This page describes the management of the website with respect to the processing of personal data of users who consult it.
The information according to Reg. (EU) 2016/679 and Recommendation no. 2/2001 of WP29, provides indications for the collection of personal data online and, in particular, the methods, timing, and nature of the information that the data controller must provide to users when they connect to web pages of the site, regardless of the purpose of the link.
Following consultation of this site, data relating to identified or identifiable persons may be processed. The "owner" of their processing is Dorapal srl, which is based in Turin (Italy), Via Santa Chiara, 22.
Place of Data Processing
The processing connected to the web services of this site takes place at the headquarters of Dorapal srl, of the site hosting service provider – Lodgify.com – and of the data processors identified by the same structure.
They are also processed by Booking.com through its policies which are direct and accessible from the web application.
No data deriving from the web service is disseminated. The personal data provided by users are used only to perform the service or performance requested and are communicated to third parties only if it is necessary for achieving this purpose.
Explicit consent of the interested party is needed if the data is ever to be processed for commercial and/or informational ends.
Types of Data Processed
– Navigation data
The IT systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified interested parties, but this information, by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes: IP addresses or domain names of the computers utilised by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing.
The data could be used to ascertain who is responsible, in the case of hypothetical computer crimes against the site.
– Data Provided Voluntarily by the User
The optional, explicit, and voluntary sending of data through forms on the website, or via email to the addresses indicated on this website, entails the subsequent acquisition of the sender's address, which is necessary for responding to requests, as well of any other personal data included in the message.
Specific summary information will be progressively reported or displayed on the pages of the site, prepared for particular services upon request.
The information (including the images) that the user uploads to the reserved area is aimed at collecting the information necessary to carry out the booking for the stay and is accessible only to authorized users, or to those directly involved and/or to participating intermediaries. This information is not subjected to dissemination procedures. The processing of personal data present in and downloadable from the reserved area complies with the provisions of the law, and explicit authorization to process the data by the interested party may be necessary after verifying appropriate information.
Commercial and/or Informational Communication
The email contacts used to send commercial and/or informational communication come from voluntary registration by the recipient, to whom a confirmation request is always submitted, as well as from information acquired in the context of sale of the data controller’s services or in a similar circumstance in which the data controller has legitimate interest. It is stressed that contacts were not taken from public directories of subscribers. If the communications are not of interest to the recipient, any further contact can be avoided by clicking on the appropriate link contained in each message, or by writing using the contact details at the bottom, exercising one's right to be deleted from the database.
To this end, Dorapal srl has registered in the Extended Registry of Processing Activities present in the GDPR, a special database called ‘Comunicazioni Commerciali Dorapal’ (Dorapal Commercial Communications).
E-commerce and Payments
Data can be processed for the reservation management and for possible participation in loyalty programs.
The payment system transmit data to the banks providing the service (Paypal), autonomous owners.
Optional Provision of Data
Apart from what is specified for navigation data, the user is free to provide personal data for specific requests on products and/or services.
Failure to provide such data may make it impossible to obtain what has been requested.
For completeness it should be noted that in some cases (not subject to the ordinary management of this site) the Authority can request news and information pursuant to Article 157 of Legislative Decree no. 196/2003, for monitoring the processing of personal data. In these cases, responding is mandatory under penalty of administrative sanction.
Legal basis. Possible Management of Consent to Processing
When necessary, outside of the cases in which the pre-contractual, contractual, or legitimate interest of the owner, or of third parties, is applied, and in any case after reading the information, the interested party is required to give his/her consent to the processing and to the disclosure of personal data for the purposes and within the limits described above, otherwise the Data Controller will be unable to process the data to carry out and implement the services requested by the data subject or offered to him/her.
Method of Processing
Personal data are processed using automated tools strictly for the necessary amount of time to achieve the purposes for which they have been collected, and will be kept, in general, as long as the purposes of the processing continue, according to the category of data processed.
Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access. The data controller reserves the right to keep the data for the period mandated by current legislation, unless otherwise communicated by the interested party.
Rights of the Interested Parties
At any time the interested party may: exercise his/her rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when foreseen and where the conditions are met for the data controller, in accordance with Articles 15 to 22 of the GDPR; to propose a claim to the Guarantor (www.garanteprivacy.it); and if the processing is based on consent, revoke the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the processing based on consent before revocation.
Requests should be sent to the Data Controller Dorapal srl, using the address firstname.lastname@example.org