Privacy policy drawn up pursuant to Art. 13 of EU Regulation 2016/679
Dear Customer,
The purpose of this information sheet is to provide details on the methods used for processing your personal data, which is carried out in full compliance with the obligations decreed by EU Regulation 679/2016 on the processing of personal data (GDPR).
This information does not apply to other websites that may be consulted via links on the data controller’s website as the latter cannot be held responsible for third-party websites.
Pursuant to the GDPR, processing of any information or data provided will be carried out based on the principles of lawfulness, correctness, transparency, limitation of purpose and storage, minimisation of data collected, precision, integrity and confidentiality.
INDEX
1. Data controller
2. Personal data processed
2.1 Data provided voluntarily by the data subject
2.2 Special categories of personal data
2.3 Navigation details and cookies
3. Purposes of data processing, lawfulness and obligatory or optional nature of processing, data storage period
4. Beneficiaries of personal data
5. Transfer of personal data
6. Rights of the data subject
7. Modifications
1. Data controller
The controller of any data processed via the website is Albergo Luxor di Bianchi Arnaldo & C. Snc, with registered offices at S. Italico, 3 – 47814 Bellaria Igea Marina (RN) – VAT no.: 00086420403. For any information regarding the processing of personal data by the controller, data subjects can contact the following addresses:
Email address: info@hluxor.it
Certified email address: hluxor@pec.cgn.it
2. Personal data processed
The personal data processed via the website is as follows:
2.1 Data provided voluntarily by the data subject
Pursuant to the GDPR, please note that any personal data voluntarily provided to Albergo Luxor di Bianchi Arnaldo & C. Snc will be processed in compliance with applicable law on matters relating to personal data and in any case, pursuant to the principles of confidentiality that the data controller aspires to and only for the purposes indicated herein.
Please note that, further to navigation of the website, the data controller will store personal data that may consist in an identifying factor, such as a name, identification number, online identification details, postal address, email address, telephone number (landline and/or mobile) or one or more elements that characterise your physical, physiological, mental, economic, cultural or social identity, which could identify the data subject or make the data subject identifiable.
2.2 Special categories of personal data
By using our website, personal data that falls under the umbrella of special categories of personal data, pursuant to Art. 9 of the EU Regulation or more specifically “[…] personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of a trade union, as well as […] genetic or biometric data designed to unequivocally identify a natural person, data relating to a person’s health or sex life or sexual orientation” may be provided. We therefore kindly invite you not to publish any such data, unless strictly necessary. However, should you decide to share such information, we specify the importance of giving explicit consent to the processing of special categories of personal data. If special categories of personal data are transmitted, in the absence of specific manifestation of consent to process such data, the data controller cannot be held responsible in any way whatsoever as in this case, processing is permitted as it concerns data clearly made public by the data subject, pursuant to Art. 9 (1) (e) of the GDPR.
2.3 Navigation details and cookies
During normal operation, the IT systems and software procedures used for functioning of the website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated to identified data subjects, but by their very nature, via processing and associations with data held by third parties, could make it possible to identify data subjects. This category of data includes the IP addresses or domain names of computers used by data subjects that connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the data subject’s operating system and IT environment. This data is only used for anonymous statistical information on website use and to check its correct functioning and is cancelled immediately after processing. Information collected automatically may be used by the data controller to ascertain responsibility in the event of any IT crimes against the site, for statistical purposes or to improve navigation and site content. Any data acquired via cookies is described in detail in the “cookies policy” document.
3. Purposes of data processing, lawfulness and obligatory or optional nature of processing, data storage period
The processing of data, when necessary following specific consent, has the following purposes:
a) Replying to requests for information, making bookings and/or providing services requested. The legal basis of processing for such purposes is provided by Art. 6 (1) (b) of the GDPR (performance of a contract) as processing is necessary in order to meet the requests of the data party or provide services for the same. Providing personal data for this purpose is optional but failure to do so would imply the impossibility to receive replies to requests or to activate the services provided by the website. Any personal data processed for such purposes will be kept for the period of time strictly necessary to achieve the aforementioned purposes.
b) To comply with any legal, accounting or fiscal obligations. The legal basis of processing for such purposes is provided by Art. 6 (1) (c) of the GDPR (compliance with a legal obligation). Providing personal data for this purpose is optional. Once personal data has been provided, processing is necessary in order to comply with a legal obligation to which the controller is subject. Any personal data processed for such purposes will be kept for the period of time strictly necessary to comply with a specific legal obligation or applicable law.
c) To carry out marketing activities. The data provided will be processed, further to explicit and specific consent, to send promotional and marketing communications, including newsletters, using automated tools or other. The legal basis of processing for such purposes is provided by Art. 6 (1) (a) of the GDPR (consent of the data subject). Providing data for direct marketing activities is optional resulting from choices freely expressed by the data subject; failure to provide consent for such purposes will not jeopardize fruition of other services. Any personal data processed for such purposes will be kept until revocation of consent by the data subject or, in the event of failure to revoke consent, for a maximum time period of 10 years.
4. Beneficiaries of personal data
For the purposes pursuant to section 3 above, personal data can be shared with:
a. subjects that act specifically in the position of data processors or:
– persons, subjects or professional studios that provide assistance and consultancy services to the data controller in matters relating to accounting, administration, legal, fiscal or financial matters, credit recovery, marketing and communication relating to the provision of services;
– subjects it needs to interact with in order to provide services (for example, hosting providers);
– subjects appointed to carry out technical maintenance services (including maintenance of network appliances and electronic communication networks).
b. subjects, bodies or authorities it must necessarily communicate personal data to due to legal provisions or orders issued by the competent authorities;
c. persons authorised by the personal data processor to carry out activities strictly connected to the provision of services or for other purposes pursuant to section 3 above, that are opportunely instructed and committed to maintaining confidentiality (e.g. data controller employees).
5. Transfer of personal data
Data can be transferred within the European Union where the data controller or one of its suppliers has offices or servers. Data will not be transferred to third countries or to international organisations located outside the European Union.
6. Rights of the data subject
European Regulation no. 679/2016 grants certain rights to the data subject that, in order to exercise such rights, should contact the data controller at the following email address: info@hluxor.it
• Right of access any data collected and processed (Art. 15)
• Right to rectification of data (Art. 16)
• Right to erasure of data and right “to be forgotten” (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to portability of data to another controller (Art. 20)
• Right to object to processing (Art. 21)
• Right to automated individual decision-making (Art. 22)
• Right to lodge a complaint with a Supervisory Authority (Art. 77)
• Right to effect judicial remedy against a Supervisory Authority (Art. 78) and against a data controller and/or processor (Art. 79)
• Right to withdraw consent at any time (Art. 7, paragraph 3), without this affecting the lawfulness of processing based on consent given prior to its withdrawal.
7. Modifications
This privacy policy is revision 1.1 dated 25.05.2018. The data controller reserves the right to modify or update its content, even further to variations to applicable legislation.
