Privacy Policy

Corvino Resort Srl, Registered office Viale Aldo Moro 4, 70043 Monopoli (BA) – Place of business: Viale Aldo Moro 4, 70043 Monopoli (BA) (later, “Proprietor”), as the holder of the policy, informs You in accordance with Article 13 D.Lgs. 30.6.2003 n. 196 (later “Privacy Code”) and Article 13 EU Regulation n. 2016/679 (later “ GDPR”), that Your data will be processed with the following methods and for the following purposes:

1. Object of the Policy
The Proprietor processes identifier, non-sensitive personal data ( for example name, surname, business name, VAT registration number, fiscal code, address, telephone number, e-mail address, account and payment data, etc.)- later, “personal data” or also “data”, given by You during registration to the website or app. of the Proprietor, (, and the like for example for requesting a quotation about services/products offered by the Proprietor, or during registration to the newsletter service offered by the Proprietor, or during the conclusion of a contract for services o products offered by the Proprietor.

2. Objectives, legal basis and lawfulness of the processing
Your personal data are processed:

  1. After Your consent (Article 24 lett. a), b), c) Privacy Code and Article 6 lett. b), e) GDPR) which is optional, but necessary for the following Purposes of Service: to implement your contract with us; to allow your registration to our website, for example if you use our services to book online, we will use your data to perform our duty to complete and manage your booking, under the contract between us; to manage and maintain our website; to allow your registration to the newsletter service provided by the Proprietor (Article 47 GDPR) and to other services if you request them; to prevent or find out fraudulent activities or harmful misuse of our website; to conclude contracts for the services of the Proprietor; to fulfil pre-contractual, contractual and fiscal duties regarding our relationship with you; to meet our obligations as required by the law, a regulation, Community legislation or by an order of the Authorities (like for example about anti-money laundering); to exercise the rights of the Proprietor, for example the right to legal aid.
  2. Only after Your specific and clearly stated consent (Articles 23 and 130 Privacy Code and Article 7 GDPR), for the following Purposes of Marketing: to send commercial or promotional communication of third parties by e-mail, post or text or phone calls; to send also promotional offers about our services and updating of our tariffs and offers as well as wishes by post or fax or e-mail; to process sensitive data willingly submitted by You, in order to offer a higher level of hospitality in our hotel, like for example newsletters, holiday wishes; to send by e-mail, post or text or phone calls commercial communication and advertising material on products and services offered by the Proprietor and to collect info on the degree of satisfaction about the quality of services (Article 47 GDPR); for these purposes, on the basis of legitimate and combined interest in accordance with Article 17 Regulation 2002/58/CE, Articles 47 and 95 of GDPR and the Recital n.173 of GDPR, You may withdraw or modify your consent at any time.
We inform You that if you are already our customer, we can send you commercial communication about services and products of the Proprietor similar to the ones you already used, unless You disagree. (Article 130 c. Privacy Code). Legitimate interests are the legal basis of the processing (Recital. 47 of GDPR): Your information can be used for our legitimate interests, or also for managing, legal purposes or to detect fraud. Your rights and interests with regard to the protection of your personal data will always be balanced with our rights and interests (Article 6 first subparagraph, lett. f of GDPR).

3. Method of Processing
Your personal data are processed through the operations stated in Article 4 Privacy Code and Article 4 n. 2) GDPR and specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block, communication, cancellation and destruction of data. Your personal data will be processed either in printed form or electronically and/or automatically. The Proprietor will use your personal data for the time required to complete the operations above-mentioned and in any case for no longer than 10 years from termination of the contract for the Purposes of Service and for no longer than 2 years from data collection for the Purposes of Marketing.

