INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information note describes the website’s management procedures concerning the processing of personal data of users which consult it. This is an information note which is provided pursuant to art. 13 of EU Reg. no 679/2016 – henceforth GDPR – to those who interact with the web services of the company AMBASCIATORI SRL, owner and data controller of the website WWW.HOTELAMBASCIATORICATTOLICA.it, accessible by computer from the address: WWW.HOTELAMBASCIATORICATTOLICA.it, which corresponds to the home page of the official website of the Hotel AMBASCIATORI. The information note is provided only for the website WWW.HOTELAMBASCIATORICATTOLICA.it and not for any other websites accessed via its links.
THE DATA CONTROLLER
By consulting this site, data of persons identified or identifiable may be processed. The “Data Controller” which takes care of their processing is AMBASCIATORI SRL, based in via Carducci 145, 47841 Cattolica (RN), registered in the Rimini Register of Companies.
PLACE OF DATA PROCESSING
The processing and collection of personal data connected to the web services of this website is carried out at the headquarters of the company AMBASCIATORI S.R.L. using automated tools.
PURPOSES OF PROCESSING PERSONAL DATA
The user’s personal data are collected and processed for the time strictly necessary to achieve the purposes for which they were acquired and in particular:
- for reasons directly connected and instrumental to the provision and management of the room booking services offered by HOTEL AMBASCIATORI;
- to obtain statistical information on the use of the software and to check its correct operation;
- for potential forwarding of informative, commercial and promotional material (for marketing purposes) concerning the services of the HOTEL AMBASCIATORI, in the case of specific authorisation by the data subject;
- for surveys on the quality of the Services and the degree of Customer satisfaction (surveys carried out, subject to the User’s consent) both directly and possibly with the collaboration of specialised operators;
Personal data is collected and processed by the Data Controller in the pursuit of its legitimate interests, including:
- the fulfilment of legal obligations (for example, the transmission of data to the State Police in compliance with the requirements of article 109 T.U.L.P.S. (Consolidated Text of Laws on Public Security) – Notification of accommodated clients to Police Headquarters);
- fraud protection;
- security measures;
- for notifying crimes to the judicial authority.
METHOD OF PROCESSING
The processing of personal data collected through the HOTEL AMBASCIATORI website finds its legal basis in the data subject’s consent, which can always and in any case be revoked by the latter’s request for cancellation. The processing will be carried out in an automated and/or manual form, in compliance with the provisions of art. 32 of the GDPR 2016/679 on the matter of security measures, by the above-mentioned Data Controller and in compliance with the provisions of art. 29 GDPR 2016/679. They will also be processed in compliance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 GDPR 2016/679, subject to free and explicit consent expressed through electronic means on the website WWW.HOTELAMBASCIATORICATTOLICA.it the personal data will be stored for the period of time necessary to achieve the purposes for which they are collected and processed. In particular, once collected, the data will subsequently be entered and catalogued in a special registry file, both on paper and computer, managed and kept by the Data Controller. Specific security measures are complied with by the Data Controller in order to prevent data loss, illegal or incorrect use and unauthorised access.
TYPES OF PROCESSED DATA
User Personal Details (Registration Data). In order to use the website’s Booking Services WWW.HOTELAMBASCIATORICATTOLICA.it, the User must complete the registration form and provide specific information. The data considered necessary for the Service are highlighted with an asterisk. Failure to provide data marked with said asterisk will prevent the provision of the Services requested by the User. Other data, not necessary for providing the Service, may be requested, but their provision will be absolutely open, with the consequence that refusal to provide such information will not prejudice executing the Service requested by the User. Browsing data: The computer systems and software procedures used to operate this website acquire some personal data during their normal operation, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with any identified party but their very nature could, through processing and association with data held by third parties, allow identifying the users. This category of data includes IP addresses or domain names of computers employed by users connecting to the website, URI (Uniform Resource Identifier) addresses of resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of response from the server (successful, error etc.) and other parameters regarding the operating system and computer environment. These data are used only in order to obtain anonymous statistical information about the website and to check its correct operation and are deleted immediately after their processing. Data provided voluntarily by the user. The optional, explicit and voluntary forwarding of e-mails to the addresses listed on this website, involves acquiring the sender’s email address necessary to respond to the requests, and any other personal data included in the message.
TRANSFER OF PERSONAL DATA
The data of the data subjects collected on the website WWW.HOTELAMBASCIATORICATTOLICA.it will not be transferred to Member States of the European Union nor to third countries not belonging to the European Union.
THE EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING
AMBASCIATORI S.R.L. does not adopt any automated decision-making process, including profiling, as per article 22, paragraphs 1 and 4, of EU Regulation no. 679/2016.
SCOPE OF COMMUNICATION AND DIFFUSION
The data collected will never be disclosed and will not be transmitted without the explicit consent of the data subject, except for communications necessary for the fulfilment of legal obligations.
