This information document (the Document) is issued pursuant to Reg.(UE) 2016/679 of 27 April 2016 related to the protection of people regarding the processing of personal data (GDPR), and contains information on the processing of the personal data collected by Torre Canne Thermal Spa (the Company) and describes the way they are used.
The Document is an integration to any other information received in other circumstances and contains important information on the following:
- THE PROCESSING OF PERSONAL DATA
- COLLECTED PERSONAL DATA
- THE PURPOSE OF PERSONAL DATA PROCESSING
- THE COMMUNICATION AND THE DISCLOSURE OF PERSONAL DATA
- THE SAFETY AND THE CONFIDENTIALITY OF PERSONAL DATA
- THE RIGHTS OF THE PARTY CONCERNED
- DATA STORAGE
- THE CONTROLLER – THE DATA PROTECTION OFFICER - THE COMPANY’S CONTACT DETAILS
- UPDATES OF THIS DOCUMENT - COMMUNICATIONS
1. THE PROCESSING OF PERSONAL DATA
In this Document, the term “Personal Data” is used with reference to any information that allows the Company to identify you (or to identify any third party whose data are provided by you), directly or indirectly, including any information related to the purchase of services, or that you choose to give to or share with the Company during the use of the Websites or at the Thermal Spa complex Terme di Torre Canne di Fasano (BR) (the Facility).
Personal Data will be processed in compliance with the GDPR. The Company reserves the right to further process your data when required to do so by law, i.e. in criminal proceedings or investigations or any other kind of legal proceedings.
2. COLLECTED PERSONAL DATA
The origin of the data
The Company only collects personal data that you provide of your own free will, for example:
Emails, texts and other electronic messages
Exchanging communications with the Company, requesting information, requesting a quote, sending your CV;
Asking for assistance, informing about special needs or complaining about anomalies in the delivery of services.
The Thermal Spa Complex
Filling in the documents provided when checking in, making a booking, interacting with the staff, complaining about anomalies in the services received or giving feedback on them, requesting or purchasing services.
If you provide the Company with personal data of third parties (e.g., relatives, other customers or potential customers), you should make sure that they are informed and have authorized the use of their data as described in this Document.
Types of data
The Company can collect and use various types of personal data according to the specific purposes as described below:
a. Personal information such as name, surname, age/date of birth, place of birth, identity document number;
b. Contact information such as home address, email address, telephone number, mobile number;
c. Payment information, such as payment method (credit or debit card, bank transfer, etc.) and relevant details;
d. Information related to the services and the treatments purchased, such as the type of treatment facility, arrival and departure dates, details of the services booked and the related costs, feedback on services received, complaints, refunds, travel companions or other information related to the services requested and that can be collected in compliance with current laws;
e. Health-related information: such as those inferable from the treatments booked and those conveyed to the doctor when checking in or to staff whilst undergoing treatments;
f. When sending a CV: personal data, contact details, curriculum vitae, other data provided of your own free will, the source of information about the job offer, particular categories of data provided, the status of a protected person, data that can disclose one’s health status, etc.;
g. In the event you use our medical services: data related to your health status.
3. THE PURPOSE OF PERSONAL DATA PROCESSING
According to the specific circumstances of your interaction with the Company, your personal data may be used for the following purposes:
3.1 Booking treatments and the delivery of the services booked
The personal data provided by you or collected during the booking phase and when the services booked are provided i.e. personal data, contact details, data related to the services booked, data concerning your health status, tax data, payment details, special requests, feedback and opinions on the services used and any other data required for the delivery of the services booked – will be used to comply with the current legal, accounting and tax obligations and for purposes related to the reciprocal obligations resulting from the contract (e.g., to assist you with your bookings, to provide the services requested, to meet your needs during your treatments, to process your feedback, to arrange an itemised bill, to perform customer care activities, etc.) or to meet your specific requests.
The processing of your personal data for these purposes does not need your consent. Processing is necessary to comply with legal requirements and to execute the contract, to receive suitable data which reveals your state of health, the processing of which requires your prior consent; any refusal might make it impossible to provide the services requested.
3.2 The specific purposes for which you provided the data
The personal data provided by you or collected when you request a specific service (e.g., stating special needs, asking for information – such as personal and contact details, and data required to follow up your request – will be used for following up your request, providing the services requested (for example, answering a question or requesting contact, providing the service requested, assisting you and dealing with potential complaints).
In these cases, it is necessary to provide your personal data for the above mentioned purposes and refusing to do so would make it impossible to fulfil your request.
3.3 For marketing purposes
Your personal and contact details such as name, surname, address, email address, landline and mobile phone numbers, may be used to call you or to send you or email, even using automated methods, information, greetings, and periodic documentation – also promotional material, even published and sent by third parties (e.g., periodical publications), about the Thermal Spa complex in order to keep you informed on the prices, the services and the offers available.
The consent for this use of your personal data is optional. If refused, we will not be able to provide you with commercial information.
3.4 For recruiting and assessing staff
The personal data received via email or forwarded to our postal address will be processed for the recruitment and assessment of staff, with the aim of establishing a work relationship and to assess the effectiveness of the communication channels for our job offers (with regards to such channels, the data will be processed anonymously). Therefore, you may be contacted by phone, email or text message or you may receive communications and information about job openings in accordance with your profile.
