Privacy & Policy

Privacy Policy

In compliance with the requirements of the national regulation (Italian Legislative Decree no. 196 of 30 June 2003, Code on the protection of personal data) and EU regulation (General Data Protection Regulation (GDPR) Reg. 196/2016) as amended, this page contains details on how the website www.campingpuntala.it (henceforth, “Site”) is managed and how the personal data of those using it is processed. The information is also provided for the sub-levels (third level sites of the same domain) of the Site, booking.campingpuntala.it and loyalty.campingpuntala.it consulted by the user through link.

The information is intended for anyone who accesses, through the internet, the web services available at the address www.campingpuntala.it (henceforth, “Site”), pursuant to articles 13 and 14 of EU Reg. 2016/679 (General Data Protection Regulation) on the protection of personal data.

The present policy concerns all data that Campeggio Puntala S.r.l. (henceforth, “Campeggio” or “Company”) collects and processes through the Site, except by the use of cookies. For details on the use of cookies, please refer to the specific, extended policy on cookies (Cookie Policy, in accordance with EU Reg. 2016/679) by clicking the link.

By visiting the Site, you provide your consent to the practices described in the present Privacy Policy.

Navigation data

The IT systems and software procedures designed to enable to Site to function may, in their normal course of exercise, acquire personal data. The transfer of such data is implicit in the use of internet communication protocols. The data is not collected in order to be linked to identifiable data subjects but, by its very nature and in the course of it being processed and merged with data held by third parties, it may be possible to identify you.

This type of data includes the IP address or computer domain name with which you connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources you request, the time at which the request is made, the method by which you place the request on the server, the size of the files received in response to the request, the numerical code indicating the server response status (successful, error, etc.) and other parameters relating to your operating and IT systems.

Such data is only used to gather anonymous statistical data on how the Site is being used and to ensure the Site functions correctly. It is erased immediately after it is processed.

The data may be used to establish liability in the event of a cybercrime that causes damage to the Site.

Data provided voluntarily

The Data Controller processes the personal, identifying data (for example, name, surname, company name, address, telephone numbers, email, bank and payment details) communicated by you when concluding contracts for the services of the Data Controller or subscribing to the newsletter and/or - on WhatsApp, Notify, Instagram and Telegram customer support instant messaging via the MessengerPeople Gmbh platform - to the marketing and information request service, of the membership of the Puntala + loyalty program of the Data Controller, available on the Site.

After the optional, explicit and voluntary sending of electronic mail to the addresses listed on the Site, the Site acquires your email address, as the sender of such mail, for the purpose of responding to the request, as well as any other data included in the message sent.

Purposes of data processing, communication and access to data

The personal data which you provide will be processed in accordance with the legality conditions of Article 6 of Regulation (EU) 2016/679 for the following purposes:

1. 1. without your express consent (Article 24(a), (b), (c) of the Personal Data Protection Code, as amended (provisions adapting domestic legislation to the provisions of the EU Regulation 2016/679) and Article 6(b) and (e) of the General Data Protection Regulation (GDPR), for the following Service Purposes:
2. a) for technical Site administration purposes;
3. b) to perform the service or performance requested, to enter into contracts for the Data Controller’s services;
4. c) to fulfil pre-contractual, contractual and tax obligations associated with ongoing dealings with you;
5. b) to fulfil obligations associated with applicable legislative and regulatory provisions, EU rules or an order of the Italian Data Protection Authority (e.g. on anti-money laundering);
6. e) to exercise the rights of Data Controller, such as the right to defence in court.

Your data may, for the aforementioned purposes, be communicated to the judicial authorities and to those in respect of whom the communication is required by law in order to carry out those purposes. These persons/entities will process the data in their capacity as independent data controllers. Your information will not be disseminated.

2. 2. without your express consent in advance, as provided by Article 130 paragraph IV of the Personal Data Protection Code, as amended (provisions adapting domestic legislation to the provisions of the EU regulation 2016/679), for the following Marketing Purposes:
3. f) to process the e-mail addresses which you provide when purchasing a product and/or service offered and sold on the Website directly from Campeggio Puntala, to enable the latter to engage in direct sales of similar products or services (and therefore to send the user by email promotional communications for those products and/or services), on condition that you do not exercise your right of objection in accordance with the procedures indicated below (“soft-spam”).

You may object to receiving soft-spam communications:

• by contacting Campeggio Puntala S.r.l. at: info@campingpuntala.it;
• using the link provided in any promotional communication sent by Campeggio Puntala S.r.l.

For the above purposes, your data will not be communicated to third parties, except for when required by law or requested by the judicial authorities, nor will it be disseminated.

3. 3. only if you specifically consent (Articles 23 and 130 of the Personal Data Protection Code, as amended - provisions adapting national legislation to the provisions of EU regulation 2016/679 - and Article 7 of the GDPR), for the following Marketing Purposes:
4. g) send you - via automated (e.g. email and/or sms and/or instant messaging and - via the MessengerPeople Gmbh platform - WhatsApp, Notify, Instagram and Telegram) and traditional (e.g. traditional mail and/or telephone) means of communication - newsletters, marketing communications and/or advertising material on products or services offered by the Data Controller even other than those for the supply of which the data have been collected, and the service quality satisfaction survey;
5. h) to send you (by email, normal post and/or sms and/or instant messaging and/or telephone contact) newsletters, commercial and/or promotional communications of third parties (e.g. business partners);
6. i) to analyse consumer choices and habits in order to improve the offer of services during subsequent stays, in order to send you personalised commercial communications/perform targeted promotions, business intelligence;
7. l) to implement bonus transactions and customer loyalty programs.

For the above purposes, your data will not be communicated to third parties, except for when required by law or requested by the judicial authorities, nor will it be disseminated.

4. 4. only if you specifically consent (Articles 23 and 130 of the Personal Data Protection Code, as amended - provisions for the adaptation of national legislation to the provisions of EU regulation 2016/679 - and Article 7 of the GDPR), for the following Marketing Purposes:
5. m) the communication of your personal data for their promotional purposes to the companies CENTRO VELICO PUNTA ALA A.S.D. (VAT and tax code 01356920536) with head office at Punta Ala - c/o PuntAla Camp & Resort Loc. Punta Ala - 58043 Castiglione della Pescaia (GR), PUNTA ALA TRAIL CENTER A.S.D. (VAT and tax code 01647880531) with head office at Punta Ala - c/o Camping Puntala - 58043 Castiglione della Pescaia (GR) and PUNTALA AMBIENTE S.R.L. (VAT and tax code 01415020534) with head office at Via Zanardelli, 1 - Grosseto (GR), BLACK ROOSTER A.S.D., with head office at Via Corte Grifoni 4 - 50012 Bagno a Ripoli (FI) (tax code 95120230248, VAT no. 06876670487) and suppliers of other services hosted in the area where our structure is located, and of which we will provide the details.

For the above purposes, your data will not be communicated to third parties other than those listed in letter m) above, except for when required by law or requested by the judicial authorities, nor will it be disseminated.

Your data may be made accessible for the purposes referred to in 1., 2., 3. and 4.:

- to employees and collaborators of the Data Controller or of partner companies and/or entities in Italy and abroad, in their capacity as data processing operators (i.e. the persons in charge of the processing) and/or internal data processors and/or system administrators;

- to third-party companies or other subjects (e.g. credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, acting as external data processors.

Transfer of data to countries outside the EU

Your personal data will be processed by the Data Controller within the European Union. Should it become necessary, for technical and/or operational reasons, to use entities located outside the European Union, or should it become necessary to transfer some of the collected data to technical systems and services managed in the cloud and located outside the European Union, data processing will be regulated in accordance with Chapter V of the Regulation and authorised on the basis of specific European Union decisions. All necessary precautions will therefore be taken to ensure the fullest protection of personal data by basing the transfer: a) on adequacy decisions of the receiving third countries expressed by the European Commission; b) on adequate guarantees expressed by the receiving third party pursuant to Art. 46 of the Regulation; c) on the adoption of binding corporate rules, so called Corporate binding rules.

Legal basis of data processing

The provision of data for the purposes indicated in subsection 1. is mandatory. Without such data, we cannot guarantee the Services referred to in subsection 1. The legal basis of the processing of such data is the execution of a contract to which you are party or the requirement to comply with specific legal obligations.

The legal basis of the processing of data for the purposes referred to in subsection 2 above is Article 130 paragraph IV of the Personal Data Protection Code, as amended (provisions to adapt domestic legislation to the provisions of the EU regulation 2016/679), which specifically permits the data processing in question.

The provision of data for the purposes indicated in subsections 3. and 4. above is, by contrast, optional. You may therefore decide not to provide any data or subsequently revoke your consent to the processing of data already provided: in this case, you will not receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in point 1. The legal basis for such data processing is the data subject's consent (which is optional and revocable at any time).

The personal data are not, however, processed for more than 10 years from the termination of the relationship for the Service Purposes.

Personal data processed for Marketing Purposes will be retained until the data subject's consent is revoked.

The Site processes some personal data for the Data Controller’s legitimate interests.

Methods of processing

The data in question shall be processed:

- in any type of paper and electronic format;

- by subjects authorised for the purpose, who shall always be identified, suitably trained and made aware of the relevant legal obligations and implications;

- for the period of time strictly necessary to fulfil the purposes for which the data was collected;

- with a commitment to always keep the data up-to-date, including the removal of any data that is obsolete, not necessary or not relevant;

- with a commitment to adopting all legally required organisational and security measures, in order to preserve the data subject’s confidentiality and avoid the data being accessed unnecessarily by third parties or at all by unauthorised persons.

Duration of processing

The personal data collected shall be stored, within the limitations of art. 5, paragraph 1, letter e) of EU Reg. 2016/679, in a format that allows the data subject to be identified for a period of time no longer than necessary for the fulfilment of the purposes for which the data is being processed, however not for more than 10 years from the termination of the relationship for the Service Purposes.

Personal data processed for Marketing Purposes will be retained until the data subject's consent is revoked.

Data Controller, data processors operators, data processor

The Data Controller for the personal data in question is Campeggio PuntAla S.r.l., VAT no. 00225550532, headquartered in 58043 Punta Ala, Castiglione della Pescaia, Grosseto, Italy tel. +390564922254 fax. +390564920379, e-mail: info@campingpuntala.it.

The data processors operators are Campeggio PuntAla S.r.l. employees and/or partners. Data may be processed by employees and/or non-company collaborators of company departments responsible for fulfilling the purposes indicated above, who have been expressly authorised to process the data and who have received adequate operating instructions.

ZUCCHETTI HOSPITALITY SRL, tax code 02894171202, with head office at Via Solferino, 1, 26900 Lodi is the Processor, processing personal data on behalf of the Controller.

The updated list of data processors and data processing operators is kept at the Data Controller's registered office.

Rights of the data subject

Pursuant to EU regulation 196/2016 (GDPR) and the national regulation you, as a user, may, by the methods and within the limitations set forth in the regulations in force, exercise the following rights:

- to request from the controller confirmation as to whether or not personal data concerning you are being processed (right of access);

- to know what the data source is;

- to receive intelligible communications;

- to receive information concerning the logic, methods and purposes by or for which the data is being processed;

- to update, rectify, erase or pseudonymise your personal data; to block the processing of personal data being processed in breach of the Law, including where the processing of such data is not necessary for the purpose for which it was collected;

- where the basis for processing is your consent, to receive the personal data you have provided to the Data Controller in a structured, commonly used and machine-readable format, without prejudice to paragraphs 3 and 4 of art. 20 of EU Reg. 2016/679), at no more than the cost price for this to be done;

- if you believe that the processing of your personal data breaches the provisions of EU Reg. 2016/679, pursuant to art. 15, letter f) of the same regulation, to lodge a complaint with the Garante Privacy (Italian Data Protection Authority) pursuant to art. 6, paragraph 1, letter a) and art. 9, paragraph 2, letter a), as well as the right to withdraw your consent at any time;

- should the data processing have for a legal basis legitimate interests, your legitimate interests as the data subject are guaranteed (with the exception of the right to data portability, for which the regulations do not provide), with particular regards to your right to object which may be exercised by sending a request to the Data Controller.

- the data subject's right to object to the processing of his/her personal data for marketing purposes through automated means of contact, extends to traditional contact means and, in any case, the data subject can still exercise said right also in part, by e.g. objecting only to the transmission of promotional communications by automated means;

- as well as, more generally, to exercise any rights awarded to you under the Laws in force.

As a user, you may exercise your rights pursuant to articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller (Campeggio Puntala S.r.l.) with your request, by telephone (+390564922254), fax (+390564920379) or email (info@campingpuntala.it). You have a right to receive a response regarding the decision reached in processing such a request.