1. Data Controller
The Data Controller is:Info Alberghi srl
2. Our policy on processing of personal data
The processing of your personal data is very important and we intend to comply with all the principles prescribed by theprivacylegislation. Our policy expect us to treat personal data with the maximum lawfulness, security, correctness, transparency and confidentiality, as well as to collect only the data strictly necessary for the purposes indicated here.
3. What kind of personal data we need and for what purposes
With the help of automated electronic tools we collect and process only the personal data you voluntary provide us in order to allow the selected accommodation to respond to your requests. Besides, in case of your further consent (specific and optional), we will process that information to keep you informed of any new promotions and offers.
To achieve the aforementioned purposes, we only need your name and e-mail address. If you spontaneously decide to provide further personal data through the "optional" sections of the contact form or through other tools available on the websitewww.info-alberghi.com, such information could be considered "Sensitive data" (for example any data that can disclose a person's racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, or sex life). Sensitive data would be processed only and exclusively for the services you have requested from us.
4. Consequences in case of refusal to communicate personal data
Your name, your e-mailaddressandyour consent to the processing are necessary to provide our services for the purposes indicated above. The refusal to confer such personal data implies the impossibility to establish a contact with the structure chosen by you.
5. Data processors (subjets that have access to your data)
- Person Tasked with Processing:the Data Controller employs collaborators and employees who would be able to access the personal data you have provided strictly within the limits necessary for the performance of their auxiliary tasks.
- External data processors:personal data may also be accessible to third parties who perform auxiliary services. Third parties are chosen by the Data Controller on the basis of appropriate standards of professionalism, safety and experience (computer technicians responsible for the maintenance of electronic equipment;hosting provideretc.).
6. How and for how long the data you provide us are stored
The data you provide us will be kept by the Data Controller in a specific database allocated on servers owned by an external company based in an EU country. Your data will be stored for 36 months. After that period of time the information will be kept exclusively in an impersonal form as summary/aggregate data in order to be used only for statistical purposes.
7. Security measures
We are committed to guaranteeing maximum security in the processing of your data and for this reason we have equipped our offices with the necessary environmental measures to prevent break-ins and to avoid leaks. In addition, we have equipped our IT systems with software protected bypasswordsand constantly updatedanti-viruses.
8. Your rights
Regarding the processing of personal data you have the following rights:
- right to access personal data: at any time you can request and obtain information or confirmation of the existence of data in our possession concerning your person (and eventually receive a copy);
- right to request correction of the above mentioned data;
- the right to obtain the portability of the data you provide with consent;
- right to withdraw consent at any time; right to cancel it's own personal data; the right to limit the future processing of personal data according to the procedures and cases indicated by the law (articles 4 and 18 of the EU Reg. 679/2016);
- right to fill a complaint with a supervisory authority according to the articles: 15 to 22 of the GDPR 679/2016.
You can exercise your rights by contacting the Data Controller (and the contacts indicated in point 1. of this document) providing the e-mail address communicated at the time the data were provided.