INFORMATION PURSUANT TO ART. 13, GDPR
INFORMATION NOTICE FOR USERS OF THE SITE
pursuant to art. 13, EU Regulation no. 2016/679 ("GDPR")
This section contains information on how HOTEL PALACE managed by the company Nostrorizzonte srl (hereinafter, also, "Palace Hotel" or the "Owner") in relation to the processing of data of users of the site www.palaceviareggio.com (hereinafter, "the Site").
The information is provided solely for the Site and not for any other websites that may be consulted by the user through links contained therein.
The purpose of this document is to provide information on the methods, times and nature of the information that data controllers must provide to users when connecting to the web pages of the Sites, regardless of the purposes of the connection itself, in accordance with Italian and European legislation.
The user is informed that the information notice may be subject to changes as a result of amendments to the legislation in force from time to time, or to the organisation and activity of the Site: the user is therefore invited as of now to check from time to time for any updates to this page.
The data controller is NostroOrizzonteSrl with registered office in Via Flavio Gioia, 2, postcode 55049, Viareggio (LU), tel. 058446134, e-mail email@example.com, VAT no. 02303400465.
TYPE OF DATA PROCESSED, PURPOSE AND LEGAL BASIS FOR PROCESSING
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes, by way of example:
- Internet Protocol (IP) addresses
- the domain names of the computers used by users connecting to the site
- the addresses in URI (Uniform Resource Identifier) notation of the resources requested
- the time of the request
- the method used to submit the request to the server
- the size of the file obtained in response
- the numeric code indicating the status of the response given by the server (successful, error, etc.)
- number of clicks and other parameters relating to the user's operating system and computer environment
- browser type and parameters of the device used to connect to the site
This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
The Data Controller uses this information exclusively in aggregate and anonymous form in order to verify the proper functioning of the site and for security reasons. The legal basis is provided by the Owner's legitimate interest in the proper functioning of the website and its security.
With specific regard to security purposes (anti-spam filters, firewalls, virus detection), the Data Controller points out, in particular, that the data automatically recorded in the event of anomalies or attacks may possibly also include personal data such as the IP address, which could be used, in accordance with the laws in force on the subject, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful or criminal activities. In any case, the Data Controller will never use such data for the purpose of identifying or profiling the user, but solely for the purpose of protecting the site and its users, on the legal basis of the legitimate interest in guaranteeing the security of the site and its users.
Data communicated by the user
The user has the option of booking a stay by filling in the dedicated fields made available on the Site.
To make a reservation, the user is asked to enter the following data:
- first and last name
- email address
- telephone number
Purpose and legal basis. Consequences of non-consent or revocation
The processing of the data communicated by the user is carried out for pre-contractual (booking) and contractual (provision of the requested service) purposes and does not require consent on the basis of Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject. The communication of the data requested in the booking form is optional. However, failure to complete the form will prevent the Controller from proceeding with the booking.
Cookies and other tracking systems
AUTOMATED DATABASE PROCESSING AND LOCATION OF DATA PROCESSING
The processing of navigation data takes place at the Controller's premises, on servers located in the EU. The data communicated by the user for booking purposes are processed, managed and stored in an automated manner in the EU, through the company Blastness Srl
The Owner does not process the User's payment data even in the case of an online booking: Blastness Srl's technological solution offers a direct banking gateway, so that the Owner is only informed if the booking guarantee or payment has been made.
SITE SECURITY MEASURES
Specific security measures have been adopted for the management of the site, aimed at guaranteeing secure user access and protecting the information contained in the site from the risk of loss or destruction, even accidental. The antivirus software used in the management of the site is updated periodically in order to prevent data loss due to the action of computer viruses.
Users of the site are in any case advised to equip their computer devices with adequate protection systems against malware and other attacks.
ACCESS TO DATA. RECIPIENTS OF PROCESSING
Access to personal data collected during the booking process is permitted only to:
- the data processors, expressly authorised by the Data Controller,
- the data processors designated with an assignment having the characteristics set out in Article 28 GDPR
- external parties who collaborate with the Data Controller and who are in any case bound by an obligation of confidentiality towards the latter.
In addition, the competent authorities to carry out controls or inspections on the basis of a legal obligation or in the performance of a public service or public interest pursuant to the provisions of Article 13, EU Regulation No. 2016/679 ("GDPR"), are entitled to request the data from the Data Controller.
RIGHTS OF DATA SUBJECTS
Pursuant to Article 13, GDPR, the Data Controller informs users of the Site about the rights of data subjects specified below.
Rights of access, cancellation, restriction and portability.
Data subjects are granted the rights set out in Articles 15 to 20 of the GDPR. By way of example, each data subject may:
- obtain confirmation as to whether or not personal data concerning him or her is being processed;
- if a processing is taking place, obtain access to the personal data and information relating to the processing as well as request a copy of the personal data
- obtain the rectification of inaccurate personal data and the integration of incomplete personal data
- obtain, if one of the conditions set out in Article 17 of the GDPR applies, the deletion of personal data concerning him/her
- obtain, in the cases provided for in Article 18 of the GDPR, the restriction of processing;
- where the conditions of Article 20 of the GDPR apply, to receive the personal data concerning him/her in a structured, commonly used and machine-readable format and to request its transmission to another data controller, if technically feasible.
Right to object
Each data subject has the right to object at any time to the processing of his or her personal data carried out in pursuit of a legitimate interest of the Controller. In the event of opposition, your personal data will no longer be processed, unless there are legitimate reasons for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a legal claim.
Requests addressed to the Data Controller may be sent to the following address: è Palace Hotel - Via Flavio Gioia, 2, CAP 55049, Viareggio (LU), tel. 058446134, or by e-mail to firstname.lastname@example.org.
Right to lodge a complaint with the Guarantor
In addition, each data subject may lodge a complaint with the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) if he/she believes that his/her rights under the GDPR have been violated, in accordance with the procedures indicated on the Garante's website accessible at: www.garanteprivacy.it.
Last updated: 11/07/2023