T: +39 041 520 5165 | E.info@hotelsansamuele.com

en_GBes_ESit_IT

Policy privacy

Information for the treatment of personal data in accordance with Article 13 of EU Regulation 679/2016 and the Privacy Code as adapted by Legislative Decree 101/2018.

  1. INTRODUCTION: DEFINITIONS

Personal data: shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Treatment: shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, database comparison or interconnection, restriction, erasure or destruction.

Special categories of personal data: this means personal data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person's health or sex life or sexual orientation.

Data controller: shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

 

2. INTRODUCTION: DEFINITIONS

The Data Controller is SGA S.R.L. (P.IVA / CF.: 04328290277) Registered office in Jesolo, Piazza Brescia n. 5, e-mail: info@hotelsansamuele.com; pec: sga.srl.ve@pec.it, henceforth also the Data Controller.

 

3. TYPE OF DATA, PURPOSES AND LEGAL BASIS FOR TREATMENT

a) Navigation data

The personal data processed are only those that are provided by users during browsing and whose transmission is implicit in internal communication protocols, such as the IP address, the operating system, the browser used and other information collected through the cookies installed on the Site, whose specific COOKIE POLICY. This data is used only to obtain anonymous information about the Site. The legal basis of the processing is the legitimate interest of the Data Controller.

b) Data provided by users when filling in the contact form

This is personal identification data (such as name, surname, e-mail address, telephone number) provided by users when filling in the contact form. In general, the Data Controller does not process special data, unless specifically requested by the customer. We therefore invite users not to enter, in the form, data that may reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade-unionist character, state of health. The purpose of the processing is the fulfilment of the contact request made by the user.

c) Data provided by the user for the receipt of newsletters

These are e-mail messages sent by the Data Controller to update on events in the area, activities, services and promotional activities of the Data Controller and other companies of the MJH Hospitality Group. The legal basis of the processing is consent.

d) Requesting availability of facilities and quotations

These are identified data (such as name, surname, e-mail address and telephone number) provided by users in order to receive information on the availability of the facility and quotes. The legal basis is the user's consent.

e) Making reservations and online check-in

This involves identified data (such as name, surname, e-mail address and telephone number), nationality and payment data provided by customers in order to make a reservation. In order to make a reservation, the data of the holder of the file is collected, while for online check-in it is necessary to communicate the data of the guests of the facility and to show a copy of the identity documents needed to identify the guests and to make the due communications required by the regulations in force. The legal basis is the fulfilment of contractual obligations, including the pre-contractual phase, and the fulfilment of legal obligations incumbent on the Data Controller.

 

4. OBLIGATORY NATURE OF PROVIDING DATA

The provision of the data referred to in point 3 letter a) is obligatory in order to allow navigation on the site.

The provision of the data as per point 3 letter b), c), d) is optional.

The provision of the data for the purposes of point 3 letter e) is necessary for the conclusion of the booking and the provision of the services requested. In this case, the omission or incomplete communication of the data prevents the Data Controller from providing the requested services.

 

5. METHODS OF DATA PROCESSING AND COMMUNICATION OF DATA TO THIRD PARTIES

Data may be processed by means of the collection, recording, storage, processing and deletion of data using both paper and electronic instruments. The data shall not be subject to dissemination or automated decision-making.

The data may be communicated to data processors, such as employees and collaborators of the Data Controller, third parties (companies and professionals) who provide services on behalf of the Data Controller relating to the functionality of the site, company operations and the fulfilment of contractual, legal and administrative obligations.

Finally, the data may be transmitted to the police and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention of and protection against threats to public safety, as well as to allow the Data Controller to exercise or protect its own rights or those of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others.

 

6. DATA TRANSFER OUTSIDE THE EU

Data are stored and processed within the European Union.

In the event of any processing of personal data outside the European Union, this will only take place after appropriate safeguards have been put in place, as required by mandatory legislation.

 

7. DATA RETENTION PERIOD

The data provided will be kept for a limited period of time, for the purposes indicated in point 4 above:

- browsing data will be kept for the time necessary to provide the service and then immediately deleted, except as provided for cookies in the specific COOKIE POLICY;

- data provided through the contact form, for requesting quotes and availability are kept for the time necessary to process the request;

-data for sending the newsletter are kept until consent is revoked;

-booking data are kept for 10 years after termination of the contract (beyond the 1-year cancellation period), unless an extension is necessary to protect the data controller's rights.

 

8. RIGHTS OF THE DATA SUBJECT

The data subject is entitled to exercise the following rights in relation to the personal data covered by this notice, as provided for and guaranteed by the Regulation:

- right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, amended or supplemented;

- right to data deletion (Art. 17 of the Regulation): in the cases provided for by the legislation in force, you may request the deletion of your personal data;

- right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation of the accuracy of your personal data by the data subject;

- right to data portability (Art. 20 of the Regulation): you have the right to request to obtain, from the Data Controller, your personal data in order to transmit them to another Data Controller, in the cases provided for by the aforementioned Article;

- right to lodge a complaint (Art. 77 of the Regulations and Art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint before the competent Data Protection Authority if you believe that a violation of your rights has occurred, or is taking place, with regard to the processing of your personal data (more information on this from the website www.garanteprivacy.it);

- right to revoke the consent given (Art. 13 of the Regulation): for the processing of personal data whose legal basis is consent, you have the right to revoke, at any time, the consent given, by contacting the Data Controller as indicated below.

 

9. PROCEDURES FOR EXERCISING RIGHTS

At any time, the data subject may exercise his or her rights with regard to the personal data processed by the Data Controller by sending a specific written request to the contact data indicated above.