The protection of natural persons with regard to the processing of data of a personal nature is a
fundamental right and through this page the B&B “Le DUE G”, hereinaHer referred to as “B&B”,
describes how the personal data of Users who consult the website at the electronic address
hJps://bb-ledueg.it are processed, in accordance with EU Regulation No. 2016/679.
For the purposes of this regulation it is understood as:
- PERSONAL DATA.
Any information concerning an identified or identifiable natural person (“data subject”). An
identifiable natural person is any natural person who can be identified, directly or indirectly, with
particular reference to an identifier such as a name, an identification number, location data, an
online identifier, or to one or more characteristic elements of his or her physical, physiological,
genetic, mental, economic, cultural or social identity (Art. 4 No. 1 EU Reg. No. 2016/679).
- PROCESSING OF PERSONAL DATA
Any operation or set of operations, whether or not by automated means, applied to personal data
or sets of personal data, such as collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or
otherwise making available, comparison or interconnection, restriction, consultation, use,
disclosure by transmission, dissemination or any other form of making available, comparison or
interconnection, restriction, deletion or destruction (Art. 4 no. 2 EU Reg. No. 2016/679).
- DATA CONTROLLER
The natural or legal person, public authority, service or other body which alone or jointly with
others determines the purposes and means of the processing of personal data (Art. 4 No. 7 EU
Reg. No. 2016/679).
The owner of the processing of personal data is the B&B “Le DUE G”, with registered office in
Varese, via Francesco Daverio, n. 67 – 21020, which can be contacted as follows:
- e-mail: firstname.lastname@example.org
- DATA CONTROLLER.
The natural or legal person, public authority, service or other body that processes personal data on
behalf of the controller (art. 4 no. 8 EU Reg. no. 2016/679).
The Personal Data Controller (Art. 4 No. 8 EU Reg. No. 2016/679) is Dr. Raffaella Gaggi, who can be
contacted as follows:
Any form of automated processing of personal data consisting of the use of such personal data to
evaluate certain personal aspects relating to a natural person, in particular to analyze or predict
aspects relating to the personal preferences, interests, reliability, behavior, location or movements
of that natural person (Art. 4 No. 4 EU Reg. No. 2016/679).
Personal data is processed in such a way that personal data can no longer be aJributed to a
specific data subject, without the use of additional information, which must be stored separately
and subject to technical and organizational measures to ensure that such personal data is not
aJributed to an identified or identifiable natural person (Art. 4 No. 5; 25 EU Reg. No. 2016/679).
- CONSENT OF THE DATA SUBJECT
Any freely given, specific, informed and unambiguous manifestation of the data subject’s wishes,
whereby the data subject indicates his or her consent, by way of a statement or unambiguous
affirmative action, that personal data relating to him or her be processed (Recital 40; Art. 4 No. 11
EU Reg. No. 2016/679).
TYPES OF DATA PROCESSED
- Navigation data
The computer systems and soHware procedures used to operate this site acquire, in the course of
their normal operation, some personal data whose transmission is implicit in the use of Internet
This category of data includes IP addresses or domain names of the computers and terminals used
by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources
requested, the time of the request, the method used in submimng the request to the server, the
size of the file obtained in response, the numerical code indicating the status of the response given
by the server (successful, error, etc.) and other parameters relating to the user’s operating system
and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of
visitors by time slot or daily, geographical areas of origin, etc.);
- check the proper functioning of the services offered.
Browsing data do not persist for more than seven days (except for any need to ascertain crimes by
the judicial authorities).
- Data communicated by the interested party
The optional, explicit and voluntary sending of messages to the contact addresses of the website
hJps://bb-ledueg.it, private messages sent by users to profiles on social media, involve the
acquisition of the sender’s contact data, necessary to respond, as well as all personal data included
in the communications.
In the case of free and consensual sending of messages containing “special categories of personal
data”, concerning health, the acquisition of the same and the consequent processing will take
place with the explicit consent of the person concerned, in compliance with the principles of
accountability (accountability), confidentiality, lawfulness, fairness and transparency (Art. 5 EU
Reg. No. 2016/679).
B&B Le DUE G is not responsible in any way for the voluntary transfer of health data and is exempt
from any liability.
- Cookies and other tracking systems
for user profiling and also, session cookies (non-persistent) are used strictly limited to what is
necessary for the safe and efficient navigation of the sites. The storage of session cookies in the
terminals or browsers is under the user’s control, whereas on the servers, at the end of HTTP
sessions, information relating to the cookies remains recorded in the service logs, with a storage
period, in any case, of no more than seven days, in the same way as other browsing data.
We take great care in implementing and maintaining the security of our services and your data. We
have put in place appropriate physical and technological safeguards to help prevent unauthorised
access, to maintain data security and to make proper use of the information we collect. These
protections vary depending on the sensitivity of the information we collect and store.
We use careful procedures and specific technical controls to ensure the security of our information
systems, such as:
- secure network topology, which includes intrusion prevention systems;
- encrypted communication;
- authentication and access control;
- external and internal verification tests.
Despite all measures taken to safeguard your information we cannot guarantee, in the state of
technology, that unauthorised access or misuse of services by third parties can be excluded.
Personal data will be processed and stored for the time strictly necessary to achieve the purpose
for which it was collected.
PLACE OF DATA PROCESSING
The processing of personal data related to the online services of this website takes place at the
headquarters of the B&B Le DUE G and are handled only by the technical staff in charge of
processing, or by any persons in charge of maintenance operations, who take care of the
technological part of the site (art. 28 EU Reg. n. 2016/679).
CONSENT OF THE DATA SUBJECT
The data subject gives his or her consent by means of a free, specific, informed and unambiguous
statement or positive action that personal data concerning him or her may be processed. The data
subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not
affect the lawfulness of the processing based on consent before the withdrawal. Before giving
consent, the data subject shall be informed of this. Consent may be expressed by the data subject,
in accordance with applicable law, by means of specific browser and computer program
configurations or devices that are easy and clear to use (Articles 4, nos. 7 and 11; 7 EU Reg. No.
RIGHTS OF THE DATA SUBJECTS
Data subjects have the right to obtain from B&B Le DUE G, in the cases provided for, access to their
personal data and the rectification or cancellation thereof or the restriction of processing
concerning them or to object to processing.
The appropriate application shall be submiJed to the Data Controller at the following address:
- e-mail: email@example.com
RIGHT OF COMPLAINT
In order to exercise their rights and for any question or request relating to the processing of their
personal data by the B&B, the interested party may contact the Data Controller at the following
- e-mail: firstname.lastname@example.org
The data subject has the right to lodge a complaint with the Privacy Guarantor (art. 77 EU Reg. no.
2016/679) or to take legal action (art. 79 EU Reg. no. 2016/679), if he/she considers that the
processing of his/her personal data violates this Regulation.