We wish to inform you that the European Regulation 2016/679 (hereinafter GDPR) establishes rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free circulation of such data aimed at protecting the fundamental rights and freedoms of individuals individuals, in particular the right to the protection of personal data. The free flow of personal data in the Union cannot be restricted or prohibited for reasons relating to the protection of natural persons with regard to the processing of personal data. We therefore point out that "personal data" means, pursuant to the aforementioned GDPR, any information that concerns you directly or indirectly as an interested party, with particular reference to an identifier such as the name, an identification number, data relating to location, an online identifier or one or more characteristic elements of your physical, physiological, genetic, psychic, economic, cultural or social identity. The management methods of the site are also described here with reference to the processing of personal data of users who consult it and who have access to the reserved area. This information is also provided pursuant to articles 13-14 of the GDPR to those who interact with the web services of HOTEL HAITI SRL (hereinafter the Data Controller), accessible electronically at the address:
This information is provided only for sites referring to the Data Controller and not for other websites that may be consulted by the User via links. Following consultation of this site, data relating to identified or identifiable persons may be processed and the information is valid even if the collection of personal data has taken place in other forms (through coupons or other means). The information has the purpose of identifying some minimum requirements for the collection of personal data online (and not), and, in particular, the methods, times and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
1. IDENTITY AND CONTACT DETAILS OF THE HOLDER OF THE TREATMENT
The identity of the Data Controller and his references, also shown in the header, are as follows: · HOTEL HAITI SRL address: Viale Europa, 68 – 63074 San Benedetto del Tronto (AP) contacts: email@example.com • Tel. (+39) 0735 81635 • Fax (+39) 0735 785585 The Data Controller does not carry out activities that require the mandatory designation of the person responsible for the protection of personal data.
2. PURPOSE OF THE TREATMENT
The treatments connected to the web services of this site take place at the aforementioned office of the Data Controller, at the office identified by the website manager and are only handled by authorized personnel for processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is disclosed. The personal data provided by users who request the dispatch of material regarding the requested service (or even of an informative nature only) are used to follow up on the User's requests and can be communicated to third parties only if necessary and if involved and functional to the satisfaction of the aforementioned requests. The collection and processing of the User's personal data will take place in compliance with the general principles of necessity, correctness, relevance and non-excess, regulated by the conditions of use of the site, and in particular the data processing will take place for: A. answer questions and provide the information requested by the User (the optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message), to contact the User regarding the services provided by the Data Controller or its commercial partners;
B. the acquisition of curricula, both in paper and electronic format, sent spontaneously by candidates interested in collaborating with the Data Controller;
C. the "NEWSLETTER" service to which the User has the right to subscribe. If the personal data provided by users has been provided by subscribing to the aforementioned service, the same will be used for the sole purpose of sending the newsletter and will not be disclosed to third parties;
D. the registrations and communications required by law including those relating to the identification and communication obligations envisaged by the T.U.L.P.S. (including the online check-in service performed directly by the User);
E. the necessary and indispensable processing of an operational, managerial, accounting and other nature, in particular some data will be used for registrations and communications required by law;
F. checks on the degree of customer satisfaction with regard to the services produced and any other kind of request, through personal interviews, by telephone or by sending e-mails or text messages;
G. fulfill the obligations established by Legislative Decree 231/2007 on anti-money laundering for the purpose of preventing and contrasting the use of the economic and financial system for the purpose of money laundering and terrorist financing
H. subject to «consent of the interested party»
for purposes functional to commercial/promotional activities, the possibility of sending advertising material or for carrying out market research on the services offered (by way of example but not limited to: updates on initiatives, offers and related promotions to the services and products referable to the activity of the Data Controller and of third parties with whom it collaborates, programs and promotions, also online, aimed at rewarding or retaining potential customers) through traditional contact methods (paper mail or calls by operator) and automated (email, sms, mms, other messaging applications); use ancillary services made available by the Data Controller for which the consent of the interested party is required (a example title active and not exhaustive: forwarding of incoming phone calls to the room, messages, correspondence, communication of one's own presence during visits by external parties, etc.) The legal basis of the processing can be found in the Civil Code and in the Consumer Code.
3. LEGALITY OF THE TREATMENT
The processing is lawful if at least one of the conditions is met: • by art. 6 co. 1 lit. a) b), c), f)
› a) the interested party has given his consent to the processing of his personal data for one or more specific purposes; (C42, C43)
› b) the processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same;
› c) the processing is necessary to fulfill a legal obligation to which the data controller is subject;
› f) the processing is necessary for the pursuit of the legitimate interest of the data controller (such as, for example, the prevention of fraud or abuse to the detriment of our website: It may be considered legitimate interest to process personal data for direct marketing purposes such as highlighted in recital n.47 of the GDPR) or by third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail, in particular if the data subject is a minor.
