Wellness hotel. Thermal bath.
Bormio
Thermal bath. Wellness hotel.
Pré Saint Didier
Wellness Hotel. Spa.
Montebianco
Wellness center.
Milano
Wellness center.
Torino
Wellness hotel. Spa.
Roma
Thermal bath.
San Pellegrino
Thermal bath.
Dolomiti
Wellness center.
Chamonix-Mont-Blanc
Information on the processing of personal data pursuant to articles 13 and 14 of Regulation
EU 2016/679
QC TERME S.R.L., as Data Controller of the processing of your personal data, pursuant to and for the purposes of
Reg. EU 2016/679 (GDPR), we hereby inform you that the aforementioned legislation provides for the protection of
the processing of your personal data and that such processing will be based on principles of correctness,
lawfulness, transparency and the protection of your privacy and your rights.
Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and
the confidentiality obligations provided therein.
Type of data collected
Among the Personal Data collected by this Website are:
a) Navigation data
The computer systems and software procedures used to operate this website acquire, during the course of
of their normal operation, some personal data whose transmission is implicit in using
Internet communication protocols. This information is not collected for association with the interested parties
identified. However, by its very nature and through processing and association with data held by
third parties, it could allow users to be identified. This category of data includes IP addresses or domain names of
computers employed by users who connect to the site, the addresses in Uniform Resource Identifier (URI) notation
of the requested resources, the time of the request, the method used in submitting the request to the server, the size
of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error,
etc.) and other parameters related to the operating system and the computer environment of the user. This data is
used for the sole purpose of obtaining anonymous statistical information on use of the site and to check its correct
operation and are deleted immediately after processing. The data could be used to for
ascertaining responsibility in case of hypothetical computer crimes against the site.
Except for this possibility, data on web contacts do not persist for more than thirty days.
b) Data provided voluntarily by users
Optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the
subsequent acquisition of the address of the sender as necessary to respond to requests, as well as any
other personal data entered in the message. Specific summary information will be progressively reported or
displayed on the pages of the site prepared for particular services if requested.
c) Cookies (in this regard the User can consult the Cookie Policy)
Purpose and legal basis of the processing: in particular, your data will be processed for the following purposes:
•the implementation of obligations related to legislative requirements:
• obligations required by law in the field of taxation and accounting;
• litigation management.
Your data will also be used for the following purposes related to the execution of measures related to
contractual or pre-contractual obligations:
• the purchase of our services/products;
• after-sales assistance;
• customer management;
•activity planning
• the customer billing history.
Your personal data may also, subject to your consent, be used for the following purposes:
• for market surveys, statistics and promotional activities related to the sending of
advertising and promotional material (to fulfill this purpose your consent will be required
by ticking the flag “Subscribe to Newsletter”. We remind you that you will always have the
possibility of revoking consent to such registration).
With regard to the aforementioned, the provision of data by you is optional and any refusal of
processing does not compromise the continuation of the relationship or the adequacy of the processing itself.
Means of processing. Your personal data may be processed in the following ways:
•assigning processing operations to third parties
• processing by electronic calculators;
• processing using paper archives
All processing is carried out in compliance with the means set out in Articles 6 and 32 of the GDPR and through the adoption of the
appropriate security measures provided for.
Recipients (Subjects to whom the data may be communicated). In addition to the Data Controller access may be provided to Data
to other entities involved in the organization (staff in charge, administrative, commercial, marketing) or
external parties (such as consultants and freelancers, third-party technical service providers, hosting providers, IT companies,
freight forwarders, system administrators, banks/credit institutions) who may also be appointed by the Data Controller, if necessary,
as Data Processors. The updated list of Managers can always be
requested from the Data Controller.
Disclosure: Your personal data will not be disclosed in any way.
Your personal data may also be transferred, limited to the aforementioned purposes, to the following areas:
• EU countries;
• Countries outside the European Economic Area (EEA) where databases are run by entities that
act on behalf of the Owner; in this case, the appropriate contractual measures are taken to ensure that
data is guaranteed adequate protection, including through agreements based on contractual clauses
of the type adopted by the European Commission to regulate the transmission of personal data outside the
EEA.
