INFORMATION NOTE ON THE TREATMENT AND PROTECTION OF PERSONAL DATA
In carrying out its business activities, Albergo Serenella reserves the utmost attention to the protection and safeguarding of the personal data of all those who operate or interact with it (hereinafter for brevity "Data Subject" and/or "User"), adopting for this end any suitable, adequate and necessary procedure and safety system.
Firmly believing in the principles of transparency and correctness, this information is therefore provided for the purpose of providing all interested parties with a complete description of the methods and purposes of the processing of personal data which is carried out in the provision of services and/or in marketing of its assets (hereinafter for the sake of brevity and jointly with each other "Services"), and this also in compliance with the provisions of Regulation (EU) n. 2016/679 regarding the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter referred to as "GDPR").
II. Owner and manager of the processing of personal data
The personal data controller is Albergo Serenella, with headquarters in Via Zortea, 56, registered with the Chamber of Commerce of TN under no. , with VAT number 0036215022, who can be contacted, for the purposes of this information, at the e-mail address firstname.lastname@example.org or at the telephone number 0439719000 (hereinafter also referred to as the "Data Controller").
The processing of only the personal data provided to the Data Controller for the use of the Booking Engine Service (hereinafter for brevity "Web Booking") will take place, on behalf of the same Data Controller (therefore in the role of data controller pursuant to the 28 of the GDPR) by the company Passepartout S.p.A., a company incorporated under San Marino law mainly engaged in the production and distribution of software and related services, with registered office in the Republic of San Marino in Dogana (Cap 47891) in Via Consiglio dei Sessanta n . 99, registered in the Register of Companies under no. 6210 dated 6 August 2010, with Economic Operator Code no. SM03473, fully paid-up share capital ~ 2,800,000, who can be contacted, for the purposes of this information, at the e-mail address email@example.com or at the telephone number 800 414243 (hereinafter also referred to as "Passepartout" and/or "Manager of the Treatment").
Passepartout S.p.A. has designated (i) as its representative in the European Union, pursuant to art. 27 of the GDPR, the company Paci Representative Privacy Srl registered with the Chamber of Commerce of Romagna, share capital ~ 10,000.00, with headquarters in Rimini, in P.tta Gregorio da Rimini n. 1, who can be contacted, for the purposes of this information, at the e-mail address firstname.lastname@example.org or at the telephone number 0541 902128 (hereinafter referred to as the "Representative"); as well as (ii) a data protection officer (referred to in Chapter IV, Section 4 of the GDPR) who can be contacted at the e-mail address email@example.com or at the telephone number 800 414243.
Personal data means all information relating to a natural person, identified or identifiable by reference to elements such as, for example, the name, the details of the identity document, the physical, physiological, genetic, economic, cultural or social identity of such person, as well as through the identification details on his location.
The personal data as described above are mainly processed when the interested party makes use of the Services and/or Web Booking.
The provision of all other personal data is instead optional but may be necessary in order to be able to use the Services and/or Web Booking, such as data for making offers, buying or selling which are necessary to conclude a contractual transaction.
Personal data is provided directly by the interested party and/or acquired automatically via devices when the Services and/or Web Booking are used, when data is provided in a web form on our sites, when an account is created and/or updated or when the interested party contacts us in any other way or expressly provides personal data with his consent, all as detailed below.
Type and category of data processed
Of the personal data as described above, and for the provision of the Web Booking, the Data Controller (and for it the Data Processor) collects only the following types.
