Notice regarding Article 13 of Legislative Decree 196/03 – Data Protection Code
(published in the Official Gazette, 29 July 2003, General Series no. 174, Ordinary Supplement no. 123/L)

1. The law in question regulates the confidentiality of personal data and imposes a series of obligations for anybody ‘handling’ information about other subjects.

2. By data processing, the law in question intends any operation, or set of operations, carried out with or without the help of electronic means, concerning the keeping of databases, drafting of accounts and other documents, compilation of sections of withholding tax return forms that do not apply to employees, but may apply to external collaborators, collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilisation, interconnection, blocking, communication, dissemination, deletion and destruction of data, whether the latter are contained or not in a data bank, compilation of software ordered by you and websites ordered by you, restoration of computers and of data contained on these, including the system password and protection and any other practice possibly included in the activity performed by our Company.

3. In relation to the following positions whereby you might find yourself in contact with our Company:
- supply contracts for material and immaterial goods and services;
- commercial and collaborative relationships of any type.
Please be informed that data concerning your Company and the persons employed by you to work on your behalf is indispensable to the normal operations inherent to the aforementioned relationships and therefore the provision of data is by nature obligatory.

4. Any refusal to provide such data will prevent initiation of the list outlined in point 3;

5. All requested data is obligatory. During data processing, we may come across data that the Data Protection Code deems ‘sensitive’ as it relates to health matters, membership of trade unions or religious and philosophical beliefs. For the reasons listed above, we request that you consent to processing in writing.

6. The data will mainly be processed using electronic means and recorded both electronically and on paper or by any other suitable means that can only be accessed by the responsible persons, in full respect of the minimum security measures according to the Technical Specifications laid out in Annex B of the Data Protection Code.

7. Data collected online: our Company uses IP tracing technology and Cookies on its website to track visits to the website, to be specific:
IP addresses: a) the IP addresses of all visitors to our website are collected. The data collected is used to handle the technical-administrative operations within our Company, the diagnosis of any technical problems and the prevention of intrusion and abuse of the service.
Cookies: b) our Company can use Cookie technology to improve the chances to use the services offered by associating a Cookie with the connected visitor. Cookies are also used to establish the value of traffic to our website and to track your profile while you order services, to calculate discounts and handle any promotions that may be applicable to your account. Visitors to the website can disable the Cookie function in their browser but this may cause our website to function incorrectly.
For information on the use of Cookies, please see . EC Directive 2009/139.
For further information on Google AdWords and Remarketing, please see Google AdWords policy.

8. Communication and circulation of data: data provided by you may be subject to communication and/or circulation to further existing contractual relationships with our Company, for reasons connected to these, for reasons related to product display, for commercial and promotional activities; furthermore, the data might be communicated to :
- Office and/or company staff being responsible for the processing and management of the services requested; our staff have been duly trained in matters of security of personal data and the right to privacy.
- Tax authorities, Tax Police bodies, the Italian Finance Police, Labour Inspection, and all bodies for the monitoring and control of regular compliance for the ends indicated.
- Trade Associations and C.A.A.F. (Authorised Tax Assistance Centre) for the carrying out of the services listed above and Professional Firms employed by us to process our data.

9. The processing of data requires the nomination of some subjects who hold specific duties and responsibilities.
In particular, we communicate as follows:
- The Owner and Supervisor of data processing is Bagno Santo Srl with executive offices at Via Campo dei Fiori, 30 53047 Sarteano (SI) IT Tel. +39 0578 26971 Fax +39 0578 265889
Appointed persons responsible for data processing: are the employees and/or collaborators of.

10. The data in question will be processed
- via electronic and paper means of any kind;
- by authorised, constantly ID checked, carefully trained personnel who have been duly informed of their obligations under current law;
- under the guarantee of maintaining all data up to date, eliminating any obsolete, unnecessary or irrelevant data;
- under the guarantee that the organisational and security measures stipulated by law will be adopted as intended to ensure the privacy of the interested part and avoid improper access by third parties or unauthorised persons.

11. To ensure complete transparency on the matter, please note that Articles 7, 8, 9 of the Consolidated Act expressly protect the Rights of Interested Parties; below is Article 7 of the Data Protection Code (Right to Access Personal Data and Other Rights):
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning them exist, regardless of their being already registered, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning the data subject, data processors and the representative designated as per Article 5, Paragraph 2;
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative in the State’s territory, data processors or persons in charge of the processing.
3. A data subject shall have the right to obtain::
a) updating, rectification or, where interested therein, integration of the data;
b) deletion, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification that the operations as per letters a) and b) have been notified, as also related to their content, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning them, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning them, for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

To exercise the rights stipulated in Article 7 of the Data Protection Code as listed above, the data subject must send a written request to Bagno Santo Srl with executive offices at Via Campo dei Fiori, 30 53047 Sarteano (SI) IT Tel. +39 0578 26971 Fax +39 0578 265889 VAT No. 00075230524

Book your holiday with us