INFORMATION REGARDING THE TREATMENT OF YOUR PERSONAL DATA PURSUANT TO ART. 13 GDPR 679/2016 679/2016
Pursuant to art. 13 of GDPR (EU Regulation 2016/679), in the interests of transparency we hereby provide the following information that is aimed at making you aware of the characteristics and methods used in the treatment of your personal data:
Identity and Contact Details
The “Data Controller” (“the Controller”) responsible for the treatment of your personal data is: Albergo Antico di Jellici Alessandra & C S.a.s., located in via Prai de Mont, 19 Predazzo (TN), tel. 0462 576122, e-mail: firstname.lastname@example.org, PEC email@example.com
How your personal data is collected and processed
During contact or interactions with our guests, our suppliers and in all other aspects of our work, the Controller may collect personal data which is freely given, such as: first name(s), surname, tax code, postal or e-mail address, identity documents, passport number, fixed or mobile telephone numbers, and payment details. In addition, we may collect further personal information during the registration and check-in procedures at the hotel itself. Such data is necessary for us to fulfil our contract with you, as well as to comply with legal obligations and regulations relating to the activity being carried out. The communication of your personal data occurs principally with third parties and/or providers whose involvement is necessary for the correct operation of the activity or in order to improve the products/services that we offer you, but also to comply with specific legal obligations. For any communication that does not fall under those purposes, you will be asked to give your explicit consent. Your personal data (such as first name(s), surname, fixed or mobile telephone number) may also be processed for purposes of direct marketing, surveys and market research relating to the products and services that we offer you, but only if you give consent for your personal data to be used for these purposes and/or you do not decline consent for this.
Purposes for which personal data is treated
The personal data that relates to you will be processed for the following purposes:
1) 1. to enable the fulfilment of our contract with you and to comply with our legal and other obligations connected with this. The treatment of your personal data is necessary to permit the preliminary and follow-on activities connected with your contract such as the management of bookings, invoicing, payment, handling of complaints and/or queries, as well as for all other obligations connected with the contract such as the collection and storage of your personal data.
2. for communication to third parties and recipients. The treatment of your personal data takes place in accordance with the contract and the obligations, including legal and regulatory, that relate to it. Your personal data will be shared with third-parties/recipients only when:
a) you give us consent to do so;
b) it is necessary to fulfil the obligations of the contract, there is a legal requirement to share the data and in order for us to be able to assert our rights with the appropriate authorities;
c) the communication takes place with accountancy firms; external auditing firms; companies involved in quality monitoring and certification; banking institutions who deal with the management of payments; legal advisers for the protection of contractual rights and/or debt collection; insurance companies; post offices; delivery companies and couriers for sending documents and/or goods; data treatment and IT companies (eg. Web hosting, data entry, management and maintenance of infrastructure and information services etc.);
d) the communication takes place towards tax authorities and public supervisory bodies where we are required to comply with specific obligations relating to our business activities.
3) for direct marketing purposes and related services. The treatment of your personal data for commercial purposes may include:
– offering products and services in addition to those you have already purchased, such as improvements or solutions that are more suitable to your requirements.
– to send you promotional offers regarding our services and updates on our rates and special offers, our newsletter and greetings by standard post, text message, e-mail or via social media channels.
– subject to your consent in writing, to perform hotel services such as the outward communication of personal data relating to your stay for the sole objective of permitting the receipt of items, messages and telephone calls addressed to you.
Such treatment of your personal data can only be carried out if you explicitly give your consent to its use for this purpose.
Legal basis for the use of personal data and legitimate interests
Your personal data is lawfully processed where such treatment:
In the case of bookings for a hotel stay, the provision of this data is obligatory for purposes relating to the first two points above, and failure to provide this data may mean we are unable to satisfy your request. The legal basis for the treatment of personal data under the third point is you giving your consent. The provision of personal data is optional in this case and does not prevent us from performing the services requested (hotel stay).
Treatment of your personal data
The treatment consists of the collection, recording, organization, storage, consultation, processing, rectification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of your personal data. These operations are carried out using both computer-based and manual (paper-based) systems. The treatment of personal data is carried out by the Data Controller and/or by personnel authorised to do so.
Recipients and potential categories of recipients of personal data
Your personal data will be treated within the structure by personnel who have been authorized to process such data under the responsibility of the Data Controller for the purposes reported above. The data in question will not be circulated, whereas it will or may be communicated to public or private parties who work in the areas and for the purposes described above. In particular, your personal data will – or may – be shared, in accordance with the law, with law enforcement agencies, judicial authorities, intelligence and security organisations or with other public entities for purposes of defence or national security or for the prevention, investigation or detection of crime.
Transfer of personal data to another country
The Controller will not transfer your personal data to another country or to an international organization, except in the presence of an adequacy decision from the Commission.
