Privacy policy | ATTO Suites & Cuisine

Effective Date of the Privacy Policy GDPR 2016/679: 25.05.2018.

Privacy Notice and Cookie Policy

Leitlhof GmbH, with registered office in 39038 Innichen (hereinafter referred to as “the Controller”), is always committed to protecting the online privacy of its users. This document has been drafted pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter referred to as the “Regulation”) to allow you to learn about our privacy policy and understand how your personal information is handled when using our website and, where applicable, to provide your explicit and informed consent to the processing of your personal data (valid only for persons aged at least 16 years). The information and data provided by you or otherwise acquired by us in the context of using our services on the website (hereinafter referred to as the “Services”) will be processed in accordance with the provisions of the Regulation and the confidentiality obligations that govern the activity of the Controller.

According to the provisions of the Regulation, the processing carried out by Leitlhof GmbH is based on the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

1. The Controller

The Controller responsible for the processing carried out on the website is Leitlhof GmbH (data see above/imprint). For information about the processing of personal data by the Controller, including the list of data processors appointed to process the data, please write to the following address: info@leitlhof.com

2. The personal data subject to processing

We inform you that, as a result of your navigation on the website, the Controller will process personal data consisting of an identifier such as your name, identification number, online identifier, postal address, email address, telephone number (landline and/or mobile), or one or more elements of your physical, physiological, psychological, economic, cultural, or social identity capable of identifying or making the data subject identifiable (hereinafter referred to as “personal data”).

The personal data processed through the website are as follows:

Navigation data

The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the operating system and the user’s IT environment. These data are used solely to obtain anonymous statistical information on the use of the website and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website or third parties. Except for this possibility, the data collected on the website are deleted after a short time.

Special categories of personal data

If you use our website to contact us (or send us an email), this may involve the transmission of personal data falling within the special categories of personal data pursuant to Art. 9 of the Regulation, namely data revealing “[…] racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as […] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.” Please do not disclose such data unless strictly necessary. We expressly inform you that, in relation to the transmission of special categories of personal data, but in the absence of explicit consent to process such data (you are, of course, allowed to send a CV), the Controller cannot be held liable nor receive any kind of objection, since in this case the processing is permitted as it concerns data manifestly made public by the data subject in accordance with Art. 9(1)(e) of the Regulation. However, we emphasize that it is important, as mentioned above, to provide explicit consent for the processing of special categories of personal data if you decide to share such information.

We also inform you that, for the purpose of candidate selection, the Controller may analyze publicly accessible professional social profiles available on the Internet (e.g., LinkedIn).

Data voluntarily provided by the data subject

When you use certain services on the website (e.g., request, contact, or reservation forms), we may process personal data of third parties that you send to the Controller. In such cases, you act as the data controller, assuming all legal obligations and responsibilities. In this regard, you provide us with the broadest indemnity against any dispute, claim, request for compensation arising from processing, etc., that the Controller may receive from third parties whose personal data have been processed through your use of the website’s functions in violation of applicable data protection laws. If you provide or otherwise process personal data of third parties while using the website, you guarantee in any case that this specific processing is based on an appropriate legal basis pursuant to Art. 6 of the Regulation, which legitimizes the processing of the information in question.

General information about cookies

Cookies are small text files stored by a website via the browser on the hard drive of a client computer in order to store small amounts of information from the website for a certain period of time. In general, there are different types of cookies. Some are essential for the functioning of the website, such as navigation or shopping cart cookies. There are also so-called analytics cookies, which collect information – for example, about the number of website visitors and the path taken by visitors on the website. Functional cookies allow the website to remember your choices (e.g., selected filter settings or automatic language preferences).

In addition, there are cookies known as profiling cookies, which record user preferences and actions. Based on this information, a user profile is created. This serves to match advertising messages with user interests and thus enables more targeted advertising. These are often third-party cookies used by website operators to deliver personalized advertising.

Consent requirement for cookies

Website visitors must actively consent to the setting of cookies that are not essential for the functionality of the website and also have the right to withdraw their consent at any time.

This website uses only technical cookies, for which no consent is required.

Blocking cookies via browser settings

Firefox:

Click on the menu and select settings.

Go to the Privacy tab.

In the “History” section, select “Use custom settings for history”.

In the options that appear, uncheck “Accept cookies”.

Click the “OK” button.

Detailed information can be found at: https://support.mozilla.org/de/kb/Cookies-blockieren

Google Chrome

Click on the menu and select settings.

Scroll down and click “Advanced”.

In the “Privacy” section, click “Content settings…”.

In the Cookies section, select “Block sites from setting any data”.

Click the “Done” button.

Detailed information can be found at: https://support.google.com/chrome/answer/95647?hl=de

Internet Explorer

Open “Internet Options” from the “Tools” menu or, if the menu bar is not displayed, click the menu icon and select “Internet Options”.

Click on the “Privacy” tab.

Use the slider to choose between different levels of cookie handling. If the slider is at the top, all cookies are blocked; if at the bottom, all are allowed.

Click the “OK” button.

Detailed information can be found at: https://windows.microsoft.com/de-de/windows7/block-enable-or-allow-cookies

Safari

Click on “Privacy” in the settings.

