Privacy Policy

The oasimare.it site – hereinafter referred to synthetically as “Site” or “Application” – makes use of some proprietary and third-party functions to facilitate the user in a productive use of the contents and services offered on its pages. Through these functions, it collects and processes – or from here “Processes” or “Treatment” – both actively and passively, some personal data of the users who access it – hereinafter referred to respectively as “Data” and “User/Users”.

Who: according to the cases, the Data can be collected and processed directly from the Site, by means of autonomous functions, or by third parties, related to services integrated in it and connected to the latter.
Thing: the Site may collect data such as: name, surname, telephone number, e-mail address, preferred language for communication, and various types of data related to the request for information on its tourist offer. In connection with services provided by third parties, such as for example antispam protection, graphic and cartographic support, further data of preference and use of the Site may be involved in the processing, such as keys sought, cartographic locations investigated, resources and acquired iconography, pages visited, characteristics of the device or the access connection, etc., as analytically described below in the detail section.
As: based on the type, the data can be collected with explicit supply by the user – e.g. sending the contact form –, or being collected in a mixed, explicit and/or implicit way, together with the use of certain services, automatisms and contents.
Where: the data can also be variously processed in the user device, through cookies or other synchronous or asynchronous technology, or operated externally: on the site or third-party server, in e-mail tools or, as legally due, in tax archives or relating to the public authority.
Purposes: a) the Site processes the Data, directly or through third parties, to present its content and correspond with the interactions and requests of the User: for this reason, the lack of consent to their treatment, when it is necessary, could inhibit the extensive use of the site, sections of it, or specific services; b) limited to what is operated by third parties and excluding commercial tracking or profiling purposes, additional purposes may be associated, as described separately in the corresponding analytical sections below; c) the collected data may also be used to fulfil legal obligations, respond to requests or executive actions, protect the rights and interests of the parties, identify any malicious or fraudulent activities.
Rights: the User has the right to be specifically informed of the consistency and location of the Data referring to him, to revoke the consent to their Processing and to request their cancellation from their respective holders, without prejudice to the cases of law, such as for example those related to the needs of tax documentation.
Duties: a) the User, as he gives the consent to the Treatment, is required to communicate his Data in good faith. If, through the functionality of the Site, he obtains, disseminates, shares or communicates Data from third parties, he is therefore bound to the same good faith and lawfulness of action, freeing the Site from any responsibility towards the latter; b) wherever the consent of the User to the Treatment is requested, it is understood to be issued according to the law by a person over the age of sixteen.

Contact/Booking Form: the Site makes various communication channels available. In particular, a generic contact form and a specific booking form are present, separately in the different languages. With the generic contact form, the User can, at his discretion, initiate a guided e-mail correspondence with the owner of the Site, to request information or make reservations. The communication initiated here will then continue with autonomous e-mail tools, without having to rely further on the functionality of the Site. The specific booking form, on the other hand, follows at the end of the search procedure for accommodation availability offered on the Site and allows autonomy a reservation. In both cases, the Data are collected with explicit input and are processed directly and confidentially by the owner of the Site or its representatives, if any, with strict adherence to the purposes specified above. The Data is kept for the time necessary to perform the requested service, except for the proper fiscal and public security registration. They will also not be transferred to third parties, nor used directly for promotional purposes with automated methods, such as newsletters and the like, let alone for profiling. The data collected with the contact form are: name, e-mail address, subject of the request, free explanatory message, time stamp of the sending. The data collected with the booking form are: name, surname, physical address, e-mail address, telephone number, subject of the request, any free message, composition and number of guests, dates and preferred accommodation, chosen means of payment , time stamp of the shipment. Finally, in order to activate the contact, the User must give consent to the processing of data, in compliance with the law and for the purposes specified above: eg. respond to requests for information or otherwise placed, register a reservation, etc.

Bookings from third-party portals: the Site may possibly acquire/synchronize booking Data collected through third parties, specifically from external booking portals/services. As far as stored on the Site, their processing is assimilated to the Data collected directly through the pages of the site itself.

Spam protection filter reCAPTCHA: for an efficient and safe management, the contact form is equipped with anti-spam protection, supported by the well-known and widespread Google reCAPTCHA service. The functionality generates cookies of reference and processes usage data, i.e. stores and analyses the data flows on the protected page, to determine a sort of User’s certification, collecting or updating data referring to the interaction of the latter with the page itself, and possibly with other pages (of the Site or external to it) that implement the same technology. Aimed at identifying and filtering any spam interactions, the service is functionally hosted by the Site, but is provided and processed externally to it and is subject to Google’s Privacy Policy and Terms of Use. (provider for Europe: Google Ireland Limited – subject adhering to the Privacy Shield; place of treatment Ireland)

Content visualization: for a more agile formulation of some contents, the Site draws on external graphic and cartographic resources, precisely through the well-known and authoritative platforms Font Awesome, Google Fonts, and Google Maps. In correspondence with the transactions that connect to said third resources, some Data may be involved or be specifically collected or cookies may still be generated, as detailed below:
a) Font Awesome provides repertoires of alphabetic and iconographic fonts that can be integrated into the web pages. The processed data are usage data: mainly statistics on the use of the resource, the web pages that contain it, the devices and applications that require them, etc. The service is integrated into the Site, but it is located outside it and it is subject to the Pivacy Policy and Terms of Use of Fonticons. (provider: Fonticons, Inc.; place of treatment: United States).
b) Google Fonts provides repertoires of alphabetic and iconographic fonts that can be integrated into web pages. The processed data are both usage data, i.e. statistics on the use of the resource, web pages that contain it, devices and applications that require it, and other types of data, as specified by the same provider in its informative documentation. The service is integrated into the Site, but it is located externally and it is subject to Google’s Privacy Policy and Terms of Use. (provider for Europe: Google Ireland Limited – subject adhering to the Privacy Shield; place of treatment Ireland).
c) Widget Google Maps provides an interactive cartography used by the Site to show the geographical location of the accommodation and facilitate the calculation of distances and of the road map to reach it. The processed data are both usage data, i.e. statistics on the use of the resource, of the web pages that contain it, of the devices and applications that request it, and other types of data, as specified by the same privacy policy of the service. The service, which uses cookies, is functionally hosted by the Site, but it is provided and processed externally to it and it is subject to Google’s Privacy Policy and Terms of Use. (provider for Europe: Google Ireland Limited – subject adhering to the Privacy Shield; place of treatment Ireland).

Means: the Data Controller – hereafter briefly referred to as “Owner” – adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or cancellation of the Data. The Treatment is carried out through IT and/or telematic tools and with methods related to the aforementioned purposes. The Site is hosted by an ISO 9001: 2008, ISO 27001: 2013 and CISPE certified provider, verifiable through the Whois service.
Subjects: In some cases, due to managerial or organizational purposes, another subject other than the Data Controller, may have access to the Data for functional activities related to the main one, such as suppliers of work, consultancy, services, etc.: for example administrative, executive staff, technical staff, that is provider, IT companies, tourist agencies, etc. In the foreseen cases, the Owner will formally appoint “Data Processors”, and he will include them on a special list available on request.
Legal Basis of the Processing: the Data Controller is entitled to process the data if one or more of the following conditions exist which, on request, must be clarified to the User as for the basis and the legal nature: a) the User has given consent for one or more specific purposes; b) Processing is necessary for the execution of the contract with the User or for the execution of pre-contractual measures; c) the processing is necessary to fulfil the owner’s legal obligation; d) Processing is necessary for the performance of a public interest task or for the exercise of public powers with which the Data Controller is invested; e) the processing is necessary for the pursuit of the legitimate interest of the owner or third parties; f) if the Treatment is regulated externally to European legislation, with the exception of specific cases provided for in some systems in which the tacit consent is allowed or the possibility of processing without consent until possible opposition.
Place: a) the data are processed at the owner’s office(s) and in any other place where the parties involved in the processing are located; b) The processing may possibly be operated in a country other than the one in which the user is located, as specified in the descriptions of the distinct functionalities of the site. Upon request and as far as it is his responsibility, the owner is required to extend precise information.
Retention Period: the data are processed and stored for the time required by the purposes they were collected for: a) the data collected for purposes related to the performance of a contract between the owner and the user will be retained until the end of the same; b) the data collected for purposes related to the legitimate interest of the owner will be retained until the satisfaction of this interest (the User can obtain information on this interest in the sections of this statement or, otherwise, by requesting it to the Owner); c) if the processing is based on the consent of the user, the owner can keep the data for a longer time than that of fulfilment of the aforementioned conditions, and in any case until such consent is revoked. The Data Controller may also be obliged to keep the Data for a longer period, in compliance with a legal obligation or by the order of a public authority; d) at the end of the retention period, the Data will be deleted. For this reason, the rights of access, cancellation, rectification and portability related to them and described below will evidently lapse.
User Rights: he User can exercise specific rights with the Data Controller as for the Data referred to himself. In particular, he has the right to: a) revoke the consent to the treatment previously expressed at any time; b) oppose the treatment of his data, if this occurs on a legal basis other than consent; the right of opposition is also protected – even if the Data are processed in the public interest or connected to the exercise of public powers with which the Data Controller is invested, or in order to pursue a legitimate interest of the Data Controller or of third parties – when prevailing conditions prevail, connected for example to the fundamental rights and freedoms of the interested party and which require the protection of personal data, in particular if the latter is a minor; there is still the right to object to the processing if the data were processed for direct marketing purposes, which the user can oppose to without having to provide any reasons; c) access to his Data, obtaining information on the Data processed, and/or specific aspects of the processing, and to receive a copy thereof; d) verify and require any correction or updating of his data; e) obtain the limitation of the processing of his data by reason of certain conditions. In this case, the Data Controller will reduce the processing for the sole purpose of their conservation; f) obtain the cancellation or removal of their data due to the occurrence of certain conditions. In this case, the Data Controller will cease the processing of the aforementioned data; g) receive his data or have it transferred to another Data Controller: in this case the data must be supplied in a structured format of common use and readable by an automatic device, as well as any requested transfer must take place without hindrance as far as it is technically possible. This provision is applicable only to cases in which the Data are processed with automated tools and depending on the specific consent of the User, or they pertain to a contract to which the User is a party or to contractual measures connected to it; h) lodge a complaint or act in court, respectively with the supervisory authority or the competent court.
Exercise of User’s rights: to exercise his rights regarding the processing of data, the User can direct a request via the owner’s contact details as shown in this information. Requests are filed free of charge and processed by the Data Controller with diligent timeliness and in any case within one month from the date of receipt.
Defense in Court: The Data Controller has the right to use in court, or during the preparatory stages of his possible establishment, the User’s Data subject to processing, to defend himself against abuse by the User in using the Site, the features or the services connected to it. The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of the public authority.