The personal data collected concern:
a) identifying information such as name, surname, date and place of birth, place of residence, tax code, VAT number and registered office, ISS code, telephone number, e-mail address (also with certified e-mail), username, password, gender, or other data that we are required or authorized to collect and process, pursuant to current legislation, a
the purpose of authenticating or identifying the User or verifying the information provided and collected;
b) IP address and navigation data and any other data concerning the User's interaction with the Services and/or Web Booking, for example when viewing or searching for content, creating or accessing one's account and / or to a reserved area. Data relating to the devices and/or computers used by the User to access the Services and/or Web Booking is also collected, including the type of browser, unique device code, language, operating system, reference, the pages visited, the location and information on cookies, data on the computer and the connection (for example, statistics on page views, traffic entering and leaving the sites, referring URLs).
c) data relating to offers, purchases or sales relating to the Services and/or Web Booking provided during a pre-contractual negotiation and its subsequent completion and any other data provided in reference to these operations;
d) data relating to the invoicing (and possible shipment) of the Services and/or Web Booking;
e) financial data taking into account that some Services and/or Web Booking support payments and transactions with third parties. To this end, it may be necessary to provide certain data for the identification and verification of the identity of the interested party and of the means of payment used, such as for example the name, surname, credit/debit card number, date of card expiration. Such data, where collected by the Data Processor, will only be saved in encrypted form. In some cases, to allow the User to speed up new and similar payment operations in the future, Passepartout could only memorize the last four digits of the card number;
f) geolocation data, in particular through the use of mobile devices;
cookies and similar technologies. In providing the Services and/or Web Booking, cookies, unique identifiers and other similar technologies are used to acquire data on the pages and links visited and other similar actions, within the advertising or e-mail contents, all in the terms, according to the methods and conditions set out in the specific policy available at the following link: https://www.passepartout.net/utility/cookie;
h) Processing of special categories of personal data (so-called sensitive data)
Particular categories of personal data are not collected in any way and therefore are not processed, such as for example data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing data genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health or sex life or sexual orientation.
V. Purposes and methods of data processing
The processing of personal data collected takes place only and exclusively for the following purposes:
a) execute contracts relating to the Services and/or Web Booking.
Through the information and data communicated, we are able to implement the contractual activities and services provided for by the Service contracts and/or by the Web Booking requested by the interested party (also in the name and/or on behalf of third parties) or to give execution of pre-contractual measures and/or negotiations relating to the same Services and/or Web Booking, including administrative and accounting activities, management of tax obligations, payments and invoicing.
The information collected will also be used to contact the User in relation to his account or in any case regarding his contractual position, resolve problems with the account and/or the private area, resolve a dispute, carry out debt collection activities.
Personal data may also be processed to verify and resolve any malfunctions of the Services and/or Web Booking; to perform data analysis and tests, to conduct research and surveys and to develop new features and services in order to provide the User with an ever better experience.
b) Offer security and protection both to the personal data received and to the security systems adopted.
The data collected is also used to verify the identity and authenticate the Users, allow to make and/or receive payments, protect against possible fraud and/or abuse, respond to a request or a complaint, carry out checks, to prevent, detect , mitigate and/or ascertain security breaches and/or even potentially prohibited, illegal and/or illicit activities.
c) Communicate with the interested party.
The data could be used to contact the User for the purposes contained in this information and in the cases provided for by law. Contact and communication could take place via e-mail (also with certified e-mail), telephone, SMS, paper mail, push notifications on mobile devices.
We may use the User's information to send service communications and / or respond to requests from him, to offer discounts and special promotions, to know his opinions through surveys or questionnaires.
d) Carry out marketing activities.
With the express and appropriate consent of the User to be expressed in the manner specifically indicated from time to time, we may use the User's information to promote new products or services in which he may be interested, carry out marketing activities through telephone calls, and - email (also with certified email) or SMS, via paper mail, push notifications on mobile devices, as well as through specially appointed third parties.
In any case, the User may revoke the express consent on marketing activities by following the specific instructions included in the same tools used (e.g. newsletter, e-mail, etc.) or by sending an email to info@albergoserenella. net.
The processing of personal data collected will take place in a lawful and correct manner in compliance with the rules of the GDPR, with the use of manual or automated systems that allow the data to be stored, managed and transmitted (both in paper and electronic format) solely for the purposes indicated in this information.
Only duly authorized personnel will be able to access the personal data collected.
