Information on the protection of personal data
(articles 13 and 14 of Regulation 2016/679/EU)
pursuant to articles. 13 and 14 of Regulation 2016/679/EU (GDPR), we inform you that the personal data provided by you or otherwise acquired will be processed in compliance with current legislation and the principles of lawfulness, correctness, transparency, data minimization, accuracy, limitation of conservation, integrity.
WHO WE ARE
The data controller is Errezetauno Srl, with registered office in Via Chiatamone 53/c - 80121, which, within its prerogatives, may avail itself of the collaboration of managers pursuant to art. 28 GDPR or specifically authorized for processing. In carrying out its business, the Company pays the utmost attention to the security and confidentiality of its customers' personal data.
Who is the Data Protection Officer Officer - DPO)?
Pursuant to art. 37(1) of the GDPR, the Data Controller has appointed an external Data Protection Officer (hereinafter "DPO"). The DPO is Dr. Gianpiero Uricchio, who can be reached at the e-mail address firstname.lastname@example.org
HOW WE COLLECT YOUR PERSONAL DATA
The Company collects and processes your personal data in the following circumstances:
Collection of personal data on paper directly during check in;
Data collection via electronic tools directly at Check In;
Data collection via email contacts;
Collection of personal data via the Synxis platform for online booking;
FOR WHAT PURPOSES CAN YOUR PERSONAL DATA BE USED
Your personal data, as described above and provided by you, are collected and used for the following purposes connected and instrumental to the activity of Errezetauno Ltd .:
1 Contractual purpose [Art. 6, par. 1, lett . b) GDPR]
Allow the execution of the obligations covered by the contract for the use of the hotel services contained therein.
2 Legal obligations [Art. 6, par. 1, lett . c) GDPR]
Fulfill the following obligations required by law:
a. public security obligations provided for by article 109 of Royal Decree no. 773 of 18 June 1931 and subsequent amendments , relating to the communication to the Police Headquarters of the personal details of guests accommodated;
b. obligations established by law, regulations, community legislation or an order from the Authority (such as for example in the field of anti-money laundering);
c. administrative, accounting and tax obligations. The data acquired for these purposes are kept by us for the time required by the respective regulations;
3 Purposes relating to the services offered [Art. 6, par. 1, lett . a) GDPR]
Subject to your free consent, which you can express by selecting the respective boxes in the "Consent to the processing of personal data" form that you can fill in at the time of check-in, the data you provide to us may also be processed for the following purposes:
to. offer attentive and personalized services throughout your stay within our facility, such as secretarial services, to carry out the function of receiving messages and telephone calls addressed to you, delivery of mail and parcels, transfer of telephone calls to your room and booking of services external, management of any special requests relating to the interested party's state of health;
b. speed up the registration procedures for future stays at our facility. Your data will be stored for a maximum period of 24 months.
4 Promotional purposes [Art. 6, par. 1, lett . a) GDPR]
a. Promotional purposes relating to the advertising of services (so-called Soft Spam ) [art. 6, par. 1, lett . f) GDPR]
Pursuant to art. 130, paragraph 4 of the Legislative Decree . 196/2003 and subsequent amendments - Errezetauno may use - without the obligation to acquire your prior consent - the contact details provided by you during the purchase phase in order to promote services.
In any case, you may at any time object to such further processing upon receipt of any advertising communication pursuant to what has just been described, making use of the opt-out mechanism provided within the communication received or by sending an e-mail to email@example.com with the subject "unsubscribe mail marketing".
b. Promotional purposes relating to other services, events, promotions and commercial initiatives [art. 6, par. 1, lett . a) GDPR]
Subject to your free consent, which you can express by selecting the respective boxes in the "Consent to the processing of personal data" form that you can fill in at the time of check-in, the data you provide to us may be processed for the sending of commercial communications or the sending advertising material, or for direct sales activities, carrying out market research with traditional contact methods - via post or telephone - or automated - such as SMS, fax, email or telephone calls without an operator; you may at any time withdraw the consent previously given, even partially, for example by consenting only to traditional contact methods.
HOW WE KEEP YOUR PERSONAL DATA SECURE
The processing of personal data for each of the above purposes will take place in an automated and telematic form, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data themselves in compliance with the art. . 32 of the GDPR, as well as the possibility of the interested party to consent to even just one of the contact methods (electronic or traditional).
HOW LONG WE KEEP YOUR INFORMATION
We keep your personal data only for the time necessary to achieve the purposes for which they were collected or for any other legitimate related purpose. Therefore, if personal data is processed for two different purposes, we will retain such data until the purpose with the longer term ceases. Your personal data that is no longer necessary, or for which there is no longer a legal basis for its conservation will be securely destroyed.
With reference to the fulfillment of contractual obligations, the data processed to fulfill any contractual obligation may be kept for the entire duration of the contract and in any case no later than the following 10 years, in order to verify any pending matters including accounting documents (for example invoices) .
In the event of disputes for which it is necessary to defend ourselves or take action or even make claims against you or third parties, we may retain the personal data that we deem reasonably necessary to process for these purposes, until the dispute has ceased and the relevant judicial measure is passed into law.
WHO WE CAN SHARE YOUR PERSONAL DATA WITH
Your personal data may be accessed by:
1) duly authorized employees;
2) the data controllers with whom a contract is stipulated pursuant to art. 28 of the GDPR.
Your personal data may be the subject of specific communications in all cases required by law. However, they are not known to be widespread in any way.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO MAKE COMPLAINTS BEFORE THE SUPERVISORY AUTHORITY
You can exercise your rights by email, writing to the following email address firstname.lastname@example.org or by registered letter addressed to the company's registered office.
You have the right to ask the Company:
- access to your personal data (art. 15 EU Regulation 2016/679),
- Correction (art. 16 EU Regulation 2016/679),
- Cancellation (art. 17 EU Regulation 2016/679),
- Limitation (art. 18 EU Regulation 2016/679),
- Portability, understood as the right to obtain data from the data controller in a structured format of common use and readable by an automatic device to transmit them to another data controller without impediments (art. 20 EU Regulation 2016/679),
- Opposition to processing (art. 21 EU Regulation 2016/679),
Furthermore, in cases where the legal basis is consent, the same may be revoked by you at any time.
Please remember that pursuant to art. 77 of EU Regulation 2016/679 may lodge a complaint with the Guarantor Authority in case of violation of current legislation on the protection of personal data.
Transfer of data abroad
Your data may be transferred outside the European Union, exclusively on the basis of adequate guarantees, as provided for by art.46 of EU Reg. 2016/679. The data collected are under the exclusive control of the companies that manage and install them and who are properly appointed as Data Controllers (art.28 EU Reg. 2016/679).