The Data Controller of the processing of personal data is ITAL H&R SRL, Single-Member Company registered at the Bologna Trade and Business Registry, with registered office in Via Stalingrado, 37 – 40128 Bologna (BO).
- CATEGORIES OF DATA PROCESSED AND PURPOSE OF THE PROCESSING
The consultation of the Web Services does not require the prior registration of the User, nor the collection of personal data provided directly by the User (for the definition of “data provided directly by Users” see below). The use of the relevant features (for example, online booking service), on the other hand, involves the processing of personal data provided directly by the Users, only to the extent strictly necessary for the processing of the specific request.
Users are free to provide their personal data. Failure to provide such data may, however, entail the impossibility of obtaining what has been requested.
The personal data collected will be processed solely for the purposes indicated below.
Through the Web Services, the Company does not collect deliberately personal data belonging to particular categories (Article 9 c.1 of the Regulation) or relating to criminal convictions and offenses (Article 10 of the Regulation): it is therefore recommended not to provide such information through the Web Services.
1.1 NAVIGATION DATA
The computer systems and software procedures used to operate the Web Services acquire, during normal operation, some personal data that are subsequently transmitted through the use of Internet communication protocols. This information is not collected to be associated with identified Users, but by their very nature could, through processing and association with data held by third parties, allow to identify them. This category of data includes:
- IP addresses or domain names of the computers used by users who connect to the site,
- the addresses in URI (Uniform Resource Identifier) notation of the requested resources,
- the time of the request,
- the method used in submitting the request to the server,
- the size of the file obtained in response,
- the numerical code indicating the status of the response given by the server (good order, error, etc.)
- and other parameters related to the operating system and the user’s computer environment.
These data, in addition to allowing consultation and normal use of the Web Services, are processed, in pursuit of the legitimate interests of the Company, in order to:
- obtain statistical information, in an anonymous and aggregate form, on the use of the site;
- check its correct functioning;
- ascertain any responsibility in case of hypothetical computer crimes against the site.
The navigation data will be kept for the time strictly necessary for the aforementioned purposes
1.3 DATA SUPPLIED DIRECTLY BY USERS
The sending of messages, requests and information, through contact forms or e-mails sent to the addresses indicated within the Web Services, involves the processing of personal data, only for the purposes set out from time to time. In particular, the categories of personal data processed in these cases include personal data (forename, surname, age and residence / domicile), also of third parties (additional guests), contact details (e-mail address, telephone number, fax), information on the provision of services (periods of stay and accommodation), information on payment methods.
The data will be processed for purposes related to the fulfillment of specific requests, contractual or legal obligations (tax and accounting), the maintenance of historical billing, the management of litigation and the protection of credit. In particular, data may be processed in order to
- provide feedback to the information requests made by users regarding the services provided;
- allow the verification of room availability and to make reservations for stays at the facility;
- receive expressions of interest in a working relationship with the Company.
Below is a description of the individual areas of Web Services through which the data provided voluntarily by Users are collected.
1.3.1 “BOOK NOW” SECTION
The “Book Now” section allows the User to make a reservation for overnight stays / stays through the Web Services. The form provides for the collection of data necessary for processing the order (in particular, personal data, contact details and credit card details).
The processing of personal data is based on the need to implement pre-contractual measures requested by the User. The personal data collected here will be processed for the duration of the reservation and, if necessary, for the provision of the service; further storage, on the basis of legal or regulatory obligations (e.g. tax, accounting, etc.), will take place within the limits established by the law (generally 10 years from collection, as per Article 2220 of the Italian Civil Code), and in reference only to data strictly necessary for these purposes.
1.3.2 “CONTACTS” SECTION
The “Contact” section allows the User, through the related form, to request to the Company to be contacted, in order to obtain useful clarifications in relation to the services provided by it. For this purpose, personal data required to process the request (name, telephone number and e-mail address) are requested; in addition, personal data communicated by the User to the telephone operator and / or forwarded to the Company’s e-mail address will be processed. The processing of personal data relating to the User takes place in order to implement specific requests formulated by the Interested Party; the data will be stored for the time strictly pertinent to the fulfillment of the request.
2. DATA PROCESSING METHODS
The personal data collected are only those strictly necessary for the purposes pursued from time to time. The processing takes place after implementation of every measure useful to ensure privacy and security. These measures are aimed at preventing events of loss, damage and disclosure of data, or unauthorized access. Personal data may be communicated to collaborators and / or employees, authorized to carry out processing operations under the direct control of the Data Controller or Data Supervisors, appointed as Distributors and appropriately instructed in this regard.
2.1 COMMUNICATION TO THIRD PARTIES
In pursuing the aforementioned purposes, personal data may be disclosed to third parties, such as, for example, Public Bodies (for the fulfillment of any legal obligations) or Court and Police Authorities (where required).
In particular, the Company will communicate, within the limits of what is strictly necessary, personal data relating to the User toward external parties that provide payment services.
The Company also makes use of the services provided by third-party companies, to whom the personal data relating to the User are transmitted. These third-party companies may, from time to time, assume the role of independent data controllers or supervisors.
In particular, the Company makes use of IT service providers, related to the provision of management and booking applications, appointed as data supervisors through specific agreements.
In other cases, Web Services can integrate the functionalities of applications made available by third parties (e.g. Google Maps): the User interacts directly with the aforementioned third parties, who must be considered as autonomous data controllers. The User, for greater protection of its personal data, is invited to consult the privacy policies made available by these subjects.
Personal data will not be disclosed.
2.2 DATA RETENTION POLICY
The personal data of the Users collected through the Web Services, including data freely provided in order to obtain the communication of informative material or other communications by filling in the appropriate forms, will be processed for the sole purpose of providing the service requested and for the duration necessary for the same purpose.
2.3 UNDER AGE PERSONS
The Web Services are not addressed to minors: in fact, minors are not authorized to make reservations, nor to use the services provided by our facilities.
3. EXERCISE OF THE RIGHTS OF THE INTERESTED PARTY
Requests should be forwarded by writing or by contacting the data controller at the following address firstname.lastname@example.org.
The User may use the aforementioned address, in addition to exercising its rights, also to obtain the updated list of the categories of recipients of the data. The User’s right to lodge a complaint with the Italian Authority, the Privacy Guarantor, when deemed necessary for the protection of the personal data and rights thereof, is upheld.