Processing of personal data pursuant to EU Regulation n. 679/2016 (“GDPR”)
Owner, Data Processor and in charge of processing
The Data Controller is GESTI HOTEL SERVICE S.R.L., Via Euganea Treponti 125 – 35037 Teolo (PD) (hereinafter, “Owner“).
To contact the Owner send an email to firstname.lastname@example.org.
The Data Controller ensures compliance with all privacy regulations pursuant to the European Regulation for the protection of personal data n. 679/2016 (GDPR, “General Data Protection Regulation”) and subsequent amendments.
Types of data processed
Any natural person who uses our Website can:
- obtain from the Owner, at any time, information about the existence of their personal data, the origin of the same, the purposes and methods of treatment and, if present, to obtain access to personal data and information referred to in Article 15 of the GDPR;
- request the updating, rectification, integration, deletion, limitation of data processing if one of the conditions provided for in Article 18 of the GDPR occurs, the transformation into anonymous form or blocking of personal data, processed in violation by law, including those that do not need to be kept for the purposes for which the data were collected and / or subsequently processed;
- oppose, in whole or in part, for legitimate reasons, to the processing of data, even if pertinent to the purpose of collection and processing of personal data provided for commercial information purposes or sending advertising material or direct selling or for the fulfillment of market research or commercial communication; each user also has the right to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
- receive personal data, provided knowingly and actively or through the use of the service, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without impediments;
- propose a complaint to the Italian Data Protection Authority.
At any time the interested party can send any question or request related to his personal data and to respect the privacy exercise his rights by writing to the Owner by email.
Purpose of data processing
Personal data is processed for the following purposes (hereinafter, “Purpose of Service “):
- manage and provide the services offered through the Website;
- allow the user to use the services expressly requested;
- process a contact request generated by the Site (for example, reply to an email received, contact the user by phone);
- make communications relating to the progress of the relationship established;
- processing of personal data provided by the user and those derived from browsing the site in order to provide a service consistent with the use of the service;
- collection, storage and processing of navigation data to perform statistical analysis in an anonymous and aggregate form;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
- to prevent or discover fraudulent activities or malicious activities harmful to the Site;
- exercise the rights of the Owner, for example the right to exercise a right in court.
In addition, only subject to specific and distinct consent from the user, personal data are processed for the following other purposes (hereinafter, “Other Finality“):
- newsletter sending;
- send by email communications relating to opinion polls and approval;
- sending by email invitations to events or registrations to events of which it is part or that organizes the Holder.
Place of data processing
The processing connected to the web services of this Site takes place at the Data Controller’s premises and at the Hosting web datacenter hosting the Site. They are only handled by technical staff in charge of processing, or by persons in charge of occasional operations of maintenance. No data deriving from the web service is communicated or diffused except in cases expressly provided for by law.
The personal data provided by users are used only to perform the services provided by the Site and only for the purposes indicated in the purposes of processing, are disclosed to third parties only if this is necessary for this purpose.
In addition to the data expressly conferred, other data may be recorded deriving from the navigation of the user on the Site. For any access to the Site we register the type of browser, the operating system, the host and the URL of origin, besides to the data on the requested page. These data are used in aggregate and anonymous form for statistical analysis on the use of the Website.
Personal data will be processed for the following operations: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The processing will be carried out with electronic and / or automated and telematic tools with organizational and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with organizational, physical measures and logics provided for by the provisions in force. The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality report and for no more than 2 years from the collection of data for Other Purposes.
Personal data and / or results of the statistical analysis above may be communicated to:
- people, companies or professional firms that provide assistance and advice to the Owner in accounting, administrative, legal, tax and financial matters;
- subjects to whom the faculty to access the data is recognized by provisions of law or by orders of the authorities;
- subjects delegated and / or appointed by the Data Controller to carry out the activities related to the provision of services on this Site;
- to third-party companies or other parties (indicative, web site provider, cloud provider, e-payment service provider, suppliers, hardware and software service engineers, shippers and carriers, credit institutes, professional firms, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as data processors.
Your data will not be diffused for any reason.
The user is not obliged to provide the Data Controller with the data requested by the Site. The provision of data to the Data Controller is optional, however, in case of refusal of consent for the purposes mentioned above, and in case of refusal of the consent to the communication of the data to the subjects above, we will find ourselves in the impossibility to provide the services requested by the user.
Rights of interested parties
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification.
The interested party has the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment.
At any time the interested party may exercise the rights by writing to the Data Controller by email.
Data provided voluntarily by users
The optional insertion of data in the forms on the Site (contact form, newsletter, etc.) as well as the optional, explicit and voluntary sending of data in web forms or emails to the addresses indicated on this Website, with the aim of obtaining specific services and / or for sending communications and information, involves the subsequent acquisition of the sender’s address, necessary to respond to requests or to provide the services, communications and information requested, as well as any other personal data entered.
This Website and the Services of the Data Controller are not intended for minors under the age of 18 and the Data Controller does not intentionally collect personal information about minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of users.