Privacy Policy

The company: KIWI BEACH RESORTS SRL, with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899, REA SR – 154587, PEC kiwibeachresorts@legalmail.it, website www.kiwibeachresorts.it, hereinafter referred to as ‘Data Controller’, in the person of its legal representative, certifies the following PRIVACY POLICY for the website: “https://hoteldolcestate.com/it/” available at: https://hoteldolcestate.com/it/privacy/

The website ‘https://hoteldolcestate.com/it/‘ is managed and owned by Kiwi Beach Resorts S.R.L., with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899.

Information regarding the processing of common and special categories of personal data, pursuant to Articles 9 and 13 of Regulation (EU) 2016/679 (GDPR).

This information notice informs data subjects that Kiwi Beach Resorts S.r.l., with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899, as Data Controller of personal data relating to the website https://hoteldolcestate.com/it/, provides information regarding the methods of collection, use and protection of personal data, both common and special categories, relating to data subjects, i.e., the individuals to whom such data refers.

1. Data Controller

The Data Controller of personal data, pursuant to Regulation (EU) 2016/679 (GDPR), is Kiwi Beach Resorts S.r.l. (hereinafter “KBR”), with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899. Data subjects may exercise the rights referred to in Articles 15–22 of Regulation (EU) 2016/679 and request further information by writing to the email address: privacy@kiwibeachresorts.it

2. Protection of Personal Data, Common and Special Categories

Kiwi Beach Resorts S.r.l. acknowledges that when a user decides to provide personal data and/or special categories of data concerning them through the website https://hoteldolcestate.com/it/, they place trust in the Data Controller and in its ability to operate responsibly in relation to the processing of data and the purposes for which such data is provided, in compliance with applicable legislation, except in cases of force majeure not attributable to the Data Controller.

For this reason, Kiwi Beach Resorts S.r.l. adopts a policy regarding the protection of users’ personal data, both common and special categories, which defines the methods of provision, collection, processing and use of such data.

3. Type of Information Collected, Their Use and Methods of Collection of Personal Data and/or Special Categories

In accordance with applicable legislation and, in particular, with Regulation (EU) 2016/679 (GDPR), the website https://hoteldolcestate.com/it/ provides specific methods for collecting consent (“opt-in”) in sections dedicated to registration and use of services, in order to allow users to express free, specific, informed and unambiguous consent to the processing of personal data, common and/or special categories provided.

Through such “opt-in” methods, users can view, pursuant to Article 13 of Regulation (EU) 2016/679, information relating to the methods and purposes of personal data processing and express their consent by selecting the appropriate boxes provided, subject to acceptance of this privacy policy. Such consent authorizes the processing of data for the indicated purposes and allows users to exercise the rights recognized by applicable legislation.

In order to allow conscious and informed access to services, promotions and activities made available through the website https://hoteldolcestate.com/it/, Kiwi Beach Resorts S.r.l., as Data Controller, may request users who intend to register or use the services offered to provide personal data, both common and/or special categories.

Personal data may be collected, by way of example, when the user:

  • registers for online services on the website;
  • provides information for participation in events, activities and/or courses organized or promoted through the website;
  • contacts the website to request information or use the services offered, including through non-digital methods (e.g., paper).

The information collected may include data such as first and last name, email address, as well as any additional data that may be necessary in relation to the purposes pursued and indicated in the specific “Purpose of Processing” section of this privacy policy.

The provision of data always takes place according to explicit consent methods (“opt-in”) and in compliance with the principles of lawfulness, fairness, transparency and data minimization.

4. Data Storage

Personal data collected through the website https://hoteldolcestate.com/it/ is processed and stored by Kiwi Beach Resorts S.r.l., as Data Controller, for the purposes indicated in this privacy policy and for the time strictly necessary to carry out the activities requested by the user, as well as for compliance with obligations under applicable legislation.

Data storage is carried out in order to allow identification and recognition of users registered on the website and/or related reserved areas, as well as for carrying out activities and services offered including through non-digital methods, always in compliance with the principles of lawfulness, fairness, proportionality and storage limitation, as provided by Regulation (EU) 2016/679.

