(document updated on 25/05/2018)
As known, from May 25, 2018 the New European Privacy Regulation (GDPR 2016/679) became operational. Below is therefore our information, adequate in accordance with the provisions of Art. 13 of the GDPR 2016/679, which describes the ways in which we collect and process your personal data, premising that the Company's commitment is maximum in the protection of said data.
2. Who is the Data Controller of your personal data
The Data Controller of your Personal Data is the Hotel Albergo Rosarina di Magnani Silvano & C. S.A.S.- P.IVA 03171540408 with headquarters in Viale Biella 7 Rimini (RN)
3. What is meant by personal data and what data we process
"Personal data" means any information suitable for identifying, or making identifiable without sustaining a significant effort, a natural person.
Examples of Personal Data are personal data (name, surname, date and place of birth), residential address, bank details).
The Company in particular processes those personal data that you have communicated to us in relation to the conclusion and / or execution of a contract for the products and services we provide, as well as to follow up on the pre-contractual activities of that contract (for example, name, surname, address, telephone, e-mail, bank and payment references.
It is specified that the operations indicated in art. 4 no. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are subjected to both paper and electronic processing.
4. Why we process your personal data
Your personal data are collected and processed as strictly necessary to follow up on your requests and contracts entered into concerning our products and / or services, and in particular:
• For the performance of the necessary pre-contractual activities (eg verification of creditworthiness and solvency);
• To fulfill contractual and fiscal obligations in Yours
• To defend our rights based on our legitimate interest (eg right of defense in court);
• To fulfill legal obligations and requests from the authorities, as well as to comply with the regulations for the prevention of fraud, money laundering, etc .;
If said purposes change, we will send a new information that contemplates the new purposes.
In consideration of the purposes identified to date, pursuant to art. 6 lett. b), c) and f) of the GDPR), the processing of your personal data does not require your consent.
The provision of data for the purposes indicated above is mandatory. In their absence, we will not be able to guarantee you to meet your requests and to conclude and / or execute the contracts.
5. To whom we communicate your data
Without the need for express consent (Article 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes indicated above to Prefectures, Supervisory Bodies (such as IVASS), judicial authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as independent data controllers.
Your data will not be disclosed.
6. Who accesses your data
Your data may be made accessible for the purposes indicated above:
• to employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal managers of the treatment and / or system administrators;
• to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external managers of the treatment.
7. Where we transfer your data
Personal data are stored on servers located within the European Union.
In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures as of now that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission or in accordance with the Privacy Shield, for those countries that do not they received an adequacy decision from the European Commission.
8. As far as we keep your data
Your data will be kept only for the time necessary to perform the treatment for the purposes indicated above.
In particular, we will process your data for the entire duration of the contract and as long as there are obligations or obligations related to the execution of the same. After the termination of the contractual relationship, we will keep them for a period of 11 years to fulfill legal obligations or to defend our rights.
9. What are your rights?
In your capacity as an interested party, you have the rights referred to in art. 15 GDPR and precisely the rights of:
a) obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
b) obtain the indication:
• the origin of personal data;
• the purposes and methods of treatment;
• the logic applied in case of treatment carried out with the aid of electronic instruments;
• the identity of the owner, manager and the representative appointed pursuant to art. 3, paragraph 1, GDPR;
• the recipients or categories of recipients to whom personal data may be communicated;
c) obtain: updating, rectification or, when interested, integration of data; the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment proves impossible o involves the use of means manifestly disproportionate to the protected right;
d) object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out
market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. Please note that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
You also have the rights referred to in articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
10. How can you exercise your rights?
You can exercise your rights at any time by sending:
• a registered letter with return receipt in the name of your company, your Personal Data is the Hotel Albergo Rosarina di Magnani Silvano & C. S.A.S - VAT 03171540408 with headquarters in Viale Biella 7 Rimini (RN), or
• an e-mail to the address:: firstname.lastname@example.org