Pursuant to Regulation (EU) 679/2016 on the protection of personal data (hereinafter also referred to as “GDPR”), with this information Terme Apollo S.p.a. wishes to describe the methods used to process the personal data (hereinafter also referred to as “Data”) of users of the website accessible through the address www.termeapollo.it, the home page of the official website of Hotel Terme Apollo (hereinafter also referred to as the “Site”). This information is provided solely for the Site of the Data Controller and not for other websites that may be consulted by the user through links.

1. Data Controller
The Data Controller (hereinafter also referred to as the “Controller”) is Terme Apollo S.p.a., VAT No. 00682880281, with registered office in Via San Pio X, 4 - 35036 Montegrotto Terme (PD), Italy. The contact details of the Controller are: tel. +39 049 8911677; fax +39 049 8910287; email address: apollo@termeapollo.it.

2. Categories of personal data
Navigation data. 
During normal operation, the IT systems and software procedures used to run this Site collect personal data and transmission of such data is an inherent feature of Internet communication protocols.
This information is not collected to be associated to identified individuals but it could, by its very nature, allow users to be identified after being processed and matched with data held by third parties. This category of data includes IP addresses or the domain names of computers used by individual users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to address the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful outcome, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data are used solely for the purpose of gathering anonymous statistical information about the way the Site is used and in order to check that it is functioning correctly. The data in question are deleted immediately after processing.
Data provided voluntarily by users
The optional, explicit and voluntary sending of emails to the addresses indicated on this site and/or the compilation of a data collection form for the purpose of making reservations or obtaining specific services and/or information, involves the subsequent acquisition of the sender’s email address by the Data Controller, which is needed to respond to and process the requests forwarded, as well as any other personal data entered by the user.
WebAnalytics
This site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies which are text files that are stored on your computer to allow the site to analyse how users use it. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to track and examine your use of the website, compile reports on website activity for IBH and provide other services related to site activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the above-mentioned information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You can refuse to use cookies by selecting the appropriate settings on your browser, but this may prevent you from using all the features of this website. By using this website, Users agree to the processing of their data by Google in the manner and for the purposes set out above. To consult Google’s privacy policy regarding the Google Analytics service, please visit the Data Protection website. To find out about Google’s privacy policy, please visit the Privacy Regulations website.
Cookie Policy
This Site uses cookies, as described in the Cookie Policy which has been drawn up in accordance with the Provision of the Data Protection Authority of 8.5.2014 “Identification of simplified procedures for the disclosure and acquisition of consent for the use of cookies”.

3. Purpose and legal basis of the processing
Without prejudice to the information given regarding navigation data and cookies, user Data are collected and processed for the purposes indicated below.
A) Execution of pre-contractual measures at the request of the data subject and subsequent performance of the contract. The Data provided by the user are processed for purposes strictly associated with the provision of the services offered by Terme Apollo S.p.a., to respond to requests for reservations at our hotel and to send estimates, as well as informative material.
The execution of pre-contractual measures at the request of the data subject and the subsequent execution of the contract (article 6, paragraph 1, letter b) of the GDPR) constitutes the legal basis for the processing of the Data. It is therefore not necessary to obtain your prior consent to the processing.
B) Regulatory compliance
User data are processed to meet obligations required by law and/or national or EU regulations that the Controller is obliged to observe when providing the services requested (e.g. in tax and accounting matters for invoicing, book-keeping and accounting records, management of the single IT archive etc. etc.).
The need to fulfil a legal obligation (article 6, paragraph 1, letter c) of the GDPR) constitutes the legal basis of the processing.
C) Direct marketing
Subject to the user’s specific consent, the Data may be processed for marketing purposes, such as sending advertising material, commercial and/or promotional information, direct sales, market research on the products and services offered by Terme Apollo S.p.a. (hereinafter defined collectively as “Marketing activities”).
Consent (article 6, paragraph 1, letter a) of the GDPR) constitutes the legal basis of the processing.