Response to Anti-Tracking Requests: the Site may not support briefly defined “Do Not Track” requests. To check their support with the integrated third-party functions, the respective privacy policies can be consulted.
System Reports: this Site – including the integrated third-party functions, the general platform on which it is structured, the accessory applications that articulate it and the servers that host it – could collect system logs for needs related to its operation and maintenance; these are files that contain technical operating reports in which data similar to personal data may be present, such as for example the IP addresses that identify the access connection. These traces are common and intrinsic to the functioning of the web protocols and can possibly be masked by the User, with varying effectiveness, through browser settings.
Violation Notification: any detected violations of personal data, due to the compromise of IT security or malicious and fraudulent activities, whether they involve risks, will be notified to the Supervisory Authority within 72 hours. If the risk is considered high, the Users concerned will also be informed. Any detected violation, even if not notified, will be recorded.

Additional Information: a) in addition to what is described in this document, for specific ancillary needs, the Site may provide the User with additional and contextual information regarding the data processing. b) if the User needs any other type of information or clarification about the Data, the Owner will be diligent to correspond to any requests.
Changes to This Information: The Data Controller reserves the right to make changes to this information at any time, notifying it to users through this page and, if possible, on the pages of the Site; furthermore, if technically and legally possible, by sending notification to users through the contact details of which it has availability. We therefore invite you to check on this page, with attention to the modification date shown at the bottom of it. It is understood that if the changes involve treatments that require consent, the Owner will take steps to collect the User’s consent again as necessary.

definitions used in this document
· Personal Data (or Data): information that identifies or renders potentially identifiable a natural person, regardless of its type, directly or indirectly, or also in connection with any other information and/or explicit or codified notation.
· Usage data: the information collected automatically by and through this Site, directly and autonomously or by third-party applications integrated into the functionality of the Site and its management systems. That is to say, the recording of the consistency of the interactions between the servers involved, for example: IP addresses or domain names that are associated with the devices used by the User who accesses the Site; URI (Uniform Resource Identifier)notations; type of browser, client, operating system and IT support environment; geographic location; times and other time dimensions; entity, method and type of flow; Status and transaction “logs”; sequences of pages consultation and access to the functionality of the Site.
· User: the person who accesses and uses this Site and the third-party functions integrated in it, which is typically the natural person to whom any personal data involved in the processing refers.
· Data Processor (or Processor): the natural, legal person, public administration and any other entity that processes personal data on behalf of the Data Controller, as set out in this statement.
· Data Controller (or Owner): the natural or legal person, public authority, the contact person of a service or other subject who, individually or together with others, determines the purposes, tools and methods of processing personal data, and the security measures adopted to protect the Site and its use. The Data Controller, except for clearly specified cases (see third party services), is here the owner of the Site.
· Site (or Application): the hardware and software device through which, directly or mediated, the User’s Personal Data are collected and processed. In this document the name refers to the site developed in the domain casailtiglio.it.
· Cookie: explicit or encoded text files, generally of a very modest size, which are stored in the User device to contain some reference data used by the Site and the third-party functions integrated into it, to manage and specify the interaction with the User.

regulatory references
the Site ensures that the Data processing and, more generally, the functions and procedures operated in and through it comply with the current provisions of the law. This information is provided in application of the Italian and European legislation on the protection of personal data, in particular pursuant to the following devices: Legislative Decree 196/2003, Legislative Decree 51/2018, EU Regulation 2016/679 «GDPR – General Data Protection Regulation », EU Directive 2016/680. The legislative texts are available in all the languages of the European Union from the official portal: Eur-Lex.europa.eu.

contact references
Owner: the owner of the processing of personal data for this site is the owner of the domain oasimare.it, as registered in the Italian Registry of .it domains, (www.nic.it). The owner can be contacted through the electronic and telephone references present on the site or by post to the following address: via Croce del Sud, 22 – 30028 Bibione (Ve) – Italy.

date and changes
Last modified: April 3, 2021.