INFORMATION IN ACCORDANCE WITH ARTICLE 13 REG. UE 2016/679 (C.D. GDPR)
Information in accordance with Article 13 Reg. Ue 2016/679 (c.d. GDPR) In this text several data are recurring, so we will refer to them as follows: The website www.hotel2000eira.it is headed by the Company Hotel 2000 Eira, which is defined in this text as the ‘Company’. The above site, identified as www.hotel2000eira.it, is defined in this text as the “Site”. The company’s email address is email@example.com, which is defined in this text as the “Company’s email address”.
WHY THIS POLICY
The protection of your personal data is very important for our company, and, to best protect it, We provide you with these notes in which you will find information on the type of information collected online and on the various possibilities you have to intervene in the collection and use of this information on the Site. The Company, in the capacity of Data Controller of your personal data, pursuant to and for the purposes of art. 13 of Reg. 679/2016 (GDPR), hereby informs you that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights. Your personal data will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations provided therein. The processing of personal data applies to those who interact with the web services of the Company, accessible electronically from the address of our Site, corresponding to the home page of the official site of the Company. This information applies only to the Site owned by the Company and not to other and different websites outside the Company, which may be visited by the user through links and/ or links from our Site.
HOLDER OF THE TREATMENT
The Data Controller is Hotel 2000 Eira, with registered office in Hotel 2000 Eira SS301, 23041 Trepalle SO, Italia, available at the email address: firstname.lastname@example.org
a) DATI DI NAVIGAZIONE
The computer systems and software procedures used to operate this website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses of the computers used by users who connect to the site (anonymized), the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site only at the request of the supervisory bodies. The Site collects, in particular, the following navigation data: – anonymized IP address; – Date and time of access; – Place of access.
1.b) DATA PROVIDED VOLUNTARILY BY THE USER The optional, explicit and voluntary sending of e-mail to the addresses indicated on this Site or through the forms for sending mail on the Site, involves the subsequent acquisition of the e-mail address of the sender, necessary to respond to requests, as well as any other personal data included – always voluntarily by the user – in the message. In particular, the user may voluntarily provide the following personal data: – For contact via contact form: name and email address; – To subscribe to the newsletter: the email address; – For the creation and the access to the personal area: the name, the surname, the email address, the name of the company, the address.
1.c) PARTICULAR DATA The Data Controller does not request or collect any particular personal data via this Website.
OPTIONAL NATURE OF THE PROVISION OF DATA
Except as specified for navigation data, the user is free to provide personal data reported in the application forms to the Company or otherwise indicated in the sections of the Site related to contacts with the Company, to solicit the dispatch of informative material or other communications. Failure to provide them may make it impossible to obtain what is requested.
REVOCABILITY OF CONSENT
The consent given for the data referred to in point b) of the previous paragraph (data provided voluntarily by the user), may be revoked at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
PURPOSE AND LEGAL BASIS OF PROCESSING
Your data will be processed for related purposes:
1. Fulfillment of obligations related to contractual obligations (legal basis of the processing is the execution of a contract);
2. The implementation of obligations relating to legislative requirements and obligations required by law in the field of tax and accounting (legal basis of the treatment is the need to comply with a legal obligation);
3. Sending newsletters (legal basis of the processing is the consent of the user);
4. To contact through contact form for information request (legal basis of the processing is the consent of the user);
5. Management of the personal area of the user (legal basis of the processing is the consent of the user);
6. Recrutering (legal basis of the processing is the consent of the user);
7. Statistics with anonymized IP (Google Analytics) (legal basis of the processing is the consent of the user). The Data Controller makes known that any non-communication, or incorrect communication, of one of the mandatory information, may cause the impossibility of the Data Controller to ensure the adequacy of the processing.
METHODS OF DATA PROCESSING
Personal data are processed by electronic means for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
DATA PROCESSING PLACE
The processing connected to the web services of this Site takes place at the headquarters of the Company and will be communicated exclusively to the people responsible for the performance of the services necessary for a proper management of the relationship, with guarantee of protection of the rights of the interested party. The personal data provided by users who send requests for information material (such as requests for information, newsletter subscriptions, etc.) are used for the sole purpose of performing the service or provision requested.