• by art. 9 co. 2 lett. a), e), f)
› a) the interested party has given his explicit consent to the processing of such personal data for one or more specific purposes, except in cases where the law of the Union or of the Member States provides that the interested party cannot revoke the prohibition of referred to in paragraph 1;
› e) the processing concerns personal data made manifestly public by the data subject;
› f) the processing is necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions;
› Legal basis of the treatment: Civil Code, Penal Code, Consumer Code
4. RECIPIENTS OF PERSONAL DATA
The communication to the identified recipients will take place only if they are involved and functional to the achievement of the purposes referred to in point 2 above, therefore the personal data collected and processed may be: a) used anonymously for statistical purposes;
b) made available to the Data Controller's Collaborators, as Managers or persons authorized to process personal data;
c) disclosed to natural or legal third parties, public administrations, professionals, law enforcement agencies, government bodies, regulatory bodies, courts or other public authorities authorized by law;
d) communicated to commercial partners, only in case of prior and express consent of the User.
e) if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, also with regard to the right to data portability;
The list of personal data processors is available at the headquarters of the Data Controller.
5. CATEGORIES OF PERSONAL DATA
The personal data processed are only and exclusively those necessary and functional to the correct achievement of the purposes indicated in point 2) and data falling into particular categories may also be processed, namely: a) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data relating to health or sex life or sexual orientation of the person; b) personal data of family members and other subjects, including data relating to minors, etc.
6. DATA RETENTION
The data provided for the purposes referred to in point 2 will be kept: For administrative/accounting purposes: for the period envisaged by tax and civil law; For marketing purposes and sending newsletters: until the consent given is revoked, until the right to object is exercised and in any case no later than fifteen years from collection. Personal data will not be disclosed and will be destroyed when we no longer need or are required to keep them.
7. METHOD OF TREATMENT
The computer systems and software procedures used to operate the platform of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses (for verifying user reliability and for security purposes) or the domain names of the computers used by users connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts do not currently persist for more than seven days. The personal data being processed will be processed: manually and/or electronically and will be stored in special paper and/or electronic archives. Paper and electronic documentation will be correctly maintained and protected for as long as necessary for processing using appropriate security measures, so as to minimize the risk of destruction or loss, unauthorized access or processing that does not comply with the purposes of collection; There is no automated decision-making process and no profiling is performed.
9. PROVISION OF DATA
Apart from what has been specified for navigation data, the user is free to provide the personal data requested through special forms relating to services, products and any other kind of request that the site manager, or its commercial partners, are able to to offer. Failure to provide such data may make it impossible to obtain a response to any requests or to use the services or products that the site manager or its commercial partners are able to provide. RESERVED AREA: › registration in the reserved area (mandatory data) involves the automatic acquisition of data, such as: time, date, pages viewed and permanence on the site; IP protocol and internet domain; search engine (if applicable) through which access to the site occurred; User's operating system and browser type. Failure to provide data may make it impossible to authenticate in the reserved area.
10. RIGHTS OF THE INTERESTED
We inform you that, as an interested party, you have all the rights provided for by articles 15-16-17-18-20-21-22 of the GDPR, including: The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: the purposes of the processing ; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all the information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party. the existence of the right of the interested party to ask the data controller for the treatment o access to personal data and the rectification or cancellation of the same or the limitation of the treatment that concern him or to oppose their treatment, in addition to the right to data portability, including all available information on their origin; to also obtain the cancellation of personal data concerning him without unjustified delay pursuant to art. 17 ("right to be forgotten"). if the treatment is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation; the right to lodge a complaint with a supervisory authority; have a copy of the personal data being processed from the data controller, provided that it does not harm the rights and freedoms of others; in the event of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the request is received by electronic means, unless otherwise indicated, the information is provided in a commonly used electronic format. The above information will be provided: within a reasonable time after obtaining the personal data, but at the latest within one month, taking into account the specific circumstances in which the personal data are processed; in the event that the personal data are intended for communication with the interested party, at the latest at the time of the first communication to the interested party; or if communication to another recipient is envisaged, no later than the first communication of personal data. All the rights of the interested party provided for by the GDPR are exercised with a request addressed without formalities to the Data Controller, also through a person in charge, to which a suitable reply is provided without delay. (Document updated on 05/15/2019)