Information pursuant to art. 13 of the European Regulation n. 679/2016 (GDPR)
With reference to Legislative Decree n.196 / 2003 (Personal Data Protection Code) and pursuant to articles 13 and 14 of the EUROPEAN REGULATION N. 679/2016 (hereinafter “EU Regulation”), Hotel Tirreno (subsequently tirreno), with registered office in Via Como, 41 – 16033 Lavagna (Ge), VAT 03252490101 – C. fiscal 06060170153 as “Data Controller”, intends to process the personal data provided, exclusively for the ‘execution of contractual or legal obligations arising from commercial relations between us.
Pursuant to articles 13 and 14 of the aforementioned EU Regulation, we are obliged to inform you of the following:
Purpose of the Treatment
In this regard, we inform you that the processing of personal data will be for institutional purposes, connected or instrumental to the activity of our Company, and, therefore, for:
- to implement the hotel reception service, and consequent operations, or to one or more contractually agreed operations;
- fulfill legal obligations of a physical, accounting and administrative nature, for management purposes (invoicing, possible document management, etc.);
- comply with imperial internal and operational requirements related to the service provided; and, subject to the acquisition of his free consent, specific and distinct;
- exercise the rights of the Data Controller, for example the right to defense in court;
- tprocess the data of his / her minor children on whom he / she exercises parental authority in order to be able to make the booking and registration service at the hotel.
In a variety of ways, for example, to provide and customize the services that you require and expect from Aurelia S.r.l., in the case of booking the hotel stay, to offer the level of hospitality expected in the room and as described below in greater detail:
- to execute (subject to your written consent) to hotel services such as the external communication of data relating to your stay for the sole purpose of allowing the function of receiving objects, messages and telephone calls addressed to you.
Type of personal data we process
The term “personal data” contained in this Regulation refers to information that identifies you or is able to identify you as an individual. The specific type of information collected will depend on the context of the user’s interactions with Imperiale and the services used. The type of data that we may process (which may vary according to the laws applicable in a jurisdiction) include:
- name, gender, address and telephone number of your home and workplace, job title, date and place of birth, image, nationality, passport and visa information;
- information relating to the stay of the guest, date of arrival and departure, goods and services used, formulation of special requests, comments about preferences in services (including preferences related to type of room and vacation);
- payment information (including credit card numbers, billing addresses and bank account information);
- any information necessary to satisfy special requests (for example, health conditions which require specific accommodation or services);
- copies of the correspondence with the user if he contacts us;
- contacts and any relevant details relating to company employees and sellers, as well as other individuals with whom we work (eg travel agents, event planners and meetings); and
- in limited cases, information relating to the credit situation of customers;
- information related to the use and interaction of the user with our website.
Methods of data processing
Personal data will be processed using paper, computerized or telematic means and with adequate security measures to guarantee the security and confidentiality of your personal data.
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, blocking.
our personal data are subjected to both paper and electronic and / or automated processing (however suitable to guarantee the security and confidentiality of data).
Data retention times
To the extent permitted by applicable law, we will retain the personal information of users for the period necessary to meet or comply with the following:
- the purposes for which the user’s personal information has been provided,
- an identifiable and continuous work requirement, included for accounting and documentation purposes,
- a specific legal or regulatory requirement, and / or
- a requirement to retain documents that may be relevant for notified regulatory investigations or active legal proceedings
If there is not sufficient justification for storage, personal information will be deleted, destroyed, anonymized and / or blocked securely.
Legal basis of the processing
Legal basis: EU Regulation n. 679/2016
Lgs. N.196 / 2003 (Code for the Protection of Personal Data)
We reserve the right to disclose any personal data relating to you in the event that you were ordered by a Judicial Authority or we should receive a legitimate request from a government entity, or if we believe it is necessary or desirable to comply with the law or protect or defend our rights or our property.
We also reserve the right to retain personal data stored and to process them in order to comply with accounting and tax regulations and regulations, as well as data retention.
Withdrawal of consent
With reference to the art.23 of the D.Lgs. 196/2003 and to the art. 6 of the GDPR 679/16, the interested party can withdraw the consent at any time.
Rights of the interested parties
With reference to the art.7 of the D.Lgs. 196/2003 and to the art. 15 “right of access”, art. 16 “right of rectification”, art. 17 “right to cancellation”, art. 18 “right to limitation of treatment”, art. 20 “right to portability”, art.21 “right to oppose the automated decision-making process of GDPR 679/2016, the interested party exercises his rights by writing to the Data Controller at the following address: Hotel Tirreno (later tirreno), with registered office in Via Como, 41 – 16033 Lavagna (Ge), VAT 03252490101 – C. fiscal 06060170153, mail: firstname.lastname@example.org.
- The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing the processing of personal data concerning him and in this case, to obtain access to personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
- whenever possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;;
- the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- the right to lodge a complaint with a supervisory authority;
- if the data are not collected from the data subject, all information available on their origin;
- the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for ‘interested.
- Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer.
- The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
- The right to obtain a copy as referred to in paragraph 3 must not adversely affect the rights and freedoms of others.
Tirreno does not intentionally collect personally identifiable information from persons under the age of 18 from its websites. Imperial may collect personally identifiable information from persons under the age of 18 as part of the guest registration process, but always with the consent of the parent or legal guardian of the minor.
What is the security level of user information?
We apply reasonable administrative, organizational and technical safeguards and security measures to protect personal information under our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, abuse or damage. We review and monitor these safeguards and security measures on a regular basis.
Changes to this Regulation
Just as our activity is subject to constant changes, this Regulation may be subject to possible changes. We will take the necessary measures to bring any amendments to your attention, should the Rules be amended. For your convenience, this Regulation has an effective date set at the end of this document.
Information on cookies
In case of inconsistencies between the Italian version of this Regulation and the versions in any other language, the Italian version will prevail.