How personal data will be stored and for how long
Your personal data will be stored for the time necessary to enable the fulfilment of all operations connected with the management of your contract with the Controller and to comply with legal and other obligations arising from this. The treatment of personal data is performed manually (paper-based) or by computerized means by internal persons who have been specifically authorized and trained. These persons are permitted to access your personal data within the limits and to the extent that is necessary for them to perform the treatment operations that relate to you. The Controller will perform periodic verification of the systems used to treat your personal data and the security measures connected with them, which are continually kept updated. The Controller will also verify, through the persons authorised to treat your personal data, that no personal data is being collected, treated or stored which is not necessary. The Controller will verify that personal data is stored with a guarantee of its integrity and authenticity and of its use for purposes of the operations that are actually carried out. The personal data treated by the Controller will be retained for the time necessary to enable the fulfilment of all operations connected with the management of your contract with the Controller and for a period of up to 10 years starting from the conclusion of the contract (art. 2946 cc) or starting from when the rights resulting from it can be enforced (pursuant to art. 2935 cc); as well as for the fulfilment of obligations (eg. tax and accounting) which remain after the conclusion of the contract (art. 2220 cc), for which means the Controller should only keep that personal data which is necessary for such purposes. Exceptions to this are situations where there is a need to legally assert the rights deriving from the contract, in which case only that personal data which is strictly necessary for such purposes will be treated for the time necessary to complete the procedure. For operations which have not resulted in contractual obligations, the Controller is permitted to retain your personal data for a period of up to 36 months following the last occasion you demonstrated interest (examples of which include a request for a quotation, a request for information and registration). For recruitment purposes, your personal data will be retained for a maximum period of 24 months.
Your rights regarding your personal data
Please be informed that you may exercise the following rights pertaining to your personal data:
– you may request, from the Controller, access to your personal data and related information; you may request rectification of incorrect data or the integration of incomplete data; you may request the erasure of personal data that relates to you (in the presence of one of the conditions set out in art. 17, paragraph l of EU Regulation 679/16 and subject to the exceptions set out in paragraph 3 of the same article); you may also request restriction of the treatment of your personal data (under one of the conditions specified in art. 18, paragraph I of EU Regulation 679/16);
– in cases where the legal basis for the treatment of your personal data is the contract or your consent, you may request and obtain your personal data from the Controller in a structured and machine-readable form, even for the purposes of communicating such personal data to another Controller (the so-called right to portability of personal data);
– you may object at any time to the treatment of your personal data in the event of specific circumstances that concern you;
– you may withdraw your consent at any time, restricted to situations where the treatment is based on your consent for one or more specific purposes and concerns personal data that is common and specific. However, the treatment of personal data based on consent and which is carried out prior to the withdrawal of such consent retains its lawfulness;
– you may submit a complaint to a supervisory authority (Autorità Garante per la protezione dei dati personali, the Italian Data Protection Authority www.garanteprivacy.it).
Please be informed that when the treatment of personal data is based on art. 6, paragraph 1(a), or on article 9, paragraph 2(a) of EU Regulation 2016/679, you, the “Subject”, have the right to withdraw your consent at any time without this affecting the lawfulness of the treatment of your personal data based on the consent given prior to the withdrawal. With regard to how you, the “Subject”, may exercise the above-mentioned rights, please write to: firstname.lastname@example.org
Other Purposes for the Treatment of personal data
Should the Controller intend to further process your personal data for purposes other than those for which such data was collected, the Controller, before proceeding with such further treatment, will provide you with information relating to the additional purposes and any other relevant information.
The Controller does not use automated processes for profiling purposes.
A cookie is a small text file (just a few bytes) that is exchanged between an internet site and your browser, and is normally used by the website operator to memorize the info needed to improve navigation within the website. www.albergoantico.com Albergo Antico di Jellici Alessandra srl, in its quality of Owner of the treatment of your personal data, manages cookies in compliance with the 2002/58/EC Directive issued by the European Parliament and the 12th July 2002 Council concerning the treatment of personal data and the protection of privacy in the sector of electronic communications (privacy and electronic communications directive), for the following treatment purposes: The following types of cookies are present to allow navigation on the internet site:
Technical and Functional access to the Website (no data is held after the Browser is shut down);
Third party advertising cookies (no profiling)
These cookies can exchange information and trace the navigation of the user registered for one of the present services.
The procedure for de-activating these cookies is indicated below, plus they can be de-activated via each single link.
Cookie management and deactivation: https://tools.google.com/dlpage/gaoptout?hl=it
for example by changing the privacy settings of your Browser to block specific types of cookies.
Given that each browser – and often different versions of the same browser – is (sometimes significantly) different form others, if you prefer to operate independently via your browser preferences you can find detailed info on the necessary procedure in your browser guide.
For an overview of operations on common browsers, you can visit the website www.cookiepedia.co.uk.
If you wish, advertising companies allow you to renounce the reception of targeted messages.
This does not impede the cookies settings, but interrupts the use and collection of certain data by these companies.
You can also de-activate each single cookie via the links listed in the “cookies table”.
Cookie management in the browser
Most browsers allow you to:
To know how to manage cookies in Firefox, you can visit this page: https://support.mozilla.org/it/kb/
To know how to manage cookies in Internet Explorer, you can visit this page: https://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookie
To know how to manage cookies in Google Chrome, you can visit this page: https://support.google.com/chrome/answer/95647?hl=it
As also suggested by the Guarantor for the protection of personal data (https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4020961) there are options to navigate without cookies: