This website collects some personal data from its users.
first name: RSA TERME SRL
Fiscal Code: 02890820349
Address: Via Valentini, 12 - 43039 - Salsomaggiore Terme (PR)
Types of data processed
Below is the list of data collected by this website, in addition to data collected automatically through third-party services: your contact details, including company name and VAT number, name and surname, tax code, address, email address e-mail, fax, website and date of birth, telephone or mobile number for natural persons and data used provided during registration and unique IDs used by advertising services such as, for example, Google Ads).
All these data have in common the fact that they were provided by you. This information will be used for the purposes described in this Policy. You have the right to rectify your personal data at any time or to prevent their processing.
Personal data can be entered voluntarily by the user, or collected automatically.
In order for the website to function correctly, the site visitor is required to enter all the personal and requested data. If some data is not entered, the functioning of the website could be compromised and its performance altered, even up to the impossibility of using some functions for which data entry is necessary.
The site visitor indemnifies the website owner from any responsibility that may be claimed by third parties, for the information and personal data that the visitor may have entered and published within the same website.
Data management methods
The processing of the data provided is carried out taking into consideration all the necessary measures to prevent sharing on the network, cancellation and modification of the indicated data.
The way we collect and store data is strictly connected to the way we use our website and related services and is done through IT and telematic tools.
We will use your personal data for purposes related to the execution of the purposes requested by you:
- The user has given his consent to the processing of his data;
- Execution of the contract or to fulfil, before the execution of the contract, your specific requests;
If the data are functional to the fulfillment of legal obligations or provided for by community legislation;
- For public interest or for the exercise of public powers vested in the holder;
- If the processing is necessary for the legitimate interest of the Data Controller.
In case of doubts on the legal basis of the treatment, it is possible to contact the Data Controller for clarification.
Place of data processing
The treatments connected to the web services of this website take place at the company headquarters of the Data Controller and are only handled by personnel in charge of the treatment. No data deriving from the web service is communicated or disseminated. The personal data provided by users who request dispatch of informative material are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose (Article 3 of the GDPR).
The data provided is communicated to third parties only if this is necessary for this purpose (Article 3 of the GDPR) and may be transferred to another country.
The site visitor maintains all rights and can request to know the details relating to the tools used by the website owner for data security, and can also request details regarding the transfer of personal data to countries outside from the EU and/or to non-governmental organizations which are not subject to any specific legislation.
The user can request more information on the use of his data and on the transfer of the same by contacting the Data Controller directly.
The data retention period is linked to the purpose of the ongoing treatment. The data will not be processed beyond what is necessary to fulfill the purposes for which this information was collected and processed.
The data collected for purposes related to the execution of a contract will be retained until its execution.
The data collected for the legitimate interest of the Data Controller will be kept until the execution of this interest.
The treatment provided through consent may be kept until the withdrawal of this consent by the User.
At the end of the indicated purposes, the data will be
Purpose of the treatment
The data provided by the user is processed for the provision of services provided through this website for the following purposes: access to accounts at services provided by third parties, direct contact, data management, payments, contact requests, hosting, comments, statistics and other features aimed at completing the purpose requested by the User.
Advertising, targeting, profiling, content testing, access to data through peripherals, anti-spam, use of third-party platforms for managing requests and assistance, registration and access and data transfer.
For more information on all purposes, the user can contact the Data Controller directly.
Interaction with social networks and external platforms,
Heat mapping and session recording,
Interaction with live chat platforms,
For any request on the processing of your data on hotelprimarosa.it write us at firstname.lastname@example.org. This Application does not support “Do Not Track” requests. To find out if any third-party services used support them, consult their privacy policies.
Definitions and legal references
Personal information (data)
Personal data is information that identifies or makes identifiable, directly or indirectly, a natural person and that can provide information on his characteristics, his habits, his lifestyle, his personal relationships, his state of health, his economic situation, etc.
This refers to all information collected automatically or manually, directly or indirectly through third-party services.
The website visitor who uses the services making use of their personal data.
The subject to whom the personal data entered and/or published on the website refer.
Responsible for the treatment
The data processor ("data processor") in the GDPR is defined in art. 4, par. 1, no. 8) as "the natural person, legal entity, public administration or body that processes personal data on behalf of the data controller".
Data Controller (Site owner)
The Data Controller (data controller) is "the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data" (art. 4. paragraph 1, no. 7 GDPR). In essence, the owner is the one who processes the data without receiving instructions from others, the one who decides "why" and "how" the data should be processed.
It is a set of related web pages, i.e. a hypertext structure of documents that can collect personal data about their visitors.
A particular type of data (which can be useful to identify the user) and is used by server-side web applications to store and retrieve long-term information on the client side.
The website may request identification via Facebook in order to interact with it through the user's Facebook account.
For more information, you can directly consult the documentation of Facebook permissions
and the Privacy page
User ID, username, profile picture, user gender, user language, list of friends and/or followers of the user, and in general all the information that the user may have entered in his profile.
The data collected is used by the following services:
Access to third party services
Third-party services may request the sharing of data in your accounts in order to interact with them.
In any case, prior authorization will always be required to be provided before the activation of third-party services.
This website accesses directly or via API the information that the user may have entered within the services owned by Twitter, Inc.
This website accesses directly or via API the information that the user may have entered within the services owned by Facebook, Inc.
