INFORMATION ON THE PROCESSING OF PERSONAL DATA OF WEBSITE VISITORS PURSUANT TO REGULATION (EU) 2016/679 (“GDPR”)
Pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (“GDPR”), we provide you with information on the processing of your personal data (“Data”) collected through your browsing of the website.
DATA CONTROLLER
The Data Controller is
Hotel Rizzi S.r.l.
VIA BORGONOVO 46/F 29015 CASTEL SAN GIOVANNI PC
info@hotel-rizzi.it
+39 0523 882290
DATA PROCESSED, PURPOSE, LEGAL BASIS, RETENTION PERIOD
Browsing data
Browsing data is collected automatically in aggregate form only to verify the proper functioning of the website, obtain anonymous statistical information, and for security purposes. This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which may be used, in accordance with applicable laws, to block attempts to damage the site or other users, or otherwise prevent harmful or criminal activities, and to ascertain liability. They may therefore be made available to the competent authorities. This data is never used for profiling purposes.
They are retained for a maximum period of six months.
Data provided voluntarily by filling out forms on the site
Providing and processing data is not mandatory; however, failure to provide it may impact service components that require its availability.
If data provided is processed for marketing purposes, sending the request is subject to specific, free, and informed consent, documented via a specific checkbox. The data will be retained for two years.
SCOPE OF COMMUNICATION
The data is processed by duly authorized and trained personnel and by third parties pursuant to legal or contractual obligations, or appointed as Data Processors. This guarantees maximum protection of confidentiality, operating in full compliance with Regulation 2016/679/EU, and only for the purposes stated in this policy. Personal data will not be disclosed.
The data is processed within the EU. If, for technical and/or operational reasons, it becomes necessary to use parties located outside the European Union in countries that have not received an adequacy assessment from the EU Commission, the processing will be regulated by the Data Controllers in accordance with the provisions of Chapter V of the GDPR. All necessary precautions will therefore be taken to ensure adequate protection of personal data, basing such transfer: a) on adequate guarantees expressed by the third-party recipient pursuant to Article 46 of the Regulation; b) the adoption of standard contractual clauses or ad hoc contractual clauses; c) the adoption of binding corporate rules. Furthermore, the Data Controllers adopt, whenever deemed necessary, additional specific technical and organizational measures to minimize risks to their customers and users, including a data transfer impact assessment. Where the Data Controllers identify serious, non-mitigatable risks, they will refrain from transferring the data.
PROCESSING METHODS
Data processing is based on the principles of fairness, lawfulness, transparency, and data minimization (privacy by design); Processing may be carried out either manually or through automated means for storing, processing, and transmitting the data. This processing will be carried out using appropriate technical and organizational measures, taking into account the state of the art and implementation costs, to ensure, among other things, the security, confidentiality, integrity, availability, and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure, or otherwise unlawful use, as well as using reasonable measures to promptly erase or rectify inaccurate data, having regard to the purposes for which they are processed.
RIGHTS OF THE DATA SUBJECT (ARTICLES 15-22 of the GDPR)
The data subject has the right to request from the data controller access to, rectification or erasure of, and restriction of processing of personal data. In some cases, the data subject also has the right to object to the processing of personal data. Finally, the data subject may withdraw his or her consent at any time.
You can exercise these rights by email to the Data Controller’s email address. Finally, the data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
UPDATES TO THE POLICY
Please note that this policy may be subject to periodic revision, including in light of applicable legislation and case law. In the event of significant changes, appropriate notice will be provided on the website’s homepage for an appropriate period of time. In any case, the data subject is encouraged to consult this policy periodically.