Hotel Savoy srl, headquartered in via Carducci, 33 Grado (GO), social security number and VAT ID 00067780312 (hereinafter "Holder"), as Data Controller, informs you, pursuant to Legislative Decree 30.6.2003 n. 196 (hereinafter, "Privacy Code") and EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following ways and for the following purposes:
1) Object of the processing
The Data Controller processes personal, identifying, and non-sensitive data (in particular, name, surname, social security number, VAT number, email address, telephone number - hereinafter, "personal data" or just "data") communicated by you during registration on the website and/or when registering for any newsletter service offered by the Data Controller.
2) Purpose of the processing
Your personal data is processed:
A) Without your express consent, for the following Service purposes:
- To fulfil pre-contractual, contractual, and tax obligations arising from existing business relations;
- To fulfil obligations established by law, by regulations, by community legislation, or by an order of the Authority;
- To acquire and confirm your booking of accommodation services and ancillary services, and to provide said services;
- To fulfil the obligation set forth in the "Consolidated Law on Public Safety" (article 109 RD 18.6.1931 No. 773) which requires us to communicate to Police Headquarters, for purposes of public security, details of clients accommodated according to procedures established by the Ministry of the Interior (Decree of 7 January 2013);
- For the purposes of protecting people, property, and corporate assets through a video surveillance system in some areas of the establishment, identifiable by the presence of appropriate signage;
- Exercise the rights of the owner, for example the right to a defence in court.
B) Only subject to your specific and distinct consent, for the following organizational and management objectives:
- To register on the website;
- To register for the newsletter service provided by the Data Controller and any additional services you request;
- To speed up the registration process in case of your eventual stay at our establishment;
- To perform the function of receiving messages and telephone calls addressed to you during your stay;
- To send you promotional messages and updates on rates and offers.
3) Processing methods and data retention times
The processing of your personal data is carried out by means of the operations indicated, more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your personal data is subjected to both paper and electronic and automated processing.
The Data Controller will process personal data solely for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of service and for no more than 5 years from the collection of data for Marketing Purposes, unless the Data Subject exercises their rights to privacy and/or other legal obligations.
4) Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- To employees and partners of the Data Controller, in their capacity as persons in charge and/or internal processing managers and/or system administrators;
- To external companies for computer systems maintenance, for the storage of personal data, etc., or to third parties (for example, providers for the management and maintenance of the company website, suppliers, lenders, professional offices, etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as external data controllers.
5) Data communication
Without your express consent, the Data Controller may only communicate your data for the purposes referred to in art. 2.A) to: employees and collaborators of the Data Controller, in their capacity as persons in charge of processing and/or system administrators and/or administrators; Supervisory bodies, judicial authorities as well as all other subjects to whom the communication is obligatory by law for the accomplishment of said purposes; technicians and/or collaborators for administrative, fiscal, and accounting management and/or to fulfil specific legal obligations or for which external suppliers have been identified. Your data will not be disclosed.
6) Data transfer
The management and storage of personal data will occur on servers located within the European Union and/or third-party companies appointed and duly appointed as Data Processors by the Owner. Currently our servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location in Italy and/or the European Union and/or to non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
7) Nature of providing data and consequences of refusing to provide it
The provision of data for the purposes referred to in art. 2. A) is mandatory. In the absence of personal data, we cannot guarantee either registration to the site or the services listed in art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional.
You may therefore decide not to provide any data or subsequently deny the processing of data already provided: in this case, the services referred to in points 2.B. cannot be provided. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
8) Rights of the Data Subject
In your capacity as a Data Subject, you have the rights referred to in art. 15 GDPR, and precisely the rights to:
A) Obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
B) Obtain details regarding:
- The origin of the personal data;
- The purposes and methods of processing;
- The logic applied in case of processing carried out with the aid of electronic instruments;
the identifying details of the owner, managers, and designated representatives; and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives in the territory of the Italian State, managers or agents;
C) Obtain:
- Updating, rectification or, when appropriate, integration of data;
- The cancellation, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed;
- The attestation that the operations referred to in art. 8.A) and B) have been brought to the attention, also with regard to their content, of those to whom the data has been communicated or disseminated, except in the case where this fulfilment proves impossible or involves the use of means clearly disproportionate to the protected right;
D) Oppose, in whole or in part:
- For legitimate reasons, to the processing of your personal data, even if pertinent to the purpose for which it was collected;
- To the processing of personal data for the purpose of sending advertising or marketing material by email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the Data Subject, set out in point B), for direct marketing purposes through automated methods also extends to traditional ones and that in any case the option remains for the Data Subject to exercise the right of opposition, also partially. Therefore, the interested party can decide to receive communications either through traditional methods or automated communications or neither.
- Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right of complaint to the Guarantor Authority.
9) How to exercise your rights
You can exercise your rights at any time by sending:
- A registered letter with acknowledgement of receipt to: Hotel Savoy srl, via Carducci 33 Grado (GO)
- An e-mail to privacy@hotelsavoy-grado.it
10) Controller, Processor and Persons responsible
The Data Controller is Hotel Savoy srl in the figure of legal representative pro-tempore, based in via Carducci, 33 Grado (GO). The updated list of Data Processors and those responsible for processing data is kept at the Data Controller's headquarters.
11) Data Protection Officer
The Data Protection Officer (D.P.O.) is not applicable to our organization.
12) Cookies
The site uses cookies. Please refer to the specific information regarding cookies for additional details.
13) Changes to this Privacy Statement
This information may change. It is therefore advisable to regularly check the Privacy Statement and refer to the latest version.