Privacy
INFORMATION FOR THE PROCESSING OF PERSONAL DATA OF USERS OF THE WEBSITE WWW.ASHANTIAPARTHOTEL.IT
Information for the processing of personal data pursuant to Article 13 of EU Regulation 679/2016 and the Privacy Code as amended by Legislative Decree 101/2018.
1. FOREWORD: DEFINITIONS
Personal data: shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Processing: shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special categories of personal data: this means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person’s health or sexual life or sexual orientation.
Data controller: shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
2. DATA CONTROLLER
The data controller is MIEVA S.R.L. (C.F. / P.IVA: 02097260307), with registered office in Via Taigete n. 17, San Michele al Tagliamento (VE), 30028 Fraz. Bibione, e-mail: ashanti@agenziamc.com; pec: mievasas@pec.it; tel. +390431.430291.
3. TYPE OF DATA, PURPOSE AND LEGAL BASIS FOR PROCESSING
a) Navigation data
The personal data processed are only those that are provided by users during navigation and whose transmission is implicit in the use of internal communication protocols, such as the IP address, the operating system, the browser used and other information collected through the cookies installed on the Site, whose specific COOKIE POLICY. This data is used only to obtain anonymous information about the Site. The purpose of the processing is the proper functioning of the site. The legal basis of the processing is the legitimate interest of the Data Controller.
b) Data for drawing up quotations and requests for availability: these are personal and contact data (such as name, surname, e-mail address, telephone number) provided by users, Mieva S.r.l. in general does not process special data, unless specifically requested by the customer. We therefore invite users not to enter, in the collection form, data that may reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade-unionist character, state of health. The purpose of the processing is the fulfilment of the request made by the user. The legal basis is consent.
c) Data provided by the user by filling in the contact form
These are the personal and contact data (such as name, surname, e-mail address, telephone number) provided by users when filling in the contact form. Mieva S.r.l. generally does not process special data, unless specifically requested by the customer. We therefore invite users not to enter, in the form, data that may reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade-unionist character, state of health.
The purpose of the processing is the fulfilment of the contact request made by the user. The legal basis for the processing is consent.
d) Data collected for sending newsletters (periodic e-mail message to be updated on aparthotel activities and services). The legal basis for the processing is consent.
e) Data collected for profiling activities consisting in the analysis of services requested by you and the processing by the agency of your profile in order to improve the commercial offer and services proposed to you. The legal basis of the processing is consent.
f) Data collected for the sending by the agency of commercial and promotional communications. The purpose of the processing is the sending of commercial information. The legal basis of the processing is consent.
4. OBLIGATORY NATURE OF PROVIDING DATA
The provision of data for the purposes referred to in point 3:
- – letter a) is compulsory in order to allow navigation of the site;
- – letters b), c), d), e) f) is optional.
5. METHODS OF PROCESSING AND COMMUNICATION OF DATA TO THIRD PARTIES
Data may be processed by means of the collection, recording, storage, processing and deletion of data using both paper and electronic instruments. The data shall not be subject to dissemination or automated decision-making.
The data may be communicated to data processors, such as employees and collaborators of the Data Controller, third parties (companies and professionals) who provide services on behalf of the Data Controller relating to the functionality of the site, company operations and the fulfilment of contractual, legal and administrative obligations.
Finally, the data may be transmitted to the police and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection against threats to public safety, as well as to allow the data controller to exercise or protect its own rights or those of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others.
6. DATA TRANSFER OUTSIDE THE EU
Data are stored and processed within the European Union.
In the event of any processing of personal data outside the European Union, this will only take place after appropriate safeguards have been put in place, as required by mandatory legislation.
7. DATA RETENTION PERIOD
The data provided will be kept for a limited period of time, for the purposes indicated in point 3 above:
- browsing data will be kept for the time necessary to provide the service and then immediately deleted, except as provided for cookies in the specific COOKIE POLICY;
- data provided through the contact form are kept for the time necessary to process the request;
- data retained to facilitate registration for subsequent stays are retained for 3 years (term to be renewed for each subsequent stay);
- the data for marketing and profiling activities are kept until you revoke your consent and in any case for a maximum of 24 months from your last expression of interest
- data for sending the newsletter are kept until consent is revoked (opt-out).
8. RIGHTS OF THE DATA SUBJECT
The data subject is entitled to exercise the following rights in relation to the personal data covered by this notice, as provided for and guaranteed by the Regulation:
- right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, amended or supplemented.
- Right to data deletion (Art. 17 of the Regulation): in the cases provided for by the legislation in force, you may request the deletion of your personal data;
- Right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation of the accuracy of your personal data by the data subject;
- Right to data portability (Art. 20 of the Regulation): you have the right to request to obtain, from the Data Controller, your personal data in order to transmit them to another Data Controller, in the cases provided for by the aforementioned Article.
- Right to lodge a complaint (Art. 77 of the Regulation and Art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint before the competent Data Protection Authority if you believe that a violation of your rights has occurred, or is taking place, with regard to the processing of your personal data (more information on this from the website www.garanteprivacy.it).
- Right to withdraw the consent given (Art. 13 of the Regulation): for the processing of personal data whose legal basis is consent, you have the right to withdraw your consent at any time by contacting the Data Controller as indicated below.
9. MODALITIES FOR EXERCISING RIGHTS
At any time, the data subject may exercise his/her rights with reference to the personal data processed by the Data Controller by sending a specific written request to exercise his/her rights by registered mail to the company’s registered office, or by e-mail to the address: ashanti@agenziamc.com or by pec to the address: mievasas@pec.it.