INFORMATION ON PERSONAL DATA PURSUANT TO ART. 13 GDPR 679/2016
Pursuant to art. 13 of the GDPR (EU regulation 2016/679), we provide, in accordance with the principle of transparency, the following
information in order to make the interested party aware of the characteristics and methods of data processing:
Identity and contact details
We inform you that the "Owner" of the treatment is: Albergo Cavallino Bianco, with registered office in Fraz. Marcena, 6 - 38020 Rumo (TN), tel. 0463 531040, email info@cavallinobiancorumo.it
How the Data Controller collects and processes your data
On the occasion of contact or interaction with the guest, with suppliers and in all other aspects of the work, the Data Controller can collect personal information such as: name, surname, tax code, physical and electronic address, identity documents, passport number, landline and/or mobile phone number, bank details. The Owner may also collect further personal information during registration/check-in at the hotel. They are used by the Data Controller to follow up on the execution of the contract, as well as to fulfill the legal and regulatory obligations to which the Data Controller is required according to the activity exercised. The communication of your personal data takes place mainly towards third parties and/or recipients whose activity is necessary for the correct performance of the activities or to improve the products/services that the Data Controller
It offers them, and also to meet certain legal obligations. Any communication that does not respond to these purposes will be subject to your consent. Your data (such as name, surname, address, mobile and/or landline telephone number) may also be processed for commercial promotion purposes, for surveys and market research with regard to the products and services that the Data Controller offers you only if You authorize the treatment and/or if not you oppose it.
Purpose of the treatment
Your personal information will be processed for:
1) the management of the contractual relationship and the consequent fulfilments, including regulatory ones. The processing of your personal data takes place to carry out the preliminary activities and consequent to the signing of the contract such as the management of reservations, invoicing, payment, the handling of complaints and/or reports, as well as for the fulfillment of any other obligation arising from the contract, such as the registration and archiving of your personal data.
2) for communication to third parties and recipients. The processing of your personal data takes place in accordance with the contract and the obligations, including those of law and/or regulations, which derive from it. Your data will be disclosed to third parties/recipients when:
3) for commercial promotion and ancillary services. The processing of your personal data for commercial purposes can take place for:
propose products and services additional to those already purchased, improved or more suited to your needs.
to send you promotional offers on our services and updates on rates and offers, newsletters
as well as best wishes by ordinary mail, by sms, e-mail or social channels.
to implement (subject to your written consent) hotel services such as the external communication of data relating to your
stay for the exclusive purpose of allowing the function of receiving objects, messages and telephone calls addressed to you.
The processing in question can only be carried out if you give your consent for the use of the data.
Legal basis and legitimate interest
Personal data is processed lawfully, where the processing:
it is necessary for the execution of a contract of which you are a part or for the execution of pre-contractual measures adopted upon request;
it is necessary to comply with a legal obligation;
is based on freely expressed consent.
In case of booking for a hotel stay, the provision of data is mandatory for the purposes of the first two points and failure to provide it may make it impossible to obtain what has been requested. The legal basis of the treatment in the third point is your consent. The provision of data is therefore optional and does not prevent the provision of the requested service (hotel stay)
Methods of data processing
The processing consists of collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of your data. The operations are carried out with IT tools and in paper form. The treatment is carried out by the Data Controller and/or by authorized personnel for the treatment.
Recipients and any categories of recipients of personal data
Your data is processed within the structure by subjects authorized to process data under the responsibility of the Data Controller for the purposes indicated above. The data in question will not be disseminated, while they will or may be communicated to public or private entities operating within the scope and for the purposes described above.
In particular, your data will be - or may be - communicated, in accordance with the law, to the police forces, judicial authorities, information and security bodies or other public entities for purposes of defense or state security or prevention, detection or prosecution of crimes.
Data transfer to third country
The Data Controller will not transfer the data to a third country or to an international organization, except in the presence of an adequacy decision by the Commission.
How and for how long your data is kept
Personal data is kept for the time necessary to complete the activities related to the management of the contract with the Data Controller and for the fulfillment of the obligations, including legal ones, that follow. Data processing is carried out through paper supports or IT procedures by specifically authorized and trained internal subjects. These are allowed access to your personal data to the extent and within the limits in which it is necessary for the performance of the processing activities that concern you. The Data Controller periodically checks the tools by which your data are processed and the security measures envisaged for them, which are constantly updated; verifies, also through the subjects authorized to process, that personal data whose processing is not necessary are not collected, processed, filed or stored; verifies that the data are kept with the guarantee of integrity and authenticity and that they are used for the purposes of the treatments actually carried out. The personal data processed by the Data Controller are kept for the time necessary to complete the activities related to management
of the contract with the Data Controller and up to ten years following its conclusion (art. 2946 of the civil code) or from when the rights that depend on it can be asserted (pursuant to art. 2935 of the civil code); as well as for the fulfillment of the obligations (e.g. tax and accounting ones) that remain even after the conclusion of the contract (art. 2220 of the civil code), for which the Data Controller must only keep the data
necessary for their pursuit. Without prejudice to the cases in which the rights deriving from the contract have to be asserted in court, in which case the data, only those necessary for these purposes, will be processed for the time indispensable for their pursuit. For activities that have not given rise to contractual obligations, the Data Controller has the right to keep your personal data for one
period up to 36 months from the last activity in which he showed interest (by way of example: the request for quotes, the request for information and registration). For personal research purposes, your data will be kept for a maximum period of 24 months.
Data Rights
It should be noted that, with reference to their personal data, the interested party can exercise the following rights:
ask the Data Controller for access to your personal data and information relating to them; the rectification of inaccurate data or the integration of incomplete ones; the cancellation of personal data concerning you (upon the occurrence of one of the conditions indicated in article 17, paragraph 1 of EU Regulation 679/16 and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (in the event of one of the hypotheses indicated in article 18, paragraph I of EU Regulation 679/16);
request and obtain from the Data Controller - in cases where the legal basis of the processing is the contract or consent, and the same is carried out by automated means - your personal data in a structured format and readable by automatic device, also for the purpose of communicating such data to another data controller (so-called right to the portability of personal data);
oppose at any time the processing of your personal data in the event of the occurrence of particular situations that concern you;
revoke the consent at any time, limited to the cases in which the treatment is based on your consent for one or more specific purposes and concerns common and particular personal data. The processing based on consent and carried out prior to the revocation of the same, however, retains its lawfulness;
propose a complaint to a supervisory authority (Authority for the protection of personal data - www.garanteprivacy.it).
We inform you that when the data processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a) of EU regulation 2016/679, the interested party has the right to withdraw consent in any time without affecting the
lawfulness of the treatment based on the consent before the revocation. With regard to the methods of exercising the aforementioned rights, the interested party can write to: info@cavallinobiancorumo.it
Different purpose of the treatment
If the Data Controller intends to further process your personal data for a purpose other than that for which they were collected, before this further processing, the Data Controller will provide you with information regarding this different purpose and any further pertinent information.
Profiling
The Owner does not use automated processes aimed at profiling.