Privacy Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
Data subjects: users consulting the website www.hotelsarti.com of “HOTEL SARTI S.R.L.”
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation", or “GDPR”), this page describes the methods for processing the personal data of users who consult the website of “HOTEL SARTI S.R.L.” accessible electronically at the following address: www.hotelsarti.com
This information does not concern other sites, pages, or online services reachable via hypertext links that may be published on this site but refer to external resources outside the domain www.hotelsarti.com
DATA CONTROLLER
Following consultation of the site, data relating to identified or identifiable natural persons may be processed. The Data Controller is “HOTEL SARTI S.R.L.”, with registered and operational office in Piazzale San Martino, 4 - 47838 Riccione (RN), VAT no.: 04863080406, Email: info@hotelsarti.com, Tel: 0541 600978.
DATA PROTECTION OFFICER
The Data Protection Officer (RPD / DPO) is the company Studio Paci & C. Srl (contact person Dr. Gloriamaria Paci), who can be contacted at the following address: dpo@studiopaciecsrl.it, telephone: 0541 1795431 and Certified Email (PEC): studiopaciecsrl@pec.it.
TYPES OF DATA PROCESSED, PURPOSE OF PROCESSING AND LEGAL BASIS
1) Browsing data
Legal basis: “data processing necessary for browsing the website” – contractual obligation – art. 6 par. 1 letter b) GDPR
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment.
Such data, necessary to navigate the Website and to use the information contained therein, are also processed by the controller for the purpose of:
- obtaining aggregate and anonymous statistical information on the use of the Website (most visited pages, number of visitors per hourly or daily time slot, geographical areas of origin of visitors, etc.);
- checking the correct usability of the content offered by the Website;
- preventing or countering any possible cybercrime, the fraudulent use of the features available on the site, also for the purpose of reconstructing security incidents and their traceability.
Retention period:
Browsing data, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to art. 5 of the GDPR, will be kept for a period of time not exceeding the achievement of the technical purposes described above for which they are collected and processed, except for any need to investigate crimes by the Judicial Authority.
2) Data communicated by the user
Legal basis: “data processing necessary to reply to users' questions” – contractual obligation – art. 6 par. 1 letter b) GDPR
The optional, explicit, and voluntary sending of messages to the contact addresses of “HOTEL SARTI S.R.L.”, private messages sent by users to institutional profiles/pages and on social media (where this option is provided), as well as the filling out and submission of forms present on the websites of “HOTEL SARTI S.R.L.”, involve the acquisition of the sender's contact details, necessary to reply, as well as all personal data included in the same communications. Specific information notices are published on the pages of the site prepared for the provision of certain services, where, if necessary, the user's consent is collected, informing them from time to time about the purposes and optional nature of providing the data.
Retention period:
The data communicated by the user are kept for the time necessary to manage the individual requests; any subsequent storage for statistical purposes involves the anonymization of such data (except for any need to investigate crimes by the Judicial Authority).
3) Cookies and other tracking systems
Use is made of:
a) technical cookies necessary for user navigation, facilitating correct navigation of the site and the usability of contents by the user. Legal basis: “contract as they are functional and necessary”.
b) analytical cookies used to process aggregate statistical analysis on the user's use and interaction with the site. Subject to the user's consent. Legal basis: “consent”.
c) Profiling cookies allow the collection of information regarding the preferences expressed by the user during navigation and the processing of reports intended to be used for targeted advertising and marketing campaigns.
Legal basis: “consent”.
Information on data processing, purpose, duration, and complete management of cookies, including their consent and revocation, are available in the “Cookie Management” document also present in the footer.
4) Social Media Policy: Information about the processing of personal data carried out through the Social Media platforms used
For information on the processing of personal data carried out by the managers of Social Media platforms, please refer to the information provided by them through their respective privacy policies. The Data Controller processes personal data provided by users through dedicated Social Media platform pages, within the scope of its corporate promotion and advertising purposes, to manage interactions with the users themselves (comments, public posts, messages, shares, etc.) in compliance with current legislation on personal data protection and this privacy policy; where necessary, the user's consent is collected, informing them from time to time about the purposes and the optional nature of providing the data.
Personal or “sensitive” data entered in comments or public posts within social media channels may be removed.
The platforms used are:
- Facebook https://www.facebook.com/hotelsarti.riccione
- Instagram https://www.instagram.com/hotelsarti_riccione
RECIPIENTS OF THE DATA
Recipients of the data collected following the consultation of some of the services listed above are certain entities designated by the Data Controller pursuant to Article 28 of the Regulation, as data processors, and other additional service providers in the fields of web agencies, digital communication, systems assistance, and any other digital service providers for which it is possible to request the complete list by writing to info@hotelsarti.com
Some data and information may be transmitted to or acquired by entities identified as autonomous data controllers; such data relate to cookies, which are usually anonymized before sending, for statistical purposes. If transfer to non-EU countries is envisaged, the guarantee measures undertaken will be indicated, as described in paragraph 6 of this document.
The personal data collected are also processed by the staff of “HOTEL SARTI S.R.L.”, acting on the basis of specific instructions provided regarding the purposes and methods of the processing itself.
SECURITY OF PROCESSING
Personal data transmitted and stored for the time necessary for the declared purposes are protected by specific technical and organizational security measures in reference to art. 32 of the Regulation, capable of ensuring on a permanent basis the confidentiality, integrity, availability, as well as the ability to promptly restore the availability and access to personal data in the event of a physical or technical incident, also against the risks of destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, whether accidental or unlawful.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
The data controller does not transfer personal data to non-EU countries. Should the need arise, data subjects will be informed in advance, and guarantee measures for the transfer to the recipients will be adopted, which depending on the case may be: verification of the existence of adequacy decisions for the destination country by the Commission, signing of standard contractual clauses, verification of the adoption of any supplementary measures in implementation of Recommendation 01/2020 EDPB. By way of derogation from these guarantees, for data processing (ref. art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the data subject or consent to the transfer is verified.
RIGHTS OF DATA SUBJECTS
Data subjects have the right to obtain from “HOTEL SARTI S.R.L.”, in the cases provided for, access to their personal data, rectification, erasure of the same, restriction of processing concerning them, portability, or to object to processing and withdraw consent (where used as a legal basis) in reference to articles 15 to 22 of the Regulation.
The request must be submitted through the contact details of “HOTEL SARTI S.R.L.”, with registered and operational office in Piazzale San Martino, 4 - 47838 Riccione (RN), Email: info@hotelsarti.com, Tel: 0541 600978.
To exercise your rights, you can also use the form prepared and available on the website of the Italian Data Protection Authority at this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docwebdisplay/docweb/9038275
RIGHT TO LODGE A COMPLAINT
Data subjects who believe that the processing of personal data relating to them carried out through this site takes place in violation of the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority, as provided for by art. 77 of the Regulation itself, or to take appropriate judicial legal action (art. 79 of the Regulation). The form for lodging a complaint is available on the website of the Italian Data Protection Authority at this link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524