The criteria for determining the retention period of data are defined based on the nature of the data processed, the purposes of processing and applicable legal obligations, as indicated in the specific “Purpose of Processing” section of this privacy policy.

5. Activities Permitted After Data Registration

Following registration on the website https://hoteldolcestate.com/it/, the user will be able to access and participate in activities, services, events and initiatives for which registration was requested, in compliance with the purposes indicated during registration and in this privacy policy.

5.1 Use and Retention of Data

Personal data provided by the user following registration or use of services may be processed:

  • for the provision of requested services;
  • for administrative, organizational and customer assistance purposes;
  • for statistical purposes, in aggregate or anonymized form, where possible;
  • for compliance with legal obligations.

Data will be retained for a maximum period of 10 years, except for different legal obligations or different indications arising from the consent expressed by the user or the specific purpose of processing.

5.2 Participation in Events, Activities and Initiatives

If the user participates in competitions, events, promotional activities, surveys or other initiatives reserved for registered users, they may be asked to provide additional personal data (such as, by way of example, first and last name, address, telephone number, email address), strictly necessary for managing the requested activity.

5.3 Communications and Assistance

The user’s personal data may be used to:

  • provide information on services offered;
  • manage user requests;
  • guarantee assistance and support;
  • improve website content and services based on user needs.

5.4 Marketing Activities

Subject to specific user consent, personal data may be used for marketing purposes, such as sending promotional, informative or commercial communications relating to services offered by Kiwi Beach Resorts S.r.l., via email, telephone, SMS or other electronic communication tools.

The user may at any time revoke the consent given or object to processing for marketing purposes, according to the methods indicated in this privacy policy.

5.5 Communication of Data to Third Parties

The user’s personal data may be communicated to:

  • service providers and collaborators appointed as Data Processors, pursuant to Article 28 of the GDPR, for purposes strictly connected to the provision of requested services;
  • competent authorities, public bodies or third parties, in cases provided for by law, by provisions of the judicial authority or other supervisory bodies.

Data will not be disseminated under any circumstances.

5.6 Corporate Transactions

In the event of extraordinary transactions such as merger, transfer, reorganization or transfer of the company or branches thereof, personal data may be transferred to successor entities, in compliance with the guarantees provided by the GDPR. In such cases, users will be informed and may exercise the rights provided for by applicable legislation.

6. User Consent and Third-Party Data

By providing their personal data and/or special categories and common data, the user authorizes processing for the aforementioned purposes, suitable for carrying out the activities for which consent was given and indicated and available on the website.

The user also authorizes the transfer of their personal data, special categories and common data to the website’s service providers and its owner in order to enable the functionality of activities for which consent was given.

In any case, always for the indicated purposes, the user gives consent so that, for activities necessary for the implementation of services provided and requested, the transfer of their data to service providers, including indirect ones, residing abroad and in countries with jurisdictions that may not guarantee the same level of data protection guaranteed by the country in which the user resides, expressly accepting this condition.

7. Authorization for Use of Browsing Data: Cookies (and Data Possibly Provided by Telephone)

A cookie is a “data file” that websites, during navigation by users, can send to the address of users who are browsing the websites themselves, in order to track their path within the website, thus collecting user browsing data in order to improve the offer, usability of the site and ensure the security of the site itself.

The IT system and all software procedures used and dedicated to the correct functioning of the website ‘https://hoteldolcestate.com/it/‘ acquire, during their normal operation, some personal data for which, as provided by law, this information is provided and, where necessary, consent is requested for the use of such procedures in the forms and methods prescribed.

The transmission and reception of this data is implicit in the use of Internet communication protocols.

Such data and information are not collected in order to be automatically associated with identified subjects, but their very nature could allow, through processing and associations with other data, held even by third parties, to identify users.

This category of data includes IP addresses, domain names of PCs (computers) that users use for browsing and from which they connect to the website as well as URI (Uniform Resource Identifier) notation addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

This exchange of data and use of cookies by the website ‘https://hoteldolcestate.com/it/‘ avoids resorting to other computer techniques potentially detrimental to the privacy of users’ browsing.

