INFORMATION DOCUMENT PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 GDPR
In compliance with the EU Regulation 2016/679 (European Regulation for the protection of personal data) we provide you with the necessary information regarding the processing of personal data supplied.
The present information notice must not be deemed valid for other websites that may be consulted through links on the websites of the domain’s owner, who shall not in any way be held liable for third-party websites.
This is an information notice which is provided pursuant to art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data) to all those who visit the Website https://www.hotelmonrepos.com (the “Site”) with reference to the processing of personal data of the surfers (“Users” ) who use it and is also applicable under the provisions of Directive 2002/58 / EC, as amended by Directive 2009/136 / EC, on Cookies as well as the provisions of the Data Protection Authority of 08.05.2014 regarding cookies.
1. DATA PROCESSORS
Data controller, pursuant to articles 4 and 24 of EU Reg. 2016/679 is “Hotel Mon Repos”, hereinafter referred to as “Data Controller”, with registered office in Italy – Sirmione Via Arici 2 – VAT number 03596890982 in the person of the legal representative who can be contacted at the following email address: firstname.lastname@example.org
2. TYPE OF DATA PROCESSED, PURPOSES AND LAWFULNESS OF THE PROCESSING
The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 EU Regulation 2016/679 without the need for express consent for the following purposes:
a) Management of data processing relating to:
– navigation data:
The IT systems and software procedures used to run the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
They are information that is not gathered to be associated with identified individuals, but which by their very nature could allow users to be identified.
This category includes (i) the IP addresses or the domain names of the computers employed by the users who connect to the Website, (ii) the URI (Uniform Resource Identifier) notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response provided by the server (successful, error) and (vii) other parameters related to the operating system and the user’s IT environment.
Legal basis of the processing: execution of the requested service and correct performance of the contractual relationship related to access to the site
The services contained in this section allow the Data Controller to monitor and analyze adequately anonymized traffic data and are used to keep track of User behavior
Legal basis of the processing: our legitimate interests to monitor traffic data on the present site for the purpose of analyzing statistical data for market research
– personal data: personal data and contact details such as name, surname, e-mail and telephone number may be requested to compilation of:
3. RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS
The personal data provided may be disclosed to recipients, appointed pursuant to art. 28 of EU Reg. 2016/679, who will process data as managers and / or as natural persons acting under the authority of the Data Controller and the Data processor, in order to comply with contracts or related purposes. Namely, the data may be disclosed to recipients belonging to the following categories:
– Subjects providing services for the management of the information system and communication networks of the Data Controller (such as suppliers of third party technical services, hosting providers, IT companies, communication agencies, including the one provided via e-mail);
The subjects belonging to the aforesaid categories perform the function of Data Processors, or operate in complete autonomy as separate Data Controllers.
The list of appointed Data processors is constantly updated and available at the Data Controller registered office.
This is in any case without prejudice to the disclosure of the information requested, in accordance with the law, by police, judicial authorities, intelligence and security agencies or other public entities for purposes of State defense or security as well as for the prevention, detection and prosecution of crimes.
Notably the database may be provided to the Public Administration upon a simple request made to the subject who is legally entitled to have judicial and extrajudicial relations with the Public Administration.
4. DATA TRANSFER TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION
The personal and special data provided may be transferred abroad within or outside the European Union (United States entity adhering to the Privacy Shield) exclusively upon your express consent and only if this is necessary for the attainment of the proper purposes referred to in letters a).
The processing of data takes place at the office of the Data Controller and in any other place where the parties legitimately involved in the processing are located.
5. DATA RETENTION PERIOD
The Data Controller processes the personal data of Users by adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.
Processing is carried out using IT and non-IT tools, and / or telematic ones with organizational methods and with logic strictly related to the purposes indicated, guaranteeing an adequate level of personal data protection.
In compliance with the provisions of art. 5 paragraph 1 letter e) of Reg. UE 2016/679 the personal data collected will be retained in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. For information on the criteria for the data retention period, please write to the address referred to in point 1 of information notice.
6. NATURE OF DATA PROVISION OR DENIAL
Apart from what specified for navigation data, the user is free to provide personal data in dedicated areas on the site.
The provision of personal data for the purposes referred to in point a) of this information document is necessary to refine the specific features and enjoy the services offered to the Data Controller, for example to receive feedback to the request for information forwarded. Failure to provide personal data may render it impossible to obtain the requested service or to use the services offered by the site.
7. RIGHTS OF DATA SUBJECTS
You can assert your rights as set down in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, writing to the e-mail address referred to in point 1 of the present information notice. You have the right, at any time, to ask the Data Controller to access your personal data, to rectify, to erase them, to restrict the processing thereof.
Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, eg profiling) and to the portability of your data.
Whithout prejudice to any administrative and judicial redress appeal, if you believe that the processing of data concerning you, breaches the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679 you have the right to lodge a complaint with the Data Protection
Authority and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), you have the right to withdraw the consent supplied at any time.
In the case of a data portability request, the Data Controller will provide you with a structured, commonly used and machine-readable format about the personal data concerning you, without prejudice to paragraphs 3 and 4 of the art. 20 of the EU Reg. 2016/679.
The Data Controller may process the personal data of users to pursue their legitimate interest, consisting in ensuring the safety of the Site and the information exchanged therein, i.e. the ability of such Site to resist, at a given level of security, unforeseen events or to unlawful or malicious actions compromising the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the relative services offered or made accessible.
If the User deems that his rights have been violated you have the right to lodge a complaint with the Data Protection Authority and/or another lawfully competent supervisory authority. More information is available at the following link https://www.garanteprivacy.it/en/home_en