Privacy Policy

The company: KIWI BEACH RESORTS SRL, with registered office in Contrada Chiusa di Carlo SNC, VAT number and Tax Code 01873890899, REA SR — 154587, PEC [email protected], website www.kiwibeachresorts.it, hereinafter referred to as ‘Data Controller’, in the person of its legal representative, attests the following PRIVACY POLICY of the website: “https://leduneclub.it/” available at the address:

https://leduneclub.it/privacy/

The website “https://leduneclub.it/” is managed and owned by Kiwi Beach Resorts S.R.L., with registered office in Contrada Chiusa di Carlo SNC, VAT number and Tax Code 01873890899.

Information notice for the processing of common and special categories of personal data, pursuant to Articles 9 and 13 of Regulation (EU) 2016/679 (GDPR).

This notice informs data subjects that Kiwi Beach Resorts S.r.l., with registered office in Contrada Chiusa di Carlo SNC, VAT number and Tax Code 01873890899, in its capacity as Data Controller of personal data relating to the website https://leduneclub.it/, provides information regarding the methods of collection, use and protection of personal data, both common and special categories, relating to data subjects, i.e., the individuals to whom such data refers.

1. Data Controller

The Data Controller of personal data, pursuant to Regulation (EU) 2016/679 (GDPR), is Kiwi Beach Resorts S.r.l. (hereinafter “KBR”), with registered office at Contrada Chiusa di Carlo SNC, VAT number and Tax Code 01873890899. Data subjects may exercise the rights referred to in Articles 15–22 of Regulation (EU) 2016/679 and request further information by writing to the email address:
[email protected]

2. Protection of personal data, common and special categories

Kiwi Beach Resorts S.r.l. recognizes that when a user decides to provide personal data and/or special categories of data concerning them through the website https://leduneclub.it/, they place trust in the Data Controller and in its ability to operate responsibly in relation to the processing of data and the purposes for which such data is provided, in compliance with applicable legislation, except in cases of force majeure not attributable to the Data Controller.

For this reason, Kiwi Beach Resorts S.r.l. adopts a policy regarding the protection of users’ personal data, both common and special categories, which defines the methods of conferral, collection, processing and use of such data.

3. Types of information collected, their use and methods of collecting personal data and/or special categories of data

In compliance with applicable legislation and, in particular, with Regulation (EU) 2016/679 (GDPR), the website https://leduneclub.it/ provides specific methods for collecting consent (“opt-in”) in the sections dedicated to registration and use of services, in order to allow users to express free, specific, informed and unambiguous consent to the processing of common and/or special categories of personal data provided.

Through these “opt-in” methods, users can view, pursuant to Article 13 of Regulation (EU) 2016/679, information relating to the methods and purposes of personal data processing and express their consent by selecting the appropriate boxes provided, after accepting this privacy policy. Such consent authorizes the processing of data for the indicated purposes and allows users to exercise the rights recognized by applicable legislation.

In order to allow conscious and informed access to the services, promotions and activities made available through the website https://leduneclub.it/, Kiwi Beach Resorts S.r.l., in its capacity as Data Controller, may request users who intend to register or use the services offered to provide personal data, both common and/or special categories.

Personal data may be collected, by way of example, when the user:

  • registers for online services available on the website;
  • provides information for participation in events, activities and/or courses organized or promoted through the website;
  • contacts the website to request information or use the services offered, including through non-digital means (for example, paper forms).

The information collected may include data such as name and surname, email address, as well as additional data that may be necessary in relation to the purposes pursued and indicated in the specific section “Purpose of processing” of this notice.
The provision of data always takes place according to the methods of explicit consent (“opt-in”) and in compliance with the principles of lawfulness, fairness, transparency and data minimization.

4. Data storage

Personal data collected through the website https://leduneclub.it/ is processed and stored by Kiwi Beach Resorts S.r.l., in its capacity as Data Controller, for the purposes indicated in this notice and for the time strictly necessary to carry out the activities requested by the user, as well as to fulfill obligations provided for by applicable legislation.

Data storage is carried out in order to allow the identification and recognition of users registered on the website and/or related restricted areas, as well as for carrying out activities and services offered including through non-digital means, always in compliance with the principles of lawfulness, fairness, proportionality and storage limitation, as provided for by Regulation (EU) 2016/679.

The criteria for determining the data retention period are defined based on the nature of the data processed, the purposes of processing and applicable legal obligations, as indicated in the specific section “Purpose of processing” of this notice.

5. Activities permitted after data registration

Following registration on the website https://leduneclub.it/, the user will be able to access and participate in activities, services, events and initiatives for which registration was required, in compliance with the purposes indicated during registration and in this notice.

5.1 Use and retention of data

Personal data provided by the user following registration or use of services may be processed:

  • for the provision of requested services;
  • for administrative, organizational and customer assistance purposes;
  • for statistical purposes, in aggregate or anonymized form, where possible;
  • to fulfill legal obligations.

Data will be retained for a maximum period of 10 years, except for different legal obligations or different indications arising from the consent expressed by the user or the specific purpose of processing.

5.2 Participation in events, activities and initiatives

If the user participates in competitions, events, promotional activities, surveys or other initiatives reserved for registered users, they may be asked to provide additional personal data (such as, by way of example, name and surname, address, telephone number, email address), strictly necessary for managing the requested activity.

5.3 Communications and assistance

The user’s personal data may be used to:

  • provide information on services offered;
  • manage user requests;
  • provide assistance and support;
  • improve the website’s content and services based on user needs.

5.4 Marketing activities

Subject to the user’s specific consent, personal data may be used for marketing purposes, such as sending promotional, informational or commercial communications relating to services offered by Kiwi Beach Resorts S.r.l., via email, telephone, SMS or other electronic communication tools.

The user may at any time revoke the consent given or object to processing for marketing purposes, according to the methods indicated in this notice.

5.5 Communication of data to third parties

The user’s personal data may be communicated to:

  • service providers and collaborators appointed as Data Processors, pursuant to Article 28 of the GDPR, for purposes strictly related to the provision of requested services;
  • competent authorities, public bodies or third parties, in cases provided for by law, by judicial authority orders or other supervisory bodies.

Data will in no case be disclosed to the public.

5.6 Corporate transactions

In case of extraordinary transactions such as merger, transfer, reorganization or transfer of business or branches thereof, personal data may be transferred to the succeeding parties, in compliance with the guarantees provided by the GDPR. In such cases, users will be informed and may exercise the rights provided for by applicable legislation.

6. User consent and third-party data

By providing their personal data and/or special categories and common data, the user authorizes its processing for the aforementioned purposes, suitable for carrying out the activities for which consent has been provided and indicated and available on the website.

The user also authorizes the transfer of their personal data, special categories and common data to the website’s service providers and its owner in order to enable the functionality of activities for which consent has been given.

In any case, always for the indicated purposes, the user gives consent so that, for activities necessary for implementing the services provided and requested, their data may be transferred to service providers, including indirect ones, residing abroad and in countries with jurisdictions that may not guarantee the same level of data protection guaranteed by the country in which the user resides, explicitly accepting this condition.

7. Authorization to use browsing data: Cookies (and data possibly provided by telephone)

A cookie is a “data file” that websites, during user navigation, can send to the address of users who are browsing the websites themselves, in order to track their path within the website, thus collecting user browsing data in order to improve the offer, usability of the website and ensure its security.

The computer system and all software procedures used and responsible for the correct functioning of the website “https://leduneclub.it/” acquire, during their normal operation, some personal data for which, according to what is provided by law, this notice is provided and, where necessary, consent is requested for the use of such procedures in the prescribed forms and methods.

The transmission and reception of this data is implicit in the use of internet communication protocols.
Such data and information are not collected in order to be automatically associated with identified subjects, but their very nature could allow, through processing and associations with other data, held also by third parties, the identification of users.

This category of data includes IP addresses, domain names of PCs (computers) that users use for browsing and from which they connect to the website, as well as addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

This data exchange and use of cookies by the website “https://leduneclub.it/” avoids resorting to other computer techniques potentially harmful to users’ browsing privacy.

The aforementioned data is processed in order to obtain statistical information on website use, to monitor its correct functioning and ensure its security, as well as to ascertain responsibilities in case of hypothetical offenses, particularly of a computer nature, against the website or registered customers and users.

Any telephone calls could also be subject to procedures for verifying and correctly functioning communication systems and could acquire some data relating to calls with customers or made by them (this category of data includes the remote number of the caller where available, browsing data or actions/keystrokes that the customer makes to access various services and the duration of the call, as well as, upon notice to the data subject, any audio recording of the calls themselves).

Cookies can be of different types:

  1. “Technical cookies”

These are cookies used solely for security, optimization and operation of the website directly by the website owner, who may also collect information in aggregate form on the number of users and how they visit the website. For such files, the website “https://leduneclub.it/” informs that this use is connected to the website’s operation and it is therefore necessary to accept their use to allow browsing on the website itself.

  1. “Profiling cookies”

These are cookies used to track user navigation on the network and create profiles on their tastes, habits, choices, etc. With these cookies, advertising messages in line with preferences already expressed by the user in online browsing can be transmitted to the user’s terminal.

For such reasons and purposes, during user browsing of its website, the website “https://leduneclub.it/” can also exchange cookies with users’ computers, where they accept such data exchange in the case of cookies as described above: profiling (paragraph “b”) according to the methods provided and permitted by applicable legislation, for the first type of cookies (paragraph “a”) automatically and necessarily to allow continued browsing on the website and use of services offered and requested and for which this notice must simply be provided.

8. Protection of user information

Kiwi Beach Resorts S.r.l., to protect user information, provides servers and web technology of an adequate level of security, with encrypted transactions using the ‘SSH’ security protocol for telecommunications (Secure SHell) which allows establishing an encrypted remote session (https).

Considering the very nature of the web (Internet), and despite the correct fulfillment of obligations assumed by the personal data controller, for both special categories and common data, it is possible and acceptance of risks connected to internet use must be expected, such as, by way of example and not limitation: security risks in case of interception, unauthorized access to data by third parties, risks of data damage and risks connected to viruses or other dangerous devices or computer-type criminal actions.

The computer systems and software procedures responsible for the website’s operation acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and associations with data held by third parties, allow the identification of users.

This category of data includes IP addresses or domain names of computers used by users who connect to the website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system, the user’s computer environment and their browsing.

9. Disclaimer

Links to other websites may also be published, but Kiwi Beach Resorts S.r.l. is not responsible for the content or privacy policies of such additional parties and how such data is processed.

In particular, except for different agreements, the website “https://leduneclub.it/” does not operate as a representative of any additional websites other than its own referenced in this notice, nor as an advertising operator, and is not authorized to make statements on their behalf.

In any case, the user is required to verify the personal data protection procedures of any third parties, excluding any liability of the website “https://leduneclub.it/” and the external data processor in this regard.

10. Password responsibility

In order to provide the user with more personalized services, the user may be asked to create one or more passwords depending on the utilities and activities to be carried out and/or access levels, for particular services or sections of the website.

The user is solely responsible for controlling and using each password created and activities carried out through their profile.

11. Policy updates

The possibility of periodically updating the personal data protection policy is always provided and permitted, also by virtue of changes in laws and/or regulations; in such cases, where such changes are substantial, varying users’ rights and obligations, users will be informed of this on the website with publication of the new updated version of the personal data protection policy.

12. User rights and data processing

Pursuant to Article 13 of Reg. (EU) 2016/679, users are informed that the processing of their personal data is based on the principles of fairness, lawfulness and transparency, and that they will be protected confidentially in compliance with the rights determined by applicable legislation regarding security and protection of personal data. In particular, the user is made aware of the circumstances described below.

13. Source of personal data

The personal data held by Kiwi Beach Resorts S.r.l. relating to the website “https://leduneclub.it/” is that resulting from data collection carried out at the time of registration on the website or otherwise provided in another suitable manner.

