REGULATION (EU) 2016/679 - GDPR
Information for processing of personal data acquired
Information on personal data pursuant to article 13 GDPR Pursuant to article 13 GDPR (EU regulation 2016/679), here are provided, consistently with the principle of transparency, the information to make the interested party aware of the characteristics and the methods of data processing:
Identities and contact data
It is informed that the data treatment controller is: Hotel Chalet All’Imperatore, with location in via, Rododendro, 5 38086 Madonna di Campiglio (TN), phone 0465 440772, email email@example.com PEC firstname.lastname@example.org
How the controller collects and processes your data
On the occasion of a contract or interaction with the guest and in all the other aspects of the work, the controller may collect personal information such as: name, surname, tax code, physical and telematic address, IDs, passport number, fixed and/or mobile telephone number, banking data. Furthermore, the controller can collect further personal information during the check-in at the hotel.
These data are necessary for the controller to carry out the execution of the contract, as well as for the fulfillment of the legal and regulatory obligations to which the controller is held according to the exercised activity. The communication of your personal data takes place mainly toward third parties and/or recipients whose activity is necessary for the proper performance of the activities or to improve the products/services that the controller offers you, and also to answer to specific legal obligations. Any communication that does not respond to these purposes will be submitted to your consent.
Your data (such as name, surname, address, fixed and/or mobile telephone number) may also be processed for business promotion purposes, for market survey and research with regard to products and services that the holder offers only if you authorize the treatment and/or if you do not object to this.
Purpose of the processing
The personal information regarding you will be processed for:
1. the management of the contractual relationship and the consequent obligations, including regulatory ones
The processing of your personal data takes place to start the preliminary activities and consequent to the signing of the contract such as the management of reservations, invoicing and payment management, the processing of complaint and/or reports, as well as for the fulfillment of any other obligation descending from the contract, such as registration and storage of your personal data.
2. the communication toward third parties and recipients
The processing of your personal data takes place depending on the contract and on the obligations, including legal and/or regulatory ones, deriving from it.
Your data will be communicated to third parties/recipients when:
- you give permission;
- it is necessary for the fulfillment of the obligations depending on the contract, there is an obligation to communicate in accordance with the law and to assert the right of the company to the bodies in charge;
- the communication takes place in relation to accounting consultancy firms; auditing and certification company of financial statements; detection and quality certification company; banking institutions for the management of receipts and payments; companies and law firms for the protection of contractual rights and/or those involved in the recovery of credit; data processing and IT services companies (e.g. web hosting, data entry, management and maintenance of infrastructures and IT services, etc.);
- the communication takes place in relation to the financial administration and the public supervisory and control bodies in relation to which the holder must fulfill specific obligations deriving from the activity carried out;
3. for the business promotion activity
The processing of your personal data may take place to:
- propose additional products and services to those already purchased, improved or more suited to your needs.
- to send you promotional offers on our services and updates on rates, offers, newsletters as well as greetings by ordinary mail or sms or email.
- to execute (with your written consent) to hotel services such as the external communication of data relating to your stay for the sole purpose of allowing the function of receiving objects, messages and telephone calls addressed to you.
The processing in question can be carried out only if you give your consent for the use of the data.
Legal basis and legitimate interest
The personal data are processed lawfully, where the processing:
- is necessary for the execution of a contract of which you are a party of or the execution of precontractual measures taken on request;
- is necessary to fulfill a legal obligation;
- is based on freely expressed consent.
In case of booking for a hotel stay the provision of data is mandatory for the purposes of the first two points and the failure to provide it may make it impossible to obtain what has been requested. The legal basis of processing in the third point is your consent. The provision of data is therefore optional and does not prevent the distribution of the requested service (hotel stay).
Methods of the data processing
The processing consists in operations of collection, registration, organization, preservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of your data. The operations are carried out with IT tools and in paper form. The processing is carried out by the holder and/or by authorized personnel.
Recipients and possible other categories of personal data recipients
Your data is processed within the facility by individuals authorized to process the data under the controller responsibility for the purposes above mentioned.
The data in question will not be disseminated, while they will be or may be communicated to public or private individuals operating within the aforementioned purposes.