Your data may be disclosed to third parties, in particular to public and/ or private parties for which the communication of data is mandatory or necessary in compliance with legal obligations or is in any case functional to the administration of the relationship, such as, but not limited to: – The subjects authorized to the treatment who carry out their activity in the office of the Data Controller (employees, collaborators, associates, etc.); – The persons appointed external data processors; – Consultants and freelance professionals, also in an associated form, acting on behalf of the Owner (accountants, IT service providers); – All those to whom the data must be communicated for the proper fulfillment of the purposes specified above and the activities related to them (credit institutions, etc.).
Your personal data are processed for the time necessary to perform the service requested by the user, or required by the purposes described in this document. The personal data collected will be deleted after 10 years from the performance of the service requested, unless the processing is based on the consent of the user; in this case, the Data Controller will keep the personal data until such consent is revoked. The data provided for commercial promotion activities will be kept until the withdrawal of consent by the user and, in any case, for a period not exceeding two years.
The Data Controller may transfer personal data collected through the Website to countries located outside the European Union. In such cases, if the company is located in a country for which a decision of adequacy of the European Commission has not been taken, pursuant to art. 45 Reg. EU 2016/679, we will grant access to your personal data only if you provide your express consent. The Data Controller does not transfer the personal data collected through the Website to international organisations.
AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not carry out processing that consists of automated decision-making processes.
SECTION RESERVED FOR MINORS
No person under the age of 16, without the prior consent of the parents or of those who take their place, may send information to this Site, nor may they make purchases or complete legal acts at this Site without the aforementioned consent, unless permitted by the rules in force.
SOCIAL NETWORK PLUG-IN
Currently the European Commission has established that the United States does not offer an adequate level of data protection. However, Facebook, Linkedin and Instagram have committed to comply with the EU-US Privacy Shield Agreement published by the United States Department of Commerce on the collection, use and retention of personal data from EU Member States.
YOUR DATA PROCESSING RIGHTS
We inform you that, in the light of your status as a data subject, you may exercise the rights provided for by art. 15-21 GDPR. In particular, you may:
1. Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form;
2. Obtain: a) the indication of the origin of personal data, b) the purposes and methods of processing, c) the logic applied in the case of processing carried out with the help of electronic tools, d) the identification details of the Data Controller, of the responsible and the appointed representative pursuant to art. 5, paragraph 2, Privacy Code and art.3, paragraph 1, GDPR, of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representative in the territory of the State, managers or persons in charge;
3. Obtain: a) the update, the rectification or, when you have interest, the integration of data, b) the cancellation, the transformation into anonymous form or the block of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed, c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected;
4. Object, in whole or in part, to: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection, b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/ or traditional marketing methods, by telephone and/ or certified mail. It should be noted that the right of opposition of the person concerned, set out in point b above), for direct marketing purposes by means of automated methods extends to the traditional ones and that however the possibility remains for the interested party to exercise the right of opposition even in part.
Therefore, the interested party can decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication.
5. Where applicable, it also has the rights referred to in art. 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to opposition).
SUBMISSION OF THE COMPLAINT
The interested party also has the right to lodge a complaint with the Supervisory Authority of the State of residence.
HOW TO EXERCISE RIGHTS
To exercise the rights of the interested parties, users can address a request to the contact details of the Data Controller summarized below:
– By registered post: SS301, 23041 Trepalle SO, Italia
– By e-mail: email@example.com
Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month of receiving the request.
DEFENCE IN LEGAL PROCEEDINGS
The user’s personal data may be used by the Owner in court or in the stages preparatory to its possible establishment for the defense of abuses committed by the user in the use of this Site and the services related to this. The user declares to be aware that the Owner may be obliged to disclose personal data by order of the Public Authorities.
RESPONSABILE ESTERNO DEL TRATTAMENTO
The web hosting (OVH Srl, via Leopoldo Cicognara, 7, Milano (MI)), is designated as External Data Processor. OVH is located in the European Economic Area and acts in accordance with European legislation (https://www.ovh.it/protezione-dati-personali/).
CHANGES TO THE WEBSITES
The Owner of the Site reserves the right to change the contents of the Site at any time and without prior notice. The user agrees to be bound to such future revisions and undertakes, therefore, to periodically visit the Site to be informed about any changes.
CHANGES TO THIS PAGE
The Data Controller reserves the right to make changes to this page. The user agrees to be bound to such possible and future revisions and undertakes, therefore, to periodically visit this page to be informed about any changes.
Last update 10/2022