In the “Accept cookies” section, you can define whether and when Safari should store cookies from websites. For more information, click the Help button (marked with a question mark).

Detailed information can be found at: https://support.apple.com/kb/PH5042?locale=en_US

3. Purpose of processing

The processing we intend to carry out, where necessary with your explicit consent, has the following purposes:

To enable the provision of the services you have requested

To respond to customer service requests, information requests, or reservations

To analyze CVs and contact candidates who have submitted applications

To fulfill all legal, accounting, and tax obligations

Marketing purposes:

The data provided may, subject to prior explicit and specific consent, be processed for sending advertising and marketing communications, including newsletters and market research surveys, through automated (SMS, MMS, email, push notifications) and non-automated (postal mail, call centers) systems. The legal basis for processing your data for these purposes is Art. 6(1)(a) of the Regulation. Consent for direct marketing is optional and depends on your free choice, so failure to provide consent will not affect the use of the services.

4. Legal basis and mandatory or optional nature of processing

The legal basis for processing personal data for the purposes set out in section 3 (a-b-c) is Art. 6(1)(b) of the Regulation (performance of a contract), as the processing is necessary for the provision of services or for responding to requests from the data subject. Providing personal data for these purposes is optional, but failure to do so will make it impossible to activate the services provided by the website, process requests, or evaluate CVs. With specific reference to purpose 3.c and the related analysis of publicly available professional social media profiles mentioned in section 2.b, Art. 6(1)(f) of the Regulation constitutes the legal basis for processing, namely the legitimate interest of the Controller in assessing potential risks regarding the candidate’s suitability for the specific position.

The purpose referred to in section 3.d constitutes lawful processing pursuant to Art. 6(1)(c) of the Regulation (compliance with a legal obligation). Once personal data have been provided, processing is necessary to fulfill a legal obligation to which the Controller is subject.

The legal basis for processing for the purposes referred to in section 3.e is Art. 6(1)(a) of the Regulation (user consent).
The Controller may, without your consent, process your data for the same purposes relating to the direct sending of advertising material or direct sales or market research or commercial communication regarding products or services similar to those already purchased, using email and postal addresses within the limits permitted by Art. 130(4) of the Privacy Code and the decision of the Data Protection Authority of June 19, 2008. The legal basis for this processing is Art. 6(1)(f) of the Regulation (legitimate interest).

5. Recipients of personal data

Your personal data may be shared, for the purposes set out in section 3, with:

Entities typically acting as data processors, namely: i) persons, companies, or professional firms providing assistance and advice to the Controller in accounting, administrative, legal, tax, financial, debt collection, marketing, and communication matters related to the provision of services; ii) entities with which cooperation is necessary for the provision of services (e.g., hosting providers); iii) entities responsible for technical maintenance (including maintenance of network equipment and electronic communication networks) (collectively referred to as “Recipients”);

Entities, bodies, or authorities to whom your personal data must be disclosed by virtue of legal provisions or orders of authorities;

Persons authorized by the Controller to process personal data necessary for carrying out activities strictly related to the provision of services or for the purposes set out in section 3, who have committed to confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of the Controller).

6. Transfer of personal data

Some of your personal data may be transferred to recipients located outside the European Economic Area. The Controller ensures that processing of your personal data by these recipients takes place in compliance with the Regulation. Transfers may be based on an adequacy decision, standard contractual clauses approved by the European Commission, or another appropriate legal basis. Further information can be obtained from the Controller at: info@leitlhof.com.

7. Retention of personal data

Personal data processed for the purposes set out in section 3(a-b) will be retained for as long as strictly necessary to achieve those purposes. Since the processing is carried out for the provision of services, the Controller will in any case retain personal data for the period required by Italian law to protect its interests (Art. 2946 et seq. Civil Code). With regard to CVs submitted via the website or by email pursuant to section 3.c, personal data will be retained for a period deemed appropriate for the purpose for which they were collected. This is without prejudice to the Controller’s right to contact the candidate shortly before the expiry of this period to request an extension.

Personal data processed for the purposes referred to in section 3.d will be retained until the time required by the specific obligation or applicable law.

Personal data processed for the purposes referred to in section 3.e will be retained until consent is withdrawn by the data subject or, in the absence of such withdrawal, for a maximum period deemed appropriate.

Further information on data retention periods and the criteria used to determine them can be obtained from the Controller at: info@leitlhof.com.

8. Rights of data subjects

Pursuant to Articles 15 et seq. of the Regulation, you have the right to request information from the Controller at any time regarding your personal data, to request its rectification or erasure, or to object to its processing. You have the right to request restriction of processing in the cases provided for in Art. 18 of the Regulation, as well as to obtain the data concerning you in a structured, commonly used, and machine-readable format in the cases provided for in Art. 20 of the Regulation.

Any request must be submitted in writing to the Controller at the following address: info@leitlhof.com.

You also have the right to lodge a complaint at any time with the competent supervisory authority (Data Protection Authority) pursuant to Art. 77 of the Regulation if you believe that the processing of your personal data violates applicable law.

9. Changes

This privacy policy is effective as of 18.05.2023. The Controller reserves the right to modify or update its content, in whole or in part, also due to changes in applicable legislation. Therefore, the Controller invites you to regularly visit this section to stay informed about the latest and most up-to-date version of this privacy policy.