All personal data is processed in compliance with Reg. (EU) 2016/679 and in compliance with confidentiality obligations to which, in any case, the company’s activities have intended to conform.

14. Purpose of processing

Processing is carried out solely to allow participation in all activities for which the user has given consent.

15. Processing methods

Processing is carried out through the operations or set of operations indicated in Article 4 of Reg. (EU) 2016/679, carried out with or without the aid of electronic or automated means. Processing is carried out by the Data Controller and by persons authorized to process data duly delegated. Personal data you provide will be retained for a period of 10 years and in any case not exceeding that necessary for achieving the purposes for which consent was given.

16. Refusal to provide data

Providing data is optional, but any refusal could result in the impossibility of complete and correct use of interactive services offered on the website.

17. Communication of data

Users’ personal data may be accessed by persons authorized to process data and any data processor if appointed. They may be communicated for the purposes already indicated to companies or third parties for outsourced activities, always with reference to the activities and purposes for which consent was given.

The complete and updated list of parties to whom data has been communicated can be requested by the user from the Data Controller.

18. Disclosure of data

The data provided may be disclosed for needs connected to the indicated purposes and for which consent to processing was given, for marketing purposes (where consented) through the internet, brochures, informational leaflets, emails, etc., in compliance with the principles of fairness, lawfulness and transparency and as accepted during registration.

19. Transfer of data abroad

Personal data may be transferred abroad to European Union countries and to Third Countries outside the European Union as defined by Article 44 (“General principle for transfers”) of Reg. (EU) 2016/679, for business needs related to the functionality of activities for which the user intended to give consent to the processing of their data. Such data will be subject to processing in full compliance with the aforementioned legislation and confidentiality which characterizes the activities of AS0 and D4B relating to the website “https://leduneclub.it/

20. Rights of the data subject

The Data Controller guarantees the user the following rights, pursuant to Reg. (EU) 2016/679:

  • Art. 15. Right of access by the data subject: the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed;
  • Art. 16. Right to rectification: right to obtain from the data controller the rectification of personal data;
  • Art. 17. Right to erasure “right to be forgotten”: right to obtain from the data controller the erasure of personal data concerning them;
  • Art. 18. Right to restriction of processing: right to obtain from the data controller restricted processing of their data when contesting the accuracy of personal data, when processing is unlawful and if they have objected to processing;
  • Art. 19. Notification obligation regarding rectification or erasure of personal data or restriction of processing: right to obtain from the data controller notification in case of rectification or erasure of personal data or restriction of processing;
  • Art. 20. Right to data portability: right to obtain data portability, i.e., receive the data itself from the data controller, in a structured, commonly used and machine-readable format or have it transmitted to another data controller without any impediment;
  • Art. 21. Right to object: the data subject’s right to object to processing;
  • Art. 22. Automated individual decision-making, including profiling: right to object to automated decision-making relating to natural persons including profiling.

At any time, the data subject may exercise their rights towards the Joint Data Controllers, as provided by Reg. (EU) 2016/679. For this purpose, the following email addresses of the Joint Controllers are indicated, to submit any requests and applications from data subjects: [email protected]

The data subject may file a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), following the procedures and instructions available on the Authority’s official website: www.garanteprivacy.it.

21. Data Controller

The Data Controller of personal data, pursuant to Article 26 of Reg. (EU) 2016/679, is Kiwi Beach Resorts S.R.L., with registered office in Contrada Chiusa di Carlo SNC, VAT number and Tax Code 01873890899.

Users may contact the Data Controller to exercise the rights referred to in Articles 15 to 22 of Reg. (EU) 2016/679 and to request further information in writing by email at:
[email protected]

With reference to the above, the need for the user to select the boxes positioned at the bottom of the website page dedicated to registration is reiterated, in order to accept and give consent to the processing of personal data provided, with regard to the specific purposes and levels of interaction chosen and the activities they intend to carry out, or the services they intend to receive.

Avola, ______________