We Li.Tur sas di Passalacqua Aldo & C – Hotel CIAO take the confidentiality of the personal data of our customers and users seriously, as well as all other persons who come into contact with us.
For this reason, with the following document, we provide you with all the information you need to know who will handle the personal data you are providing and how it will be managed.
This information is subject to updates and can be consulted on our website https://www.hotelciao.it/privacy/
Data Controller, Data Processors
The Data Controller is via Carinzia, 1/e 33054 Lignano Sabbiadoro (UD) Italia Tel +39.0431.71577 Fax +39.0431.73332
Partita IVA: 02334050305 E-Mail: firstname.lastname@example.org PEC: email@example.com Web: http://www.hotelciao.it.
The updated list of data processors and data processors is kept at the registered office of the Data Controller.
2. Purpose of the processing
A) without your express consent (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
- conclude the contracts for the services of the hotel Ciao;
- fulfill the contractual and tax obligations deriving from relations with you in existence;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
- exercise the rights of the owner, for example the right to defense in court;
B) Only with your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
- send you e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on services offered by the Data Controller;
3. Legal basis and consequences for non-disclosure of data
Your personal data are processed under the following legal basis:
- your consent for:
- the fulfillment of a contractual obligation
- the fulfillment of a legal obligation of a regulation, of the Community legislation of an order of the Authority (such as in the matter of anti-money laundering);
- our legitimate interest: for direct marketing purposes or for the prevention of data traffic security fraud
- a public interest.
The communication of your data is necessary in order to benefit from our services. You can always choose not to provide your personal data, but in case of non-communication of the same we will not be able to provide our services.
4. Categories of the data
To achieve the purposes indicated in point 3, we will deal with the following types of data
Common data: identification data, such as your name, surname, e-mail address, residence address, date of birth, interests, navigation data and in general any other personal information that does not concern racial or ethnic origin, political opinions, religious or philosophical convictions, union membership,
5. Recipients of the data
Your data may be disclosed to third parties whose intervention in the treatment is necessary based on the services requested or on the basis of contractual, tax or regulatory obligations (example credit institutions for the profiles relating to the collection of receipts and payments, providers of consultancy services, suppliers of customer assistance services, judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers. Furthermore, your data may be processed by employees or collaborators of our organization in their capacity as agents and / or internal managers of the processing and / or system administrators, as well as by companies that perform outsourcing activities, including the management of websites. o cloud computing services, external suppliers, professions and consultants who are appointed as data Processors. Personal data will not be disseminated.
6. Data transfer abroad
Personal data is stored on servers located within the European Union.
In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
7. Retention period
The information acquired is used to provide the services requested, and therefore also to be able to contact you about them, as well as to detect, prevent and counter fraudulent or illegal activities. We keep your personal data for the time necessary to provide the services. We may also retain your personal information to ensure compliance with national laws, prevent fraud, collect any fees due, for any disputes, solve problems and provide assistance in case of investigations and take other actions where required by national laws. The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality relationship and no later than 2 years from the collection of data for the Marketing Purposes.
8. Rights of the interested party
You may at any time ask the Data Controller by writing to the addresses indicated in point 1) of:
1 access your personal data;
2 make them rectify;
3 make them cancel ("right to be forgotten") if one of the following conditions applies:
a - your data are no longer necessary with respect to the purposes for which they were collected;
b - the treatment is based only on your consent and not on legal or contractual obligations;
c - There was opposition pursuant to art. 21 of the EU Regulation 679/2016
e - Personal data have been acquired for commercial offers aimed at minors in relation to online services.
4 limit the processing to some data, which is compatible with the purposes for which the data were collected;
5 - transferring data to another Data Controller ("data portability").
In addition to the rights listed above, you will always have the right to lodge a complaint with the Supervisory Authority (www.garanteprivacv.it).
If the processing of your personal data is based exclusively on your consent, you can at any time revoke it by sending us an email or by writing to the addresses indicated in point 1)
9. Right to object to data processing
In cases where it is not possible to request the cancellation of data you can still oppose the treatment when this is justified by reasons related to your particular situation.
If your data were used for direct marketing purposes, including profiling, you will be entitled to object without giving any reason.
Lignano Sabbiadoro 25th of may 2018