The methods of managing the website of Tanit Rooms & SPA are described on this page with specific reference to the processing of personal data.
The policy, envisaged by Article 13 of Regulation (EU) 2016/679, is also based on Recommendation No 2/2001 which the European authorities, in the Working Group for safeguarding personal data, laid down in Article 29 of Directive 95/46/EC, adopted on 17.05.2001. The aim is to identify the minimum requirements necessary for the collection of personal data on-line, as well as the measures which must be used with regard to data subjects who access the web pages, in order to guarantee the lawfulness and legitimacy of data processing.
Browsing this website may result in the processing of data regarding persons identified or who can be identified.
The policy refers exclusively to the website of Tanit Rooms & SPA and not to any other sites which may be viewed by the user via the links on the website.
The “Controller” of the personal data processing is Tanit Rooms & SPA, in the person of its legal representative, Yuky Canzini, with offices in Sardinia, in Villasimius (CA), via Umberto I, 86 - 09049, email firstname.lastname@example.org. The data controller guarantees the lawfulness, fairness and transparency of the data, as well as the security, confidentiality and protection of the data it its possession at all stages of the data processing.
The data processor
The data processor is Pavoneggi Srl, in the person of its legal representative pro tempore, with offices in Sardinia, in Cagliari, via S. Tommaso D’Aquino No 18/A.
Location of personal data processing
The personal data entered on the website of Tanit Rooms & SPA will be processed at the offices, in Sardinia, in Villasimius (CA), via Umberto I, 86 - 09049. It is overseen by staff specifically assigned to the above-mentioned processing and website maintenance operations.
Purpose of the processing
The personal data processing is carried out for specific and legitimate purposes linked and relevant to the activity of Tanit Rooms & SPA as indicated below:
a) To fulfil the obligations arising from the contract entered into with the customer both in the phase before and during its execution;
b) To fulfil legal obligations for accounting and administration purposes;
c) To fulfil operational and management requirements in Tanit Rooms & SPA related to the service provided;
d) To fulfil the legal obligations required to communicate the data to the local police about the customers staying on the premises.
Moreover, subject to obtaining the customer’s voluntary, specific and separate consent:
e) To provide information via email (newsletters) about the services offered by Tanit Rooms & SPA;
f) To process the data of children with a specific waiver by the holders of parental responsibility in order to carry out booking and registration services at the guesthouse and fulfil the obligations arising from the completed contract.
The legal basis of the data processing stems from the specific contractual relationship between the user and Tanit Rooms & SPA. Communication of personal data is a necessary requisite for the conclusion of the contract between the user and Tanit Rooms & SPA. If consent is not given for the purposes of points a, b, c and d) and, where necessary, of point f of the paragraph “Purpose of the processing”, it will not be possible to conclude the contract to perform the service offered.
Consent is optional for the processing of data for the purposes indicated under point e) of the paragraph “Purpose of the processing”, i.e. subscription to newsletters.
The computing systems and software procedures employed to operate this website acquire, during the normal course of operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
It concerns information that is not collected to be associated with specific individuals, but by its very nature could, through the processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method employed to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server and other parameters related to the user’s operating system and IT environment.
These data are only used to obtain anonymous statistical information about website use and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility for hypothetical computer crimes against the website: except for this possibility, the data are not stored for more than seven days.
Data submitted voluntarily by the user
The registration of personal, and possibly sensitive, data on the specific website page, to request information, services, access to reserved areas of the website, the sending of newsletters, as well as the optional, explicit and voluntary sending of email messages to the addresses posted on this website, entails the subsequent acquisition of the sender’s address, required to respond to the requests, as well as any other personal information entered.
Specific summarised information will be progressively provided or displayed on website pages set up for particular services available on request.
Cookies are small text files that the sites visited by the users send to their terminals where they are stored and later retransmitted to the same sites upon a subsequent visit.
The website of Tanit Rooms & SPA only uses technical and browser cookies, required for the correct functioning of the site and no personal data concerning users are acquired by the site. Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies of any type used, i.e. user tracking systems.
The use of so-called session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server), required for safe and efficient browsing of the site.
The so-called session cookies used on this site avoid using other processing technologies that may potentially affect the confidentiality of the users’ browsing activities and do not permit the acquisition of personal data that may identify the user.
Optional nature of data provision
Apart from the afore-mentioned specifications for browsing data, the user is free to provide the personal data indicated in the forms requesting services or, in any case, indicated in the contacts with our offices, to request the sending of newsletters, information or other communications. Failure to provide the data may make it impossible to benefit from the above-mentioned services.
Processing method and data storage time
Your personal data are processed using automated, telematic and hard copy means for the time strictly necessary to fulfil the purposes for which they have been acquired and to carry out the service requested by the customer and in any case, for the period established by current provisions for statutory and fiscal purposes and no more than ten years from the termination of the relationship for the purposes of the service. Specific security measures are observed to prevent the loss of the data, unlawful or incorrect use and unauthorised access. The user may, at any time, request interruption of the processing, erasure and/or restriction of the data.
The user’s personal data may be communicated to consultants, accountants and lawyers who carry out services used for and connected to the above-mentioned purposes.
Data subjects’ rights
With reference to Regulation (EU) 2016/679 and in particular to Article 15 governing the “right of access”, Article 16 governing the “right to rectification”, Article 17 governing the “right to erasure”, Article 18 governing the “right to restriction of processing”, Article 20 governing the “right to data portability”, Article 21 governing the “right to object to automated decision-making”, the data subject may exercise his/her rights by writing to the data controller at the following addresses:
mail: Tanit Rooms & SPA, via Umberto I, 86 - 09049 Villasimius (CA)
The site of Tanit Rooms & SPA is not intended for use by children, who are not authorised to make bookings or subscribe to the newsletters. Should a child make a booking or subscribe to the newsletter service without the prior authorisation of the holder of parental responsibility, all relevant data will be immediately deleted.
Right to lodge a complaint with the supervisory authority
If the data subject considers that the processing of personal data infringes the provisions of the above-mentioned GDPR, he or she has the right to lodge a complaint with the supervisory authority under Article 77 of Regulation (EU) 2016/679.
Browsing data and the purpose of data processing
During the ordinary course of operations, the IT systems and software procedures for running this website acquire some personal data; the transmission of such data is an inherent feature of Internet communication protocols.
This information is not collected for the purpose of being associated with identified interested parties, but due to its very nature could allow users to be identified through the processing and association with data held by third parties.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server and other parameters related to the operating system and the user’s computer.
This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning, and is deleted immediately after processing. The data could be used to ascertain responsibility in the case of hypothetical computer crimes against the site: other than in this case, data is not stored for longer than seven days.
Data provided voluntarily by the user
Registration of personal data, including sensitive data, on the page of the website designed to request information, services, access to reserved areas on the site, the sending of newsletters, as well as the optional, explicit and voluntary sending of electronic mail to addresses indicated on this site, entails the subsequent acquisition of the sender’s address, necessary in order to reply to the requests, as well as any other personal data entered on the page.
Specific summary information regarding other services available on request will be provided or displayed on the website’s pages.
Cookies are small text files that sites visited by users send to the user's terminal where they are stored and later retransmitted to the same sites upon a subsequent visit.
Use of so-called session cookies (that are not memorised in a persistent manner on the user’s computer and that disappear upon closing the browser) is strictly limited to the transmission of session identification information (constituted by causal numbers generated by the server), necessary to allow for safe and efficient browsing of the site.
The session cookies used on this website avoid the need to use other IT techniques that could potentially affect users' privacy when browsing the website and do not permit the acquisition of the users’ personal identification information.
Optional data supply
Apart from what has been specified for browsing data, the user is free to provide his/her personal data as required in the forms requesting services, or as indicated in contact with our offices to request sending of the newsletter, information or other communication material. Failure to provide this information may make it impossible to carry out the request.
Personal data is processed by automated and manual tools for the time necessary to achieve the purposes for which it was collected. Specific safety measures are in place to prevent the loss of data, its illegal or improper use and unauthorised access.
Pursuant to Article 7 of Legislative Decree 196/2003, the parties to whom personal data refers have the right at any time to obtain confirmation of the existence or lack thereof of personal information concerning them, and to know its origin and content, to know the purpose and means of processing, to verify the accuracy of the data, to request its updating, correction or integration.
Pursuant to the same article, parties can also request the cancellation, transformation into anonymous form or blocking of data treated in violation of the law, as well as oppose, in all cases, processing of their personal data.
In particular, and pursuant to Article 7.4, the data subject can object in full or part:
a) for legitimate reasons, to the processing of his/her personal data even if it is relevant to the purpose of its collection;
b) to the processing of his/her personal data for the purpose of sending advertising materials or direct sales materials, for carrying out market research or for commercial communication.
The rights pursuant to Article 7 above can be exercised by submitting a request to the following addresses:
post: Tanit Rooms & SPA, via Umberto I, 86 - 09049 Villasimius (CA)