The ideal place for a 4-star holiday of relaxation and fun for all families. Our staff will take care of you to make your stay unforgettable.

Follow Us:
Back to top
  /  Privacy Policy

PRIVACY STATEMENT

pursuant to Article 13 of European Regulation 2016/679

(General Data Protection Regulation or GDPR)

NAVIGATION ON THE WEBSITE WWW.CAMPINGMALIBUBEACH.COM

 

We hereby provide to the Users (“Data subject”) a short summary of the personal data processings carried out during the navigation of this website by Florida srl, having its registered office at via di Grottarossa 1177 – postcode 00189 Roma – VAT no. 01887910287, that is the Data Controller (hereafter “The Controller”). The processing of personal data will take place in compliance with the current regulations for the protection of personal data pursuant to European Regulation 2016/679 (General Data Protection Regulation or GDPR, hereafter “The Regulation”) as well as Italian Legislative Decree no. 196 of 30 June 2003 (Personal Data Protection Code, hereafter “The Code”).

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Read the detailed privacy information for more details.

 

  • Who is the Controller and which are the contact details of the Data protection officer?

The Data Controller is the company Florida srl, having its registered office at via di Grottarossa 1177 – postcode 00189 Roma – VAT no. 01887910287; e-mail address:  info@campingmalibubeach.com, telephone 00390421362212 and fax 00390421961338. Contact detail of the Data protection officer: dpocampingmalibu@mailfence.com.

  • Which types of data do we process?
  • Navigation data;
  • Personal data as personal details and contact details (name, surname, place of residence, e-mail address, telephone);
  • Personal data related to the invoicing and methods of payment;
  • Informations related to the requested service (e.g. booking date, n. of persons, age);
  • curriculum vitae and informations/images related to the application (e.g. artists);
  • data voluntarily provided by the User;
  • data eventually collected by cookies.

 

  • Why do we process personal data? (Purposes)
  1. To let the User navigate on our website;
  2. for sending informational material or other communications after the User has filled out the special forms or contact forms available on the website (e.g. contact form) or sent an e-mail to the address indicated on the site;
  3. for the offer of the service requested after the user has filled out the special form on the website and in general for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  4. to enable the User to establish a business relationship with Florida (e.g. “artists registration” form);
  5. to comply with legal obligations and orders from public Authorities;
  6. for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity or to detect frauds;
  7. for statistical purposes;
  8. for commercial communication purposes and newsletter, after obtaining the User’s consent.

 

  • Which are the legal bases? (Legal bases)
  1. The processings under points 1), 6), 7) are carried out on the basis of the legitimate interest of the Controller.
  2. The processing under point 5) is necessary for compliance with a legal obligation to which the Controller is subject.
  3. The processings under points 2), 3) and 4) are necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  4. The processing under point 8) is carried out on the basis of the consent of the data subject.

 

  • How do we process the data?

With automated and/or paper-based tools. The processing of personal data will be carried out in order to guarantee adequate security and confidentiality and to prevent unauthorised access to or use of personal data. The data could be stored outside the EU in compliance with the current legislations.

 

  • Who we communicate the personal data to? (Categories of subjects)
  1. the internal authorised personnel of the Controller, to whom specific instructions have been given in writing;
  2. the (external) processors, specifically identified by the Controller and to whom specific instructions have been given in writing (e.g. the website operator);
  3. subjects who are entitled by law to access data;
  4. subjects to whom the communication is due because of contractual obligations;
  5. Public Authorities;
  6. Third parties.

Personal data carried out by the Controller will not be subject to dissemination.

 

  • How long do we store the data?

The Controller will manage and store personal data for the time strictly necessary to achieve the purposes for which they were collected. In any case, the processing will be carried out according to the limitation period for the rights arising from the data.

Criteria of  the data retention:

  1. Achieve the purposes related to the processing;
  2. Data retention period required by law;
  3. Withdrawal of consent (for processings carried out on the basis of consent, e.g. commercial communication purposes and newsletter);
  4. Limitation period allowed by law to protect the rights of the Controller.

 

  • Is the data communication mandatory or optional? Which are the consequences in event of a refusal to communicate personal data?

To navigate the website, the User provides navigation data and cookie data (e.g. technical cookies). If doesn’t provide the data, the User may have a non performing navigation experience and the Controller may not manage to satisfay the User’s requests.

The voluntary communication of other data, for example through the forms on the website, is optional, but if the User doesn’t provide the data indicated as “mandatory”, the Controller may not manage to satisfay the User’s requests.

The communication is optional for commercial communication purposes and newsletter; however, any refusal to provide data for this specific processing is of no consequence to the obligation and the fulfilment of the other indicated purposes, and in particular in relation to all that is related to the fulfilment of the contract, but only entails the impossibility of proceeding with the aforementioned commercial communications.

 

  • Which are the Data Subject rights?

The Data Subject has the right to:

  1. request access to personal data concerning him or her;
  2. request the rectification of inaccurate data and, if the case may be, to have his or her incomplete personal data completed;
  3. request the erasure thereof or restriction of processing where the conditions for such restriction are met, as well as to object to their processing thereof in the scenario provided therein, including the right to object to the processing of data for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing, which can be exercised at any time;
  4. data portability concerning his or her data only if subject to automated processing based on a contract or consent.
  5. withdraw the consent given for the processing purposes requiring it, is also provided, without prejudice to the lawfulness of the processing carried out up to the time of the withdrawal;
  6. lodge a complaint with the Personal Data Protection Supervisor (www.garanteprivacy.it).

 

 

1 – Controller and Data Protection Officer

The Controller is the company Florida srl, having its registered office at via di Grottarossa 1177 – postcode 00189 Roma – VAT no. 01887910287; e-mail address:  info@campingmalibubeach.com, telephone 00390421362212 and fax 00390421961338. Contact detail of the Data protection officer: dpocampingmalibu@mailfence.com.

2- Types of data processed 

To navigate the website, the User provides navigation data and cookie data (e.g. technical cookies). Moreover, other data can be collected through the forms on the website (e.g. personal data as personal details and contact details – name, surname, place of residence, e-mail address, telephone; informations related to the requested service – booking date, n. of persons, age; data voluntarily provided by the User; personal data related to the invoicing and methods of payment). Curriculum vitae and informations/images related to the application can be collected through the “artists registration” form.

Regarding data eventually collected by cookies, please refer to the Cookie Policy link

https://campingmalibubeach.com/en/cookies-policy/ .

 

3 – Purposes and legal bases of the processings

The Controller will process the data for these purposes:

1) to let the User navigate on the website, on the basis of the legitimate interest of the Controller;

2) for sending informational material or other communications after the User has filled out the special forms or contact forms available on the website (e.g. contact form/artists registration) or sent an e-mail to the address indicated on the site, and generally for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

3) for the offer of the service requested after the user has filled out the special form on the website and generally for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

4) to comply with legal obligations and orders from public Authorities;

5) for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity or to detect frauds, on the basis of the legitimate interest of the Controller;

6) for statistical purposes on the basis of the legitimate interest of the Controller;

7) for commercial communication purposes and newsletter, after obtaining the User’s consent.

 

4 – Methods for processing and storing data

Personal data will be processed with automated and/or paper-based tools and in compliance with the Regulation and the Code. The processing of personal data will be carried out in order to guarantee adequate security and confidentiality and to prevent unauthorised access to or use of personal data. The Controller will manage and store personal data for the time strictly necessary to achieve the purposes for which they were collected. In any case, the processing will be carried out according to the limitation period for the rights arising from the data. If necessary for the purposes under point 3, the data will be stored outside the EU in compliance with the current legislations (art. 44 GDPR et seq.).

 

5 – Subjects to whom personal data may be communicated or who can learn about them

Personal data may be communicated (limited to their competency and responsibilities and only in order to achieve the aforementioned purposes) to:

  1. the subjects to whom the communication is necessary for the operation of the website and to whom specific instructions have been given in writing (e.g. the website operator who manages the data as processors);
  2. internal authorised personnel of the Controller, committed to confidentiality and to whom specific instructions have been given in writing (e.g. employees).

Personal data carried out by the Controller will not be subject to dissemination.