In particular, your data will be or may be communicated in accordance with the law, to police forces, judicial authorities, information and security bodies or other public entities for defense or government security or prevention purposes, inspection or repression of crimes.
Moreover, the same ones may, if necessary, be communicated to other individuals that collaborate with our organization (for example: labor consultants, accountants, lawyers, etc.).
Finally, your data may be diclosed to banking institutions for the proceeds and payments management deriving from the execution of contracts, to factoring companies, credit recovery companies, credit insurance companies; to post offices, shippers and couriers for sending documentation and/or materials.
All communications will take place with the law and, in particular, will be strictly connected to the purposes set out above.
Data transfer to third country
The controller won’t transfer the data to a third country or to and international organization unless in presence of a decision of adequacy of the commission.
How and how long will your data be stored for
The data processing that concerns you takes place through means and tools both electronic and manual available to the individuals operating under the authority of the controller that are authorized and trained for that purpose. The paper and, above all, electronic archives where your data are archived and stored are protected by efficient security measures, and suitable to contrast the violation risks considered by the controller. The controller makes of the periodical and constant verification of the adopted measures, above all for the electronic and telematic tools as guarantee of the personal data privacy processed through those tools, archived and stored, above all if belonging to particular categories.
The personal data are stored for the necessary time to the end of the activities that have to do with the contract management with the owner and for the fulfillment of the obligations, even legal ones, which ensue.
The data processing is carried out through paper supports or IT procedures by internally authorized and trained individuals. These are allowed access to your personal data to the extent and within the limits in which it is necessary for the performance of the processing activities concerning you.
The controller periodically checks the instruments by which your data are processed and the security measures envisaged for them which the owner constantly updates; verification, also by means of the individuals authorized to the processing, that no personal data are collected, processed, archived or stored of which the processing is not necessary; verify that the data are kept with the guarantee of integrity and authenticity and their use for the purposes of the processing actually performed.
The personal data processed by the controller are kept for the time necessary to complete the activities related to the management of the contract with the owner and up to ten years after its conclusion (pursuant to article 2946 cc.) or when the rights that depend on it can be asserted (pursuant article 2935 c.c.); as well as for the fulfillment of the obligations (e.g. tax and accounting ones) that remain even after the conclusion of the contract (article 2220 c.c.), for which the holder must keep only the data necessary for their prosecution. Without prejudice to cases in which the rights deriving from the contract are to be asserted in court, in which case the data, only those necessary for such purposes, will be processed for the time necessary for their pursuit.
For activities that have not given rise to contractual obligations, the data controller has the right to keep your personal data for a period of up to 48 months from the last activity with which you showed interest (example: request for estimates, request for information and registration).
Rights on the data
It is specified that, with reference to your own personal data, the interested party can exercise the following rights:
- ask the controller for access to your personal data and information about them; the correction of inaccurate data or the integration of incomplete data; the cancellation of personal data concerning you (upon the occurrence of one of the conditions specified in article 17, paragraph I of EU Regulation 679/16 and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (on the use of one of the assumptions indicated in Article 18, paragraph I of EU Regulation 679/16);
- request and obtain from the controller - in the cases in which the legal basis of the processing is the contract or the consent, and the same is done by automated means - your personal data in a structured format and legible by automatic device, in order to communicate such data to another data controller (the right to the portability of personal data);
- oppose at any time the processing of your personal data to the occurrence of particular situations that concern you;
- withdraw consent at any time, limited to the cases in which the processing is based on your consent for one or more specific purposes and concerning common personal data (for example date and place of birth or place of residence), or particular categories of data (for example, data revealing your racial origin, your political opinions, your religious convictions, your state of health or sexual life). The processing based on consent and carried out prior to the revocation of the same, preserves, anyways, its lawfulness;
- propose a complaint to a supervisory authority (Authority acting as a guarantor for the protection of personal data - www.garanteprivacy.it).
It is informed that when data processing is based on Article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a) of EU regulation 2016/679, the interested party has the right to withdraw consent at any time without compromising the lawfulness of the processing based on consent before revocation. Regarding the methods of exercising the aforementioned rights, the interested party may write to: info@chaletall'imperatore.com
Different purpose of the treatment
If the data controller intends to further process your personal data for a different purpose than that for which they were collected, prior to such further processing, the data controller will provide you with information on this different purpose and any additional relevant information.