YOU. legal basis of the processing of
The legal bases through which we process the personal data of the interested party may be different, and precisely:
the contracts established or to be established (with the interested parties) to use the Services; as well as
b) the expressed consent of the interested party. This consent may be revoked in the terms and in the manner indicated in the following paragraph X, lett. to);
c) our legitimate interests [with respect to which it is possible to oppose pursuant to the following paragraph X, lett. a)], meaning for example the interest: to prevent fraud; to carry out direct marketing activities, the improvement, customization and development of the Services; to carry out the marketing of new services or products that may be of interest to the User; to carry out the promotion of security and data protection; to carry out data processing within a group of companies or related entities for internal administrative purposes, without prejudice to the general principles and regulatory provisions for the transfer of personal data within a business group also to a company located in a Third Country (by which we mean a country that is not part of the European Union).
The processing of personal data relating to traffic, to a strictly necessary and proportionate extent to guarantee network and information security, is also a legitimate interest, meaning the ability of a network or an information system to resist, to a given level of security, to unforeseen events or to illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible through such networks.
d) Data collected from third parties or through other sources;
We may collect further personal data or integrate those already in our possession with other data and information collected from third parties (for example our suppliers or business partners), also using data and information in the public domain, information collected through specific databases or further information contact details, credit verification data and information relating to solvency provided by the relevant offices, in accordance with current legislation.
We may also collect data through the social media you use. In fact, where the User links his account to the respective social media site, these social media sites may authorize us to automatically access certain data held by them. With this possibility, the interested party expressly provides us with access to sites with the various contents provided therein.
VII. Data Processing Manager
As already anticipated in the previous Paragraph II, the processing of only the personal data provided to the Data Controller for the use of Web Booking will take place by Passepartout, the company that owns the software program concerning Web Booking and licensed for use to the Data Controller.
This data processing will take place within the terms, according to the methods and contractual conditions between the Data Controller and the Data Processor and in any case in full compliance with the provisions of this information. regulation (hereinafter referred to as the "Controller-Processor Agreement").
Passepartout will process and store the personal data collected on its servers (also in the Republic of San Marino). In this regard, it should be noted that in the regulation of the Data Controller-Processor Agreement, account was taken (fully incorporating them) of the guarantees required by the GDPR (pursuant to article 46) for the case of transfer of personal data to countries outside the European Union.
How we share information with third parties
The personal data provided may be shared with third parties only in the following cases:
Consent of the interested party:
The interested party can authorize us to share (or disclose) their data with (and to) other third parties, for example where they use our community (such as forums or other social tools) or where they have expressed their intention to be contacted and/or re-contacted for any need or clarification regarding the Services.
Processing by external entities:
Personal data could be provided to entities connected and/or affiliated to our company, to service providers and/or business partners who process them according to our instructions (e.g. partners who provide customer support services, information technology, payment management and/or sales, marketing, analytics, and research and surveys).
Personal data may also be shared with:
our suppliers who perform: payment processing, advertising personalization, prevention, detection, verification of potentially illegal acts, violations of the Services; invoice collection; consultancy, training and organization of events;
third-party shipping service providers (e.g., DHL, UPS, GLS, Poste Italiane, etc.) with whom we share delivery addresses, contact information and shipping codes;
suppliers of websites, applications, services and tools with which we collaborate for the provision of the Services and/or Web Booking.
Needs for justice, legal and/or protection in general.
We may store or disclose personal data where necessary to satisfy justice requirements, for example because requested by an administrative authority, a control and/or supervisory authority or in the context of a judicial proceeding or, in any case, in compliance with provisions of law, or in any case for the exercise of legal rights or for the defense against complaints and/or legal actions or to prevent, identify or investigate illegal activities, fraud, abuse, violations of subjective legal positions or where there are even potential threats to the security of the Web Booking or to the physical safety of any person.
Data retention period
The retention period of personal data is determined (or determinable) according to the purpose or the legal basis by virtue of which the processing must take place.
Personal data to execute the contract which concerns, among other things, the Web Booking, will be kept for the time necessary to correctly and fully perform the services provided for in the contract itself (including those strictly connected and linked to its termination) and in any case for a period of time not exceeding n. 10 (ten) years from the termination of the Web Booking.
