Personal data processing
Hereby are described the website’s management procedures www.hotelzanarini.it, whose owner is New Zanarini Hotel Riccione – Tony SRL These guidelines are drafted in accordance with art. 13 of the regulation 2016/679 of the european parliament and the council of 27 April 2016 on the protection of natural persons with regard to processing of personal data. These guidelines are drafted for Hotel Zanarini website and not for other websites that user may access to through their link.
Following the consultation of this website, data referring to identified or identifiable persons can be processed.
Data controller: Hotel Zanarini – Viale F. Corridoni, 16 – 47838 – Riccione – email: firstname.lastname@example.org legally registered in Via Pindemonte, 4 47838 Riccione (Rn).
Place of data and recipient processing
The processing relating to the web services of this website take place in ITALY at server farms ….., said parties are suppliers of Èdita (primary processor) with registered office in via Flaminia 138 – 47923 Rimini, which carries out website maintenance and management operations.
Type of data processed
Software applications designated for Hotel Zanarini website correct functioning acquire certain personal data submitted via safe protocols. Such data are not collected to be associated to identified individuals but may allow to identify users through data processing and crosschecking with other data possessed by third parties. This category of data includes IP addressed, browser’s identifier (user agent), URI (Uniform Resource Identifier) addresses to resources requested, the request time, the method used in submitting the request to the server , the numerical code indicating the status of the server response (e.g. successful, unsuccessful) and other parameters relating to the operating system and the user’s IT environment. These data are used with the sole purpose of extracting anonymous statistical information on the use of the website to check its correct functioning.
Data voluntarily supplied by the user
To access some of the services available on Hotel Zanarini website – the optional and voluntary insertion of certain identification data may be requested (email, name, contacts, and information neeced to provide the required service).
Purposes and lawful basis
Personal data supplied by users making use of the services provided by Hotel Zanarini (i.e.: through web browsing, form filling for various requests) are used for the sole purpose of carrying out the service or performance required. The lawful basis for the processing is the fulfillment of pre-contractual conditions in order to fulfill your request.
Further communication following a stay
Following the purchase of a stay, Hotel Zanarini shall forward to the user further communication even of commercial nature regarding its services. The aforementioned lawful basis of the processing is the legitimate interest of the data controller (cons. 47 GDPR).
In case of specific consent (by subscribing to the newsletter) Hotel Zanarini shall send via email information on new products, promotions and other special offers. The user will be entitled to deactivate the service at every time through the dedicated procedure and/or methods indicated below for the exercise of his/her rights. The aforementioned lawful basis of the processing is the user’s consent. Specific explanatory information, if needed, will be published or shown on the website pages used for further and specific services on request.
Data storage period
The data storage period is defined by requested service’s purposes and for a further period of 36 months. Should the requested information be part of an online transaction, such data shall be stored for economic or fiscal accounting purposes for a period of 10 years. As regards technical data managed by the website, such as cookies, the storage period is defined according to the cookies technical characteristics as specified in the table “List of cookie”. The storage period of personal data will be automatically extended for a further period of 36 months whenever a new consent to the processing of personal data is given and/or every time users access the services provided by entering their own log-in credentials (e.g. Login personal account).
Optionality of data provision
With the exception of what has been specified regarding browsing data, the user is free to supply to Hotel Zanarini the personal data requested to benefit from the services provided through the website. Failure to provide data relating to the fields marked by the asterisk (mandatory) will result in the impossibility to access such services.
Processing procedures and safety
The processing of personal data occurrs via information systems designed to guarantee data safety and privacy in compliance with the appropriate safety measures pursuant to art. 32 GDPR, via safe communication protocols with SSL encryption algorithms.
Your personal data will be processed in accordance with the aforementioned laws and privacy obligations in effect. Good practices are defined by the Italian Data Protection Authority issued provision “Guidelines on Marketing and against Spam – July 4, 2013” (published on the Official Gazette no 174 on July 26 2013), Guidelines on Personal Data Processing for online Profiling – March 19 2015 and Guidelines on Automated individual decision-making and Profiling for the purposes of the EU Regulation 2016/679.
To carry out business activities and to provide support in organising and maintaining said activities, some of the data might be transferred or reported to recipients. Recipients are divided in the following categories: Third parties, processors and sub-processors and authorised personnel under the authority of the controller or the processor.
Natural and legal people, public authorities, services and other entities that do not include the data subject, the data controller or the data processor and sub-processors. In case data processing should concern administrative or accounting purposes, legal obligations, customer management and contracts, the data can be transferred to:
- Companies managing traditional and electronic postal services;
- Companies registering domain names;
- Other subjects, if data transfer is necessary for the fulfilment of the aforementioned purposes or legal obligations.
Data processors and sub-processors
Natural or legal people, public authorities, services and other entities that processes personal data on behalf of the data controller – Èdita as primary data processor working with other sub-processors operating as service providers in the fields of technological facilities, connectivity and hosting services, such as Semplify LLC, located in via Flaminia 138 – 47923 Rimini. Semplify LLC is also working with sub-processor for service provision: Server Farms Irideos and ……., where the data are located. Other possible IT service providers necessary to carry out service provision operations may be located in the US and operating under the “Privacy shield” adequacy agreement.
Inside our company
Your data will be processed solely by personnel explicitly authorised by the data controller, assuring use of suitable instruction, training, privacy agreement observation by the following categories:
- Company management.
Your data will not be published in any way.
Rights of data subjects
Data subject (subjects which the data are referring to) can in any moment exercise the rights stated in the Regulation through a dedicated personal area. It is possible to access said area by requesting the link via the dedicated procedure in the footnote of this information note. A further procedure for the exercise of the Regulation rights, in case the user subscribed to the newsletter, can be used via the dedicated link appearing in the footnote of the email received. Specifically, users will be entitled to enforce rights pursuant to art. 15 through art. 23, and in particular: 1.Erasure of all data. 2.rectification/alteration 3.Restriction. 4.Portability. 5.Right to object to automated decision-making (profiling). If needed, report any other request in the note field. The data subjects, should the requirements be met, have the right to issue a claim to the Data Protection Authority in accordance with the necessary procedures. For further information and to exercise these rights recognised by the European regulation you can address the data controller following the aforementioned references.
Data subjects’ right exercise. The requests can also be sent using the following contacts:
Data controller: Hotel Zanarini – Viale F. Corridoni, 16 – 47838 – Riccione – email: email@example.com
Having read the information note and acquisition of the data subject’s consent
The undersigned data subject, having received the information provided by the data controller as per art. 13 and 14 of the GDPR, states he has read the present information note on data processing for service provision and to allow Hotel Zanarini to correctly manage and duly process data. Said information note also states the data processor operating on behalf of Hotel Zanarini is Èdita via Flaminia 138 – 47923 Rimini.
As evidence of your explicit and unambiguous consent we will register time, date, IP address and your e-mail. We remind you that you can exercise the aforementioned rights in any moment by clicking on the link located on the footnote of the received messages or by contacting us through our communication channels.