4. Rights of the data Subject
As the data Subject, You have the rights in accordance to Article 7 Privacy Code and Article 15 GDPR and precisely the rights to:
I - to obtain confirmation of whether there are personal data concerning you or not, even if not registered yet, and that they are comprehensible;
II – to obtain indications concerning: a) the origin of personal data; b) the objectives and methods of processing; c) the logic applied in the event of processing by electronic means; d) the identification details of the Proprietor, of those in charge and of the representative designated in accordance with Article 5, comma 2 Privacy Code and Article 3, sub-paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data can be communicated or who can know about them as a representative designated in the State territory, as those responsible or in charge;
III – to obtain: a) the updating, rectification or, when you have an interest, integration of data; b) the cancellation, transformation in an anonymous form or the block of data processed by infringing the law, including those for which storage is not required with regard to the purposes for which the data were collected or subsequently processed; c) confirmation that the operations referred to in letters a) and b) have been known about, also with regard to their content, by those to whom the data were communicated or spread, except if this compliance proves impossible or it requires disproportional resources with respect to the protected right.
IV- to object, in full or in part: a) for legitimate reasons, to the processing of personal data concerning You, albeit relevant to the purpose of collecting; b) to the processing of personal data concerning You for the purpose of sending advertising material or direct selling or market researching or commercial communication, by means of automated calling systems, without human intervention, by e-mail and /or using traditional marketing methods by phone and /or paper mail. Please note that the right of objection by the person concerned, shown in the previous point b), for the purpose of direct marketing by automated means, is extended to traditional means and that it does not affect the possibility for the person concerned also to exercise the right of objection only in part. Therefore, the person concerned can decide to receive only communications through traditional methods or only automated communications or neither of these. Where applicable, You have the rights referred to in Articles 16-21 GDPR (Right to rectify, to be forgotten, to limit the processing, to data portability, to objection), as well as the right to lodge a complaint to the Competition Authority.

5. Data Access
Your data will be made accessible for the purposes referred to in Article 2/A) and 2/B):
-to employees and collaborators of the Proprietor or the company Corvino Resort Srl in Italy and abroad, as people in charge and /or in-house responsible for the processing and /or system administrators;
- to any company of the Corvino Resort Group of which the Proprietor is part (for example, for promotional activities of services offered to customers, for the personal data storage,etc.), or to other interested companies or subjects ( for example, website managing and maintaining providers, suppliers, credit institutions, professional firms, etc.) carrying out outsourcing activities on behalf of the Proprietor, as people responsible for external processing.

6. Data Communication
When a specific consent is not required (above Article 24 lett.a),b),d Privacy Code and Article 6 lett.b) and c) GDPR), the Proprietor can communicate Your personal data for the purposes referred to in Article 2.A) to: Supervisory bodies, Legal authorities, as well as to all those to whom communication is mandatory to fulfil the above purposes. Those subjects will process the data as autonomous controllers. Your data will not be spread.

7. Data Transfer
Your personal data will be managed and stored on servers located inside the EU, of the Proprietor and /or other companies entrusted and duly appointed as Responsible for the processing. At present, servers are located in Italy. Your personal data will not be transferred outside the EU. It is understood, however, , that the Proprietor, if it is necessary, has the right to move the location of the servers in Italy and/or the EU and/or non-European countries. In that case, the Proprietor guarantees from now that data transfer outside the EU will be carried out in accordance with requirements to be applied, if necessary, by concluding agreements which guarantee appropriate protection and/or by adopting standard contract clauses recognised by the European Commission.

8. Data Provision and Refusal to Answer
Providing data for the purposes referred to in Article 2/A) is optional but necessary to execute the contract. In their absence, we cannot guarantee the Services in Article 2/A). On the contrary, providing data for the purposes referred to in Article 2/B) is optional. You can therefore decide not to provide any data or to refuse successively the possibility to process data previously provided: in this case you will not be able to receive newsletters, commercial communication and advertising material concerning services offered by the Proprietor. However, you will always use Services referred to in Article 2/A).

9. Procedure for the exercise of rights
You can exercise your rights at any time by sending:
-a registered letter with advice of delivery to Corvino Resort Srl Viale Aldo Moro 4, 70043 Monopoli (BA);
- an e-mail to the following address

10. Proprietor, Manager and people in charge
The Proprietor of processing is Corvino Resort Srl Viale Aldo Moro 4, 70043 Monopoli (BA)

11. Children
This site does not deal with children (under 16) and/or the Proprietor does not collect willingly personal information about children. If any information on children is unvoluntary registered, the Proprietor will promptly cancel it upon request.

12. Modification of the Policy
This policy is subjected to modification. We advice you to regularly monitor it and to refer to the latest version.

13. People responsible and in charge of data processing
The updated list of the people responsible and those in charge of the data processing is kept at the place of business of the Proprietor of the processing.

