(Articles 13 and 14 of EUROPEAN REGULATION NO. 679/2016)
PRINCIPE HOTEL MANAGEMENT srl, with registered office in V.le Ammiraglio Morin 67 - 55042 Forte dei Marmi (LU) – Italy, Tax and VAT Number 06611040962, as the “Data Controller”, informs you according to Articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”) that your data shall be processed according to the following policy:
1. Type of Data Processed
The Data Controller informs you that your personal data and personally identifiable information (e.g. name, surname, company name, address, telephone number, e-mail address, bank and/or payment information, etc.), hereinafter referred to as “Personal Data” or just “Data”, which have been or will be collected, including verbally collected, by us or by a third party, may be processed in full compliance with the EU Regulation. The Data Controller processes the Data in a lawful manner, in particular with the purpose of performing the contract you may sign or of performing other contract-related activities (e.g. preparing an offer, etc.) that you may request (Art. 6 of the EU Regulation).
Data processing means any activity or series of activities for collecting, storing, organizing, saving, consulting, processing, editing, selecting, extracting, comparing, using, linking, blocking, communicating, disclosing, or distributing data.
2. Legal Basis and Purpose of the Processing
Legal basis: EU Regulation no. 679/2016
A) Purpose of the processing without your express consent (Art. 6, Points b), c), e) of the EU Regulation):
- to fulfil contract-related and tax obligations arising from contracts you may sign
- to fulfil obligations required by the law, a regulation or an EU regulation, or to fulfil orders from Public Authorities (e.g. in the context of anti-money laundering)
- for the Data Controller to exercise its rights, e.g. the right to defend in court
- for general bookkeeping
- for management purposes (invoicing, any document management, etc.)
- for credit management
- for statistical analyses and quality control
- for assurance management
- for technical support
In particular, your Data shall be processed to fulfil the following contractual and legislative obligations:
- user and technical access to the site: no data is stored after the browser is closed
- advanced navigation features or customized management of the content
- for statistical purposes and for analysing users and site navigation
B) Sales, marketing and/or profiling purposes, only with your express consent (Art. 7 of the EU Regulation):
- to send you newsletters, sales messages and/or marketing material about products and services offered by the Data Controller via e-mail, mail, text messages and/or telephone, or for satisfaction surveys relating to the quality of your experience with the service received
- to send you third-party (e.g. from a business partner) sales and/or marketing messages via e-mail, mail, text messages and/or telephone
3. Processing Methods
The methods used for processing your Personal Data, which are listed in Article 4, Point 2) of the EU Regulation, are as follows: collection, storage, organization, structuring, saving, adaptation or modification, extraction, consulting, use, communication (i.e. transmission, disclosure or any other way of making data available), comparing or linking, limitation, deletion or destruction, blocking. Your Personal Data are processed on paper and by electronic and/or automatic means (in such way as to guarantee data security and confidentiality).
4. Data Storage Times and other Information
The Data Controller shall process your Personal Data for the period of time necessary for the abovementioned purposes and in no case longer than the period of time permitted by law after the termination of your contract/relationship with the Data Controller.
As far as the processing of your Personal Data for marketing or profiling purposes is concerned, your Data shall be stored according to the principle of proportionality as long as it is necessary to achieve the purpose of their processing or until you revoke your consent to that particular type of processing.
In particular, the Data Controller shall process your Data for no longer than per 2 years from the time they were collected for marketing purposes and no longer than 1 year for profiling purposes.
The Personal Data you communicate to the Data Collector shall be processed in a “lawful way according to the principles of fairness and transparency”, while at the same time protecting your privacy and your rights.
5. Access to the Data
Your Data can be accessed for the purposes mentioned at the above points 2.A) and 2.B):
- by shareholders, employees and personnel of the Data Controller in Italy and abroad as agents and/or employees in charge of the processing and/or as system administrators
- by third-party companies or other parties that carry out outsourced activities on behalf of the Data Controller as third-party persons in charge of the processing (e.g.: associate offices, lawyers, data processing companies, certification authorities, bookkeeping/tax consultants and, in general, by any other authorities that carry out inspection and control activities in connection with legal obligations arising from the abovementioned purposes, credit institutions, professional firms, consultants, assurance companies for the provision of assurance services, financial firms, Municipal Bodies, service-providing consultants and companies, and work safety consultants and companies, who, in turn, may communicate your Data or make it available to their shareholders, users and other involved parties to carry out specific market research. The Data collected and processed may be communicated to subcontractors, suppliers, for the management of information systems, to transporters, couriers and customs officers, both in Italy and abroad).
The full list of all those who have or can have access to your Data is available at our registered office.
6. Communication of the Data
Without your express consent (Article 6, Points b) and c) of the EU Regulation), the Data Controller may communicate your Data for the purposes mentioned at the above point 2.A) to Supervisory Bodies, Judicial Authorities, assurance companies for the provision of assurance services, and other parties to which the law prescribes that the Data must be communicated for the abovementioned purposes.
Such parties shall process your data as data controllers that are independent from the Data Controller.
During and after your visit to the website, your Data may be communicated to third parties, in particular to:
- Google: ads service, targeted ads, analytics/measurement, personalization of content, optimization
- Google AdWords: ads service, targeted ads, analytics/measurement, personalization of content, optimization
- Google Analytics: targeted ads, analytics/measurement, personalization of content, optimization
Your Data shall not be disseminated.
