The Silva Hotel Splendid S.r.l, with registered address is Rome (RM) Via Lutezia, 11 C.A.P. 00198 P.I.: 00142300607 C.F.: 00142300607 in the person of the legal representative (hereinafter, “Owner”), as data controller, informs pursuant art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that the personal data provided to the company, will be processed in the manner and for the following purposes:
1. Personal Data
The Data Controller processes personal, identifying data relating to:
- The data relating to the Hotel’s customers, in particular: e-mail addresses and personal data (name, surname, address, period of residence, bank details) provided with consent at the time of registration, booking and signing of the contract. This management also includes the data of minors, hotel guests and the acquisition of data belonging to particular categories, referring to the health or religious indications necessary for the provision of the catering service.
- The Data Controller also acquires personal data from other data controllers, in particular travel agencies, tour operators, public / private institutions and companies. For this data, it keeps a record of the Data Processor. Upon acquisition of guests’ personal data in the walk-in, it becomes the owner.
2. Purpose of the processing
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times.
Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by subscribing to emails or making a reservation to stay with us), or because it is in Our legitimate interests. Specifically, we may use your data for the following purposes:
- Providing and managing your Account;
- Providing and managing your access to Our Site & property;
- Personalising and tailoring your experience on Our Site & property;
- Supplying Our products AND services to you (please note that We require your personal data in order to enter into a contract with you);
- Personalising and tailoring Our products AND services for you;
- Replying to emails from you;
- Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by opting out of receiving written promotional and marketing information or to opt in to receiving electronic marketing information. You can exercise your right to prevent such processing by selecting Unsubscribe option in the email newsletter.
- Market research;
- Analysing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience;
- With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email with information, news and offers on Our products AND services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Third parties (including TripAdvisor) whose content appears on Our Site may use third party Cookies. Please refer to Cookies Policy for more information on controlling. Please note that We do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was, first collected.
B) You have given consent to the processing of your personal data for one or more specific purposes (artt. 23 e 130 Codice Privacy e art. 7 GDPR).
3. Our security measures
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
- Only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
- Using secured servers to store your information;
- Verifying the identity of any individual who requests access to information prior to granting them access to the information
- Using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) software or other similar encryption technologies to encrypt your personal and payment transactions.
Unfortunately, transmission of information over email is not secure, and if you submit any information to us over the internet by email, we will do our best to protect your personal data and have contractual processes in place with our service providers to do this. Once we have received your information, we will use relevant procedures and adequate security measures to prevent unauthorised access. For your own privacy protection, we encourage you to maintain anti-virus and other malware protection software on your computers and other devices, and to maintain your own measures to protect your personal data. Please do not include sensitive personal data in any e-mails you may send to us, including payment card information.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like to know more about our data retention policy, please ask us.
4. Your Rights
You have certain rights under data protection laws, which we summarise below. If you contact us about these rights, we may ask for proof of your identity before we act on any request, and we may refuse to act if you do not provide this or your identity is not established by you. This is to ensure that your data is protected and kept secure.
To exercise any of your rights below, please use a dedicated online form, or send your request via email to firstname.lastname@example.org .
You may request the following information be provided to you:
- whether we are processing personal data about you;
- what personal data we are processing, including a request for a copy of your data;
- what purposes we are processing data for;
- from which sources we have collected the data;
- who we disclose the data to;
- We will act within one month after receiving a valid request (i.e. when we will have been able to identify you as the data subject). If your request is complex, or if we have a high volume of requests, we may extend this period for two additional months. We will advise you if this is the case.
- The law does allow us, in certain cases, to refuse to act upon your request or to charge a reasonable administration fee, if we estimate that the request is manifestly unfounded or excessive. We will advise you at the time if this is the case along with your possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
- You have the right to have your personal data amended if it is inaccurate or incomplete.
- Right to object
- You have the right to object to the use of your personal information for direct marketing or where we use it, on the basis that we say we have a legitimate interest in using it.
- You have the right to have your personal information deleted or removed in the following circumstances:
- The data is no longer necessary for the purpose for which it was originally collected or otherwise processed;
- Where you withdraw your consent, where consent was used as the legal basis for processing;
- Personal data has been unlawfully processed;
- When you object to the processing and we have no overriding legitimate interest for continuing the processing;
- Erasure is required for compliance with a legal requirement; or
- Data has been collected in relation to the offering of online services to a child.
- When a request for erasure is valid, we will take reasonable steps to inform third parties, which are processing the personal data that you have requested us to delete.
We have the right to refuse to act on a request of erasure if the data is necessary for:
- Exercising the right of freedom of expression and information;
- Compliance with a legal obligation;
- The establishment, exercise or defence of legal claims;
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit those data to another controller, when:
- The processing is based on consent or on a contract; and
- The processing is carried out by automated means.
You have the right to obtain from us the restriction of processing of your personal data where one of the following applies:
- You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- We no longer need the personal data for the purposes of the processing, but the data is necessary for you for the establishment, exercise or defense of legal claims;
- You have objected to processing pending the verification whether our legitimate grounds override yours
- Where the processing of your personal data is restricted, at the exception of storage, we will only process your personal data with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another individual or organisation, or because we are legally required to do so.
We will inform you before the restriction of processing is lifted.
Right to withdraw your consent
You are free to withdraw your consent at any time, where we rely on your consent as a legal basis for processing. Please contact us using the details outlined in this policy.
5. Contact Information
- e-mail email@example.com
- Silva Hotel Splendid S.r.l. Corso Nuova Italia,40 03014 Fiuggi FR
6. The DPO
The Data Protection Officer (DPO) is Società Reiss Romoli S.r.l. via Enrico Berlinguer, 3, 67100 L’Aquila (AQ) CF e PI 01800170662 – e-mail: firstname.lastname@example.org