Other subjects and third parties may access data in order to comply with law, regulations, legal and contractual obligations, and to exercise or defend legal claims, and specifically: (i) banks, credit and financial institutions; (ii) tax, legal or accounting advisors; (iii) companies that provide services instrumental to the performance of the contract (e.g. management application providers); (iv) public and private supervisory and control authorities and bodies; (v) companies that provide services instrumental to the credit recovery.

 

6 – Data retention period

In order to achieve the aforementioned purposes, the data will be stored for the time strictly necessary to achieve the purposes for which they were collected and processed. The

criterion to determine the data retention period will be the limitation period for the rights arising from the relationship with the data subject. Without prejudice to the need of the Controller to store the data to comply with law and exercise or defend legal claims, the data will be stored, in general, no later than ten years after the termination of the contract/relationship or of the achievement of the purposes. And after this, the data will be erased or anonymized, unless the further storage will be necessary to comply with law or Public Authorities’ orders.

The data related to commercial purposes and newsletter will be stored as long as deemed necessary for these purposes, without prejudice to the withdrawal of the consent (opt-out).

The navigation data will be erased immediately after the processing (except for log data that must be kept for legal obligations including the possible need for prosecutorial Authorities to detect a criminal offence). Regarding cookies, please refer to the Cookie Policy.

 

  1. Mandatory or optional nature of data communication

To navigate the website, the User provides navigation data and cookie data (e.g. technical cookies). If doesn’t provide the data, the User may have a non performing navigation experience and the Controller may not manage to satisfay the User’s requests.

The voluntary communication of other data, for example through the forms on the website, is optional, but if the User doesn’t provide the data indicated as “mandatory”, the Controller may not manage to satisfay the User’s requests.

The communication is optional for commercial communication purposes and newsletter; however, any refusal to provide data for this specific processing is of no consequence to the obligation and the fulfilment of the other indicated purposes, and in particular in relation to all that is related to the fulfilment of the contract, but only entails the impossibility of proceeding with the aforementioned commercial communications.

The communication data is mandatory to comply to legal obligations; in case of refusal, the Controller may be not able to enter into the contract and comply with legal obligations related to the contract.

 

8 – Rights of the Data Subject

The Data Subject can exercise the rights provided for by the Regulation (art. 15 GDPR et seq.) by sending a communication to the registered office or an e-mail to the address privacy@campingmalibubeach.com.

Specifically, the Data Subject has the right to:

(i) request access to personal data concerning him or her;

(ii) request the rectification of inaccurate data and, if the case may be, to have his or her incomplete personal data completed;

(iii) request the erasure thereof or restriction of processing where the conditions for such restriction are met, as well as to object to their processing thereof in the scenario provided therein, including the right to object to the processing of data for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing, which can be exercised at any time;

(iv) data portability concerning his or her data only if subject to automated processing based on a contract or consent.

(v) withdraw the consent given for the processing purposes requiring it, is also provided, without prejudice to the lawfulness of the processing carried out up to the time of the withdrawal;

(vi) lodge a complaint with the Personal Data Protection Supervisor (www.garanteprivacy.it).

The exercise of the aforementioned rights is not subject to any formal constraint and is free of charge. The data subject’s request shall be acknowledged within one month of receipt of the request. In case of particular complexity, the deadline could be extended; in these cases, the Controller undertakes to provide at least one interim communication within one month of receiving the request. In case of exercise of one of the rights provided for by the Regulation, the Controller reserves the right to verify the identity of the requesting data subject, requesting to send a photocopy of an identity document attesting the legitimacy of the request. Once the identity has been confirmed, the photocopy received shall be destroyed immediately.

 

9 – Complaint to the Supervisory Authority

If the Data Subject considers that the processing concerning him or her data infringes the provisions of the Regulation, he or she may always lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or to the authority of the country of habitual residence, employment or the place where the alleged infringement occurred.

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying the Users on this site, as well as, where technically and legally feasible and not excessively burdensome, by sending a notification to Users through one of their contact details. Therefore, please consult this page frequently, referring to the date of the last change indicated at the bottom.

This information is in force since 13/05/2022.