The aforementioned data is processed in order to obtain statistical information on the use of the website, to control its correct functioning and ensure its security, as well as to ascertain responsibility in case of hypothetical offenses, particularly of a computer nature, against the website or registered customers and users.

Even any telephone calls could be subject to procedures dedicated to verification and correct functioning of communication systems and could acquire some data relating to calls with customers or made by them (this category of data includes the remote number of the caller where traceable, browsing data or the actions/inputs that the customer makes to access various services and the duration of the call, as well as, after notice to the data subject, any audio recording of the calls themselves).

Cookies can be of different types:

a) “Technical Cookies” These are cookies used solely for security, optimization and functioning of the website directly by the website owner, who may also collect information in aggregate form on the number of users and how they visit the website. For such files, the website ‘https://hoteldolcestate.com/it/‘ informs that such use is connected to the functioning of the website and is therefore necessary to accept their use to allow browsing on the website itself.

b) “Profiling Cookies” These are cookies used to track user browsing on the network and create profiles on their tastes, habits, choices, etc. With these cookies, advertising messages can be transmitted to the user’s terminal in line with preferences already expressed by the user in online browsing.

For such reasons and purposes, during user browsing of its website, the website ‘https://hoteldolcestate.com/it/‘ may also exchange cookies with users’ computers, where they accept such data exchange in the case of cookies as described above: profiling (paragraph “b”) according to the methods provided for and permitted by current legislation, for the first type of cookies (paragraph “a”) automatically and necessarily to allow continuation of browsing on the website and use of services offered and requested and for which this information must simply be provided.

8. Protection of User Information

Kiwi Beach Resorts S.r.l., to protect user information, provides servers and web technology of adequate security level, with encrypted transactions through ‘SSH’ security protocol for telecommunications (Secure SHell) which allows establishing an encrypted remote session (https).

Considering the very nature of the web (Internet), and despite correct execution of obligations assumed by the data controller of personal data, special categories and common data, it is possible and acceptance of risks connected to Internet use must be provided for, such as, by way of example and not limitation: security risks in case of interception, unauthorized data access by third parties, risks of data damage and risks connected to viruses or other dangerous devices or criminal actions of a computer nature.

The IT systems and software procedures dedicated to the functioning of the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and associations with data held by third parties, allow identification of users.

This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) notation addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system, the user’s IT environment and their browsing.

9. Disclaimer

Links to other websites may also be published, but Kiwi Beach Resorts S.r.l. is not responsible for the content or personal data protection policies of such additional entities and the way such data is processed.

In particular, unless otherwise agreed, the website www.clubeloro.it does not operate as a representative of any additional websites other than its own reference website indicated in this privacy policy nor as an advertising operator, and is not authorized to make statements on their behalf.

In any case, the user is required to verify the personal data protection procedures of any third parties, excluding any liability of the website https://hoteldolcestate.com/it/ and the external data controller in this regard.

10. Password Management

In order to provide the user with more personalized services, the user may be required to create one or more passwords depending on the utilities and activities to be performed and/or access levels, for particular services or sections of the website.

The user is solely responsible for control and use of each password created and activities performed through their profile.

11. Policy Updates

The possibility of periodically updating the personal data protection policy is always provided for and permitted, also by virtue of changes in law and/or regulations; in such cases, where such changes are substantial, varying users’ rights and duties, users will be informed of this on the website with publication of the new updated version of the personal data protection policy.

12. User Rights and Data Processing

Pursuant to Article 13 of Regulation (EU) 2016/679, users are informed that the processing of their personal data is based on the principles of fairness, lawfulness and transparency, and that they will be protected with confidentiality in compliance with the rights determined by applicable legislation regarding security and protection of personal data. In particular, the user is informed of the circumstances described below.

13. Source of Personal Data

Personal data in possession of Kiwi Beach Resorts S.r.l. relating to the website https://hoteldolcestate.com/it/ is that resulting from data collection carried out at the time of registration on the website or in any case provided in another suitable manner.

