1. General information
We attach great importance to protecting your privacy and processing your personal data in accordance with the law. In our capacity as controller we would like to make processing transparent and use this privacy statement as a means of advising you on how your personal data are processed when you use this website, on how to contact us, on how to express interest in one of our real estate offers and request information on this or other offers and/or on how to conclude a contract with us.
2. Name and contact details of the data controller and of the data protection coordinator
Controller of your personal data:
Villa Eden Hotel GmbH
Tax identification code: 02899870212
Tel.: +39 0365 520 027
In addition to the controller, you can also contact the relevant data protection coordinator via the below contact details:
FAO: Data Protection Coordinator
3. Categories of personal data we process in relation to you
Personal data are any items of information concerning an identified or identifiable natural person, meaning they can be attributed to you personally. Examples are your name, address, phone number, email address or IP address. As set out below, we process various items of personal data that we have received from you in the course of
our (business) relations. We also process data we have legitimately received from brokers and consultants or from publicly accessible sources, such as the commercial register or land register.
We collect certain items of information when you use our website (see section on server log files for more details).
Moreover, we collect data automatically by means of cookies (see below for more details).
If you display interest in our offers by filling out the contact form, we will process your first and last name, email address, phone number and any comments you send us via the free text field. We also process any additional (personal) data that you send us voluntarily.
To execute a contract that has or will be concluded between us, we will process your contact details in particular, as well as data required for identification and for executing the contract
(contract and real estate data, correspondence about account and payment data, etc.). Villa Eden Hotel GmbH is primarily responsible for processing and further action.
4. Relevant legal framework
If the privacy statement does not specify the legal framework, the following shall apply. Point (a) of Article 6(1) GDPR and Article 7 GDPR provide the legal framework for obtaining consents, point (b) of Article 6(1) GDPR provides the legal framework for processing to fulfil our services, implementing contractual measures and responding to enquiries, point (c) of Article 6(1) GDPR provides the legal framework for processing to fulfil our legal obligations and point (f) of Article 6(1) GDPR provides the legal framework for processing to safeguard our legitimate interests.
5. Use of our contact form for the purpose of making contact and periodically mailing event invitations and items of information
When you send the contact form your personal data in the contact fields (first and last name, email address, phone number and any comments you send us) are processed for the purpose of making contact and periodically mailing items of information and event invitations for offers. The processing of data entered in the contact form and disclosure of such data to third parties are based on your consent given (in accordance with point (a) of Article 6(1) GDPR) for the purposes stated in each particular case. There is no obligation to actually provide the data we request from you on our website.
You may withdraw your consent completely or partially at any time at email@example.com, having effect for the future. In its capacity as controller and joint point of contact, Villa Eden Hotel GmbH shall take receipt of the withdrawal, even if the withdrawal concerns data handling by the co-controller. Each mailing also contains an option of withdrawal. Thewithdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.
The personal data you provide via the contact form will be processed until we stop offering you the service described above for our office offers if no withdrawal is made. Provided there are no statutory retention requirements, your personal data will be erased three years after the last use.
6. Provision of contractual services
In cases where a contract is concluded, your personal data (in particular, your contact details and data required for identification and executing the contract, such as contract and real estate data or correspondence about account and payment data) shall be processed for the preparation, conclusion and execution of rental or purchase contracts and the execution of your orders, as well as any other activities or actions that are related and necessary (in accordance with point (b) of Article 6(1) GDPR).
The data shall be kept for the duration of the contract and thereafter for at least as long as statutory retention periods or limitation periods for potential legal claims apply.
You must provide the items of personal data necessary for proper execution of the contract and that we are legally obliged to collect. We will normally be forced to refuse conclusion of the contract if you do not wish to provide us the data. We can no longer execute an existing contract in such cases. Data not needed for proper execution of the business relationship or required by law need not be provided, however. Disclosure of such data is voluntary
7. Server log files
The provider of the website automatically collects and stores items of information (browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server inquiry and IP address) in server log files, which your browser transmits automatically.
The data collected are used to ensure the website can connect in the manner intended, that it is easy to use and to evaluate the security and stability of the system. We reserve the right to examine these data retrospectively if there is concrete evidence of illegal activity. These data will not be combined with data from other sources
Point (f) of Article 6(1) GDPR provides the legal framework for the data processing. The legitimate interest arises from the data collection purposes listed above.
9. Google Analytics
This website uses the IP anonymisation facility offered by Google Analytics. As a result, your IP address shall be truncated by Google beforehand within the Member States of the European Union or in other countries that are signatories of the treaty on the European Economic Area. Only in exceptional cases shall the full IP address be sent to a Google server in the USA to be truncated there. On behalf of the operator of this website, Google shall use this information to analyse your use of the website, to compile reports on website activity and to provide other services associated with the use of this website and the internet in general for the website operator. No connection shall be established between the IP address sent by your browser within the scope of Google Analytics and any other Google data.
We have concluded a data processing agreement with Google.
Data processing takes place on the basis of Art. 6(1)(a) GDPR (consent). We use Google Analytics to generate website access statistics that are easy to use and, as a consequence, to improve our offering and our web presence.
As described above, you can prevent the storage of cookies by configuring your browser software accordingly. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Alternatively, you can prevent any recording of your data by Google Analytics by clicking on the following link. This installs an opt-out cookie which prevents any recording of your data during future visits to this website:
Personal data are erased after 14 months.
Google Analytics OptOut status on this website:
10. Google AdWords – conversion tracking
To record usage of our website for statistical purposes and to optimise our website, we also make use of Google Conversion Tracking based on your consent given (in accordance with point (a) of Article 6(1) GDPR). Google AdWords will set a cookie on your computer if you have accessed our website via an advertisement of Google. Such cookies expire after 30 days and are not used for personal identification. If the user visits a certain page on the AdWords customer’s website and the cookie has not yet expired, then Google and the customer can see that the user clicked on the advertisement and was forwarded to the page in question. Every AdWords customer receives a different cookie, which means that cookies cannot be tracked via AdWords customer websites. Information obtained by means of the conversion cookie is used to create conversion statistics for AdWords customers who have opted to use conversion tracking. AdWords customers are informed of the total number of users who have clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be identified personally. If you do not wish to participate in the tracking process, then you can prevent the placement of a cookie required for this by making a browser setting that generally disables the automatic placement of cookies, for example. You can also disable conversion tracking cookies by configuring your browser to block cookies from the googleadservices.com domain. Google’s privacy statement for conversion tracking can be found at https://policies.google.com/privacy?hl=en.
Google Adwords OptOut status on this website:
11. Use of Facebook pixels, Custom Audiences and Facebook remarketing
With your consent and in the interests of analysis, optimisation and economical operation of our online offering and for these purposes, we use within our online offering, pursuant to Art. 6(1)(a) GDPR, the “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or (if you are resident in the EU) by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Facebook is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The Facebook pixel allows Facebook to identify the visitors to our website as a target group for the display of advertisements known as “Facebook ads”. To this end, Facebook’s remarketing tag has been implemented on this website. This tag establishes a direct link to the Facebook servers when the website is visited. This communicates to the Facebook servers that you have visited this website, and Facebook assigns this information to your personal Facebook user account.
Further information on the collection and use of data by Facebook as well as on your rights and options to protect your privacy in this regard can be found in Facebook’s Data Policy at https://www.facebook.com/about/privacy/.
The remarketing function “Custom Audiences” can be disabled at "https://www.facebook.com/settings/?tab=ads#_=_". You must be logged into Facebook to do this.
The Facebook web tracking OptOut status on this website:
12. YouTube and notes on the integration of videos
We have embedded YouTube videos on our website, which are stored at “www.youtube.com” and can be played directly from our website. To increase the protection of your data when you visit our website, the videos have been embedded into the site using the double-click solution, which means that no data are transferred to YouTube about you as a user if you do not play the videos. Only if you play the videos and, by doing so, consent to the transmission of data shall YouTube cookies be stored on your computer and data transferred to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA as the YouTube operator. If you are logged into your YouTube account, you are hereby enabling YouTube to assign your browsing behaviour to your personal profile directly. You can prevent this by logging out of your YouTube account.
YouTube is used in the interests of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Consent status for displaying YouTube videos:
13. Vimeo and notes on the integration of videos
We have integrated Vimeo videos on our website, which are stored on www.vimeo.com and can be played directly from our website. To better protect your data when you visit our website, the videos are integrated into the page by means of a two-click solution, i.e. no data about you as a user are transferred to Vimeo if you do not play a video. Vimeo cookies are not stored on your computer and data are not transferred to Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA until you play a video and in so doing give your consent to the data transfer. If you are signed in to your Vimeo account, then you allow Vimeo to associate your surfing habits with your personal profile. You can prevent this by signing out of your Vimeo account.
Vimeo is used to enhance the presentation of our website. This constitutes a legitimate interest within the meaning of point (f) of Article 6(1) GDPR. More information on the handling of user data is available in Vimeo’s privacy statement at https://vimeo.com/privacy.
Consent status for displaying Vimeo videos:
14. Social media
On the basis of Art. 6(1)(f) GDPR, we place buttons on our website that belong to the social networks Facebook, Twitter and Instagram in order to increase awareness of our website and projects via these channels. To increase the protection of your data when you visit our website, these buttons are not unrestricted; they are merely embedded in the site using an HTML link. This embedding ensures that when you access a page of our website that contains such buttons, a connection is not established with the servers of the provider of the respective social network. By clicking on the respective icon, you consent to communication with the respective platform and to the transmission of information (e.g. IP address) to the respective service provider. The provider of the social network can be identified by the marking on the box, i.e. its initial letter or logo.
The purpose and scope of data collection and the further processing and use of the data by the providers on their sites, as well as your rights in this regard and the settings you can configure to protect your privacy, are set out in the data privacy policies of these providers. Please note that, as the provider of this website, we have no knowledge of the content of the data transmitted or of the use thereof by the respective providers. Addresses of the respective providers with their data privacy policies:
- Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Facebook’s Data Policy: https://www.facebook.com/policy. Facebook is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law.
- Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; Instagram’s Data Policy: http://instagram.com/about/legal/privacy/.
15. Disclosure of data
In particular, your personal data will be sent to the following companies that provide services for us in connection with the provision of information and event invitations for our office offers:
- – IT service providers (in particular, SIGNA Informationstechnologie GmbH).
- – It may be necessary to transmit your data to the following recipients if the processing of your personal data is connected with performance of the contract (rental contract):
- – third parties involved in the transaction (including individuals who inevitably participate in the transaction and potential contractors, financing companies, insurance companies, etc.);
- – service providers (including tax advisers, building management, insurance, external service providers such as cleaning companies, safety officers, accounting, facility management, service companies, chimney sweeps, public authorities, lawyers, etc.);
- – local tax office and other public authorities, tax advisers and legal representatives (for enforcing rights, defending claims or in the context of administrative proceedings), and
- – companies contracted to manage our internal IT infrastructure, e.g. software and hardware (in particular, SIGNA Informationstechnologie GmbH). Your data will only be passed on to the extent required to achieve the purpose of the processing.
Apart from the automated delivery of emails via MailChimp, which has entered into the EU Privacy Shield, we do not intend to transfer data to any recipient in a third country (outside the EU) or international organisation.
Article 28 GDPR provides the basis should we contract any third party to process data on our behalf.
16. Data security
We take appropriate technical and organisational measures to ensure data processing is secure and to process your (personal) data such that unauthorised third parties cannot access it.
Despite our security measures, there is a possibility that other individuals will view and use information you share with us over the internet, especially in unencrypted emails.
17. Changes to this data privacy statement
We reserve the right to amend any information provided in this privacy statement in accordance with changes in legislation or case-law without prior notice. The version published here is valid.
18. Your rights in relation to personal data
You have the right of access to information about your personal data (see Article 15 GDPR for more details), as well as to request the rectification (see Article 16 GDPR for more details), erasure (see Article 17 GDPR for more details), restriction of processing (see Article 18 GDPR for more details) and the portability (see Article 20 GDPR for more details) of your personal data.
Furthermore, under certain circumstances you may object to the processing of your personal data (in cases where your personal data are processed based on legitimate interests according to point (f) of Article 6(1) GDPR – see Article 21 GDPR for more details).
If processing is based on your consent, you also have a permanent right to withdraw the consent (see Article 7(3) GDPR for more details), where this shall not affect the legality of any processing prior to withdrawal on the basis of the consent. You may address such requests to Villa Eden Hotel GmbH in its capacity as controller and joint point of contact (see contact details above in Section 3.) or to the data protection coordinator with an indication of your request.
To protect your privacy and security, we reserve the right to verify your identity before taking any of the measures listed above.
We attach great importance to protecting your personal data and processing it in accordance with the law. Please send any questions or concerns regarding the processing of your personal data to Villa Eden Hotel GmbH in its capacity as joint point of contact for the joint controller (see contact details above in Section 3.) or to the data protection coordinator. You also have the option of contacting Italy’s data protection authority if you believe your personal data is being processed unlawfully.