4. Nature of data provision and consequences of refusal
Without prejudice to the information given regarding navigation data and cookies, the provision of Data is necessary for the purposes indicated in letters A) and B). Failure to provide the data, therefore, will make it impossible to fulfil the user’s pre-contractual/contractual request and to execute the contract, as well as to proceed with the provision of any services requested.
Consent to the processing of data for the purposes indicated above in letter C) is optional. Failure to consent to processing for the purposes indicated in letter C) means it is impossible to inform users of promotional and commercial activities and offers and/or verify their degree of satisfaction. Failure to consent to processing for the purposes indicated in letter C) will not prevent the execution of pre-contractual measures and the subsequent conclusion and execution of the contract, nor the use of any services requested. Even after giving consent for marketing purposes, you can request, at any time, that the processing be interrupted by sending an email without formalities to the following address: apollo@termeapollo.it.

5. Processing methods
Personal data are processed with electronic, computerized, telematic and/or paper means, with logic strictly related to the purposes indicated above, in full compliance with current legislation, as well as the principles of lawfulness, transparency, necessity, proportionality and non-excess, and in such a way as to guarantee the privacy of users.
Specific security measures are put into place to prevent the loss of the Data, their unlawful and incorrect use and unauthorised access.

6. Retention period
Data will be kept in order to execute the contract and related regulatory obligations, in compliance with the principle of proportionality and non-excess and, in any case, for a period of time not exceeding that strictly necessary to achieve the aims for which they were collected. Your Data, therefore, will be kept for a maximum period of 36 months from the execution of the contract.
With regard to marketing activities, your Data will be stored by the Data Controller for a maximum period of 24 months from collection. You may request that processing may interrupted for marketing activities and in this case your Data can no longer be processed for these purposes>

7. Data recipients
To achieve the purposes described in this Privacy Policy, your personal data may be processed by employees, assimilated personnel and/or collaborators of Terme Apollo S.p.a., who work as authorised persons for the processing of personal data, specifically appointed as processors.
The personal data communicated by users may also be processed by third parties on behalf of Terme Apollo S.p.a., duly appointed as Data Processors pursuant to and for the purposes of article 28 of the GDPR, belonging, by way of example, to the following categories:
a) service providers for the management of the IT system (web hosting);
b) persons who fulfil administrative and/or tax obligations;
c) persons who provide legal and/or tax consultancy services;
d) persons who the Data Controller uses for the purposes of the execution of the contract and the provision of services;
e) advertising and marketing companies for the promotion of the hotel and the services offered.
A complete and updated list of Data Processors is available upon request.
Furthermore, Data may be communicated to the judicial authority and/or to the police, or to persons to whom there is an obligation of communication pursuant to the law and/or national or community regulations>

8. Data dissemination
Personal data are not subject to disclosure.

9. Data transfer abroad
The Website may share some of the Data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plug-ins and the Google Analytics service.
Transfer is authorised according to specific decisions of the European Union and the Data Protection Authority, in particular decision 1250/2016 (Privacy Shield) for which, for the purpose of transferring data collected and processed, no consent is requiong>

10. Data subject rights
We would like to inform you that the GDPR grants users, in their capacity as data subjects, the right to exercise specific rights.
In particular, at any time, data subjects may:
a) request and obtain access to their personal data, confirmation of the existence or otherwise of the same and their communication in an intelligible form;
b) obtain an indication of the origin of the personal data and verify their accuracy, request their integration and/or updating, or rectification, if they are inaccurate;
c) request and obtain the cancellation of personal data if they are no longer necessary for the purposes for which they were collected and processed, their transformation into anonymous form or the blocking of data processed in violation of the law;
d) request and obtain the limitation of the processing if the personal data are inaccurate, are no longer necessary for the purposes for which they were collected and processed or in the event of their unlawful processing;
e) oppose, on legitimate grounds, the processing of their data;
f) receive the data concerning them, given to the Data Controller and processed by automated means, and transmit them to another data controller, without hindrance by the Data controller, as well as, if technically feasible, obtain direct transmission of data from the Data Controller which they provided to another data controller.
All these rights can be exercised by writing to the email address of the Data Controller indicated above.
The Controller will process the user’s request and, without undue delay, provide the latter with information regarding the action taken regarding his/her request.
Any correction or deletion of data or processing limitations carried out upon the user’s request, unless this proves impossible or involves a disproportionate effort, will be communicated by the Data Controller to each of the subjects to whom the Data were transmitted.
Lastly, pursuant to article 13, paragraph 2, letter d) of the GDPR, data subjects may exercise their rights by submitting a complaint to the Data Protection Authority with headquarters in Piazza di Montecitorio, 12100186 – Rome, Italy.

The Privacy Policy of the Site may be subject to periodic updates.

This "Site" (termeapollo.it) uses cookies to make its services simple and efficient for users who visit the pages of termeapollo.it. Users viewing the Site will see minimal information entered in their devices, whether they are computers or mobile devices, in small text files called cookies which are stored in the directories used by the User’s web browser. There are various types of cookies, some to make use of the Site more effective, others to enable certain features.

Analysing them in detail our cookies:

- store the preferences entered;
- prevent having to re-enter the same information, such as the username and password, several times during the visit;
- analyse the use of services and content provided by termeapollo.it to optimize the browsing experience and services offered.

Types of cookies

Technical cookies

This type of cookie makes some sections of the Site work correctly. There are two categories of technical cookies: persistent and session:

- persistent: once the browser is closed, they are not dest
- session: they are destroyed every time the browser is closed

These cookies, which are always sent from our domain, are needed so the website can be correctly displayed and, in relation to the technical services offered, they will therefore always be used and sent, unless users change the settings on their browser (thus invalidating the display of site pages).

Analytical cookies

The cookies in this category are used to collect information on the use of the website. Termeapollo.it will use this information for anonymous statistical analysis in order to improve the use of the Site and make the contents more interesting and relevant to the user’s wishes. This type of cookie collects anonymous data on users’ activity and how they reached the Site. Analytical cookies are sent from the Site itself or from third-party domains.

Analytical cookies of third-party services

These cookies are used to collect information on use of the Site by users in anonymous form such as: page views, time spent, traffic sources of origin, geographic origin, age, gender and interests for the purposes of marketing campaigns. These cookies are sent from third-party domains external to the Site.

Cookies to integrate products and functions of third-party software

This type of cookie integrates functions developed by third parties within the pages of the Site, such as the icons and preferences expressed on social networks, in order to share the contents of the site or to use third-party software services (such as software to generate maps and other software that offers additional services). These cookies are sent from third-party domains and partner sites that offer their functions on the pages of the Site.

Profiling cookies

These cookies are needed to create user profiles in order to send advertising messages in line with the preferences expressed by users on the pages of the Site.

According to current legislation, Termeapollo.it is not required to seek consent for technical and analytical cookies, as they are necessary to provide the services requested.

For all other types of cookies, consent can be expressed by the User through one or more of the following methods:

- Through specific configurations of the browser used or the relative computer programmes used to navigate the pages of the Site.
- By changing the settings in the use of third-party services

Both of these solutions could prevent the user from using or viewing parts of the Site.

SThird-party websites and services

The Site may contain links to other websites that have their own privacy policy which may be different from the one used by termeapollo.it and it is therefore not responsible for these sites.

List of cookies

Last update 30/10/2019

Information on cookies

_ga

The _ga cookie is part of the Google Analytics analysis and monitoring service. This cookie expires two years after creation or updating. It is used to distinguish users.

developers.google.com › cookie-usage

NID

Google uses cookies, such as PREF, NID and SID cookies, to help personalise ads on Google properties, such as Google Search. For example, we use them to store your most recent searches, your previous interactions with an advertiser’s ads or search results and your visits to an advertiser’s website. In this way we can show you personalised ads on Google.

.google.com › types

How to disable cookies through the browser configuration

If you wish to learn more about the ways in which your browser stores cookies during navigation, please follow these links to the websites of the respective suppliers.