Dear Customer
In accordance with applicable privacy laws (EU Regulations n. 679, 2016), we would like to take this opportunity to inform you that your personal information will be processed in an ethical and transparent manner, only for lawful purposes, and in a manner that safeguards your privacy and your rights.
Our organisation, as a legal entity, holds the dual role of data controller and data processor;
The data controller and data processor (see contact details on the last page), following an in-house assessment of the case in question, has not designated a data protection officer as there was no obligation to do so, pursuant to art. 37, paragraph 1 of the GDPR no. 2016/679.
Processing takes place manually and using IT tools, and is done for the following purposes:
- To obtain and confirm your booking of accommodations and other services, payments also with credit card and Pos, and to provide such services as requested. Since this processing is required to define our contractual relationship and to perform under our contract with you, your consent is not required, unless certain “sensitive” information is submitted. Should you refuse to submit your personal information, we will not be able to confirm your booking or provide you with the requested services. Processing shall cease once you check out, although some of your personal information may (or in some instances, has to) continue to be processed for the purposes and in the manner described below;
- To comply with our “Public Safety Law” (Article 109 Royal Decree n. 773, 18/6/1931) which requires that we provide identification data of our guests to the police, for purposes of public safety, in the manner established by the Ministry of the Interior (Decree of 7 January 2013). Data submission is mandatory, and does not require your consent. Should you refuse to provide such information, we will not be able to host you in our hotel. Data acquired for such purposes shall not be retained by us, unless you provide consent to their retention as required under point 4, infra;
- To comply with applicable administrative, accounting, and tax regulations. For these purposes, your consent is not required. Personal information is processed by us and our persons in charge of data processing, and is disclosed outside the company only when and if required by law. Should you refuse to submit the required data for the above purposes, we will not be able to provide you with the requested services. Data acquired for such purposes is retained by us for the required statutory period (10 years – or longer, in case of tax audits);
- To speed-up check-in on your next visit to our hotel. For such purposes, upon obtaining your consent (which can be revoked at any moment), your information will be retained for a maximum of 10 YEARS, and will be used the next time you are our guest, for the reasons listed supra;
- For purposes of protecting persons, property, and company assets, using a video-surveillance system for some areas of the hotel, which are duly identified by signage. Your consent is not required for such processing because it is conducted pursuant to our legitimate interest to safeguard persons and property against potential violence, theft, robbery, damage, and vandalism. Surveillance is also conducted for purposes of fire prevention and occupational safety and health. Recorded images are erased after 24 hours, except on holidays or other days the business is closed; images are never retained for more than one week. These images are not subject to third-party disclosure, except as required to comply with a specific investigatory demands from a court or the police.
- With your freely-given consent, for other purposes; e.g. the data processing necessary to LOG-ON to our public WIFI/LAN network in order to surf the internet; as well as the processing of the data that are necessary to use our company website and that must be transmitted in order to use internet communication protocols. This data is not collected to be associated with specific individuals, but could, for its very nature, allow the users to be identified if processed and associated with data held by third parties; e.g. this category of data includes the IP addresses or the domain names of the devices used by those visiting the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to issue the request to the server, the size of the file received in response, the numerical code indicating the status of the reply given by the server and other parameters relating to the operating system and the user’s computing environment;
this data is used for the sole purpose of gathering anonymous statistical information on the use of the WIFI/LAN network and the company website; e.g. to check that our IT infrastructure is working correctly and to improve the service; likewise, data could be used by the competent authorities, e.g. to establish responsibility in the case of potential computer crimes or damages to our WIFI/LAN network, our IT system and our company website.
We also would like to inform you that the European Regulation grant you certain rights, including rights of access to, adjustment, erasure, limitation of, or objection to the processing of your data, as well as data portability rights, when and insofar as applicable (Articles 15-22 of the EU Regulations n. 679, 2016). You can also file a complaint with the Data Protection Authority, according to the procedures set forth under applicable regulations.
For any other concern, and to assert your rights under the EU Regulation, please contact:
Data Controller Mucci Gabriella Tel 3341116579 mail appartamentiferrari@hotmail.it