- The General Data Protection Regulation (RGPD, in English GDPR, General Data Protection Regulation – EU Regulation 2016/679) is a regulation with which the European Commission intends to strengthen and harmonize the protection of personal data of citizens of the Union European Union and residents of the European Union, both inside and outside the borders of the European Union. In compliance with the provisions of this code, the processing of personal data by our organization is based on principles of correctness, lawfulness and transparency and protection of the privacy and rights of the subjects to which the data refer.
- In this context, we provide the information required pursuant to Article 13-14 of the GDPR 679/2016 European Regulation on privacy We ask you to express your consent for the processing of personal data as specified below for the following purposes: manage your request for information and / or booking in order to provide you with information about it.
- The provision of your data is mandatory for the achievement of the purposes mentioned above; their failure, partial or incorrect conferment could result in the impossibility to provide the requested services.
- In the event that you have given your consent and until you revoke it, your personal data will also be processed for the following additional purposes: a. develop statistical and market studies and research; b. send by mail, e-mail and / or telephone channels, advertising material, information and commercial information; c. carry out direct and indirect sales and placement activities; d. make interactive commercial communications; is. carry out surveys of the degree of customer satisfaction on the quality of the services provided (also through third parties). You may revoke the consent provided for these purposes at any time by contacting the data controller. The consent for the treatments and purposes referred to in this point 4 is not mandatory; following a possible refusal, your data will be processed only for the purposes indicated in the previous point 2.
- As customers or potential customers, the data being processed are generally of a common nature, since they essentially consist of personal identification elements. In the event that you should indicate in the fields that do not provide a specific indication are of a sensitive nature and as such deserving special protection, we inform you that such data will be processed by us within the limits set by the Privacy Code.
- The processing of collected data will be carried out using paper and / or electronic instruments and in any case in compliance with the current regulations in force.
- Please note that our organization implements the necessary organizational, physical and logical measures to ensure data security.
- In addition to the employees of the Company, some processing of your personal data may also be carried out by third parties, based in Italy and / or abroad, to whom our organization entrusts certain activities (or part of them) functional to the supply of services mentioned above. In this case, the same subjects will act as independent Data Controllers or will be designated as Data Processors or Data Processors. The designated Managers and Distributors will receive appropriate operating instructions, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of data. The aforementioned third parties are essentially included in the following categories: Credit recovery companies, Companies that process traffic data for billing, Companies responsible for printing and sending invoices to customers, Consultancy Companies, Assignment companies for receivables, Agents and Procacciatori, Franchisee, Technological Service Providers, Content Providers.
WHO WE ARE AND WHAT DATA WE TRAIN (ARTICLE 13, 1st PARAGRAPH A, ARTICLE 15, LET B GDPR)
Data category Exemplification of data types
Personal data; name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, tax code / VAT number, e-mail address / e-mail, copy of identity document
IBAN bank details and bank / postal data (except credit card number)
Data of electronic traffic Log, IP address of origin.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
Data entered by the site owner
Within the site, photographs representing the activities carried out on site, parties, events, conventions, social activities, events, lunches and / or other dinners may be included.
HOTEL AMERICA SRL does not require the Data Subject to provide data c.d. “Particular” and that is, according to the provisions of art. 9 of the GDPR, personal data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a physical person, related data to the health or sexual life or sexual orientation of the person.
The Owner has appointed a Data Protection Officer (DPO) who can be contacted for any information and requests:
CATEGORIES OF PERSONAL DATA TREATED BY THE HOLDER OF THE TREATMENT
To offer you the services provided by our company, HOTEL AMERICA SRL as Data Controller, must process some personal data necessary for the provision of services.
This data may be implicitly provided by the tools you use to access and use the services or may be provided explicitly by you.
HOTEL AMERICA SRL may process the following categories of personal data of users:
• technical navigation data relating to the IP address, the identification codes of the devices used by the user for the use of the site or services, the characteristics of the browser and access times;
• navigation data for profiling provided indirectly through the use of the service and obtained and analyzed with the prior consent of the user;
• common identifying data provided by the user (eg name, surname, e-mail, telephone number, etc.) for the use of the products and services;
FOR WHAT PURPOSES THERE ARE THE DATA OF THE INTERESTED PARTY (ARTICLE 13, 1 ° COMMA GDPR)
The data serve the owner to act on the request of birth registration and the supply contract of the chosen service, manage and execute the contact requests submitted by the interested party, provide assistance, to fulfill legal obligations and regulations which the holder is held in function of the activity exercised. In no case HOTEL AMERICA SRL resells the personal data of the interested party to third parties or uses them for undeclared purposes.
In particular the data of the interested party will be processed for:
a) registration and contact requests and / or information material
The processing of personal data of happens to give course to preparatory and subsequent to the birth registration request, the requests for information management, and contact and / or the sending of informative material, as well as for the fulfillment of any other obligations arising.
The legal basis of these treatments is the fulfillment of the services inherent to the request for registration, information and contact and / or sending of informative material and compliance with legal obligations.
a) management of the contractual relationship
The processing of the involved personal data are processed in order to initiate the preparatory activities and resulting from the purchase of a service, the management of the order, the delivery of the Service, the billing and payment management, complaint handling and / or reports to the assistance service and the provision of the assistance, the prevention of fraud and the fulfillment of any other obligation arising from the contract.
The legal basis of these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.
b) promotional activities on Services / Products similar to those purchased by the interested party
(Recital 47 GDPR)
The owner of the treatment, even without explicit consent of the interested, you may use the contact details provided by the interested party, for the purpose of direct sale of its services, limited to cases where it is similar services to those covered by the sale, in unless the data subject explicitly opposes.
d) the commercial promotion activities on Services different from those purchased by the Interested Party
The personal data of the interested party may be processed, subject to consent, also for purposes of commercial promotion, for surveys and market research with regard to Services offered by the Data Controller and different from those purchased by the interested party.
This treatment can be automated, in the following ways:
– telephone contact
and can be done:
if the interested party has not revoked his consent for the use of the data;
in the event that the processing takes place through contact with the telephone operator, if the interested party has not registered in the register of oppositions referred to in D.P.R. n. 178/2010;
The legal basis for such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time.
e) computer security
The Owner, in line with the provisions of Recital 49 of the GDPR, treats, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to ensure the security of networks and information, ie the ability of a network or an information system to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
The Data Controller will promptly inform the Interested parties, if there is a particular risk of violation of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR concerning notifications of violation of personal data.
The legal basis for such processing is compliance with legal obligations and the legitimate interest of the Data Controller to carry out processing related to the protection of the company assets and the security of the company’s offices and systems.
The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen services, proposing advertising messages and / or commercial proposals in line with the choices made by the users themselves) only in case the Interested person has provided an explicit and informed consent. The legal basis of such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time.
RIGHTS OF THE INTERESTED PARTY
The interested party has the right to obtain from the data controller the following:
a) confirmation of whether or not personal data processing is being processed and, in this case, to obtain access to personal data and the following information:
the purposes of the processing;
the categories of personal data in question;
the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
whenever possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
the right to lodge a complaint with a supervisory authority;
if the data are not collected from the data subject, all information available on their origin;
the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
the appropriate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred
b) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs.
c) the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay
d) the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, among which, for example, in the case in which they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law still exist; and in any case if the treatment is not justified by another equally legitimate reason;
e) the right to obtain from the data controller the limitation of processing, in the cases referred to in art. 18 of the GDPR, for example where you have challenged its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in reasonable time, also of when the suspension period has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;
f) the right to obtain communication from the holder of the recipients to whom the requests for any corrections or cancellations or limitations of the processing have been transmitted, unless this proves impossible or involves a disproportionate effort.
g) the right to receive personal data concerning him in a structured, commonly used and automatically readable format, and the right to transmit such data to another data controller without impediments by the data controller who provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one controller to another, if technically feasible.
Furthermore, the interested party has the right to:
obtain confirmation of the existence of personal data concerning you, even if not yet registered, and communication in an intelligible form
b. obtain an indication of the origin of personal data, as well as the purposes and methods of processing
c. obtain an indication of the logic applied in the treatments carried out with the aid of electronic instruments
d. obtain the indication of the identification details of the owner and of the managers
is. obtain the indication of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as appointed representative in the territory of the State, managers or agents
f. obtain updating, rectification or, when interested, integration of data
g. obtain cancellation, transformation into anonymous form or blocking of data processed in violation of the law
h. obtain the cancellation, transformation into anonymous form or blocking of data whose retention is not necessary, in relation to the purposes for which the data were collected or subsequently processed
i. obtain confirmation that the update, rectification, integration, deletion, transformation into anonymous form or blocking have been brought to the attention, including as regards the content, of those to whom the data were communicated or disseminated, except in cases where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right
j. object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection
k. object, in whole or in part, to the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.
HOTEL AMERICA SRL guarantees you that you can exercise your rights under Art. 12 of the GDPR. In particular you have the right:
– to know if the Owner holds and / or processes personal data relating to you and to access it in full also obtaining a copy (Article 15 Right to access),
– the correction of incorrect personal data or the integration of incomplete personal data (Article 16 Right of rectification);
– the cancellation of personal data held by the Data Controller if one of the reasons provided for by the GDPR exists (Right to Delete, 17);
– to ask the Data Controller to limit the processing only to certain personal data, if there is one of the reasons provided for by the Rules (Article 18 Right to limit the processing);
– to request and receive all your personal data processed by the owner, in a structured format, commonly used and readable by automatic device or request transmission to another holder without impediments (Article 20, Right to Portability);
– to object in whole or in part to the processing of data for the purpose of sending advertising material and market research (so-called Consent) (Article 21 Right to object)
– to object in whole or in part to the processing of data in automatic or semi-automatic mode for profiling purposes (so-called Consent)
The exercise of these rights may be exercised by communication to the Data Controller / Data Protection Officer whose addresses are indicated in the appropriate section of this statement.
Furthermore, you always have the right to lodge a complaint with the Authority for the Protection of Personal Data, which can be contacted at the address email@example.com or through the website http://www.gpdp.it.
THE “HOLDER” OF THE TREATMENT
Following consultation of this site, data relating to identified or identifiable persons may be processed.
The “holder” of their treatment is America Hotel via Bolivar 96 – 84049 Marina Di Camerota Salerno.
The Data Protection Officer (DPO) pursuant to and for the purposes of EU Regulation 679/2016 (GDPR) is identified in the person of Amelia Esposito.
HOW WE TREAT THE DATA OF THE INTERESTED PARTY (ARTICLE 32 GDPR)
The Data Controller provides for the use of adequate security measures to preserve the confidentiality, integrity and availability of the personal data of the interested party and imposes similar security measures on third parties and on the Managers.
DATA PROCESSING PLACE
The processing related to the web services of this site takes place at the aforementioned headquarters of the Guarantor and is only handled by technical staff of the Office in charge of processing, or by persons in charge of occasional maintenance operations.
The personal data of the interested party are kept in paper, computer and electronic archives located in countries where the GDPR is applied (EU countries)
OPTIONALITY OF DATA SUPPLY
Apart from that specified for navigation data, the user is free to provide personal data contained in the request forms or indicated in contacts to request the sending of informative material or other communications.
Failure to provide such data may make it impossible to obtain what has been requested.
METHOD OF TREATMENT
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
LINKS TO REGULATIONS