We would like to inform you that we updated our privacy policy in accordance with the “REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL” of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Hereinafter GDPR) .This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data and protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. For the purposes of the Regulation:

1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The information provided below describes, as required by art.13 and art.14 of the GDPR, the processing operations performed on the personal data of the users visiting the websites of “Hotel Art’è”. Those websites include the following:

WWW.HOTEL-ARTE.IT            WWW.HOTEL-ARTE.COM

The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the Hotel’s domain

1. DATA CONTROLLER

The data controller is “Hotel Art'è” di Di Simone Giantommaso 

• Hotel Art'é di Di Simone Giantommaso 
• located: Via Concezio Rosa, 6 - 64041 Castelli (TE)
• e-mail Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
• phone: +39 0861 979314

2. PURPOSE OF DATA PROCESSING

The processing connected to the web services of this site takes place at the aforementioned office of the Data Controller, at the location identified by the operator of the website and is only handled by authorized personnel for processing, or by persons in charge of occasional maintenance operations.

No data deriving from the web service is released. The personal data provided by users who send requests for the sending of material regarding the requested service (or even information only) are used to follow up the User's requests and can be communicated to third parties only if necessary and if involved and functional to satisfy the above-mentioned requests.

The collection and processing of personal data of the User will be in compliance with the general principles of necessity, correctness, relevance and non-excess, regulated by the conditions of use of the site, and in particular the processing of data will take place for:

1. Answer questions and provide the information requested by the User (the optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message), to contact the User about the services provided by or by his business partners;
2. The acquisition of curricula, both in paper and digital format, voluntarily sent by candidates interested in the collaboration with “Hotel Art'é” by Di Simone Giantommaso;
3. the "NEWSLETTER" service to which the User has the right to register. If the personal data provided by users have been provided by registering with said service, the same will be used for the sole purpose of sending the newsletter and will not be disclosed to third parties;
4. the records and communications required by law including those relating to the identification and communication obligations provided by the T.U.L.P.S. (including the online check-in service carried out directly by the User);
5. the necessary and indispensable treatments of an operational, managerial, accounting and other nature, in particular some data will be used for the registrations and communications required by law;
6. verification of the degree of customer satisfaction with regard to the services produced and any other kind of request, through personal interviews, telephone calls or sending e-mails or text messages;
7. fulfill the obligations provided for by Legislative Decree 231/2007 on anti-money laundering for the purposes of preventing and combating the use of the economic and financial system for the purpose of money laundering and terrorist financing
8. prior "consent of the interested party" (1), through traditional contact methods (paper mail or calls via operator) and automated (e-mail, sms, mms, other messaging applications) for functional purposes to commercial / promotional activities such as communications commercial, sale, sending of advertising material or for carrying out market research on the services offered (by way of example but not limited to: updates on initiatives, offers and promotions relating to services and products related to the activities of and third parties with whom collaborates, programs and promotions, even online, aimed at rewarding or retaining potential customers); The legal basis of the processing can be identified in the Civil Code and in the Consumer Code

¹Any manifestation of free will, specific, informed and unequivocal of the interested party, with which he expresses his assent, by means of a declaration or unequivocal positive action, that the personal data concerning him / her are subject to treatment

3. LAWFULNESS OF PROCESSING

Processing shall be lawful only if and to the extent that at least one of the following applies:

• Art. 6 par.1 a),b),c),f)
  

  • a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes

  • b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

  • c) processing is necessary for compliance with a legal obligation to which the controller is subject;

  • f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

• Art. 9 par.2 a),e),f)

  • a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;

  • e) processing relates to personal data which are manifestly made public by the data subject;

  • f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. 

Legal basis for the processing : Civil Code, Criminal Code, Consumer Code

4. DATA RECIPIENTS

The communication to the identified recipients will take place only if they are involved and functional to achieve the purposes referred to in paragraph 2 above, so the personal data collected and processed may be:

1. used anonymously for statistical purposes;
2. made available to the Data Controller's Collaborators, as Managers or persons authorized to process personal data;
3. communicated to third parties, physical or legal, public administrations, professionals, law enforcement agencies, government agencies, regulatory bodies, courts or other public authorities authorized by law;
4. communicated to commercial partners, only in case of estimate and express consent of the User.
5. if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, including with regard to the right to data portability;

 The list of persons in charge of processing personal data is available at the premises of the Data Controller.

5. CATEGORY OF PERSONAL DATA

The personal data processed are only and exclusively those necessary and functional for the correct achievement of the purposes indicated in point 2) and data that fall within the particular categories may also be processed, namely:

1. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, data relating to the health or sexual life or sexual orientation of the person;
2. personal data of family members and other subjects, including data relating to minors, etc.

6. DATA RETENTION

The data provided for the purposes referred to in point 2 will be kept:

• For administrative / accounting purposes: for the period prescribed by tax laws, civil law;
• For marketing purposes and sending newsletters: up to the revocation of the consent given, up to the exercise of the right of opposition and in any case not more than fifteen years from the date of collection.

Personal data will not be disseminated and will be destroyed when we no longer need or have  to keep them

7. PROCESSING METHODS

The computer systems and software procedures used to operate the platform of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses (for verification of the user's reliability and for security purposes) or domain names of computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters related to the operating system and the user's computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.

The personal data undergoing processing will be treated:

• manually and / or electronically and will be kept in special paper and / or electronic archives. The paper and electronic documentation will be correctly maintained and protected for as long as necessary for treatment, using appropriate security measures, so as to minimize the risk of destruction or loss, unauthorized access or treatment not in accordance with the purposes of collection;

• There is no automated decision making process and no profiling is performed..

8. COOKIES

“Cookies” are used. Cookies are small files stored on your computer's hard drive and are used to provide services and / or information. Most cookies are "session cookies" and are then deleted from the hard disk at the end of the session (when you log off or close the browser). They can be present in some pages of the site in order to analyze access to web pages, customize their services, contents and advertising messages, measure the effectiveness of promotions and ensure trust and security. I c.d. session cookies used on this site avoid the use of other technologies that could compromise the privacy of users' browsing and do not allow the acquisition of personal data identifying the User. The policy on the use of cookies on our site can be consulted in the appropriate section.

9. PROVISION OF DATA

Except from what is specified for navigation data, the user is free to provide the personal data requested through appropriate templates relating to services, products and any other kind of request that the site manager, or his business partners, are able to to offer. Failure to provide such data may make it impossible to obtain any response to any requests or use the services or products that the site operator, or its commercial partners, are able to provide.

RESTRICTED AREA:

• registration in the reserved area (mandatory data) involves automatic data acquisition, such as:
  • time, date, page views and permanence on the site;
  • IP protocol and internet domain;
  • search engine (if applicable) through which access to the site has occurred;
  • User's operating system and type of browser.

Failure to provide data may make it impossible to authenticate in the reserved area.

10. RIGHTS OF THE DATA SUBJECT

We inform you that, as an interested party, you have all the rights foreseen by the articles 15-16-17-18-20-21-22 of the GDPR, among which:

• The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• The existence of the right of the data subject to request the data controller to access personal data and to correct or cancel them or limit their processing or to oppose their treatment, in addition to the right to the portability of the data data, including all information available on their origin; to obtain, moreover, the cancellation of personal data concerning him without unjustified delay pursuant to art. 17 ("right to be forgotten").
• Where the processing is based on Article 6 (1) (a) or Article 9 (2) (a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on on the consent given before the revocation;
• The right to lodge a complaint with a supervisory authority;
• Have from the data controller a copy of the personal data being processed, provided that it does not damage the rights and freedoms of others; in case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs. If the request is received by electronic means, unless otherwise indicated, the information is provided in a commonly used electronic format;

The above information will be provided:

• Within a reasonable time after obtaining personal data, but no later than one month, in consideration of the specific circumstances in which personal data are processed;
• In the event that personal data are intended for communication with the data subject, at the latest at the time of the first communication to the data subject; or if communication to another recipient is envisaged, not beyond the first communication of personal data.

All rights of the data subject provided for by the GDPR are exercised by request without formalities to the Data Controller, also through a person in charge, who is provided with appropriate feedback without delay.