COOKIES
AMBASCIATORI S.R.L. uses cookies on its website; these are alphanumeric identification elements created by the browser and stored on the User’s computer which are capable of recognising the User’s device and are useful for optimising the use of the website and of the Services connected to it. Specifically, the following cookies may be found on the website:
Strictly necessary cookies:
in order to provide the services required and essential to allow the user to browse the website and to use its features without which some services (e.g. room reservations) cannot be provided.
Functional cookies:
which allow the system to remember the choices made (e.g. name, language, region, font and text size) and provide optimised and customised features to improve the online experience.
Technical / analytical cookies:
which collect anonymous information on the pages visited, used for statistical purposes.
Persistent cookies:
for tracking Users, these are used to customise and improve the use of the site.
Session cookies:
the use of these cookies (which are not permanently stored on the user’s device and are automatically deleted when closing the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable a safe and efficient browsing of the website and to avoid the use of other IT techniques potentially prejudicial to the privacy of users’ browsing. Cookies can be deleted from the browser using the functions of one’s own navigation program. However, failure to express acceptance may in some cases result in the inability to use the Service or to properly implement User requests.
Social media and third-party cookies and widgets:
When using the website, it is possible to notice information not belonging to the HOTEL AMBASCIATORI but to third party companies, which may send their own cookies. The following www.hotelambasciatoricattolica.it third-party cookies may be found on the website: Google, Tripadvisor, Facebook. The company has no access or control over these cookies for which reference should be made to the information notes adopted by the respective companies.
RIGHTS OF THE DATA SUBJECTS
Right of Access and Rectification:
In relation to their personal data processed by the owner, ex. Art. 13, section 2, GDPR, data subjects have the right:
- to access such data;
- to their amendment or erasure;
- to restrict their processing;
- to object to their processing.
Right to erasure:
I data subjects are also entitled to request the erasure of their personal data without delay, exercising the right to be forgotten ex. art. 17 GDPR, should there be one of the following reasons:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based according to Article 6, section 1, letter a) or Article 9, section 2, letter a) of the GDPR and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21, section 1 of the Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21, section 2 of the GDPR;
- the personal data have been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation envisaged by Union or Member State law to which the controller is subject;
- the personal data was collected in relation to the offer of information society services to minors.
The data controller, if it has made the personal data public and is obliged to erase these, taking account of the available technology and the cost of implementation, takes reasonable steps, including technical measures, to notify the controllers which are processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, those personal data. The Right to be Forgotten cannot be exercised by the data subject to the extent that processing is necessary:
a. for exercising the right of freedom of expression and information;
b. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or for exercising the official authority vested in the controller;
c. for reasons of public interest in the area of public health in accordance with Article 9, section 2, letters h) and i), and Article 9, section 3 of the GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, section 1 of the GDPR, in so far as the right to be forgotten is likely to render impossible or seriously impair the achievement of the objectives of that processing;
e. for the establishment, exercise or defence of legal claims
Right to restrict processing
The data subject has the right to obtain from the data controller the limitation according to art. 18 of the GDPR when he/she contests the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and the data subject opposes the erasure of personal data and requests instead that its use should be limited; although the data controller should no longer need these for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the data subject has opposed the processing pending verification regarding the possible prevalence of the legitimate reasons of the data controller in respect of those of the data subject.
Right to data portability:
The data subject also has the right to data portability pursuant to art. 20 of the GDPR and therefore to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, should the processing be based on the consent to the processing of his/her own personal data for one or more specific purposes and should the processing be carried out by automated means.
Right to object:
Finally, the data subject has the right to object at any time ex. art. 21 GDPR, for reasons related to his/her particular situation, to the processing of personal data concerning him/her, which have been provided by the same to the data controller for one or more specific purposes.
REQUESTS FOR EXERCISING THE DATA SUBJECT’S RIGHTS
Requests for exercising own rights must be addressed by the data subject to the e-mail address: ambasciatori@tombarihotels.com or by registered letter with return receipt to HOTEL AMBASCIATORI S.R.L. based in VIA CARDUCCI 145, 47841 CATTOLICA (RN).
LODGING A COMPLAINT TO THE DATA PROTECTION AUTHORITY
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the regulations of the GDPR, pursuant to art. 77. For the purposes of this privacy policy, pursuant to art. 4, section I no 23) of the GDPR, the processing of personal data carried out on this website by HOTEL AMBASCIATORI of AMBASCIATORI S.R.L., takes place in the context of the activities of a single establishment within the European Union and substantially affects or is likely to substantially affect data subjects in more than one Member State. For this reason, in the event of a data subject residing in the territory of a Member State other than that of establishment, he/she may resort to the data protection authority of the country of the Union where he/she resides habitually.