14. Cookies and data sharing
The website, and the app. make use of cookies, small text files which allow to save information about visitors’ preferences, to improve the site functionality, to simplify browsing by automated procedures (ex. Login, language) and to analyse the site use.
Session cookies are essential to make a distinction between the users connected and they are useful to avoid a requested function being provided to the wrong user, as well as for security purposes to prevent computer breech to the site. Session cookies do not contain personal data and they last only for the session in progress, that is until browser closure. They do not require consent.

The functionality cookies employed by the site are only necessary for the site use, in particular they are linked to a specific function requested by the user (like Login), for which no consent is required. By using the site visitors agree explicitly to the cookies use.

14.1 Cookies Deactivation
Cookies are linked to the browser used and can be directly deactivated by the browser, so rejecting/withdraw consent to the cookies use. Cookies deactivation , however, could result in the incorrect use of some functions of the site. Instructions for the cookies deactivation are directly available from the web pages of their respective browsers ( for ex. ChromeSafariMozilla Firefox, Edge etc.).

14.2 Third party Cookies
The above-mentioned websites and the also serve as intermediary for third party cookies, used to provide visitors with further services and functions and to improve the site use, like buttons for social networks or videos. The above-mentioned websites and the app. have no control on third party cookies, which are entirely managed by third parties. As a result, information on the above cookies use and their purposes, as well as on the procedure for their deactivation, is provided directly by the following third parties. In particular, on we use: (chat for the customer care, acquisition of quotation requests online) google analytics and google maps; on we use: google analytics; facebook; instagram; youtube; google maps and on we use: google analytics;

14.3 Social Network Plugins
The above-mentioned websites and the app., also incorporate some plugins and/or buttons for social networks, in order to allow easy sharing of contents on your favourite social networks. These plugins are programmed so as not to set any cookies when accessing the page, in order to safeguard users’ privacy. If it is required by the social networks, cookies are possibly set only when the user voluntarily makes use of the plugin. Obviously, if the user browses once he/she is logged in the social network, then he/she has already given consent to the use of cookies channelled through that site when registering to the social network. Collection and use of information obtained through the plugin are regulated by the correspondent privacy policies of social networks, to which please refer (ex. Facebook - cookie information link, google – cookie information link, etc.).

14.4 Data transfer to non-European countries
The above-mentioned websites and the app., can share some of the data collected with local services ouside the EU area. In particular with Google, Facebook or through social plugins and the Google Analytics service. Transfer is permitted according to specific decisions of the European Union and of the Garante for the protection of personal data, in particular according to decision 1250/2016 of the European Commission, which authorizes transfer of European citizens’ personal data by American companies (Privacy Shield - also available in the website of Garante italiano), so no further consent is needed. The above-mentioned companies guarantee their compliance to Privacy Shield.

14.5 Security measures
The above-mentioned websites and the, process the users data fairly and lawfully, by adopting the necessary security measures to prevent unauthorised access, spread, modification or destruction of data. Processing is carried out by means of IT tools, with methods of organisation and logic strictly related to the stated purposes. Beside the Proprietor, some categories of people in charge of the site organization could have access to the data (administrative, commercial, marketing staff, lawyers, system administrators) or external stakeholders (suppliers of technical service third party, post couriers, hosting providers, computer companies, communications agencies). With regard to the website, the maintainer and web hosting Logovia LTD is appointed to be responsible for the processing, and carries out the data processing on behalf of the Proprietor. The web Hosting is situated in the European Economic Area and acts in accordance with European rules (VHosting privacy policy). With regard to the website, the maintainer Aryma of Mr.Fazio Vito Michele Vincenzo, is appointed to be responsible for the processing and carries out the data processing on behalf of the Proprietor. The web Hosting is situated in the European Economic Area and acts in accordance with European rules (VHosting privacy policy). With regard to the website, the maintainer GPDATI Spa – Zucchetti Group is appointed to be responsible for the processing and carries out the data processing on behalf of the Proprietor. The web Hosting is situated in the European Economic Area and acts in accordance with European rules (VHosting privacy policy).

14.6 Competent Authorities
We share personal data with the police and with other governmental authorities when required by law or if it is absolutely needed for the identification, prevention or conduct of legal proceedings about fraud or crime.

15. People responsible and in charge of the data processing An updated list of the people responsible and in charge of the data processing is kept at the registered office of the Proprietor of the processing. Latest updating 25.05.2018