January 2022 edition
Having regard to Article 13 of the EU Regulation 2016/679 (hereinafter “GDPR”), this statement aims to describe the processing of personal data from the website www.hoteladlercavalieri.com
The information does not concern other websites, pages or online services reachable from such website.
- DATA CONTROLLER
1.1. GRIMAGEST S.r.l is the data controller, with legal head office in Via di Camerata n. 23, Florence (50133).
1.2. Contract details: a) telephone number: 055277810; b) e-mail address: firstname.lastname@example.org;
- PURPOSE, LEGAL GROUND AND NATURE OF THE DATA PROVISION
2.1. This paragraph describes the purpose of the data processing, the respective legal ground and the nature of the data provision.
- CONTACT FORM. Purpose: contacting the hotel by filling in a specific form. Legal ground: implementation of pre-contractual and contractual measures (Article 6.1 (B) GDPR). Nature of the data provision: it is necessary so as to submit a request to the data controller.
- SURFING THE WEBSITE. Purpose: surfing the website in relation to personal data implicitly submitted during the use of internet communication protocols (IP address, domain name used to connect to the website, URI -Uniform Resource Identifier - addresses of the requested resources, time of the request, method used to submit the request to the server, file size in response, status code of the server response and other parameters concerning the operating system and the IT environment of the user). These data are only used for anonymous statistical purposes on the website use and to check their correct functioning. After processing, this information is immediately deleted. Legal ground: Legitimate interest of the data controller (art 6.1 (F) GDPR). Nature of the data provision: necessary in order to surf the website.
- BOOKING. Purpose: room booking, availability requests and related management, including payments made from the booking system. Legal ground: implementation of pre-contractual and contractual measures (Article 6.1 (B) GDPR). Nature of the data provision: it is necessary to book a room.
- LEGAL OBLIGATIONS FOR THE DATA CONTROLLER. Purpose: complying with legal obligations from the data controller on the website surfing and connected services. Legal ground: complying with legal obligations to which the controller is subject (Article 6.1 c) GDPR). Nature of the data provision: once the subject provides personal information in order to fulfil the aforementioned purposes, they can be processed to comply with legal obligations by the data controller.
2.1.1. Concerning cookies processing, please visit the dedicated section of the website.
2.1.2. Concerning the processing of the data controller after checking in at the hotel facility, please ask for the information statement available at the facility.
2.1.3. Whether necessary and only after your provision for the aforementioned purposes, your personal data may be processed for the establishment, exercise or defence of legal claims, based on the legitimate interest of the data controller (Article 6.1 (F) GDPR).
- RETENTION PERIOD
3.1. Your personal data will be processed for:
- a period of six (6) months whether you voluntarily provided them while filling the contact form;
- the entire duration of the browser session and the related data collected for a maximum period of seven (7) days, except for a complementary period in case of necessity to establish any responsibility for potential computer crimes;
- a period of ten (10) years since the booking date, as established by legal obligations.
3.2. Whether necessary for the establishment, exercise or defence of legal claims, your personal data will be processed by the data controller for the entire duration of any legal action.
- RECIPIENTS OF THE PERSONAL DATA
4.1. Your personal data may be communicated to:
- subjects who typically act responsible for processing the data according to Article 28 GDPR, i.e., a.1) persons, companies or professional firms providing accounting, administrative, legal, budgetary, debt recovery and tax-related assistance and consultation to the controller concerning the provision of Services; a.2) subjects with whom is necessary to interact so as to implement the contract; a.3) delegated parties carrying out technical maintenance work (including equipment and electronic communication networks maintenance). These subjects work based on the instructions given by the data controller according to Article 28 GDPR.
- subjects, institutions or authorities that have to communicate your personal data by virtue of legal provisions and orders from authorities and that will act as autonomous data controllers.
- People authorised by the data controller according to Article 29 GDPR, who have committed themselves to confidentiality or are under an appropriate statutory obligation or confidentiality, as Grimagest S.r.l. employees.
4.2. The full list of data processors is available by submitting a written request to one of the data controller’s contacts indicated in this information statement.
- TRANSFER OF PERSONAL DATA OUTSIDE THE EU
5.1. Except for cookies - regulated by a specific information document available on this website - a transfer of personal data is not carried out to countries outside the EU.
- RIGHTS OF THE PARTICIPANT AND COMPLAINTS
6.1. Concerning these data, you can exercise your data protection rights at any time. These rights include:
- the right of access, expressly provided for by Article 15 GDPR;
- the right to rectification, expressly provided for by Article 16 GDPR;
- the right to erasure, expressly provided for by Article 17 GDPR;
- the right to restriction of processing for cases provided by Article 18 GDPR;
- the right to receive a document ensuring that operations are carried out according to Articles 16,17 and 18 GDPR and that third parties are informed about actions taken by the controller regarding personal data, except for what is considered impossible or involves a disproportionate effort according to Article 19 GDPR;
- the right to data portability, expressly provided for by Article 20 GDPR;
- the right to object to data processing, expressly provided for by Article 21 GDPR.
6.2. You have the right to lodge a complaint to a supervisory authority, according to Article 77 GDPR.
6.3. In order to exercise your rights, you can address to the data controller through one of their contacts indicated in this information document.
- FURTHER INFORMATION
7.1. This information document is updated to January 2022.