The controller does not use automated processes aimed at profiling.
As required pursuant to GDPR EU Reg. 2016/679 (European Regulation on the Protection of Personal Data), we provide the information required for the processing of the personal data provided. The information should not be considered appropriate for other websites that may be consulted by means of the links presented on websites owned by the controller, who should not in any way be deemed responsible for third-party websites.
Personal data that can be processed: “personal data”: any information regarding an identified or identifiable natural person (“interested party”); a natural person is considered identifiable if such person can be identified, whether directly or indirectly, with particular reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more of the elements characteristics of their physical, physiological, genetic, psychological, economic, cultural or social identity (C26, C27, C30 EU Reg. 2016/679).
Data Controller: Hotel Chalet all’Imperatore
Owner of email address to which requests are sent: email@example.com
Personal Data Collected
At this site, we acquire personal data by means of the behavioral entry data forms during normal content consultations. The data is processed for the following purposes and using the following services at the corresponding storage and handling sites:
Contact User/Dispatch Orders and Requests
Mailing List or Newsletter Personal data acquired: name, surname, email, language. Processing site: Italy, Europe
Contact Form Personal data acquired: name, surname, email, address, certified email, country, province, telephone, processing site: Italy, Europe
Interaction with social networks and external platforms
Share social buttons, add-this plugin, other plugins Personal data acquired: anonymous, cookies and use data. Processing site: USA, Europe
Registration and authentication
Direct registration Personal data acquired: name, surname, email, address, certified email, nation, province, telephone and various types of also in multiple forms (billing, shipping, gift option), Processing site: Italy, Europe
Remarketing and behavioral targeting
AdWords Remarketing, Facebook Remarketing e Remarketing con Google Analytics per la pubblicità display Personal data acquired: Cookies and anonymous Use Data Processing site: USA
Google Analytics and Google Analytics with anonymized IP Personal data acquired: Cookies and anonymous Use Data. Processing site: USA.
Newsletter Stats. Personal data acquired: Behavioral use data, also non-anonymous. Processing site: Italy.
Display of contents from external platforms
Widget and Embed conents such as: Vimeo, Youtube, TripAdvisor, Trust You, Google Map, Personal data acquired: Cookie and Use Data. Processing site: USA
Web Services content automatically imported from external data sources Personal data acquired: none
Users may exercise certain rights with respect to the Data processed by the Data Controller.
Specifically, the User has the right to:
- withdraw consent at any time. The user may withdraw consent previously provided to the processing of his or her Personal Data.
- object to the processing of his or her Data. The User can object to the processing of his or her Data when such objection has a legal basis other than consent. Further details regarding the right of objection are provided in the section below.
- access their Data. The User has the right to obtain information regarding the Data processed by the Data Controller, regarding certain aspects of the processing and to receive a copy of the Data processed.
- verify the accuracy and request the correction. The User may verify the accuracy of his or her Data and request its update or correction.
- obtain limitation on processing. When certain conditions are met, the User may request limiations on the processing of his or her Data. In such case, the Data Controller will not process the Data for any purpose other than its storage.
- obtain the deletion or removal of his or her Personal Data. When certain conditions are met, the User may request that the Data Controller delete his or her Data.
- receive his or her data or request its transfer to another data controller. The User has the right to receive his or her data in a structured, commonly-used format that is readable by an automatic device and, where technically feasible, to obtain its transfer without hindrance to another data controller. This provision is applicable when the Data is processed with automated tools and the processing is based upon the consent of the User, on a contract to which the User is a party or on contractual measures related thereto.
- file a complaint. The User may file a complaint before the the competent personal data protection oversight authority or before a judicial body.
Details on the right of objection
When Personal Data is processed in the public interest, in order to exercise public authority with which the Data Controller has been vested or in order to pursue a legitimate interest of the Data Controller, Users have the right to object to processing for reasons related to their particular situation.
Users are reminded that, in the event that their Data is processed for direct marketing purposes, they may object to the processing without providing any reasons. In order to determine whether the Data Controller is processing data for direct marketing purposes, Users may refer to the respective sections of this document.
How to exercise rights
In order to exercise the User’s rights, Users may direct requests to the contact details of the Data Controller indicated in this document. Requests are deposited free of charge and processed by the Data Controller as soon as possible, in any case, within one month. Some editing functions may be exercised independently by the user, as reported in the following section.
Recipients and sharing of data with third parties
We never sell personal information to third parties. We do not exchange, share or transfer your personal data to third parties, except in the following limited circumstances.
Personal data provided may be disclosed to recipients who will process the data as managers and/or as natural persons who act under the authority of the Data Controller and the Data Manager in order to comply with contracts or for related purposes.
Specifically, your personal information may be disclosed to recipients in the following categories:
- to our parent companies, subsidiaries and affiliates;
- to third-party service providers to enable these individuals to provide services that help us in our business activities, which may include marketing assistance, customer support, data analysis, advertising of our product/supply offerings/services, maintaining and improving the features and functionality of products and services. For example, we may provide personal data to our service providers for sending direct e-mail of our newsletters or notifications of our product/service offerings;
- to third parties in general when we believe in good faith that access to, use, storage or disclosure of such data is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, (b) ) apply an Agreement with the Client, including the examination of potential violations of the same, or (c) protect from imminent damage to our rights, property or security, or that of our users or the public, as required or permitted by law;
- with third parties (including our service providers and government agencies) to detect, prevent or otherwise manage fraud or technical or security issues
- with our commercial partners who offer you a service in collaboration with us, for example, during a cross-promotion;
- with online banking institutions and not to process the payment of services or goods (booking, ecommerce, services);
We may also share and/or transfer your personal data if we are involved in a merger, acquisition, bankruptcy or any form of corporate transformation.
We may share your personal information with third parties (outside the above categories) if we have your explicit consent to do so.
We may also share aggregate or anonymized data with third parties for other purposes. This data does not identify the user individually, but may include data on the use, display and behavior of users.
Security of your personal data
We use a number of technologies and security procedures to protect personal data from unauthorize access, use or disclosure. We protect the personal data provided on the cloud and local servers in controlle and secure environments, protected from unauthorized access, use or disclosure. When the personal data is confidential (like credit card numbers and/or geographic data), it is collected on our App and/or transmitted to another website, is protected through the use of cryptography, such as the Secure Socket Layer (SSL) protocol.
This site is equipped with an https certificate which makes it more secure, especially for the personal information entry processes.
User control of data
For Users for whom we store Personal Data acquired in the past, we offer an opt-out opportunity according to which the User may be removed from the lists and withdraw consent to our use of the Data. If you decide to withdraw, we are no longer able to provide certain functions or fulfill your requests.
On the contrary, for new users, an opt-in certification and, specifically, a double opt-in certifying the date provided in a first insertion and expression of consent to processing of the Data is mandatory. The user is always able to manage his or her profile and is also able to withdraw consent.
If you no longer wish to receive our newsletter and promotional communications, you may opt not to receive them by following the instructions included in those communications or offers. Please note, however, that customers may not choose to not receive transactional emails relating to their account.
Access to your personal area
Access and update personal data
Newsletter: each newsletter includes access to the personal area where you may change or correct inaccurate data or delete such data.
Areas reserved following registration: you may access, review, correct, update, change your data at any time. Independently. If you have forgotten your credentials, you may recover them. To do so, please contact the email provided for the Data Controller with your name and the data required for access, correction or removal, or log onto your account, go to your profile and make the desired changes. We may refuse to process requests that are unreasonably repetitive or systematic.
Storage of personal data
We store the Personal Data collected using the deadlines indicated below and as long as we believe they may be used to contact you regarding the service requested, commercial information, subscription services and, if necessary, regarding our legal obligations, to resolve disputes and to enforce our agreements: to eliminate them.
Data storage time varies according to the type of data, as follows:
- for requests for contacts, information or reservations (no expiration);
- newsletter or promotional communications, usually via e-mail (no expiration);
- fulfillment of contractual obligations, pursuant to law and administrative-accounting purposes (maximum 10 years, except for greater or lesser terms established by law);
Once the storage period has concluded, the Personal Data will be deleted. Therefore, right of access, the right to deletion, the right to correction and the right to data portability can no longer be enforced after conclusion of the storage period.
No minors under 18 years of age