All personal data is processed in compliance with Regulation (EU) 2016/679 and in compliance with confidentiality obligations to which, in any case, the company’s activities are intended to conform.

14. Purpose of Processing

Processing is intended solely to allow participation in all activities for which the user has given consent.

15. Methods of Processing

Processing is carried out by means of operations or sets of operations indicated in Article 4 of Regulation (EU) 2016/679, carried out with or without the aid of electronic or automated means. Processing is carried out by the Data Controller and by persons authorized to process data duly delegated for this purpose. Personal data provided by you will be retained for a period of 10 years and in any case not exceeding that necessary for achieving the purposes for which consent was given.

16. Refusal to Provide Data

Provision of data is optional, but any refusal could result in the impossibility of complete and correct use of interactive services offered on the website.

17. Communication of Data

Users’ personal data may become known to persons authorized to process and any data processor if appointed. They may be communicated for the purposes already indicated to companies or third parties for outsourced activities, always with reference to the activities and purposes for which consent was given.

The complete and updated list of entities to whom data has been communicated can be requested by the user from the Data Controller.

18. Dissemination of Data

Data provided may be disseminated for needs connected to the indicated purposes and for which consent to processing was given, for marketing purposes (where consented) through internet, brochures, information leaflets, emails, etc., in compliance with the principles of fairness, lawfulness and transparency and as accepted during registration.

19. Transfer of Data Abroad

Personal data may be transferred abroad to European Union countries and to Third Countries with respect to the European Union as defined by Article 44 (“General principle for transfers”) of Regulation (EU) 2016/679, for business needs related to the functionality of activities for which the user intended to give consent to processing of their data. Such data will be subject to processing in full compliance with the aforementioned legislation and the confidentiality to which the activities of AS0 and D4B relating to the website ‘https://hoteldolcestate.com/it/‘ are based.

20. Rights of the Data Subject

The Data Controller guarantees the user the following rights, pursuant to Regulation (EU) 2016/679:

  • Article 15. Right of access of the Data Subject: the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed;
  • Article 16. Right to rectification: right to obtain from the data controller rectification of personal data;
  • Article 17. Right to erasure “right to be forgotten”: right to obtain from the data controller erasure of personal data concerning them;
  • Article 18. Right to restriction of processing: right to obtain from the data controller restricted processing of their data when contesting the accuracy of personal data, when processing is unlawful and if one has objected to processing;
  • Article 19. Notification obligation regarding rectification or erasure of personal data or restriction of processing: right to obtain from the data controller notification in case of rectification or erasure of personal data or restriction of processing;
  • Article 20. Right to data portability: right to obtain data portability, i.e., receive the data from the data controller in a structured, commonly used and machine-readable format or transmit it to another data controller without any hindrance;
  • Article 21. Right to object: the Data Subject’s right to object to processing;
  • Article 22. Automated individual decision-making, including profiling: right to object to an automated decision-making process relating to natural persons including profiling.

At any time, the Data Subject may exercise their rights towards the Data Controllers, as provided by Regulation (EU) 2016/679. For this purpose, the following email addresses of the Data Controllers are indicated, to forward any requests and inquiries from data subjects: privacy@kiwibeachresorts.it

The data subject may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), following the procedures and indications available on the Authority’s official website: www.garanteprivacy.it.

21. Data Controller

The Data Controller of personal data, pursuant to Article 26 of Regulation (EU) 2016/679, is Kiwi Beach Resorts S.R.L., with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899.

Users may contact for the exercise of rights referred to in Articles 15 to 22 of Regulation (EU) 2016/679 and to request further information in writing by email at the address: privacy@kiwibeachresorts.it

With reference to the foregoing, the necessity is reiterated that the user select the boxes positioned at the bottom of the website page dedicated to registration, in order to accept and give consent to the processing of personal data provided, with regard to the specific purposes and levels of interaction chosen and the activities they intend to carry out, or the services they intend to receive.

Avola, ______________