The Company is the Data Controller (hereinafter the Data Controller) of the processing of personal data collected through its website www.hotelsanluca.com (hereinafter the Site) as defined by art. 28 of Legislative Decree 30 June 2003, n.196 (Code regarding the processing of personal data) as well as in compliance with Community legislation (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent amendments. The Data Controller will process any data collected through this Site for purposes, in a manner and as specifically explained below.
LEGAL BASIS OF THE PROCESSING
This site processes data based on consent. With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service. The provision of data and therefore the consent to the collection and processing of data is optional, the User can refuse consent and may revoke at any time a consent already provided by contacting the Owner. However, denying consent may make it impossible to provide certain services and the browsing experience on the site may be compromised.Starting from 25 May 2018 (date of entry into force of the GDPR), this site will process some of the data based on the legitimate interests of the data controller.
DATA COLLECTED AND PURPOSES
Like all websites, this site also makes use of log files in which information collected in an automated way is stored during user visits. The information collected could be the following:
The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site as well as for security reasons (from 25 May 2018 such information will be treated according to the legitimate interests of the Owner).
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the purposes of protection of the site and its users (from 25 May 2018 such information will be treated according to the legitimate interests of the owner).
Visitors to the site can provide their data voluntarily to access some services provided by the Site (eg comments, contact forms, newsletters, ..) The data received will be used exclusively for the provision of the requested service and only for the time needed to provide the service. The information that users of the site deem to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, exempting this site from any liability regarding any violation of laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international standards.
The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the activities specified. In any case, the data collected from the site will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided by law. The data used for security purposes (block attempts to damage the site) are kept for 7 days.
Should the visitor upload images to the website, it is advisable to avoid uploading images including embedded location data (EXIF GPS). Website visitors can download and extract any position data from images on the website.
By filling out the contact form for requesting information, the Visitor agrees to communicate his data to the Data Controller. The requested data could be:
These data will be processed according to the methods expressed in this policy and used for the sole purpose expressed.
COMMUNICATION TO THIRD PARTIES
Personal data may be the subject of communication to the Institutions and Institutes for the fulfillment of legal obligations or judicial authorities to respond to their explicit requests. The Data Controller does not knowingly collect sensitive or judicial personal data through the Website. Sensitive Data, pursuant to art. 4 of the Code regarding the processing of personal data, include personal data suitable to reveal the racial and ethnic origin, religious beliefs, philosophical or otherwise, political opinions, membership of parties, trade unions, associations or organizations religious, philosophical, political or trade union, as well as personal data suitable to reveal the state of health and sexual life.
Judicial data, again pursuant to art. 4 of the Code, include personal data suitable for revealing the measures referred to in Article 3, paragraph 1, letters a) to o) and r) to u), of the D.P.R. November 14, 2002, n. 313, on the subject of criminal records, the register of administrative sanctions depending on the offense and the related pending charges, or the status of defendant or suspect under articles 60 and 61 of the criminal procedure code. We recommend that you do not provide such information through the Site. In the event that this is necessary (for example in the case of belonging to protected categories in case of sending a resume for recruitment purposes, in response to a job announcement or in in case of expression of interest to work in the Company) we invite you to send us a registered letter with the expression of your consent in writing to the processing of this information.
LINKS TO THIRD-PARTY SITES
The data collected by the site are processed at the Seeweb web hosting data center. Web hosting, which is responsible for the processing of data, keeping data on behalf of the Owner, is located in the European Economic Area and acts in accordance with European standards.
The information and personal data of the Visitors collected from the Site, including the data freely provided in order to obtain the sending of informative material or other communications by writing in the form of the Site, will be kept for the sole purpose of providing the requested service and for the duration necessary for the same purpose. Once the service is complete, all personal data will be destroyed in compliance with the data retention policy, unless otherwise requested by the authority and unless required by law, or when indicated in this policy for particular sections of the portal.
EXERCISE OF THE RIGHTS OF THE INTERESTED PARTY
Pursuant to European Regulation 679/2016 (GDPR) and national regulations, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
Requests should be sent to the Data Controller at firstname.lastname@example.org. In the event that the data are processed on the basis of legitimate interests, the rights of data subjects are guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to oppose the treatment that can be exercised by sending a request to the data controller.
This site processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, may have access to the data categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).
TRANSFER OF DATA TO NON-EU COUNTRIES
This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
RESPONSIBLE FOR PROCESSING
The web hosting Seeweb is appointed as data controller, keeping the data on behalf of the owner. Web hosting is located in the European Economic Area and acts in accordance with European standards. Google is appointed data controller, processing data on behalf of the Data Controller (Google Analytics).