. This is a system of advanced electronic signature as defined by legislative decree 82 of 7 March 2005, known as the digital administration code, which does not involve the centralised storage of biometric data.
The application of the Advanced Electronic Signature by the customer is a simple and immediately effective process, by means of which the electronic document is able to record not only the signature itself but also a series of customer data, such as the speed, the pressure exerted, the acceleration of movements and the movements of the pen when it is raised from the tablet into the air, all of which take on the value of biometric data.
The service guarantees observance of the legal requirements, and more specifically the identification of the customer, the unequivocal tracing of the signature back to the signatory, the signature applied to the document and the exclusive control of the system for the generation of the customer signature. The technical properties of the solution also ensure that the contents of the document are permanent and cannot be amended (article 56 of the technical rules – prime minister’s decree of 22 February 2013).
This may be consulted at Campeggio Cevedale.
The description set out below satisfies the obligations set out in article 57 e) of the prime minister’s decree of 22 February 2013 (supply of information on the system used to guarantee the provisions of article 56, paragraph 1).
a) Identification of the signatory of the document.
For identification purposes, COGEST asks the customer to present a valid ID document.
The graphic strokes and biometric data, as detected by the tablet with a sufficient level of precision at the time of signature, are specific to the party concerned and are able to identify him or her.
b) The unequivocal link between the signature and signatory.
The tablet and signature software guarantee:
• the unequivocal link between the signature device and the signature software,
• the link between the document hash and the customer signature,
c) The exclusive control by the signatory of the signature generation system, inclusive of any biometric data used to generate the signature.
The customer has exclusive control of the signature generation system, and is able at any time to:
• view the document to obtain evidence of what he/she has signed,
• apply his/her signature to the document,
• confirm the signature applied,
• cancel and repeat the signature,
• cancel the signature process.
d) The possibility of checking to ensure that the electronic document signed has undergone no amendments following the application of the signature.
The customer is in a position at all times to check to ensure that the electronic document signed has undergone no amendments following the application of the signature. A series of software in accordance with the [CNIPA DEL.45] standard is available free of charge for this purpose at http://www.agid.gov.it/identita-digitali/firme-elettroniche/software-verifica. Adobe Acrobat Reader® is also able to carry out this check.
e) The signatory is able to obtain evidence of what he/she has signed.
The customer has access at all times to evidence of what he/she has signed, as the device displays the document, an original copy of which may be printed or forwarded to the customer by email or certified email.
f) The identification of the party pursuant to article 55, paragraph 2 a).
The customer is able to identify the party supplying the signature solution with certainty at all times, as he/she is informed promptly and clearly of the service and the logos are clearly visible.
g) The absence of any elements in the document signed which could amend the actions, facts or data represented therein.
All the documents are in a non-modifiable pdf format which contains no functions that could amend the original contents of the document at any time.
h) The unequivocal link between the signature and the document signed.
This is guaranteed by the signature software, which uses a SHA algorithm to link the document to the signature.
The requirements described above satisfy the terms of article 56 of the technical rules [prime minister’s decree of 22 February 2013] and article 21, paragraph 2-bis, of the digital administration code.
Properties of the technologies
The description set out below satisfies the obligations set out in article 57 f) of the prime minister’s decree of 22 February 2013 (specify the features of the technologies used and how these are able to satisfy the requirements).
COGEST has paid particular attention to the security of the biometric data acquired. While the customer signs the document, his/her biometric data are immediately encrypted with the AES asymmetric key, which is in turn encrypted with the public key of the asymmetric RSA algorithm.
The customer has sole control over the signature process, and is able to:
• scroll through the document to obtain evidence of what he/she has signed,
• use the electronic pen to apply his/her signature in the specific area set aside for the purpose on the display of the device,
• confirm the signature using the [End] key,
• cancel and repeat the signature with the [Repeat] key,
• cancel the signature process with the [Annul] key.
When the customer confirms the signature applied, the signature client immediately calculates the information printed in the electronic document using the SHA algorithm.
The encrypted biometric data, encrypted AES key, graphic signature strokes and other data are entered in the pdf document. At the end of the process, the signature client signs the document in PadES standard with a qualified signature certificate, in accordance with CNIPA resolution no. 45 of 21 May 2009 [CNIPA resolution 45].
This signature guarantees the integrity (unaltered document) and authenticity of the electronic document.
The system described acquires personal biometric data and ensures that such data are not at the disposal of the party storing them, thus guaranteeing a very high level of security for the signature process.
Keys and certificates
The description set out below is in accordance with the general provision set out in paragraph 4.4 of law no. 513 of 12 November 2014 by the personal data protection regulator, and the prime minister’s decree of 22 February 2013.
PUBLIC ENCRYPTION KEY
The public encryption key is compiled with the signature software and used by it to encrypt the AES key, which is used in turn to encrypt the biometric data and other information of relevance to the signature process.
The public and private keys are generated by the National Council of Notaries Certification Authority (S.C.N.N.), which is accredited with AgID.
PRIVATE ENCRYPTION KEY
The private encryption key, the only one which is able to extract the AES key in clear, which is then used in turn to decipher the biometric data, is kept by an independent fiduciary body known as the National Council of Notaries Certification Authority (S.C.N.N.).
The independent body will be called upon by the judicial authorities in the event of a dispute to hand over the key by means of the methods laid down in the procedure.
Neither COGEST nor the customer will have this key at their disposal under any circumstances.
CERTIFICATE OF SIGNATURE
The digital signature certificate is used by the signature client on completion of the Advanced Electronic Signature process to guarantee the integrity (unaltered document) and authenticity (author Technology Estate s.r.l.) of the digital document.
The certificate is generated by In.Te.S.A. S.p.A. Certification Authority (an IBM company), which is accredited with AgID.
COGEST, the supplier of the Advanced Electronic Signature solution, is covered by an insurance policy as laid down in the article 57, paragraph 4, of the technical rules [prime minister’s decree of 22 February 2013].