Book a table

Privacy Policy

Privacy Policy
Information note in accordance with Article 13 of the 2016/679 EU Regulation - Article 13 of Legislative Decree 196/2003 (Protection of personal data)

We wish to inform you that, in compliance with Regulation (EU) no. 679 of 2016 and Legislative Decree no. 196 of 2003 on the protection of personal data, the Data controller is (dati titolare), PI (cf) (hereinafter the "Controller").

Personal data is processed in full compliance with Regulation (EU) 679/2016 and Legislative Decree 196/2003.

We will use the data you (hereinafter the "Data subject") provide to us only to respond to your requests. Your data may be disclosed to third parties only when necessary for that purpose, or after obtaining the data subject's explicit consent.

Additional personal data, email and telephone numbers may be used for marketing and promotional purposes and communications relating to the reservation and not. Your explicit, optional consent is required for this purpose. You may revoke your consent at any time.

Data will be processed, by personnel appointed by the Controller, using procedures, technical means and IT tools that are capable of protecting the confidentiality and security of the data subject's data. Processing includes the collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, interconnection, restriction, disclosure, dissemination, erasure, destruction of data; it may involve a combination of two or more of the above operations.
Data will be kept for the time strictly necessary to provide the services requested by the Data subject and will in any case be erased if requested by the Data subject, subject to any data retention obligations envisaged by law. The data subject's data will not be disseminated.

As part of its activities and for the purposes indicated above, the Controller may use third party service providers, operating on behalf of and as per the instructions of the Controller, as data processors. These are suppliers, commercial and production partners, intermediaries, technical consultants, physicians and other similar entities who cooperate with our organization to fulfil the contractual commitments with you;  entities who provide a service strictly and necessarily linked to the Controller's business such as tax consultants, banks, shipping companies, insurance companies, public and private entities, also for inspections or audits; entities that can access the data in accordance with the provisions of law.
Data may be also disclosed to all entities authorised by law to collect them (e.g. provincial health services authorities, tax authorities, etc.)

The Data subject may request a complete and up-to-date list of the entities appointed as data processors via the contact details provided below.
Data may be transferred within the European Union, where the Controller or its suppliers and collaborators have establishments or servers. Data will not be transferred outside the European Union.

Rights of the data subject:

- Right of access (art. 15 GDPR). Right of access by the data subject to access his or her data and to lodge a complaint with a supervisory authority;
- Right to rectification (art. 16 GDPR). Right of the data subject to obtain from the controller the rectification of inaccurate personal data concerning him or her;
- Right to erasure (‘right to be forgotten’) (art. 17 GDPR). The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay;
- Right to restriction of processing (art. 18 GDPR). Right of the data subject to obtain from the controller restriction of processing;
- Notification obligation (art. 19 GDPR). The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with articles 16, 17 and 18 to each recipient to whom the personal data have been disclosed;
- Right to data portability (art. 20 GDPR). The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, and the right to transmit those data to another controller without hindrance from the controller;
- Right to object (art. 21 GDPR). Right of the data subject to object to the processing of his or her personal data;
- Profiling (art. 22 of the GDPR). The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which significantly affects him or her.

The contact details of the Data controller are: CALA PICCOLA S.P.A., P.IVA/C.F. 01806350482 Via Benedetto Varchi n. 3, 50132 Firenze (FI) in reference to Hotel Torre di Cala Piccola, Località Cala Piccola – 58019 Porto Santo Stefano (GR), phone number: +39.0564.825111 -  email: