Information on Art. 13 of the Italian law. n. 196/2003 and on Art. 13 of The General Data Protection Regulation (GDPR) (EU) 2016/679 the processing of personal data of users who visit the Website https://baobabzanzibar.sandies-resorts.com/
We inform that, pursuant to Art. 13 of the Italian law. n. 196/2003 and pursuant to Art. 13 of The General Data Protection Regulation (GDPR) (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, all personal data provided will be processed in compliance with the regulations referred to and with all binding obligations of confidentiality.
All contents of this Site are owned and / or controlled by Sandies Baobab Zanzibar under company name Away Hotels Zanzibar Limited and / or Planhotel SA and are protected by International Copyright laws.
The company may occasionally update this policy and therefore recommends that Users visit this page regularly to be informed of any changes.
The Controller of processing of personal data is Sandies Baobab Beach Zanzibar under company name Away Hotels Zanzibar Limited, Mahonda Beach, PO Box 100, Zanzibar, TANZANIA TIN: 135-633-585, Tel: +41919113337, Email firstname.lastname@example.org (hereinafter called the Owner or the Controller).
Away Hotels Zanzibar is part of the group PLANHOTEL SA (CHE 108 689 256, via Cantonale n. 3, 6900 Lugano CH), tel. 0041 919113333, email email@example.com and your data could be transferred to Planhotel for purposes related to article 4.
The Holder processes personal data, identifying (for example, name, surname, company name, address, telephone, e-mail, bank and payment details – hereinafter, Personal Data or even Data) that you have communicated on conclusion of contracts for the services provided by the Owner.
The data you provide will be used for marketing and / or promotional purposes only with your specific consent. In any case, it is specified that any refusal to provide consent to the processing of data for promotional and marketing purposes does not affect the provision of services or use of the Site.
The Controller, in its capacity as owner of the site https://baobabzanzibar.sandies-resorts.com/, informs you that personal data will be processed as specified below in order to guarantee a correct and efficient use of the services offered by the Site. Specifically, the data processed is:
During normal operation, the computer systems and software procedures for running this site collect some personal data and the transmission is implicit with the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through the processing and association with other data held by third parties, identify users. This data includes IP addresses or domain names of computers used by users who connect to the site, the URI (Uniform Resource Identifier) of requested resources, time of request, the method used to submit the request to the server, the size of the file obtained in the reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relative to the operating system and computer environment.
Data provided voluntarily by the user.
According to decree of June 30, 2003 n. 196 (Code regarding the protection of personal data), we inform you that the personal data you voluntarily make available to The Controller will be processed in accordance with current legislation on the protection of personal data and, in any case, following the principles of confidentiality with which The Controller manages all its activities and only for the purposes indicated in this statement.
In particular, the site collects data about your reservation, such as personal details, email address, home address, phone number, payment data, the name of the guests who travel with you and your preferences related to the stay.
The personal information you make available are used as follow:
– to conclude of the contracts for the services of the Owner;
– to fulfil all pre-contractual, contractual and tax obligations deriving from relations with you;
– to fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
– to exercise the rights of the owner, for example the right to defense before the Court;
– allow the user to use the Site.
– to send via e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Owner and recognition of the degree of satisfaction on the quality of services;
– send via e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example, business partners, insurance companies, etc.).
For the purposes referred to in Article 4B, the provision of consent is optional and does not affect the use of the website nor the services provided by The Controller. Furthermore, with reference to the purpose of direct marketing, the recipient has the right, at any time and free of charge, to oppose such processing pursuant to art. 21 GDPR.
If the recipient opposes to processing for direct marketing purposes, all Data are no longer processed for these purposes.
Personal data is processed using suitable hard copy, electronic and / or telematics devices, with the specific purpose mentioned above and to ensure the security and confidentiality of the data. Strict security measures are in place to prevent the loss of data, illegal or incorrect use and unauthorized access.
Personal data undergoing processing shall be: (i) processed lawfully and fairly; (Ii) collected and recorded for the purposes mentioned in the previous paragraph; (Iii) accurate and, where necessary, updated; (Iv) kept in a form that permits identification of the subject for no longer than is necessary for collecting and processing the data.
The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the contract.
Your data may be made accessible for the purposes mentioned above:
– to employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
– to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as external managers of treatment. The list of external processors is kept at the company headquarters and can be consulted on specific request.
The list of persons in charge of processing personal data is available from the company.
Pursuant to art. 15 GDPR, the data subject shall have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy referred to in this article shall not adversely affect the rights and freedoms of others.
Without the express consent (pursuant to Article 24 letter a), b), d) Italian Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 4.A) to Authorities, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers
Personal data are stored on servers located in Italy. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
Providing your data is optional. However, refusing and / or providing incorrect and / or incomplete information may result in the inability to use the Site and the services offered.
You have the rights set forth in art. 7 of the Privacy Code and art. 15 and ss. GDPR and precisely the right of:
i. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
ii. obtain the indication:
a) of the origin of personal data;
b) of the purposes and methods of the processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identification details of the owner, the managers and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR;
e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
iii. obtain the:
a) updating, rectification or, when interested, modification of Personal Data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment is it proves impossible or involves a use of means manifestly disproportionate to the protected right
iv. Right to object:
a) The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. In this case, the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
b) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Where applicable, it also has the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.