You will be given specific and/or supplementary information about the processing of your personal data every time we collect it, when you interact with the website, or by virtue of contractual relationships established with our Company; you can view them all at any time by clicking on the links in the “Policies” section at the bottom of this page.
Privacy Regulations: The GDPR, the Privacy Code, the Italian Data Protection Authority's provisions and in general all laws concerning the protection of individuals with regard to the processing of personal data.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation)
Personal data: Any information regarding an identified or identifiable individual. Besides data provided by the user via any forms in individual web service areas, this also includes browsing data
Data subject: The identified or identifiable individual that personal data refers to.
Browsing data: In the course of their normal operation, the computer systems and software procedures used to operate web services collect certain data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected in order to be linked to identified data subjects, but that by its very nature could allow users to be identified via processing and association with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (requiring users to log in), the data collected is associated with the user's personal account.
Browsing data includes:
- IP addresses or domain names of the computers used by users that connect to the website;
- the addresses of the requested resources in URI (Uniform Resource Identifier) format;
- the time of the request;
- the method used to submit the request to the servers;
- the size of the file obtained in response;
- the numerical code indicating the status of the response the server gives (successful, error, etc.)
- other parameters regarding the user's operating system and computer environment.
Data provided by users: This is the data which the user voluntarily and knowingly provides by sending communications (e.g. by email, to the addresses on the web domain) or by filling in specific forms, if present in the areas provided by the services.
- personal details;
- regarding contact details (e.g., email address)
- related to the user/client's contractual position;
- geolocation (if the user has consented to the collection of data about their position);
- regarding the use of individual services available to the user;
- regarding facts and events disclosed by the user in their messages (as far as this is concerned, and in order to better protect them, users are encouraged not to provide information that is not strictly connected with the request and the nature of the services provided by the Company).
Data controller The person who decides on the purposes and methods of processing personal data. With reference to web services, Gruppo Unipol is the Company which this website refers to and whose references are at the bottom of each page.
Services or Web Services The services provided through the internet, used via the website and/or any apps.
User: The data subject (individual) who browses, consults, accesses or uses the web services.
DPO: The Data Protection Officer. Users may request clarifications regarding the processing of personal data or exercise their rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information about data processing”.
Italian Data Protection Authority: The Guarantor for the protection of personal data, in other words the Italian national monitoring authority for the protection of personal data. Consult the Authority's website.
Cookies: Cookies are pieces of information that are stored on your device (e.g., in your browser's memory) when you visit a website or use a web application
Each cookie may contain various data, such as the name of the server it comes from, a numerical identifier, etc.
See the Cookies Policy for more information.
USER PERSONAL DATA PROCESSING POLICY
Below we have provided some useful information about the processing of personal data carried out via our web services.
In particular, we would like to inform you about:
- the identification and contact details of the Data Controller;
- the contact details of the Data Protection Officer (DPO);
- the categories of personal data processed via the web services;
- the purposes for which this personal data is processed on a case by case basis;
- the conditions that legitimise the processing of this data (legal grounds);
- how long the data will be stored for, always strictly necessary for the pursuit of the stated purposes;
- the categories of data recipients.
Gruppo UNA S.p.A.
Via Gioacchino Murat, 23 - Milano
Categories of personal data, purposes and legal grounds for processing and length of data storage
Categories of Personal Data
Purposes of processing
Length of data storage
To allow web browsing and the provision of services
The need to perform a contract to which the data subject is a party or to provide a service at their request
For the duration of browsing within the services
To obtain anonymous statistical information on the use of the web services, for the sole purpose of checking their correct functioning
Legitimate interest of the Company
The data is collected in aggregate form and can no longer be traced to the individual user who browsed the website
Data provided by the user: provision of web services
Booking overnight stays (data may also be collected by third parties, if the booking is made via external booking services providers)
The need to respond to requests made by the data subject (pre-contractual phase) or perform a contract to which the data subject is a party
For the duration of the booking (if hotel services are used, after checking in, for the duration of the stay and subsequently for the times set by administrative/accounting requirements in force from time to time
Providing your personal information is free and optional; We remind you, however, that it is indispensable to pursue certain purposes (to provide you with appropriate feedback to requests, to register in the Reserved Area or to provide individual services); if is not provided, it may not be possible to pursue these purposes.
If data (and relative consent) is not provided for any marketing or profiling purposes, this will not affect other services requested.
Processing methods and data storage period
The abovementioned data will not be distributed and may be disclosed to members of staff in our Company who have specific authorisation to process it. It may also be acquired and/or processed by other Gruppo Unipol companies and/or companies. Processing operations may be carried out by external parties who perform certain activities on our behalf and with whom we have special agreements governing the processing of personal information.
Finally, data may be disclosed at the express request of public authorities or law enforcement agencies.
The processing of personal data is always subject to the application of appropriate security measures to ensure the confidentiality, availability and integrity of the data.
The Web Services may use both first and third-party technical, analytical and profiling cookies.
Cookies are essential to improve the services and to provide products that are always in line with user preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.
To find out more, click here.
RIGHTS OF THE USER (AS DATA SUBJECT)
Privacy laws (articles 15-22 of the Regulation) guarantee the user, as data subject, the right to access data about them, as well as to obtain the rectification and/or integration, erasure or portability of the data. Privacy laws also give the user the right to request the restriction of data processing and to object to processing, as well as the possibility to withdraw any consent given (withdrawal does not affect the lawfulness of the processing carried out up to that moment).
What are they?
Conditions for exercising rights
Access to data
Users may ask the data controller:
Users may always make these requests
Rectifying or integrating data
Users may ask the data controller to:
personal data that is processed
If the processed data is inaccurate or incomplete
Users may ask the data controller to erase personal data being processed
Restricting personal data processing
Users may ask the controller not to carry out, with the sole exception of storage, any processing operation on their personal data, except with users' consent or to protect their rights
Opposition to personal data processing
Users may oppose processing on the basis of legitimate interest (including having promotional messages sent) or on the basis of public interest
The reasons must relate to the particular situation of the user, unless the user opposes processing for direct marketing purposes
Opposition to automated decision-making
Users may oppose automated decision-making. If this decision-making is necessary to enter into a contract, based on explicit consent, whether authorised by the law or regulation of the state or of the European Union, users have the right to obtain human intervention on the part of the controller, to express their point of view and to challenge the decision.
There is a decision based exclusively on automated processing, including profiling, that has legal consequences regarding them or that similarly affects them to a significant extent.
Portability of Personal Data
Users have the right to receive personal data concerning them in a commonly used, structured format that can be read by an automatic device.
Provided that the following conditions are met:
Withdrawal of consent
Users may withdraw their consent. Withdrawal of consent does not affect the lawfulness of processing carried out before consent is withdrawn.
The "Data Protection Officer" is available if there are any doubts or queries, to exercise the rights of data subjects, and to provide an updated list of data recipient categories.
|Data protection officer or DPO
Furthermore, your right to contact the Italian Data Protection Authority, including to lodge a complaint, remains unaffected, if it is considered necessary in order to protect your personal information and your rights in this matter.
Below is a list of our privacy policies: