Information pursuant to art. 13 of the European Regulation n. 679/2016 (GDPR)
With reference to Legislative Decree No. 196/2003 (Code regarding the protection of Personal Data) and pursuant to articles 13 and 14 EUROPEAN REGULATION No. 679/2016 (hereinafter “EU Regulation”), Hotel Tirreno (hereinafter Tirreno), with registered office in Via Como, 41 – 16033 Lavagna (Ge), VAT number 03252490101 – Tax code 06060170153 as “Data Controller”, intends to process the personal data provided, exclusively for the ” execution of contractual or legal obligations deriving from the commercial relations between us in existence.
Pursuant to articles 13 and 14 of the aforementioned EU Regulation, we are required to inform you of the following:
Purpose of the processing
In this regard, we inform you that the processing of personal data will take place for institutional purposes, connected or instrumental to the activity of our Company, and, therefore, for:
- to execute the hotel reception service, and consequent operations, or to one or more contractually agreed operations;
- fulfill legal obligations of a physical, accounting and administrative nature; for management purposes (invoicing, any document management, etc.);
- fulfill operational and management needs internal to Imperiale and inherent to the service provided; as well as, subject to the acquisition of your free, specific and distinct consent;
- exercise the rights of the Data Controller, for example the right to defense in court;
- process the data of your child / minor children on whom he exercises parental authority in order to be able to carry out the booking and registration service at the hotel.
In a variety of ways, for example to provide and personalize the services that you request and expect from Aurelia S.r.l., in the case of booking a hotel stay, to offer the level of hospitality expected in the room and as described in more detail below:
- o execute (with your written consent) hotel services such as the external communication of data relating to your stay for the exclusive purpose of allowing the function of receiving objects, messages and telephone calls addressed to you.
Type of personal data we process
The term “personal data” contained in this Regulation refers to information that identifies you or is capable of identifying you as an individual. The specific type of information collected will depend on the context of the user’s interactions with Imperiale and the services used. The types of data we may process (which may vary depending on the applicable laws in a jurisdiction) include:
- name, gender, address and telephone number of your home and workplace, job title, date and place of birth, image, nationality, passport and visa information;
- information relating to the guest’s stay, date of arrival and departure, goods and services used, formulation of special requests, comments on preferences in services (including preferences relating to type of room and holiday);
- payment information (including credit card numbers, billing addresses and bank account information);
- any information necessary for the fulfillment of special requests (for example, health conditions which require specific accommodation or services);
- copies of correspondence with the user if he contacts us;
- contacts and any relevant details relating to company employees and vendors, as well as other individuals we work with (e.g. travel agents, event and meeting planners); is
- in limited cases, information relating to the credit situation of customers;
- information related to the use and interaction of the user with our website.
Methods of data processing
The processing of personal data will take place using paper, computer or telematic tools and with adequate security measures to guarantee the security and confidentiality of your personal data.
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and more precisely: the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, blocking.
Your personal data are subjected to both paper and electronic and / or automated processing (in any case suitable for guaranteeing the security and confidentiality of the data).
Data retention times
To the extent permitted by applicable law, we will retain your personal information for the period necessary to meet or comply with the following:
- the purposes for which the user’s personal information was provided,
- an identifiable and continuous work need, including for accounting and documentation purposes,
- a specific legal or regulatory requirement, and / or
- a record retention requirement that may be relevant to notified regulatory investigations or active legal proceedings.
Qualora non vi sia una giustificazione sufficiente per la conservazione, le informazioni personali saranno eliminate, distrutte, anonimizzate e/o bloccate in modo sicuro.
Legal basis of the processing
Legal basis: EU Regulation no. 679/2016
196/2003 (Personal Data Protection Code)
We reserve the right to disclose any personal data relating to you in the event that we were enjoined by a judicial authority or should we receive a legitimate request from a government entity, or if we believe it is necessary or desirable to comply with the law or protect or defend our rights or property.
We also reserve the right to retain stored personal data and to process them in order to comply with accounting and tax rules and regulations, as well as data retention.
Withdrawal of consent
With reference to Article 23 of Legislative Decree 196/2003 and to art. 6 of the GDPR 679/16, the interested party can revoke the consent at any time.
Rights of interested parties
With reference to Article 7 of Legislative Decree 196/2003 and to art. 15 “right of access”, art. 16 “right of rectification”, art. 17 “right to cancellation”, art. 18 “right to limitation of treatment”, art. 20 “right to portability”, Article 21 “right to object to the automated decision-making process of the GDPR 679/2016, the interested party exercises his rights by writing to the Data Controller at the following address: Hotel Tirreno (hereinafter Tirreno), with registered office in Via Como, 41 – 16033 Lavagna (Ge), VAT number 03252490101 – Tax code 06060170153, mail: firstname.lastname@example.org.
- The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;
- when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
- the right to lodge a complaint with a supervisory authority;
- if the data are not collected from the interested party, all available information on their origin;
- l’existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested.
- If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 relating to the transfer.
- The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
- The right to obtain a copy referred to in paragraph 3 must not affect the rights and freedoms of others.
Tirreno does not intentionally collect personally identifiable information from persons under the age of 18 from its websites. Imperiale may collect personally identifiable information from persons under the age of 18 as part of the guest registration process, but always with the consent of the child’s parent or legal guardian.
How secure is user information?
We take reasonable administrative, organizational and technical safeguards and security measures to protect the personal information under our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, abuse or damage. We regularly review and monitor these safeguards and security measures.
Changes to these Regulations
Just as our business is subject to constant changes, these Regulations may be subject to any changes. We will take the necessary steps to bring any amendments to your attention if the Regulations are changed. For your convenience, these Regulations have an effective date set at the end of this document.
Information on cookies
In the event of inconsistencies between the Italian version of these Regulations and the versions in any other language, the Italian version will prevail.