INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA
The processing of personal data by our organization is based on principles of correctness, lawfulness and transparency and protection of the privacy and rights of the subjects to which the data refer.
The owner of the data collected is DIONISO’S HOTELS – DIONISO’S SRL with registered office in Via Diocleziano 109 – Napoli email: email@example.com, which is the data controller for processing, in compliance with the principles of protection of personal data established by the 2016 GDPR Regulation /679.
1 Object of the Treatment
The Data Controller treats your personal and contact details and only in special situations certain sensitive data communicated by you during the supply of the restaurant and / or hotel service (eg food intolerances or the presence of motor handicaps).
2 Purpose and legal basis of processing
Personal data and any sensitive data provided are processed for the following purposes:
2.1 – fulfill the obligations arising from the contract
-collect and satisfy the requests that you will want to formulate and provide the services you want to request – fulfill legal obligations as well as current accounting and tax obligations;
– exercise the rights of the owner, for example the right to defense in court;
Subject to explicit denial by the party concerned, the user’s data will also be processed for the following purposes:
2.2 – sending of proposals and commercial communications by e-mail or SMS or fax, by both DIONISO’S HOTELS and partner companies;
2.3 – Only your personal data and any stays, subject to your specific and distinct consent, will be used for the purposes of analysis and processing of your habits and preferences (profiling) to send them, personalized promotional information, as well as any offers from the owner .;
The provision of data for the purposes referred to in art. 2.1) is mandatory. In their absence, we can not guarantee the services of the art. 2.1).
The provision of data for the purposes referred to in art. 2.2) and 2.3) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.1).
Your consent may always be freely modified (give or deny), in whole or in part, by sending an email with the subject “REVOCATION CONSENT MARKETING / PROFILING” to: firstname.lastname@example.org
3 Processing methods and data retention time
We inform you that the data will be processed with the support of the following means:
Mixed paper, electronic and / or automated.
The processing of your data is carried out by means of collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality report and for no more than 5 years from the collection of data for Marketing Purposes. The Data Controller will process sensitive data for the time necessary to fulfill the aforementioned purposes and in any case no later than 30 days from the end of the stay, except for special situations that determine the need to maintain such data for a longer period of time (by way of example in presence of tax exemptions in your favor connected to the state of disability).
4 Access to data
Without prejudice to communications made in compliance with legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of interested parties:
– to employees and collaborators of the Data Controller, in their capacity as persons in charge of processing and / or data processors and / or system administrators. All the appointed persons will carry out exclusively the processing operations, on behalf of the Data Controller and / or the manager, within the limits, in the manner and according to the methods expressly indicated in the respective appointment documents.
– to third-party companies or other subjects (indicative professional firms, consultants, insurance companies, service companies, etc.) that carry out outsourced activities on behalf of the Owner, in their capacity as external data controllers.
The list of data processors is available at the registered office.
5 Data communication
Without the need for express consent (pursuant to Article 6 letters b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.1) to the authorities responsible for the control and judicial authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the said purposes. These subjects will process the data in their capacity as independent data controllers, in addition the list of outsourced data controllers, of which the writer uses, can be consulted at any time at the company’s registered office.
Your data will not be disclosed and will not be transferred to non-EU countries or international organizations.
6 Rights of the interested party and methods of operation
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the interested party may, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him / her (right of access);
- to know its origin;
- receive intelligible communication;
- to have information about the logic, the methods and the purposes of the processing;
- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- in cases of consent-based processing, to receive their data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
- the right to lodge a complaint with the Supervisory Authority.
You may exercise your rights at any time by sending an e-mail to the address: email@example.com
7 Site security measures
For the management of the site specific security measures have been adopted, aimed at guaranteeing secure access and protecting the information contained in the area reserved for risks of loss or destruction, including accidental data, unauthorized access or non-processing allowed or not in accordance with the purpose of the collection.
The Personal Identification Data that DIONISO’S HOTELS collects from the Online User is stored by DIONISO’S HOTELS itself and / or its service providers and protected by a combination of physical and electronic access controls, firewall technologies and other appropriate security measures. However, these security measures can not completely prevent the loss, access, misuse or alteration of Personal Identification Data. If required by law, DIONISO’S HOTELS will inform the User of any loss, access, misuse or alteration of such Personal Identification Data that could affect it in such a way that the User can take the necessary measures to protect his rights . DIONISO’S HOTELS You may decide to inform the User by mail, e-mail or telephone where permitted by law. Do not send payment information or sensitive data to DIONISO’S HOTELS via e-mail or via areas that are not specifically designated (for example, do not send the credit card number in a “Comments” field).
For access to the reserved area of the site, an identification code and a password are assigned to the customers. The latter are assigned and communicated on a confidential basis to the person designated by the client, whether the company or the company, or to the customer himself, if a natural person. The user is required to keep the identification code and password in a confidential manner.