The provision of all other personal data is optional. If data are missing, inaccurate or partial, we may not be able to carry out our staff recruitment activity in the best way.
4. THE COMMUNICATION AND THE DISCLOSURE OF PERSONAL DATA
Your personal data will not be disclosed, unless required by law or explicitly authorised, and may be communicated to organisations pursuant to the law concerning practices relating to treatments provided in agreement with, for example, local health authorities, the Region, and INAIL, to the companies in the Carlo Maresca SpA Group to companies, bodies and subjects (e.g., external professionals, public authorities and private companies, banks, insurance companies, trade associations, etc.) with which Torre Canne Thermal Spa has relationships regarding the management of its services (e.g., administration and accounting services, email and text message management services, mail shipping services, marketing, web-marketing and customer care support services, etc.).
Such companies, bodies and organizations will only receive the personal data required to perform the agreed services and will not be authorised to use them for any other purpose.
With specific reference to the recruitment and assessment of staff, the data will not be subject to disclosure or to automated decision-making processes and may only be communicated to the companies in the Carlo Maresca SpA Group and their officers, who will only be able to use them for the purposes mentioned above.
In the event of corporate or asset transactions (such as, but not limited to: mergers or takeovers, company restructuring or liquidation, establishment or termination of the lease of a company branch, etc), the collected data might be one of the transferred assets and, as allowed by law and according to the legitimate interests of the receiving Company, made available to the same if the corporate aim allows it.
The Company can also provide your personal data to third parties if foreseen by current law (e.g., public safety authorities, local authorities), in the event of legal proceedings in response to a request from law enforcement authorities based on legitimate reasons, to protect the rights, the privacy, the safety or the property of the Company or of the public.
The full list of the people in charge of processing your personal data and the third parties to whom they are given can be obtained by using the contacts provided in this Document.
Access to your personal data will only be given to Torre Canne Thermal Spa employees and collaborators specifically authorised to process them, in compliance with the technical and organizational measures implemented by the Company to ensure the appropriate processing of your data, in accordance with the actual need to know such information and using multi-level control tools regarding access.
6. THE SAFETY AND THE CONFIDENTIALITY OF PERSONAL DATA
Your personal data will be processed in accordance with the principles of correctness, lawfulness and transparency, both electronically and in hard copy, and in a way that ensures the appropriate safety of your personal data from unauthorized or unlawful processing as well as from loss, destruction or accidental damage, by means of appropriate technical and organizational measures.
In the unlikely event that the Company believes that the safety of your personal data in its possession or under its control has been or may have been compromised, you will be informed about such incidents in accordance with the methods foreseen by current law and using the appropriate means therein prescribed (by providing the Company with your email address, you consent to receiving such communications electronically via the email address provided).
7. THE RIGHTS OF THE PARTY CONCERNED
At any time and free of charge, by sending an email to email@example.com, you can ask to access, correct or delete your data or limit their processing; you can also receive your electronic personal data in a commonly used structured format, which can be read mechanically and transmitted to another data processing controller (data portability).
The requests for data deletion are subject to the Company’s current legal obligations regarding document storage.
You also have the right to revoke your consent at any time, without prejudice to the lawfulness of the processing based on your consent given before revocation. Also with specific reference only to profiling, you can exercise all the rights expressed in this Document, objecting, amongst other things, to any further profiling of your data.
If you believe there is a problem in the way your personal data are managed, you have the right to complain to the Garante per la Protezione dei dati personali (Data Protection Commissioner) as appointed Supervisory Authority according to current procedures.
8. DATA STORAGE
Considering the purposes for which they were collected, the fulfilment of legal obligations and the protection of the rights of the Controller, these data will be stored for a period not exceeding the necessary time (e.g., 10 years for accounting and administrative purposes, for the duration of the storage obligation for tax purposes, and, upon expiration of that period of time, they will be deleted or made permanently anonymous), or to allow the Company to keep evidence of the relative rights and obligations.
With specific reference to staff recruitment and assessment activities, the data provided will be stored for the period of time that is necessary for the above mentioned purposes, however not exceeding 3 years, during which you can update the CV you have already submitted.
9. THE CONTROLLER – THE DATA PROTECTION OFFICER – THE COMPANY’S CONTACT DETAILS
For any further information, please contact the Controller, Torre Canne Thermal Spa, Via Caravaggio 125 - 65125 Pescara (PE) – Italy, email: firstname.lastname@example.org or the Data Protection Officer sending an email to: email@example.com or writing to: The Data Protection Officer – Via Caravaggio 125 – 65125 Pescara – Italy.
You can contact those mentioned above in order to exercise your rights and in particular to access your personal data, ask for their correction, deletion or portability, to limit their use or revoke your consent.
When contacting the Company, please make sure you include your full name, email address, home address and/or phone number(s) so that your request can be appropriately processed.
10. UPDATES OF THIS DOCUMENT - COMMUNICATIONS
The Company, at its own discretion, reserves the right to change, modify, add or remove parts of this current Document on Privacy at any time, publishing the reviewed version on this page of the Website and updating the date of the “last version” indicated below.
In some cases, the Company can provide further communications related to significant changes to this current Document on Privacy by publishing a notice on the home page of this current Website.
If the changes involve new or further processing and in the cases foreseen by current law, your data will not be subject to further processing without your explicit consent.
This current document is effective as of 13 November 2019