INFORMATION NOTE ON THE PROCESSING OF PERSONAL DATA OF CLIENTS
in accordance with art. 13 of the EU Regulation 2016/679 of 27 April 2016
Pursuant to article 13 of the EU Regulation 2016/679 of 27 April, hereinafter referred to as GDPR (General Data Protection Regulation), BLUE PROJECT SRL, with registered office in via Zanzotto, 28 – 31053 Pieve di Soligo, Treviso, Italy, in the vest of personal data processing Controller, would like to inform you of the following:
The Controller
The Controller is BLUE PROJECT SRL, with registered office in via Zanzotto, 28 – 31053 Pieve di Soligo, Treviso, Italy.
Data which are subject to the processing
The Controller processes personal data, identifying information and contract data (e.g. name, surname, address, e-mail addresses, phone number, banking and payment data), hereinafter referred to as “personal data”, or also particular/special personal data (e.g. data that shows the state of health) hereinafter referred to as “special categories of data” that you provided during the delivery of the restaurant and/or hotel services.
Purposes of the processing
The personal data that you provided will be processed exclusively for the following purposes:
a. to obtain and confirm your booking of accommodation services and ancillary services, and to provide the required services.
b. to comply with the legal obligation required under the “Italian Consolidated Law on Public Security (TULPS)” (art. 109 Royal Decree 18.6.1931 n. 773) which requires us to communicate to the police authorities (Questura), for the purposes of public security, the personal data of guests staying in our premises according with the procedure described by the Ministry of Interior (Decree Law 7 January 2013)
c. to comply with the legal obligations, regulations, applicable laws and other dispositions given by Authorities that are invested to do this by law or by supervisory and control bodies.
The processing of personal data for the aforementioned purposes does not require your explicit consent (art. 6 letter b) and c. of the GDPR).
d. to allow the function of receiving messages and telephone calls addressed to you during your staying For such activity your consent is required. You can revoke your consent at any time.
e. to carry out marketing and advertising activities of the Controller’s products and services, commercial communications, either by automated means without operator input (e.g. sms, fax, mms, e-mails, etc.) or by traditional means (by telephone, mail).
The processing of personal data for the aforementioned purposes requires your explicit consent (art. 6 and 7 of the GDPR). Such consent applies to both communication by automated means and traditional means described above. You will be always entitled to fully or partially object to the processing of your personal data for these purposes in an easily way and free of charge,
excluding for example automated communication means and expressing your wish to receive commercial and advertising communication exclusively via traditional communication means.
The data requested for the purposes referred to in the previous points a) and b) and c) must be provided for the fulfilment of the legal obligations and / or for the conclusion and execution of the contractual obligations and the provision of the requested services. Therefore, your eventual refusal, even partial, to provide such data would make it impossible for the Controller to establish and manage the relationship itself and to provide the requested service.
The provision of personal data necessary for the purposes referred to in poin d) and e) above is optional, therefore your refusal to provide such data would make it impossible to carry out the activities described therein.
Data processing policy
The processing of personal data is carried out by means of the operations listed in art. 4 n. 2) GDPR, for the aforementioned purposes, both on paper and on computer, with the aid of electronic or automated means, in compliance with the current regulations in particular as regards privacy and security and in accordance with the principles of correctness, lawfulness and transparency and protection of client’s rights.
The processing is carried out directly by the Controller’s organization, by its managers and / or agents.
Communication and circulation
Your personal data will be disclosed, within the limits pertinent to the obligations, for the tasks and the aforementioned purposes and in compliance with the current regulations on the subject, to the following categories of subjects:
1. subjects to whom the data must be disclosed for the purpose of fulfilling or demanding the fulfillment of specific obligations required by law, regulations and / or EU legislation;
2. companies belonging to the Controller’s Group i.e. controlling, controlled or connected companies pursuant to Art. 2359 of the Italian Civil Code, which act as data controllers or for administrative and accounting purposes (purposes related to the performance of internal, administrative, financial and accounting activities, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
3. external physical and / or legal bodies who provide services fundamental to the activities of the Controller for the purposes referred to in paragraph 1. (e.g. call centers, suppliers, consultants, companies, institutions, professional firms). These subjects will operate as data controllers.
Personal data will not be disseminated in any way.
The retention period of personal data
Personal data referred to points a) b) and c) will be kept for the entire duration of the contract stipulated with the Controller. After the termination of the contract, the data will be kept for the fulfilment of the terms set by law for the conservation of administrative documents, after which they will be deleted.
Personal data relating to points
- d) will cease at your departure in any case
- e) will be kept for a maximum of 3 years
Data transfer
Personal data are stored on servers located within the European Union. In any case, it is understood that the Controller, if necessary, will have the right to move the servers also outside the EU. In this case, the Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legislations, subject to the stipulation of the standard contractual clauses required by the European Commission.
Rights of the interested party
As interested party, you have the rights set forth in art. 15 GDPR and specifically the rights to:
1. obtain confirmation as to whether or not personal data concerning you exist, even if not yet registered, and the communication of such in intelligible form;
2. obtain the information on: a) the source of personal data; b) the purposes and methods of their processing; c) of the method applied in case of processing carried out with the aid of electronic means; d) the information details identifying the Controller, the managers and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) subjects or categories of subjects to which personal data may be disclosed or who may be made aware of it as appointed representative in the State territory, people in charge or delegates
3. obtain: a) the update, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or the block of the data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the confirmation that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been disclosed, except in the case in which this fulfilment proves impossible o involves a use of means manifestly out of proportion to the right that is to be protected;
4. fully or partially object: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or commercial communication, through the use of automated call systems without the intervention of an operator, by e-mail and / or by traditional marketing methods, by telephone and / or paper mail. It should be noted that the right to object of the interested party, set out in point b) above, for direct marketing purposes through automated means extends to traditional ones and that anyway the possibility remains for the interested party to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications via traditional methods i.e. only automated communications or none of the two types of communication. Where applicable, it also has the rights referred to in Articles 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint to the Antitrust Authority www.garanteprivacy.it
For the exercise of the rights referred to in art. 15 of the GDPR or for questions or information regarding the processing of your data and the security measures taken, you may in any case forward your request to the following address:
BLUE PROJECT SRL
Località Badualga – 08020 Badualga, San Teodoro (OT)
Telephone: +39 0784 851092
E-mail: info@hotelsanteodoro.com