Protection of personal data

Information according to Art. 13 of Regulation (EU) 2016/679 valid from May 25, 2018

1. Purpose and legal basis of data processing

   When using the websites of Peer Srl, users generate data, which may be anonymous or personal data. This data can be used to respond to a user request or for statistical purposes with the aim of improving the website content and the platform users' experience. Purpose, legal basis and duration of these categories of data processing are described in point n. 3. Peer organizes the collection and further processing of data in order to respect the principles of correctness, legality and transparency.

2. Data controller and rights of data subjects

   The controller of the processing of personal data is Peer Srl based in Via Bolzano 63 / A, Frangarto (BZ) - Italy (EU) - phone +39 0471 631080 - Website: www.peer.biz. Any data subject can contact this address to assert his or her right of information and access to personal data and the right to rectification of inaccurate personal data concerning him or her. If data concerning him or her are not processed for compliance with a legal obligation to which the controller is subject or necessary for the performance of a contract to which the data subject is party, he or she has the right to obtain the erasure or the restriction of processing; the right to object to their processing and to assert the right to data portability. When the legal basis of a data processing consists in the consent given by the data subject, he or she has the right to withdraw consent at any time. Furthermore, the interested party has the right to lodge a complaint with a supervisory authority according to the provisions of art. 51 of Regulation (EU) 2016/679.

3. List of the purposes of data processing of users of websites

   • Purposes a): Statistical survey of usage data for website optimization
     Data categories: Html page hits (web server log files), generated by a specific IP address and carried out by the same device. Since an IP address does not permit identification without being assigned to other personal data, we do not classify it as a personal date within the meaning of art. 4 of Regulation (EU) 2016/679. Peer Srl does not transfer IP address data to third parties and does not own or acquire data from third parties that can make users identifiable.

   • Purpose b): Transfer of user contact data to the accommodation selected by the user
     Data categories: User contact details (Name, e-mail address, postal address, various notes) and information on the accommodation request (rooms, age of children following, holiday dates) or, for the brochure request, postal address for sending the printed brochure. Legal basis: Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1, letter b of Regulation (EU) 2016/679). Peer Srl is active as data processor, while the client (accommodation business) is the data controller. If the data controller intends to use the data acquired in this context for purposes other than or further than the direct response to the request of the data subject, he or she needs a legal basis, for example a declaration of consent by the data subject, to process his personal data for another specified purpose. Duration: A temporary storage of personal data by Peer srl is necessary until the receiving accomodation confirms receipt, as well as for a further period of time, to allow the recovery of data in case of loss. After this time lapse of security, personal data saved at Peer srl are deleted from their systems.

   • Purpose c): Sending a newsletter to subscribers of the newsletter service
     Data categories: e-mail address, name, preferences on themes and locations or holiday areas. Legal basis: Performance of a contract to which the data subject is party (Article 6, paragraph 1, letter b of Regulation (EU) 2016/679). Duration of the processing: Upon conclusion of the contract, the data subject is informed that he or she can terminate the contract at any time and his data will be deleted as a result. The termination of the contract and deletion of personal data takes place via the same path as the contract signing and is not more complex for the data subject.