This application collects some Personal Data from its Users.
Ciaobooking Srl
Via Ciro Menotti, 12
San Bonifacio, Verona 37057
Italy
Email address of the Controller: info@ciaobooking.com
Among the Personal Data collected by this Application, either independently or through third parties, are: first name; last name; phone number; email address; various types of data; city; sector of activity; website; usage data; cookies.
Detailed information on each type of collected data is provided in the specific sections of this privacy policy or by specific explanatory texts displayed prior to the data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically while using this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, it may be impossible for this Application to provide its services. Where this Application specifically states that some Data is optional, Users are free not to communicate such Data without consequences on the availability or the operation of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Controller. The possible use of Cookies – or other tracking tools – by this Application or by third-party service providers used by this Application serves the purpose of providing the Service requested by the User, in addition to other purposes described in this document and, if available, in the Cookie Policy.
The User is responsible for the Personal Data of third parties obtained, published, or shared through this Application and confirms that they have the right to provide or share it, thereby releasing the Controller from any liability towards third parties.
The Controller implements appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data. The processing is carried out using IT-enabled tools and/or electronic means, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Controller, in some cases, the Data may be accessible to certain persons involved in the operation of this Application (such as administration, sales, marketing, legal, or system administration personnel) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, and communication agencies) who are, if necessary, appointed as Data Processors by the Controller. An updated list of these parties can be requested from the Controller at any time.
The Controller may process Personal Data relating to the User if one of the following applies:
The Controller will gladly clarify the specific legal basis that applies to each processing activity, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Controller’s operating offices and in any other locations where the parties involved in the processing are located. For further information, please contact the Controller. Personal Data may be transferred to a country other than the one in which the User is located. For details regarding the place of processing, Users can refer to the relevant sections of this document.
Users have the right to learn about the legal basis of Data transfers to a country outside the European Union or to an international organization governed by public international law or established by two or more countries, such as the United Nations, and about the security measures taken by the Controller to safeguard their Data. Users can find out more by checking the relevant sections of this document or by contacting the Controller directly.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
When the processing is based on the User’s consent, the Controller may retain the Personal Data for a longer period until the consent is withdrawn. Furthermore, the Controller may be obliged to retain Personal Data for a longer period whenever required to do so for compliance with a legal obligation or by order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the rights to access, erase, rectify, and data portability cannot be exercised after the expiration of the retention period.
The User’s Data is collected to allow the Controller to provide the Service, comply with legal obligations, respond to enforcement requests, protect its own rights and interests (or those of Users or third parties), and detect any malicious or fraudulent activity. In addition, Data is collected for the following purposes: Contacting the User, Displaying content from external platforms, and Analytics.
For specific information about the purposes of processing and the Personal Data used for each purpose, Users may refer to the section “Details about the Processing of Personal Data.”
Personal Data is collected for the following purposes and using the following services:
Users may exercise certain rights regarding their Data processed by the Controller.
In particular, Users have the right to:
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Controller, or for the purposes of the legitimate interests pursued by the Controller, Users may object to such processing for reasons related to their particular situation.
Users are advised that they can object to the processing of Personal Data for direct marketing purposes at any time without providing any justification. To determine whether the Controller processes Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
To exercise their rights, Users may send a request to the Controller’s contact details provided in this document. Requests are made free of charge and will be handled by the Controller as quickly as possible, and always within one month.
The User’s Personal Data may be used for legal purposes by the Controller in court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Controller may be required to reveal personal data upon request of public authorities.
Upon request, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services or the collection and processing of Personal Data.
For operation and maintenance purposes, this Application and any third-party services may collect system logs — files that record interactions and may contain Personal Data, such as the User’s IP address.
Further details concerning the processing of Personal Data may be requested at any time from the Controller using the contact information provided.
This Application does not support “Do Not Track” requests. To determine whether any third-party services used honor “Do Not Track” requests, Users are advised to consult their respective privacy policies.
The Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and possibly within this Application, as well as — where technically and legally feasible — by sending a notice to Users via any contact information available. Please consult this page regularly, referring to the date of the last modification listed below.
If changes affect processing activities that require consent, the Controller shall collect new consent from the User, where required.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services used in this Application), which may include: IP addresses or domain names of the computers used by Users, URI addresses (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the server's response status (success, error, etc.), country of origin, features of the browser and operating system used by the User, the various time details per visit (e.g., time spent on each page), and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application, who must coincide with or be authorized by the Data Subject, unless otherwise specified.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. Unless otherwise specified, the Data Controller is the owner of this Application.
The hardware or software tool by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relevant terms (if available) on this site/application.
Unless otherwise specified, all references made in this document to the European Union include all current member states to the European Union and the European Economic Area.
Small pieces of data stored in the User’s device.
This privacy policy has been prepared based on multiple legal frameworks, including Art. 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
Unless otherwise stated, this privacy policy applies only to this Application.
Last updated: October 12, 2020