Data Controller
Giardino Eden Srl, as the Data Controller, wishes to inform you that your data will be processed in accordance with EU Regulation 2016/679 (GDPR) on the protection of personal data. Specifically, the processing of your data will be based on principles of fairness, lawfulness, transparency, and the protection of your privacy and rights. Data is currently processed and stored at our registered and administrative office for the time strictly necessary to fulfill the purposes of the processing. As a data subject, you have the right to exercise, within the data retention period, the rights under Articles 15 et seq. of the GDPR (access, rectification, erasure, restriction, portability, objection) by writing to the Data Controller.

The full privacy policy is available at: edenischiaprivacy@gmail.com

Data Processing Location
Processing related to the web services of this site (physically hosted by Pointel Communication S.p.a.) takes place at our office and is handled only by technical staff from the Office responsible for processing, or by individuals assigned to occasional maintenance operations. Personal data provided by users who send requests for hotel, restaurant, or beach club reservations, or send informational material (information, newsletters, registrations, etc.) are used solely to perform the requested service or provision and are not communicated to third parties, except in the following possible cases:

Commercial partners of Giardino Eden such as viverealmare.it (physically hosted by Serverplan S.r.l. Via G. Leopardi, 22 – 03043 Cassino (FR)).
Types of Data Processed
Navigation Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects but, by its very nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning, and it is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical cybercrimes against the site: apart from this possibility, web contact data currently does not persist for more than seven days.

Data Provided Voluntarily by the User
The optional, explicit, and voluntary sending of emails to the addresses indicated on this site involves the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message. The data will be stored only for any requested subscription to newsletters or special offers and will not be communicated to anyone. We do not collect or use personal information about website visitors. Visitors remain anonymous. The only exception concerns personally identifiable information necessary to fulfill contractual booking obligations towards the user.

Reservations
For various bookings of Giardino Eden services offered through this site, the user is required to provide their first name, last name, email address, phone number, and, when requested, payment method and credit card information. The Data Controller will use this information only for processing the reservation and to send specific information relevant to its confirmation, such as the receipt, booking code, and terms and conditions. The information provided will not be used for commercial purposes and will not be sold, transmitted, licensed, or otherwise forwarded to third parties.

Newsletter
Website visitors can register for our newsletter service. By registering, the user’s email address will be automatically added to a contact list to which email messages containing periodic updates, including commercial and promotional information, relating to initiatives, events, or promotions of the Data Controller may be sent. To subscribe to the newsletter, you can use the subscription forms on the site by entering your name, last name, phone number, and email address. The data entered will be used solely for the purpose of sending our newsletter via email and will not be communicated to third parties. Newsletters will be processed via the MAILCHIMP platform, which acts as a data processor.

Management of Personal Data Collected from CVs
Giardino Eden S.r.l. accepts personal Curricula Vitae from potential candidates in both paper and electronic format. The spontaneous and voluntary submission of a Curriculum will be implicitly considered as consent, informed by this policy, given by the data subject for the receipt and processing of the personal data contained therein, solely for the purpose of selecting potential candidates. The data processed for the purpose of candidate selection is personal data useful for finding the specific profile required. In general, the nature of personal data is normal, except in some cases where sensitive data may be indicated if necessary to identify particular requirements provided for by current regulations, such as indicating membership in protected categories, suitability for certain jobs, and/or compulsory placements, in compliance with the limits indicated by the General Provision of the Garante of June 5, 2019, which modified the General Authorization of the Garante No. 1 of December 15, 2016, on the processing of sensitive data in employment relationships. The provision of data for candidate selection is mandatory. Any refusal to provide such data will make it impossible to carry out a proper selection process and potential hiring. The data in question will not be communicated to anyone.

General Rules for CV Submission
Any CVs received spontaneously, in response to an advertisement, or to our request, will be archived directly by specially appointed data processors according to the personal data security directives adopted in compliance with the security measures referred to in Chapter IV, Section 2 of GDPR 679/2016. These will only be printed for a meeting and interview with the data subject. After the job interview, if the candidate is not selected, the CV will be retained for 1 year and then deleted and/or destroyed. In all other cases, after the interviews have been conducted and the probationary period has been successfully completed, CVs will be retained for 2 years and then deleted from the computer and, if already printed, will be destroyed.

Data Retention Period or Criteria for Determining the Period
In compliance with Article 5, paragraph 1, letter e) of EU Regulation 2016/679, collected personal data will be kept in a form that allows the identification of data subjects for a period no longer than is necessary for the purposes for which the personal data are processed.

The retention times for personal data provided through the website depend on the purpose of the processing carried out, specifically:

Purposes related to technical navigation data for the correct functioning of the website: Retention only for the relevant session, at the end of which the data is deleted.
Purpose of responding to requests for information/provision of requested services: Maximum 12 months for contact requests; 10 years for any administrative/accounting/financial documentation related to the provision of a service.
Data collection for personnel selection: Maximum 24 months.
Newsletter, marketing, or promotional communications in general via email: Maximum 24 months – until consent is revoked.
Administrative-accounting management purposes: 10 years as per legal terms for the retention of administrative/accounting/financial documentation.
Transfers of Personal Data to Third Countries
Personal data is not transferred to non-EU Third Countries, except for the previously described cases where, in any case, adequate safeguards are ensured, in compliance with Chapter V of the GDPR. In the case of transfers to the USA or other third countries, in the absence of an adequacy decision pursuant to Article 45, paragraph 3, or adequate safeguards pursuant to Article 46, it may occur:

Google Advertising Cookies: Based on the data subject’s explicit consent pursuant to Articles 6(a) and 49(1)(a) of the GDPR, obtained via the cookie management web banner on this site.
Booking Data: Based on the necessity of the transfer for the performance of a contract concluded between the data subject and the data controller or for the implementation of pre-contractual measures adopted at the data subject’s request, pursuant to Articles 6(a) and 49(1)(b) of the GDPR.
Optional Nature of Data Provision
Aside from what is specified for navigation data, the user is free to provide personal data to the email addresses indicated in the contacts to send CVs, to make online bookings, or to request the sending of informational material or other communications. Failure to provide them may make it impossible to obtain what is requested.

Processing Methods
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access. There is no automated decision-making process for data processing.

Rights of Data Subjects
The data controller is Giardino Eden S.r.l., Via Nuova Cartaromana, 62 – 80077 Ischia, and the Data Protection Officer is Mr. Gaetano Regine. You can contact them at any time to exercise your rights as provided for in Chapter III of GDPR 679/2016, in particular, the right to request access to personal data and its rectification or erasure (Right to be Forgotten) or the restriction of processing concerning you, or to object to their processing, the right to obtain a copy of the personal data undergoing processing, the right to data portability, by submitting a specific request, including via email at: amministrazione@giardinoedenischia.it.

Right to Lodge a Complaint
Data subjects who believe that the processing of their personal data carried out through this site violates the provisions of the Regulation have the right to lodge a complaint with the Garante (Italian Data Protection Authority), as provided for by Article 77 of the Regulation itself, or to seek appropriate judicial remedies (Article 79 of the Regulation).

Changes to This Privacy Policy
This Privacy Policy is subject to regular review. We reserve the right, at our discretion, to change, modify, add, or remove sections of this policy at any time. We will update this privacy policy and inform you of any changes (including when they will come into effect) if required by current data protection laws.