INFORMATION ON THE PROCESSING OF PERSONAL DATA OWNERS
Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR)
With this notice, pursuant to Article 13 of the EU Regulation No. 2016/679 (also called "GDPR"), we wish to inform you about the processing of your personal data acquired and processed during your interaction with the website www.easyflatsardinia.com.
Note: For treatments related to the booking of stays via the 'Book' link, please refer to the information for Conductors at the bottom of the page.
Reference is also made to the cookie policy available on the website for specific information on the processing of the Data Subject's browsing data. In particular, the use of cookies is aimed at improving the functionality and quality of the site, based on the legitimate interest of the
Controller, except for cookies that require the explicit consent of the Data Subject. Third parties that provide cookies are considered external data controllers and must provide detailed information in this regard.
1. DATA CONTROLLER
The Data Controller is EasyFlatSardinia, with registered office in Via Ungheria n. 7a, 09010 - Domus de Maria (SU), Italy, represented by its legal representative pro tempore. For any request relating to personal data, the Data Controller can be contacted:
- Ordinary mail: at the registered office indicated above
- Email: info@easyflatsardinia.com
- PEC: easyflatsardinia@pec.it
The Personal Data Protection Officer (DPO) is Mr. Spada Corrado, who can be contacted by email at info@easyflatsardinia.com.
2. CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING
The Data Controller processes the following categories of personal data relating to the data subject, which are provided or acquired via the forms on the website www.easyflatsardinia.com at the links 'Contact', 'Request' and
'Book now':
- Identification data: first name and surname
- Contact data: email address and telephone number
- Other data: any information contained in the message sent by the data subject
3. PURPOSE OF PROCESSING AND LEGAL BASIS
Personal data are processed for the following purposes:
- Respond to requests and communications sent by the Data Subject via the website.
The legal basis for the processing of such data is the free and informed consent of the data subject, which is manifested in the request for feedback addressed to the Data Controller. The provision of data is necessary in order to be able to respond to requests. Refusal to provide the data may make it impossible to respond to them.
4. METHODS OF TREATMENT
Personal data will be processed in accordance with the principles of:
- Confidentiality
- Correctness
- Necessity
- Relevance
- Lawfulness
- Transparency
The processing will be carried out using both electronic and paper-based instruments, in accordance with current legislation. Appropriate security measures will be taken to prevent data loss, unlawful or unauthorised processing and unauthorised access. Data will be processed only by staff
authorised by the Controller, who will receive specific instructions in this respect.
5. DURATION OF TREATMENT
Personal data will be retained for a maximum period of 1 year from the time of collection. This period may be extended to deal with any disputes or in the event of an exemption provided for by Italian or European regulations.
6. COMMUNICATION OF DATA
In addition to the communications required by law or requested by the competent authorities, the personal data collected may be communicated to the following entities, appointed as external data processors:
- Business consultants
- Companies providing maintenance or support on platforms or applications
- Specialists in computer systems and corporate electronic devices
- Suppliers of business and management software
- Communication service providers (e.g. e-mail)
Data relating to communications between the Data Subject and the Data Controller may be shared with real estate brokers who collaborate with EasyFlatSardinia.
6.1. TRANSFERS TO THIRD COUNTRIES
The Data Controller does not provide for the transfer of personal data outside the European Union, however, some of the data may transit on servers located outside the European Economic Area (EEA) as a result of software and communication service providers. Service providers, such as Microsoft Corporation and Google Ireland Limited, adhere to the Data Privacy Framework and take appropriate protection measures.
For further details, please consult the following supplier disclosures:
- Microsoft: Privacy Statement
- Google: Privacy Policy
7. RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 15 et seq. of the GDPR, the Data Subject has the right to:
- Access to one's own data (Art. 15 GDPR)
- Rectifying one's own data (Art. 16 GDPR)
- Deleting one's own data (Art. 17 GDPR)
- Limit processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objecting to processing (Art. 21 GDPR)
- Withdraw consent (if processed on the basis of consent) without affecting the lawfulness of the previous processing (Art. 7(3) GDPR)
- File a complaint with the Data Protection Authority or appeal to the competent Judicial Authority (Articles 77 and 78 GDPR).
7.1 Details of the right of access
The Data Subject has the right to obtain confirmation as to whether or not personal data relating to him or her are being processed, to access such data, to know the purposes of the processing, the categories of data processed, the recipients of the data, and the storage period.
7.2 Details of the Right to Complain
The data subject may lodge a complaint with the Data Protection Authority. More information is available on the official website: www.garanteprivacy.it.
For the exercise of rights and for further requests, the Data Subject may contact the Data Controller and the DPO at the contact details provided in paragraph 1.
INFORMATION ON THE PROCESSING OF TENANTS' PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION 2016/679 (GDPR)
With this notice, in accordance with the provisions of Article 13 of EU Regulation No. 2016/679 (GDPR), we wish to inform you about the processing of your personal data acquired and processed by EasyFlatSardinia for contractual and accounting purposes.
1. DATA CONTROLLER
The Data Controller is EasyFlatSardinia, with registered office in Via Ungheria 7a, 09010 - Domus de Maria (CA), Italy, in the person of its legal representative pro tempore. For any needs relating to personal data, the Data Controller can be contacted:
- By ordinary or registered mail: at the registered office indicated above
- By e-mail: info@easyflatsardinia.com
- Via PEC: easyflatsardinia@pec.it
The Data Protection Officer (DPO) is Mr. Spada Corrado, who can be contacted by e-mail
at info@easyflatsardinia.com.
2. CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING
The Data Controller processes the following categories of personal data referring to the Data Subject, provided or acquired during the negotiation of the contractual relationship or transmitted to EasyFlatSardinia by the owner of the property:
- Personal identification data: first name, surname, tax code;
- Contact and contact details: e-mail address, telephone number, home or different address of
address;
- Reservation number;
- Payment details: fee information, bank and/or credit card details,
management of any security deposits and guarantees;
- Satisfaction data and statistics: information on the degree of satisfaction with services
disbursed, data on stays and the objects of the contracts concluded.
3. PURPOSE OF PROCESSING AND LEGAL BASIS
Personal data are processed for the following purposes:
1. Stipulation and execution of the contract: lease, service contract and pre-contractual measures required by the Interested Party.
2. Determination and payment of rent and services: management of payments related to the stay.
3. Fulfilment of legal and contractual obligations: including tax, administrative and insurance obligations, related to the contract.
4. Correspondence management: for communication between the parties.
5. Marketing activities and sending promotional material: by automated means (e-mail, SMS, app, messaging) and traditional means (telephone calls with operator, paper mail).
6. Satisfaction monitoring and statistical research: through interviews and other means of detection.
The legal basis for the processing of data for contractual and statutory purposes is the performance of the contract and the fulfilment of legal obligations (Art. 6(1)(b) and (c) GDPR).
For marketing purposes and sending promotional material, the legal basis is the legitimate interest of the Data Controller (art. 6, par. 1, lett. f, GDPR), unless explicit consent is required. The legal basis for statistical research activities is the consent of the Data Subject (Art. 6(1)(a) GDPR).
The provision of data is necessary for the management of the contractual relationship, and failure to provide such data may prevent the execution of the contract.
4. METHODS OF TREATMENT
Personal data will be processed in accordance with the principles of:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Exactness
- Limitation of conservation
- Integrity and confidentiality
The data will be processed using paper and electronic means, taking appropriate security measures to prevent loss or misuse of the data. The data will only be processed by authorised personnel, who will receive specific instructions.
5. DATA RETENTION PERIOD AND CRITERIA
The data will be retained for the period necessary to perform the contract and to fulfil legal obligations, for a maximum of 10 years after the conclusion of the contract, as required by law. For marketing purposes, data will be retained for 12 months after termination of the contract, or until revocation of the
consent. For satisfaction and research purposes, data will be kept for 12 months after collection.
6. COMMUNICATION OF DATA
In addition to the communications required by law, the data may be communicated to the following entities as data processors:
- Accountants, business consultants, real estate brokers, maintenance and technical support providers, business software providers, and collaborators necessary for the fulfilment of the contract.
6.1 Data transfers to third countries
Data will not be transferred outside the European Economic Area (EEA). However, some software providers may transfer data to servers located outside the EEA, while still ensuring adequate protection measures in accordance with the GDPR (Microsoft Corporation and Google Ireland Limited).
7. RIGHTS OF THE DATA SUBJECT
At any time, the data subject may exercise the following rights, pursuant to Articles 15 et seq. of the GDPR:
- Access: obtain confirmation of processing and access to personal data (Art. 15 GDPR)
- Rectification: obtaining the correction of inaccurate data (Art. 16 GDPR)
- Deletion: obtain the deletion of data (Art. 17 GDPR)
- Limitation: obtain restriction of processing (Art. 18 GDPR)
- Portability: receiving data in a structured, commonly used format (Art. 20 GDPR)
- Opposition: objecting to data processing (Art. 21 GDPR)
- Withdrawal of consent: withdrawing consent to processing (Art. 7 GDPR)
The data subject may also lodge a complaint with the Data Protection Authority
(www.garanteprivacy.it) or refer the matter to the competent judicial authority (Art. 77 and 78 GDPR).