7. Transfer of the Data
Your Personal Data are stored on devices that are located at the registered office of the Data Controller or at providers, within the European Union. It is understood that, if necessary, the Data Controller shall have the right to transfer your Data to non-EU countries. In this case, the Data Controller hereby guarantees that any transfer of your Data outside the EU shall be carried out in compliance with the applicable laws, after drawing up the conditions of the contract and carrying out the standard inspections provided for by the European Commission.
The Data Controller has applied adequate technical and organizational measures to guarantee a proper level of security both for the Data stored on its own devices, and for the Data stored by providers, in full compliance with Article 32 of the EU Regulation.
Navigation: your navigation Data may also be transferred, only for the abovementioned purposes, to the following countries: - EU countries; - the United States of America.
Each browser, and often each different version of the same browser, has different, and often completely different, cookie settings. Therefore, if you would like to change the cookie settings of your browser, you can find information in your browser user guide.
8. How You Communicate Your Data and what Happens if You Do Not Communicate Your Data
You have to communicate your Data for the purposes mentioned in the above point 2.A). If you refuse to do so, we may not be able to provide you with the services mentioned in the above point 2.A).
You are not required to communicate your Data for the purposes mentioned in the above point 2.B), but you may do so if you wish. You are free not to communicate any Data or you may revoke your consent to its processing at a later time: in this case, you will not receive any newsletters, sales communication and marketing material and/or any other services provided by the Data Controller.
You will still be able to receive the services mentioned in the above point 2.A).
9. Your Rights
As the owner of your Data, you have the following rights provided for by Article 15 of the EU Regulation:
1. You have the right to have the Data Controller tell you whether your Personal Data is being processed and if they are, you have the right to access your Personal Data and the following information:
a) the purpose of the processing
b) the type of Personal Data being processed
c) the parties to which your Personal Data have been or will be communicated, and in particular whether such parties are located abroad or are part of an international organization
d) if possible, the designated storage time of your Personal Data or, if not possible, the criteria by which the storage time is determined
e) the right to request from the Data Controller that your Personal Data be corrected or deleted or that the processing of your Personal Data be limited, and the right to revoke your consent to the processing of your Personal Data
f) the right to file a claim with the inspection authorities (e.g. the “Garante”, the Italian Data Protection Authority)
g) if your Personal Data was not collected from you, you have the right to receive information about the origin of the collected Data
h) whether automated decision-making takes place, including profiling according to Article 22, Paragraphs 1 and 4 of the EU Regulation, and, if it does, you have the right to receive significant information about the logic applied to the processing of your Personal Data, as well as about the importance and the consequences of such processing to you
2. If your Personal Data are transferred abroad or to an international organization, you have the right to know whether any adequate guarantees are applied to the transfer according to Article 46 of the EU Regulation.
3. Upon request, the Data Controller shall send you a copy of your Personal Data being processed.
If you would like to receive extra copies, the Data Controller may charge you for reasonable management costs. If you submit your request by electronic means, any information shall be sent to you in a commonly used electronic format, unless you specify otherwise.
4. The right to receive a copy of your Personal Data being processed mentioned in the above paragraph 3 may not infringe the rights or the freedom of any third party.
Moreover, if possible, you have the following rights provided for by Articles from 16 to 22 of the EU Regulation:
- the right to amend your Personal Data
- the right to have your Personal Data deleted
- the right to have the processing of your Personal Data limited
- the right to data portability
- the right to opt out
- the right to file a claim with the Italian Data Protection Authority
Finally, you have the right to revoke your consent without affecting the lawfulness of the data processing carried out from the time you first gave the consent to the time when you revoke it.
10. How to Exercise Your Rights
You can exercise your rights at any time by sending:
- a registered letter with return receipt to the Data Controller (you can find the address in the letterhead)
- an email at the address email@example.com
The provision of any products and services by the Data Controller within the scope of any contract/relationship between you and the Data Controller does not include the intentional collection of Personal Data of minors. In the case where any Personal Data of minors are unintentionally stored, the Data Controller shall immediately delete them upon request.
12. Personal Data Not Collected from You
In some cases, the abovementioned Data Controller is not the data controller to which you communicated your Personal Data, but it is a joint Data Controller or a third-party data supervisor that received your Personal Data as the result of a contract between parties. In this case, the Data Controller undertakes to use its best endeavours to make sure that you have been informed and have given your consent to the processing of your Personal Data. You may request information from the Data Controller about the origin of your collected Personal Data.
13. Data Controller, Data Supervisor, Data Protection Officer and Persons in Charge of the Processing
Below, we give you some information that you should know, not only to fulfil legislative obligations, but also because transparency and fairness with our customers are an important part of our business.
Data Controller. The Data Controller of your Personal Data is PRINCIPE HOTEL MANAGEMENT srl, the authorized signatory of which is Ms Cristina Vascellari, who is responsible to you for the lawful and compliant use of your Personal Data and who you can contact for any information or request by telephone +39 0584 783636, or e-mail firstname.lastname@example.org.
Data Supervisor. The Data Controller has appointed Mr Alessandro Sermattei and Mr Ugo Baldi as Data Supervisors. They too are responsible to you for the lawful and compliant use of your Personal Data and you can contact them for any information or request by telephone +39 0584 783636, or e-mail email@example.com.
Data Protection Officer. You can contact the Data Protection Officer for any information, for any requests about your Personal Data, or to report any malfunction or problem.
The Data Controller has appointed Mr Nicola Ghinello as the Data Protection Officer. You can contact him by telephone +39 348 3165267, or e-mail firstname.lastname@example.org.
Persons in Charge of the Processing. The updated list of all persons in charge of the processing is available at the registered office of the Data Controller.