Privacy Policy

Who we are

Our website address is: baanilodgemaldives.com.
You can contact us at: info@baanilodgemaldives.com.

What personal data we collect and why we collect it

Premise

Following the regulation dictated by the EU Regulation 2016/679 called “Global Data Protection Regulation” (GDPR), laying down provisions for the protection of persons and other subjects regarding the processing of personal data, we provide here all the information about the use of personal data acquired in relation to the use of this site.

Source of personal data

The data in our possession are electronically collected.
The data are provided by the user through direct communications via email, using the provided address: info@baanilodgemaldives.com.

Communications via email

By sending an email with personal data to the contact address published on the site, the user consents to their use for responding to requests for information or any other purpose.
Data collected: email address (name, surname if included).
Any further data that the user voluntarily inserts will be kept stored only if necessary to provide the service requested by the user.
All collected data will be processed in compliance with current legislation, and in any case, with due confidentiality.

Communications via contact forms

When a user sends us a booking request through our contact form we collect user’s name, surname, email address.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Your data

Purpose of personal data collection

The data collected here are intended exclusively for the provision of the service requested by the user and for the performance of our information, commercial, advertising, promotional and marketing activities.
The data can be processed to contact the user.
The data may be processed to perform statistical, commercial and marketing studies.
The user is responsible for his own personal data and the ones of third parties published or shared through this site.
The user also guarantees to have the right to communicate his own personal data and the ones of third parties, freeing the owner of this site from any liability to third parties.

Collection method

Personal data are subject to processing methods based on principles of correctness, lawfulness and transparency.
In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and telematic tools with logics strictly related to the specified purposes and, in any case, in order to guarantee the security and confidentiality of the concerned person, through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use, in compliance with the limits and conditions defined in the EU Regulation 2016/679.
Personal data may be processed either on paper or electronically and / or through automated processes.
Data may be processed by the Owner and Data Controller as well as by the subjects directly involved in the organization and management of this site (administrative, commercial, marketing, legal, system administrators), where engaged in the execution of the mandate given to us.

Access to personal data

Subjects who may access personal data of the user as managers or persons in charge (according to Article 13 Paragraph 1 of the GDPR) are:

  • The Data Controller
  • The staff of the Data Controller (for fullfilling user requests, for example a response to an information request).

Personal data will not be disclosed to third parties.

Data communication

Data may be communicated to the subsidiaries or affiliated companies and to the persons responsible for managing services connected to our activities, and treated exclusively within the scope of the required service.
The user is aware that the owner of this site may be required to communicate data upon supervisory requests, by judicial authorities and other third parties to whom the communication is mandatory by law, including the prevention / repression of any illegal activity pertaining the access to this site and / or sending any kind of request.

Data transfer

Data received through this site are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the treatment are located.
For further information it is possible to contact the Data Controller as described in the “Way to exercise rights” paragraph.
The management and storage of personal data will be carried out on Data Controller’s and / or third-party companies’ (appointed as Data Processors) servers located in Italy and in Europe.
All data will not be transferred outside the European Union.

Data retention time

Personal data received from users that send information via this site will be kept for a time strictly necessary for the fulfillment of the request and for the purposes described in the point “Purpose of personal data collection”.
The user can obtain further information regarding the legitimate interests pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller as described in the “Ways to exercise rights” paragraph.
In the event that the processing is based on the user’s consent, the Data Controller may keep the personal data longer, until the aforementioned consent is revoked.
The Data Controller may be obliged to keep personal data for a longer period in compliance with legal obligations or an authority  order.
Personal Data will be deleted at the end of the retention period.
Therefore, at the end of this term, the right related to actions such as access, cancellation, rectification and the right to data portability can no longer be exercised.
If the user take action towards the revocation of consent for the specific treatment, the data will be deleted or made anonymous within 72 hours from the receipt of the revocation.
Pursuant to Art. 13, paragraph 2, letter (f) of the GDPR Regulations, we inform that all the collected data will not be subject to any automated decision making process, including profiling.

Owner and Data Controller

Owner and Data Controller is Laura Ramaschi, who will use them for the purposes indicated in this policy.
Further information can be requested at the following email address: info@baanilodgemaldives.com.

What rights you have over your data

You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

User Rights

Users can always exercise the rights specified in articles 13 (C. 2), 15, 18, 19 and 21 of the GDPR, summarized here in the following list:

  • The interested party has the right to obtain confirmation of the existence of data concerning him, even if not yet communicated, and to have their delivered in an intelligible form;
  • At any time the concerned  persons can access their data to update them, modify them, integrate them, receive them, transfer them, limit their use (in this case the owner will not process the data for any different purpose other than their conservation) or revoke their use, in accordance with the provisions of EU Regulation 2016/679;
  • The interested party has the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority: www.garanteprivacy.it

The exercise of user’s rights is not subject to any form of constraint and it’s free.
The receiving of this information notice will be considered a consent to the processing of personal data as referred in this policy.
Further information regarding the processing of personal data may be requested to the Data Controller as described in the “Ways to exercise rights” paragraph.

Ways to exercise rights

At any time the interested parties can access their data to update them, modify them, integrate them, or simply oppose their use.
Users may exercise their rights or request more information regarding the processing of personal data at any time by sending an email to the address: info@baanilodgemaldives.com.

Additional information

What data breach procedures we have in place

If any anomaly would arise everything will be notified within 72 hours from the event discovery and all the necessary information and solutions will be communicated after being evaluated on a case by case scenario.

What third parties we receive data from

We do not have any third party system active on the site.

Legal references

This privacy policy has been compiled on the basis of multiple legislative orders, including articles 13 and 14 of GDPR Regulation (EU) 2016/679.

Changes to the privacy policy

The owner of the data processing reserves the right to make changes to this privacy policy at any time, making it available to users on this page.
Please visit this page regularly, taking the last modification date published at the end of the text as a reference.
In case of non-acceptance of the changes made to this privacy policy the user is required to cease using this site and may require the data controller to remove the related personal data.

Definitions

Personal data (or data)
Any information which, directly or indirectly, or in connection with other information, identifies a natural person.

User
The individual who uses this site and who, unless otherwise specified, coincides with the interested party.

Interested party
The natural person to whom the personal data refers.

Data processor (or Data supervisor)
The natural or legal person, public authority or any other entity that processes personal data on behalf of the Data owner, as stated in this privacy policy.

Data controller (or Data owner)
The natural or legal person, public authority, service or or any other entity which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this site. The Data controller, unless otherwise specified, is the owner of this site.

This site
The tool through which the personal data of users are collected and processed.

European Union (or EU)
Each reference to the European Union contained in this policy is intended to be extended to all current member states of the European Union and the European Economic Area.

Processing of personal data
By processing of personal data under the law we mean any operation carried out with or without the use of electronic or automated instruments, concerning the collection, registration, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, removal and distribution of data.

Last modified: 2021/07/14