Retention Period. We would like to point out that, in compliance with the principles of lawfulness, limitation of purposes and
minimization of data, pursuant to Art. 5 of the GDPR, the retention period of your personal data is:
• established for a period of time not exceeding that necessary for the achievement of the purposes for which they are collected and
processed for the execution and fulfilment of the contractual purposes;
• established for a period that does not exceed the fulfilment of the services provided;
• established for a period of time not exceeding that necessary for the achievement of the purposes for which they are collected and
treated in compliance with the mandatory deadlines prescribed by law.
Owner: the Data Controller, according to the Law, is QC TERME S.R.L. (Via Ripamonti, n.89 , 20141
Milan (MI); VAT number: 10541980966) in the person of its legal representative pro tempore.
The Data Protection Officer (DPO) designated by the owner pursuant to Art. 37 of the GDPR and is:
• Tecnologie e Sistemi Srl, in the person of Dr. Mirco Giorgi (Corso Promessi Sposi, 23, 23900 Lecco
(LC); e-mail: [email protected]; telephone: 0341 350065; VAT: 03347650131).
You have the right to obtain from the manager the cancellation (right to destruction), limitation, update,
rectification, portability, or opposition to the processing of personal data, and may generally exercise these
rights under Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of Interested Party
1. The interested party has the right to obtain confirmation of existence or otherwise of personal data concerning him/her, including,
even if not yet registered, their communication in intelligible form and the possibility to make a complaint with
the Supervisory Authority.
2. The interested party has the right to obtain the indication:
a. of the origin of personal data;
b. the means and purposes of processing;
c. the logic applied in the case of processing with the aid of electronic instruments;
d. The identity of the Data Controller, managers and the appointed representative pursuant to Article 5(2) of the GDPR;
3. The Data Subject has the right to obtain:
a. The updating and rectification of or, where relevant, additions to the data;
b. The erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c. Proof that the operations referred to in paragraphs a) and b) have been brought to the attention, also in terms of their content, of those to whom the data have been communicated or disseminated, except in cases where this proves impossible or involves the use of means manifestly disproportionate to the protected right;
d. data portability.
4. The Data Subject has the right to object, in whole or in part, to:
a. for legitimate reasons, the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
b. the processing of personal data concerning them for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communications.
Newsletter and Marketing
Pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of personal data ("Regulation"), we hereby inform you that your personal data, which is provided at your discretion, will be processed by QC TERME S.R.L., hereinafter the Data Controller, mainly by electronic means for the purpose of fulfilling your request to subscribe to our automated newsletter, which will enable you to stay up to date with the services we offer and with our promotional activities, as well as allowing us to identify your level of satisfaction with regard to the services you have enjoyed, to carry out market research surveys and to send you advertising materials. You may revoke your consent to such subscription at any time. The provision of your personal data is free but failure to provide them will not allow us to perform what is required and, consequently, to subscribe you to our newsletter. If you decide to provide us with your data, it will be processed exclusively by personnel authorised by the Data Controller and will be retained only for the time necessary to fulfil the purpose outlined above. Under no circumstances will your data be shared but may be disclosed to third parties which the controller relies on solely and exclusively to ensure the proper implementation of the above purposes. You are entitled to the following: the right of access, the right to rectification, the right to erasure, the right to restriction, the right to portability, the right to withdraw consent, the right to complain, the right to object, the right not to be subject to a decision based solely on automated processing, including profiling, except in the cases provided for in the Regulation.
To exercise these rights, you can contact the Data Controller by writing to QC TERME S.R.L. - Via Ripamonti 89 - 20141 Milan (MI) or by sending an email to [email protected]
Without prejudice to any other administrative or judicial appeal, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in breach of the Regulation.
The Data Protection Officer (DPO) designated by the holder pursuant to Article 37 of the GDPR is: Tecnologie e Sistemi Srl, in the person of Dr. Mirco Giorgi (Corso Promessi Sposi, 23, 23900 Lecco (LC). VAT number: 03347650131; e-mail: [email protected]; telephone: 0341 350065.