Privacy disclaimer

INFORMATION
ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679

Data Subjects: Potential customers.

“HOTEL SARTI S.R.L.”, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter referred to as ’GDPR’, hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that such processing will be based on principles of correctness, lawfulness, transparency, and the protection of your confidentiality and rights.

In order to achieve its purposes, related to the management of the relationship, the Data Controller needs to acquire personal data, such as, by way of example, first name and last name, telephone or mobile number, email address, and tax code.

Your personal data will be processed in accordance with the legislative provisions of the aforementioned regulation and the confidentiality obligations provided therein.

Purposes of processing
Quote request: your data will be processed to manage requests received through the online booking form available on the website www.hotelsarti.com of “HOTEL SARTI S.R.L.”.
The legal basis for processing is of a pre-contractual and contractual nature, to the extent that data processing is required for operations preliminary to the stay, as well as the fulfillment of legal obligations by the data controller for fiscal and accounting purposes.

Consequences of failure to provide data: The processing of data is necessary for the use of the online booking service in order to implement the purposes indicated above and ensure the correct management of the relationship. Any failure to provide, or incorrect communication of, any of the mandatory information may result in the Data Controller being unable to guarantee the consistency and adequacy of the processing itself.

Optional purposes:
a)
Subject to your free consent, the Data Controller may also process your data to fulfill market research, statistics, and promotional activities, including the sending of advertising and promotional material—via email, post and/or SMS and/or telephone calls or possibly via WhatsApp (subject to consent)—other than those necessary to guarantee the execution of the relationship.
The legal basis for processing is the consent of the data subject.

b) Subject to your consent for the use of WhatsApp, given by clicking on the box next to the indication of your mobile number, we intend to use this communication channel in order to make communications faster and more effective. You have the right to disable the use of WhatsApp at any time from the functions of WhatsApp itself, for example by blocking the number, or through the methods indicated below for exercising your rights via email. The legal basis for the processing described above is the consent of the data subject.

Consequences of refusal for optional purposes: The provision of data is optional for you regarding the aforementioned purposes, and any “refusal to processing” either for the optional marketing purpose (a) or for the use of WhatsApp (b) does not jeopardize the continuation of the relationship or the consistency of the processing itself. Regarding “optional purpose b)”, your refusal prevents you from receiving the quote through the WhatsApp messaging service, meaning it will be sent solely via email communication. In any case, you may exercise your right to withdraw consent even subsequently, either through the emails received (at the bottom of the text) or by requesting it through the contact channels of the data controller.

Methods of processing: The processing is carried out using manual and/or computer and telematic tools, in such a way as to guarantee the security, integrity, and confidentiality of the data in compliance with the physical and logical organizational measures provided for by current regulations, so as to minimize the risks of destruction or loss, unauthorized access, modification, and unauthorized disclosure, in compliance with the methods referred to in Articles 6 and 32 of the GDPR.

Recipients:
For the performance of certain activities, or to provide support for the operation and organization of the activity, some data may be brought to the knowledge of or communicated to recipients. These entities are divided into:
Third Parties (communication to: natural or legal persons, public authorities, agencies, or other bodies other than the data subject, the data controller, the data processor, and the authorized persons responsible for processing), including:

  • Companies managing traditional or computerized postal services;
  • Any other entities whose data communication is necessary to achieve the purposes indicated above.
    Data Processors (the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller):
  • IT service providers, web providers, or other services necessary to achieve the purposes required for managing the relationship.

Within the company structure, your data will be processed solely by personnel expressly authorized by the Data Controller, with the assurance of the adoption of a confidentiality agreement.

Dissemination: Your personal data will not be disseminated in any way.

Data transfer to third countries: The data controller does not transfer personal data to non-EU countries. Should there be a need, data subjects will be informed in advance, and guarantee measures will be adopted for the transfer to the recipients, which depending on the circumstances may include: verification of the existence of adequacy decisions for the destination country by the Commission, signing of standard contractual clauses, verification of the adoption of any supplementary measures in implementation of the EDPB Recommendation 01/2020. In derogation of these guarantees, for data processing (ref. Article 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the data subject or consent to the transfer is verified.

Retention period: Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Article 5 of the GDPR, the retention period of your personal data is set for a period of time not exceeding the achievement of the purposes for which they are collected and processed; if a contract is signed, this retention period may cease with the expiration or termination of the contract, and the same data may be stored, where applicable, for an additional period of time for the purpose of managing any potential disputes. The retention period for data processing relating to marketing is functional to the purposes pursued by the data controller, and in any case not exceeding 3 years from the last contact or response received.

Data Controller: The Data Controller, in accordance with the law, is “HOTEL SARTI S.R.L.”, with registered and operational headquarters in Piazzale San Martino, 4 - 47838 Riccione (RN), VAT number: 04863080406, Tel: 0541 600978, in the person of its legal representative pro tempore. By sending an email to the following address info@hotelsarti.com you can request more information regarding the data provided.

The Data Protection Officer (“DPO”) is Studio Paci & C. Srl (Contact person Dr. Gloriamaria Paci), who can be reached at the following address: dpo@studiopaciecsrl.it, telephone: 0541 1795431 and Certified Email (PEC): studiopaciecsrl@pec.it

EU Reg. 2016/679: Arts. 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information (Right of access of the data subject):
a)  the purposes of the processing;
b)  the categories of personal data concerned;
c)  the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d)  where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e)  the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f)  the right to lodge a complaint with a supervisory authority;
g)  where the personal data are not collected from the data subject, any available information as to their origin;
h)  the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. The data subject has the right to:
a. obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her (Right to rectification);
b. obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds specified in Art. 17 of the GDPR applies (Right to erasure);
c.  obtain from the controller restriction of processing where one of the cases specified in Art. 18 of the GDPR applies (Right to restriction of processing);
d.  receive the personal data concerning him or her, which he or her has provided to a controller, in a structured, commonly used and machine-readable format where the conditions specified in Art. 20 of the GDPR apply (Right to data portability);
e.  object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions (Right to object);
f.  not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, with the exceptions provided for by Art. 22 of the GDPR (Automated individual decision-making, including profiling).

Complaint: Data subjects, where the conditions are met, also have the right to lodge a complaint with the Data Protection Authority (Garante) as the supervisory authority according to the established procedures. For any further information, and to assert the rights recognized to you, you may contact the data controller at the references listed above.

Consent
Formula for acquiring the consent of the data subject

Your consent for marketing purposes will be recorded (IP address, email, date and time) by ticking the box below the email entry field, or following the placement of / clicking in the appropriate box, and concurrently with pressing the “send” / “ok” button. This consent will be archived to prove it was given, and to allow you to withdraw it at any time, in addition to all the other rights specified above.