However, personal data processed for marketing and commercial purposes will be kept until the interested party has expressed his intention to revoke the consent expressed for this purpose.
The case in which the interested party has expressly expressed, even for different reasons, the consent for a longer period (in which case the retention period will correspond to the permitted one) or it is necessary to satisfy one's legitimate interests as identified above ( in which case the retention period will correspond to that in which such interest is satisfied).
It also remains the case in which the greater (or lesser) retention of data must be carried out to satisfy the needs of justice, for example to comply with a request from the administrative authority, control and/or supervisory authority or for the exercise and /or for the protection (judicial and/or extrajudicial) of one's rights or to exercise the defense against complaints and/or legal actions.
Once the retention period has ended, your personal data will be securely removed.
The rights of the interested party
All the interested parties to whom the personal data processed refer, in accordance with the terms and conditions set forth by the GDPR, can exercise the rights described below.
a) Right of access, rectification and deletion of data, limitation and opposition to the use of data and right to withdraw consent.
Except as provided above in terms of conservation, the The interested party may at any time obtain access to their personal data, as well as obtain their updating, modification, limitation of treatment or request their cancellation.
If you choose to erase your data, please note that while most of the information held will be erased within 60 (sixty) days, it may take up to 180 (one hundred and eighty) days to erase all data entered into our systems due to the size or complexity of the systems and procedures used.
Where the data processing is based on the consent given by the interested party, this consent may be revoked at any time. You can therefore always oppose the sending of newsletters and the processing of data for all or only some of the marketing or commercial purposes.
The interested party may also oppose the processing of data even when carried out with respect to our legitimate interests.
Where you are asked to withdraw your consent, to limit the use of data or to delete personal data previously provided, we may no longer be able to provide the Services.
In any case, requests for deletion of data are subject to the legal obligations in force and the conservation of documents imposed by laws or regulations.
Right to portability
The interested party has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller.
Right to lodge a complaint
The interested party will always have the right to lodge a complaint with the competent Supervisory Authority where he identifies problems relating to the use of his personal data.
Automated decision making
Automated technologies are used for decision making or profiling. In any case, no automated decisions will be taken on the interested party that could have significant consequences for him, except in circumstances in which this decision is necessary to execute a contract or because the User has expressly given his consent.
The exercise of the rights described above may be requested by the interested party by sending a communication to the e-mail address: firstname.lastname@example.org.
XI. Security measures
We guarantee the implementation and maintenance of technical and organizational measures suitable to guarantee a level of security adequate to every possible risk, also constantly carrying out a series of technical, administrative and physical checks to keep the personal data of the interested party confidential and secure .
Completeness and Changes
This privacy statement is released to complete and integral replacement of any other regulation that may have existed before today in terms of protection of the User's personal data processed for the same purposes contained herein.
Our site and HTML-formatted emails may use beacons and/or cookies to compile statistics on the use of our website. A Web beacon is an image inserted in the message that informs us of its display, for the sole purpose of creating usage statistics.
|Category / Type||Name del cookie||Purpose|
|Web page functionality||DispoParams||Stores the information needed to search for availability.|
|Web page functionality||no_show_banernew||Prevents the information banner from appearing again.|
|Security||crsftoken||Prevents third parties from operating on sites where they have started the session without our consent.|
|Third party cookies|
|Category||Third Party||Purpose / Further information|
|Site analysis||Monitor user navigation on the web in order to analyze its use, identify possible problems and improve ease of use.|
|Manage favorites and links||AddThis, Facebook, Google+, Twitter||Allows you to share links on social networks and on the most popular sites on the web.|
|Third-party cookies intended for marketing|
|Category / Type||Third Party||Purpose / Further information|
|Marketing - Retargeting.||Zanox, Ve Interactive, TripAdvisor||Manage ads with best deals based on previously searched locations.|
|Marketing - Retargeting.||Affilinet, Google Adwords. Sociomantic, TripAdvisor||Control the effectiveness of advertising campaigns to show the most relevant messages.|