Privacy policy

The company: KIWI BEACH RESORTS SRL, with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899, REA SR – 154587, PEC kiwibeachresorts@legalmail.it, website www.kiwibeachresorts.it, hereinafter referred to as ‘Data Controller’, in the person of its legal representative, attests the following PRIVACY NOTICE for the website: ‘www.baiadoro.net‘ available at:

https://www.baiadoro.net/privacy/

The website ‘www.baiadoro.net’ is managed and owned by Kiwi Beach Resorts S.R.L., with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899.

Information notice for the processing of ordinary and special personal data, pursuant to Articles 9 and 13 of Regulation (EU) 2016/679 (GDPR).

This notice informs data subjects that Kiwi Beach Resorts S.r.l., with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899, in its capacity as Data Controller of personal data relating to the website www.baiadoro.net, provides information regarding the methods of collection, use and protection of ordinary and special personal data concerning data subjects, i.e., the individuals to whom such data relate.

  • Data Controller

The Data Controller, pursuant to Regulation (EU) 2016/679 (GDPR), is Kiwi Beach Resorts S.r.l. (hereinafter ‘KBR’), with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899. Data subjects may exercise their rights under Articles 15–22 of Regulation (EU) 2016/679 and request further information by writing to the email address: privacy@kiwibeachresorts.it

  • Protection of Ordinary and Special Personal Data

Kiwi Beach Resorts S.r.l. acknowledges that when a user decides to provide personal data and/or special data concerning them through the website www.baiadoro.net, they place their trust in the Data Controller and its ability to operate responsibly in relation to the processing of data and the purposes for which it is provided, in compliance with applicable law, except for cases of force majeure not attributable to the Data Controller.

For this reason, Kiwi Beach Resorts S.r.l. adopts a policy regarding the protection of users’ ordinary and special personal data, which defines the methods of provision, collection, processing and use of such data.

  • Types of Information Collected, Their Use and Methods of Collection of Personal Data

In accordance with applicable law and, in particular, Regulation (EU) 2016/679 (GDPR), the website www.baiadoro.net provides specific methods for obtaining consent (‘opt-in’) in sections dedicated to registration and use of services, in order to allow users to express free, specific, informed and unambiguous consent to the processing of ordinary and/or special personal data provided.

Through such ‘opt-in’ methods, users can review, pursuant to Article 13 of Regulation (EU) 2016/679, information relating to the methods and purposes of data processing and express their consent by selecting the appropriate boxes provided, after accepting this privacy notice. Such consent authorizes the processing of data for the indicated purposes and enables users to exercise the rights recognized by applicable law.

In order to allow conscious and informed access to services, promotions and activities made available through the website www.baiadoro.net, Kiwi Beach Resorts S.r.l., as Data Controller, may request users who wish to register or use the services offered to provide ordinary and/or special personal data.

Personal data may be collected, for example, when the user:

  • registers for online services on the website;
  • provides information for participation in events, activities and/or courses organized or promoted through the website;
  • contacts the website to request information or use the services offered, including through non-digital means (e.g., paper forms).

The information collected may include data such as name and surname, email address, as well as additional data that may be necessary in relation to the purposes pursued and indicated in the specific ‘Purpose of Processing’ section of this notice. The provision of data always takes place according to explicit consent methods (‘opt-in’) and in compliance with the principles of lawfulness, fairness, transparency and data minimization.

  • Data Storage

Personal data collected through the website www.baiadoro.net is processed and stored by Kiwi Beach Resorts S.r.l., as Data Controller, for the purposes indicated in this notice and for the time strictly necessary to carry out the activities requested by the user, as well as to fulfill obligations required by applicable law.

Data storage is carried out to enable the identification and recognition of users registered on the website and/or related restricted areas, as well as for the performance of activities and services offered also through non-digital means, always in compliance with the principles of lawfulness, fairness, proportionality and storage limitation, as required by Regulation (EU) 2016/679.

The criteria for determining the retention period of data are defined based on the nature of the data processed, the purposes of processing and applicable legal obligations, as indicated in the specific ‘Purpose of Processing’ section of this notice.

  • Activities Permitted After Data Registration

Following registration on the website www.baiadoro.net, the user may access and participate in activities, services, events and initiatives for which registration was required, in compliance with the purposes indicated during registration and in this notice.

5.1 Use and Retention of Data

Personal data provided by the user following registration or use of services may be processed:

  • for the provision of requested services;
  • for administrative, organizational and customer assistance purposes;
  • for statistical purposes, in aggregate or anonymized form, where possible;
  • for compliance with legal obligations.

Data will be retained for a maximum period of 10 years, unless otherwise required by law or different indication arising from the consent expressed by the user or the specific purpose of processing.

5.2 Participation in Events, Activities and Initiatives

If the user participates in contests, events, promotional activities, surveys or other initiatives reserved for registered users, they may be asked to provide additional personal data (such as, by way of example, name and surname, address, telephone number, email address), strictly necessary for the management of the requested activity.

5.3 Communications and Assistance

The user’s personal data may be used to:

  • provide information on the services offered;
  • manage user requests;
  • provide assistance and support;
  • improve website content and services based on user needs.

5.4 Marketing Activities

Subject to the user’s specific consent, personal data may be used for marketing purposes, such as sending promotional, informational or commercial communications relating to services offered by Kiwi Beach Resorts S.r.l., via email, telephone, SMS or other electronic communication tools.

The user may at any time revoke the consent given or object to processing for marketing purposes, according to the methods indicated in this notice.

5.5 Communication of Data to Third Parties

The user’s personal data may be communicated to:

  • service providers and collaborators appointed as Data Processors, pursuant to Article 28 of the GDPR, for purposes strictly related to the provision of requested services;
  • competent authorities, public entities or third parties, in cases required by law, by provisions of judicial authority or other supervisory bodies.

Data will not be disseminated under any circumstances.

5.6 Corporate Transactions

In case of extraordinary transactions such as merger, transfer, reorganization or transfer of the company or branches thereof, personal data may be transferred to the successor entities, in compliance with the guarantees provided by the GDPR. In such cases, users will be informed and may exercise the rights provided by applicable law.

  • User Consent and Third-Party Data

By providing their personal and/or special and ordinary data, the user authorizes its processing for the aforementioned purposes, suitable for carrying out the activities for which consent was given and indicated and available on the website.

The user also authorizes the transfer of their special and ordinary personal data to the website’s service providers and its owner in order to enable the functionality of activities for which consent was given.

In any case, always for the indicated purposes, the user gives consent so that, for activities necessary for the implementation of services provided and requested, their data may be transferred to direct or indirect service providers residing abroad and in countries with jurisdictions that may not guarantee the same level of data protection guaranteed by the country in which the user resides, expressly accepting this condition.

  • Authorization for the Use of Browsing Data: Cookies (and Data Possibly Provided by Telephone)

A cookie is a ‘data file’ that websites, during browsing by users, can send to the address of users who are browsing the websites themselves, in order to track their path within the website, thus collecting the user’s browsing data in order to improve the offer, the usability of the website and ensure the security of the website itself.

The computer system and all software procedures used and responsible for the correct functioning of the website ‘www.baiadoro.net‘, during their normal operating exercise, acquire some personal data for which, according to the provisions of law, this notice is provided and, where necessary, consent is requested for the use of such procedures in the forms and methods prescribed.

The transmission and reception of this data is implicit in the use of internet communication protocols. Such data and information are not collected to be automatically associated with identified subjects, but their very nature could allow, through processing and associations with other data, held also by third parties, to identify users.

This category of data includes IP addresses, the domain names of the PCs (computers) that users use for browsing and from which they connect to the website as well as the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

This exchange of data and use of cookies by the website ‘www.baiadoro.net‘ avoids the use of other computer techniques potentially detrimental to the privacy of users’ browsing.

The aforementioned data are processed in order to obtain statistical information on the use of the website, to check its correct functioning and ensure its security, as well as to ascertain liability in case of hypothetical offenses, particularly of a computer nature, against the website or registered customers and users.

Any telephone calls may also be subject to procedures for verification and correct functioning of communication systems and may acquire some data related to calls with customers or made by them (this category of data includes the remote number of the caller where traceable, browsing data or the actions/keystrokes that the customer makes to access various services and the duration of the call, as well as, subject to notice to the data subject, the possible audio recording of the calls themselves).

Cookies may be of different types:

‘Technical Cookies’

These are cookies used solely for security, optimization and functioning of the website directly by the website owner, who may also collect information in aggregate form on the number of users and how they visit the website. For such files, the website ‘www.baiadoro.net‘ informs that such use is connected to the functioning of the website and it is therefore necessary to accept their use to allow browsing on the website itself.

‘Profiling Cookies’

These are cookies used to track user navigation on the internet and create profiles on their tastes, habits, choices, etc. With these cookies, advertising messages in line with preferences already expressed by the user in online browsing can be transmitted to the user’s terminal.

For such reasons and purposes, during browsing of its website by users, the website ‘www.baiadoro.net’ may also exchange cookies with users’ computers, where they accept such data exchange in the case of cookies as described above: profiling (paragraph ‘b’) according to the methods provided and permitted by applicable law, for the first type of cookies (paragraph ‘a’) automatically and necessarily to allow continuation of browsing on the website and use of the services offered and requested and for which this notice must simply be provided.

Protection of User Information

Kiwi Beach Resorts S.r.l., to protect user information, provides servers and web technology of adequate security level, with encrypted transactions through ‘SSH’ security protocol for telecommunications (Secure Shell) which allows establishing an encrypted remote session (https).

Given the very nature of the web (Internet), and despite the correct performance of obligations undertaken by the personal data controller, it is possible and the acceptance of risks associated with the use of the internet must be foreseen, such as, by way of example and not limitation: security risks in case of interception, unauthorized access to data by third parties, risks of data damage and risks connected to viruses or other dangerous devices or criminal actions of a computer nature.

The computer systems and software procedures responsible for the operation of the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and associations with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users connecting to the website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system, the user’s computer environment and their browsing.

  • Disclaimer

Links to other websites may be published, but Kiwi Beach Resorts S.r.l. is not responsible for the content or personal data protection policies of such additional entities and the way in which such data are processed.

In particular, unless otherwise agreed, the website www.baiadoro.net does not operate as a representative of any additional websites other than the one it refers to and indicated in this notice, nor as an advertising operator, and is not authorized to make statements on their behalf.

In any case, the user is required to verify the personal data protection procedures of any third parties, excluding any liability of the website www.baiadoro.net and the external data controller in this regard.

In order to provide the user with more personalized services, the user may be required to create one or more passwords depending on the utilities and activities to be performed and/or access levels, for particular services or sections of the website. The user is solely responsible for the control and use of each password created and activities performed through their profile.

The possibility to periodically update the personal data protection policy is always provided and permitted, also by virtue of changes in law and/or regulations; in such case, where such changes are substantial, varying users’ rights and duties, users will be informed of this on the website with publication of the new updated version of the personal data protection policy.

  • User Rights and Data Processing

Pursuant to Article 13 of Regulation (EU) 2016/679, users are informed that the processing of their personal data is based on the principles of fairness, lawfulness and transparency, and that they will be protected with confidentiality in compliance with the rights determined by applicable law regarding security and protection of personal data. In particular, the user is made aware of the circumstances described below.

  • Source of Personal Data

The personal data held by Kiwi Beach Resorts S.r.l. relating to the website www.baiadoro.net are those resulting from data collection carried out at the time of registration on the website or otherwise provided in another suitable manner.

All personal data are processed in compliance with Regulation (EU) 2016/679 and in compliance with confidentiality obligations to which, in any case, the company’s activities have intended to conform.

  • Purpose of Processing

The processing is solely for the purpose of allowing participation in all activities for which the user has given consent.

  • Methods of Processing

Processing is carried out through the operations or set of operations indicated in Article 4 of Regulation (EU) 2016/679, performed with or without the aid of electronic or automated means. Processing is carried out by the Data Controller and by persons authorized to process data delegated for this purpose. Personal data provided by you will be retained for a period of 10 years and in any case not exceeding that necessary for the achievement of the purposes for which consent was given.

  • Refusal to Provide Data

The provision of data is optional, but any refusal could result in the impossibility of complete and correct use of the interactive services offered on the website.

  • Data Communication

Users’ personal data may come to the knowledge of persons authorized to process data and any data processor if appointed. They may be communicated for the purposes already indicated to companies or third parties for outsourced activities, always with reference to the activities and purposes for which consent was given.

The complete and updated list of entities to whom data have been communicated may be requested by the user from the Data Controller.

  • Data Dissemination

The data provided may be disseminated for needs related to the indicated purposes and for which consent to processing was given, for marketing purposes (where consented) through internet, brochures, information leaflets, email, etc., in compliance with the principles of fairness, lawfulness and transparency and as accepted during registration.

  • Transfer of Data Abroad

Personal data may be transferred abroad to European Union countries and to Third Countries outside the European Union as defined by Article 44 (‘General principle for transfers’) of Regulation (EU) 2016/679, for business needs related to the functionality of activities for which the user has intended to give consent to the processing of their data. Such data will be processed in full compliance with the aforementioned regulations and the confidentiality to which the activities of AS0 and D4B relating to the website ‘www.baiadoro.net‘ are based.

  • Data Subject Rights

The Data Controller guarantees the user the following rights, pursuant to Regulation (EU) 2016/679:

  • Article 15. Right of Access of the Data Subject: the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them are being processed;
  • Article 16. Right to Rectification: the right to obtain from the Data Controller the rectification of personal data;
  • Article 17. Right to Erasure ‘Right to be Forgotten’: the right to obtain from the Data Controller the erasure of personal data concerning them;
  • Article 18. Right to Restriction of Processing: the right to obtain from the Data Controller restriction of processing of their data when the accuracy of personal data is contested, when processing is unlawful and if they have objected to processing;
  • Article 19. Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing: the right to obtain from the Data Controller notification in case of rectification or erasure of personal data or restriction of processing;
  • Article 20. Right to Data Portability: the right to obtain data portability, i.e., to receive the data from the Data Controller in a structured, commonly used and machine-readable format or to have them transmitted to another Data Controller without hindrance;
  • Article 21. Right to Object: the right of the Data Subject to object to processing;
  • Article 22. Automated Individual Decision-Making, Including Profiling: the right to object to automated decision-making relating to natural persons, including profiling.

At any time, the Data Subject may exercise their rights towards the Joint Data Controllers, as provided by Regulation (EU) 2016/679. For this purpose, the following email addresses of the Joint Controllers are indicated, to submit any requests and inquiries from data subjects: privacy@kiwibeachresorts.it

The data subject may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), following the procedures and instructions available on the Authority’s official website: www.garanteprivacy.it.

  • Data Controller

The Data Controller, pursuant to Article 26 of Regulation (EU) 2016/679, is Kiwi Beach Resorts S.R.L., with registered office at Contrada Chiusa di Carlo SNC, VAT Number and Tax Code 01873890899.

Users may contact the company for the exercise of rights under Articles 15 to 22 of Regulation (EU) 2016/679 and to request further information in writing by email at: privacy@kiwibeachresorts.it

With reference to the above, the need is reiterated for the user to select the boxes placed at the bottom of the website page dedicated to registration, in order to accept and give consent to the processing of personal data provided, with regard to the specific purposes and levels of interaction chosen and activities they intend to carry out, or services they intend to receive.

Avola, ______________