- Services and activities
Details & Book
In compliance with the requirements of the national regulation (Italian Legislative Decree no. 196 of 30 June 2003, Code on the protection of personal data) and EU regulation (General Data Protection Regulation (GDPR) Reg. 196/2016) as amended, this page contains details on how the website www.campingpuntala.it (henceforth, “Site”) is managed and how the personal data of those using it is processed. The information is also provided for the site booking.campingpuntala.it (henceforth, “Site”) consulted by the user through link
The information is intended for anyone who accesses, through the internet, the web services available at the address www.campingpuntala.it (henceforth, “Site”), pursuant to articles 13 and 14 of EU Reg. 2016/679 (General Data Protection Regulation) on the protection of personal data.
The IT systems and software procedures designed to enable to Site to function may, in their normal course of exercise, acquire personal data. The transfer of such data is implicit in the use of internet communication protocols. The data is not collected in order to be linked to identifiable data subjects but, by its very nature and in the course of it being processed and merged with data held by third parties, it may be possible to identify you.
This type of data includes the IP address or computer domain name with which you connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources you request, the time at which the request is made, the method by which you place the request on the server, the size of the files received in response to the request, the numerical code indicating the server response status (successful, error, etc.) and other parameters relating to your operating and IT systems.
Such data is only used to gather anonymous statistical data on how the Site is being used and to ensure the Site functions correctly. It is erased immediately after it is processed.
The data may be used to establish liability in the event of a cybercrime that causes damage to the Site.
Data provided voluntarily
The Data Controller processes the personal, identifying data (for example, name, surname, company name, address, telephone numbers, email, bank and payment details) communicated by you when concluding contracts for the services of the Data Controller or subscribing to the newsletter and/or - on WhatsApp, Instagram Direct, Facebook Messenger and Telegram customer support instant messaging via the MessengerPeople platform - to the marketing and information request service available on the Site.
After the optional, explicit and voluntary sending of electronic mail to the addresses listed on the Site, the Site acquires your email address, as the sender of such mail, for the purpose of responding to the request, as well as any other data included in the message sent.
Purposes of data processing, communication and access to data
The personal data which you provide will be processed in accordance with the legality conditions of Article 6 of Regulation (EU) 2016/679 for the following purposes:
Your data may, for the aforementioned purposes, be communicated to the judicial authorities and to those in respect of whom the communication is required by law in order to carry out those purposes. These persons/entities will process the data in their capacity as independent data controllers. Your information will not be disseminated.
You may object to receiving soft-spam communications:
For the above purposes, your data will not be communicated to third parties, except for when required by law or requested by the judicial authorities, nor will it be disseminated.
For the above purposes, your data will not be communicated to third parties different from those as ref. letter i), except for when required by law or requested by the judicial authorities, nor will it be disseminated.
For the above purposes, your data will not be communicated to third parties other than those listed in letter n) above, except for when required by law or requested by the judicial authorities, nor will it be disseminated.
Your data may be made accessible for the purposes referred to in 1., 2., 3. and 4.:
- to employees and collaborators of the Data Controller or of partner companies and/or entities in Italy and abroad, in their capacity as data processing operators (i.e. the persons in charge of the processing) and/or internal data processors and/or system administrators;
- to third-party companies or other subjects (e.g. credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, acting as external data processors, and more precisely to any subject/company carrying out activities referring to the above mentioned purposes.
Specific information on PuntAla APP
The PuntAla app, downloadable from the App store and Google Play, which can be used by the user to open doors within the facility, may require the use of the user's location. If explicitly requested by the application, this permission is for the sole purpose of ensuring its proper technical operation. User location data are not collected by the data controller.
Transfer of data to countries outside the EU
Your personal data will be processed by the Data Controller within the European Union. Should it become necessary, for technical and/or operational reasons, to use entities located outside the European Union, or should it become necessary to transfer some of the collected data to technical systems and services managed in the cloud and located outside the European Union, data processing will be regulated in accordance with Chapter V of the Regulation and authorised on the basis of specific European Union decisions. All necessary precautions will therefore be taken to ensure the fullest protection of personal data by basing the transfer: a) on adequacy decisions of the receiving third countries expressed by the European Commission; b) on adequate guarantees expressed by the receiving third party pursuant to Art. 46 of the Regulation; c) on the adoption of binding corporate rules, so called Corporate binding rules.
Legal basis of data processing
The provision of data for the purposes indicated in subsection 1. is mandatory. Without such data, we cannot guarantee the Services referred to in subsection 1. The legal basis of the processing of such data is the execution of a contract to which you are party or the requirement to comply with specific legal obligations.
The legal basis of the processing of data for the purposes referred to in subsection 2 above is Article 130 paragraph IV of the Personal Data Protection Code, as amended (provisions to adapt domestic legislation to the provisions of the EU regulation 2016/679), which specifically permits the data processing in question.
The provision of data for the purposes indicated in subsections 3. and 4. above is, by contrast, optional. You may therefore decide not to provide any data or subsequently revoke your consent to the processing of data already provided: in this case, you will not receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in point 1. The legal basis for such data processing is the data subject's consent (which is optional and revocable at any time).
The personal data are not, however, processed for more than 10 years from the termination of the relationship for the Service Purposes.
Personal data processed for Marketing Purposes will be retained until the data subject's consent is revoked.
The Site processes some personal data for the Data Controller’s legitimate interests.
Methods of processing
The data in question shall be processed:
- in any type of paper and electronic format;
- by subjects authorised for the purpose, who shall always be identified, suitably trained and made aware of the relevant legal obligations and implications;
- for the period of time strictly necessary to fulfil the purposes for which the data was collected;
- with a commitment to always keep the data up-to-date, including the removal of any data that is obsolete, not necessary or not relevant;
- with a commitment to adopting all legally required organisational and security measures, in order to preserve the data subject’s confidentiality and avoid the data being accessed unnecessarily by third parties or at all by unauthorised persons.
Duration of processing
The personal data collected shall be stored, within the limitations of art. 5, paragraph 1, letter e) of EU Reg. 2016/679, in a format that allows the data subject to be identified for a period of time no longer than necessary for the fulfilment of the purposes for which the data is being processed, however not for more than 10 years from the termination of the relationship for the Service Purposes.
Personal data processed for Marketing Purposes will be retained until the data subject's consent is revoked.
Data Controller, data processors operators, data processor
The Data Controller for the personal data in question is Campeggio PuntAla S.r.l., Tax Code 01233070539, headquartered in 58043 Punta Ala, Castiglione della Pescaia, Grosseto, Italy tel. +390564922254 fax. +390564920379, e-mail: email@example.com.
The data processors operators are Campeggio PuntAla S.r.l. employees and/or partners. Data may be processed by employees and/or non-company collaborators of company departments responsible for fulfilling the purposes indicated above, who have been expressly authorised to process the data and who have received adequate operating instructions.
GP Dati Hotel Service S.p.a., Tax Code 01560290270, headquartered in Via Paganello, 22/A, 30172 – Venezia, Italy is Data Processor, which processes personal data on behalf of the Controller.
The updated list of data processors and data processing operators is kept at the Data Controller's registered office.
Rights of the data subject
Pursuant to EU regulation 196/2016 (GDPR) and the national regulation you, as a user, may, by the methods and within the limitations set forth in the regulations in force, exercise the following rights:
- to request from the controller confirmation as to whether or not personal data concerning you are being processed (right of access);
- to know what the data source is;
- to receive intelligible communications;
- to receive information concerning the logic, methods and purposes by or for which the data is being processed;
- to update, rectify, erase or pseudonymise your personal data; to block the processing of personal data being processed in breach of the Law, including where the processing of such data is not necessary for the purpose for which it was collected;
- where the basis for processing is your consent, to receive the personal data you have provided to the Data Controller in a structured, commonly used and machine-readable format, without prejudice to paragraphs 3 and 4 of art. 20 of EU Reg. 2016/679), at no more than the cost price for this to be done;
- if you believe that the processing of your personal data breaches the provisions of EU Reg. 2016/679, pursuant to art. 15, letter f) of the same regulation, to lodge a complaint with the Garante Privacy (Italian Data Protection Authority) pursuant to art. 6, paragraph 1, letter a) and art. 9, paragraph 2, letter a), as well as the right to withdraw your consent at any time;
- should the data processing have for a legal basis legitimate interests, your legitimate interests as the data subject are guaranteed (with the exception of the right to data portability, for which the regulations do not provide), with particular regards to your right to object which may be exercised by sending a request to the Data Controller.
- the data subject's right to object to the processing of his/her personal data for marketing purposes through automated means of contact, extends to traditional contact means and, in any case, the data subject can still exercise said right also in part, by e.g. objecting only to the transmission of promotional communications by automated means;
- as well as, more generally, to exercise any rights awarded to you under the Laws in force.
As a user, you may exercise your rights pursuant to articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller (Campeggio Puntala S.r.l.) with your request, by telephone (+390564922254), fax (+390564920379) or email (firstname.lastname@example.org). You have a right to receive a response regarding the decision reached in processing such a request.