Requested data: private data.
Users can leave some comments on the website using specific comment services.
Users will be able to leave comments on the website even anonymously. Users are responsible for the content posted through their comments.
Third-party commenting services may request the collection of data, also for statistical purposes.
This website allows visitors to post facebook comments relating to a web page, a url, a facebook page or any content present in the services of Facebook, Inc.
Contact the user
The services related to hosting collect data necessary for the correct functioning of the website and its functions in order to provide the services requested by the user.
The hosting services use servers located in different places, therefore it is not possible to establish exactly where the data is stored.
Google Cloud Storage
Google Cloud Storage is the hosting service developed by Google Ireland Limited.
The site visitor, by entering his e-mail address when purchasing a product, registering on the site, or subscribing to the site's newsletter/mailing list, authorizes the site owner to be able to send him information and/or advertising messages.
Required data: the e-mail address of the visitor who registers on the site or the newsletter.
By leaving their telephone number, users could be contacted for various purposes expressed when entering the numeric data.
The data indicated by the user when completing the form and the information entered in the body of the message are used exclusively to respond to the user's request.
General information such as name and surname, physical address and email and other types of data in order to have more information about the request forwarded.
I send messages
Third-party services that manage contact data databases, used for the purpose of communicating with the User.
These services may collect contact data information related to postings, opens, and other types of interactions.
Mailgun, Inc. is a third-party service that allows the management of mailing lists, mailings and mailing statistics for newsletters and automations.
Required data: Name, surname, email and other data required for the personalization of the communication.
Third-party live chat services allow you to contact a website operator for information requests, while the user is present on the website itself.
These services may collect information about the contact details related to the messages sent.
These third-party services allow interaction with social networks within the website through the User's social profiles.
These services can collect information on contact data relating to the use of your profile on the social network that owns the application in use hosted on this site.
Facebook "Like" button
The "Like" button is provided by Facebook, Inc, and allows you to like the Facebook page relating to this website
Requested data: Cookies and data used.
The statistical services allow the owner to monitor the progress of the website and the behavior of the users.
Flazio provides a statistics service which analyzes and displays the personal data of users who visit websites.
Requested data: Cookies and usage data.
Data Migration outside the European Union
The owner could move the data collected outside the EU only by respecting a certain legal basis.
For more information on the legal bases that may determine the transfer of data, you can contact the data controller directly.
Content and graphics
These services allow you to show some graphic elements or third-party content directly on the website.
Google Fonts is a text font managed by Google Ireland Limited.
Geolocation and location
Geolocation not continuous
The website and some third-party tracking services may share user positioning data for the purpose of providing personalized services.
The website can access information relating to positioning if the user has not denied the tracking of his position through the browser or his devices.
Requested data: geographic location.
Instagram allows the display of image and video posts contained on Instagram, Inc.
Requested data: Cookies and usage data.
These third-party services are intended to protect the website from spam activity.
Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited.
Requested data: Cookies and usage data.
Registration and access
The services that allow registration and authentication allow the user to have his own profile on the website.
Facebook (Facebook, Inc.)
Facebook Authentication is a registration and access service provided by Facebook, Inc.
Google Maps component
Google Maps is a service that provides maps managed by Google Ireland Limited.
Requested data: Cookies and usage data.
The data provided by the user could be used by the data controller to create a user profile, to monitor user preferences and behaviour.
These operations can be used thanks to automatic tools that monitor user activities in order to trace a user profile.
In order to refuse profiling, the user can directly contact the Data Controller to assert his rights.
The data provided by the user is used to customize the purchase procedure, payment by electronic means and shipments.
Users have certain rights they can exercise regarding the use of their data.
Your rights are:
- Refuse the treatment of the data;
- Withdraw consent;
- Request a change to the data indicated.
- Request access to your data;
- Request the deletion of data;
- Request limited use of data processing;
- Request the transfer of your data;
- Request a complaint about data usage.
Right to object
Users can oppose the treatment in reference to the use of data for public interest or in the exercise of public powers of the owner.
Users can also object in case of data processing for marketing purposes.
Exercise your rights
In order to assert their rights, the user can directly contact the Data Controller of the data managed on this website.
Sales information and data
In order to be able to complete the sale, the purchase process and the shipping and delivery process, the owner of the Website may make use of the User's Personal Data.
In order to complete the purchase, site visitors will have to proceed with the payment, which can be managed by third-party payment gateways. Some of the data necessary for payment could be by way of non-exhaustive example: credit cards, account number, card date, CVC, and others.
Learn more about treatment
Use of data in court
If sued, the Data Controller will be entitled by the User to use the User's Personal Data, and information on the use he has made of the services.
Should the Data Controller receive a request from public institutions or public authorities (Police, Carabinieri), he will be entitled to forward all the information requested by them.
In order to improve the services offered, perform troubleshooting and analyze the use that is made of the same services, this website may perform sequential and chronological recording of the operations performed by a user, an administrator or in manual or automated, as they are performed. These recordings can be memorized and possibly accessed during the data analysis phase, also known as the event log.
Site visitor rights (Users)
Users have the right to cancel, transfer, suspend and correct their Personal Data, and users also have the right to have an understandable and intelligible copy of their personal data. The site owner must have adequate tools to carry out these requests. All requests must be sent to the Data Controller and/or the DPO.
Date of last revision: 20/01/2023