B&B Casa NiRa Sardegna Mare

Privacy Policy

Information on the Processing of Personal Data

Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

Dear User,

This Privacy Policy describes how personal data collected through this website is processed, in accordance with Regulation (EU) 2016/679 (“GDPR”), Legislative Decree No. 196/2003 as amended, and the provisions issued by the Italian Data Protection Authority.

1. Data Controller

The Data Controller is:

Dr. Marco Cossu
Via Paolo Dettori, 9A
07039 Valledoria (SS) – Italy
E-mail: privacy@estargroup.it

2. Categories of Data Processed

While browsing and using the services offered through this website, the following categories of personal data may be collected and processed:

Identification and Contact Data

  • First and last name;
  • Residential or mailing address;
  • Country of origin;
  • Telephone number;
  • E-mail address;
  • Any additional information voluntarily provided through contact forms or information requests.

Browsing Data

The IT systems and software procedures used to operate this website automatically acquire certain technical data, including:

  • IP address;
  • Date and time of the request;
  • Type of browser used;
  • Operating system;
  • Information relating to website navigation and usage.

Such data is used solely for aggregated statistical purposes, security purposes, and to ensure the proper functioning of the services.

3. Purpose of Data Processing

Personal data is processed for the following purposes:

  • Managing information and contact requests;
  • Managing bookings and requested services;
  • Fulfilling contractual and pre-contractual obligations;
  • Complying with legal, tax, and administrative obligations;
  • Providing customer support;
  • Improving the services offered;
  • Sending information related to requested services;
  • Protecting the Data Controller’s rights and preventing fraudulent activities.

4. Legal Basis for Processing

The processing of personal data is based on one or more of the following legal grounds:

  • Performance of a contract or implementation of pre-contractual measures requested by the data subject;
  • Compliance with legal obligations to which the Data Controller is subject;
  • Consent of the data subject, where required;
  • Legitimate interest of the Data Controller in managing and securing its services.

5. Methods of Processing

Personal data is processed using electronic and IT-based tools, in accordance with the principles of fairness, lawfulness, transparency, and data minimization established by the GDPR.

Appropriate technical and organizational measures are implemented to ensure data security and prevent unauthorized access, loss, disclosure, or unlawful use of information.

6. Cookies and Analytics Tools

The website uses technical cookies necessary for the proper functioning of its pages and services.

Traffic analysis tools such as Google Analytics or equivalent services may also be used, configured in compliance with applicable regulations.

For further details, please refer to the website’s Cookie Policy.

7. Disclosure of Data to Third Parties

Personal data may be disclosed, within the limits of the purposes described above, to third parties acting as Data Processors or Independent Data Controllers, including:

  • Hosting and data center providers;
  • IT service providers and technical support providers;
  • Administrative, tax, and legal consultants;
  • Electronic payment service providers;
  • Public authorities and competent bodies when required by law.

Personal data will not be disclosed to the public.

8. Data Retention

Personal data will be retained for the time strictly necessary to achieve the purposes for which it was collected and subsequently for the period required by applicable laws or necessary to protect the Data Controller’s rights.

9. Minors

The services provided through this website are intended exclusively for individuals aged 18 years or older. The Data Controller does not knowingly collect personal data from individuals under the age of 18.

10. Security and Fraud Prevention

For payment processing, external payment providers such as banks, PayPal, Stripe, or other authorized operators may be used. Payment-related data is processed directly by such providers in accordance with their respective privacy policies.

11. Rights of the Data Subject

The data subject may exercise at any time the rights provided for in Articles 15–22 of the GDPR, including the right to:

  • Obtain confirmation as to whether personal data concerning them is being processed;
  • Access their personal data;
  • Request correction or updating of inaccurate data;
  • Request erasure of personal data where legally applicable;
  • Request restriction of processing;
  • Object to processing;
  • Receive personal data in a structured, commonly used, and machine-readable format (data portability);
  • Withdraw any consent previously provided;
  • Lodge a complaint with the competent Data Protection Authority.

12. Exercising Your Rights

For any request regarding the processing of personal data or to exercise your rights, you may contact the Data Controller at:

privacy@estargroup.it

Data Controller

Dr. Marco Cossu
Via Paolo Dettori, 9A
07039 Valledoria (SS) – Italy

Last updated: July 12, 2024