Information pursuant to EU Regulation 2016/679 (“GDPR”)
HOTEL AURORA DUINO hereby informs visitors of its Website about the policy adopted regarding Personal Data Protection.
This information is not valid for other websites that may be consulted through links present on this site (e.g., www.simplebooking.it), therefore HOTEL AURORA DUINO is in no way responsible for the data processing carried out by third-party internet sites.
Personal Data (or Data)
Personal data is any information which, directly or indirectly, also in connection with any other information, including a personal identification number, makes a physical person identified or identifiable.
These are the information collected automatically through a Website (also by third-party applications integrated into this Website), including: the IP addresses or domain names of the computers used by the User who connects to the Website, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page).
The individual who uses this Website, who, unless otherwise specified, coincides with the Data Subject.
The physical person to whom the Personal Data refers.
Data Controller (or Owner)
The physical or legal person who determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.
External Data Processor (or Processor)
The physical or legal person, public administration and any other entity that processes personal data “on behalf” of the Owner.
WHO WE ARE AND HOW TO CONTACT US: THE “DATA CONTROLLER”
The “owner” of the processing is: HAD di A. Furlani sas based in Frazione Duino 15 - 34011 Duino (TS) VAT and CF [Fiscal Code]: 01061080329 | REA: TS-121553
The Owner's contacts are as follows: Email: firstname.lastname@example.org | Phone: +39 040 208 212 |
PERSONAL DATA PROCESSED AND PURPOSES OF PROCESSING
The computer systems and software procedures used for the functioning of this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the user's operating system and computer environment.
Such data, necessary for the use of web services, are also processed for the purpose of:
obtaining anonymous statistical information on the use of services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
checking the correct functioning of the offered services.
Browsing data do not persist for more than seven days and are deleted immediately after their aggregation (except for any need to ascertain crimes by the judicial authorities).
Data Communicated by the User
The optional, explicit, and voluntary sending of messages to the contact addresses published on the website, as well as the completion and forwarding of forms present on the website to enjoy the proposed services, entail the acquisition of the sender's contact data, necessary to respond, as well as all the personal data included in the communications.
Specific information is published on the pages of the website prepared for the provision of certain services, with a request for possible consent to processing.
Data of Minors Under 16 Years of Age
Minors under 16 years of age are not authorized to provide any personal data, nor to register on the site. If it is verified that the statements made are not truthful, we will proceed with the deletion of all data received.
This site may use so-called social plug-ins. Social plug-ins are special tools that allow the functionality of the social network to be incorporated directly into the website (e.g., the "like" function of Facebook). All social plug-ins on the site are marked with the respective logo owned by the social network platform (e.g., Facebook, Google, Twitter, Instagram).
When you visit a page of our site and interact with the plug-in (e.g., clicking the "Like" button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform and stored by it.
Facebook: Information: https://www.facebook.com/privacy/explanation.
Instagram: Information https://privacycenter.instagram.com/
Tripadvisor: Information https://tripadvisor.mediaroom.com/it-privacy-policy
LinkedIn: Information https://it.linkedin.com/legal/privacy-policy
PURPOSES AND LEGAL BASIS OF PROCESSING
The Data Controller processes the aforementioned personal data to: manage and maintain the site; allow access to any dedicated areas; use any services offered; provide assistance and consultancy and process a contact request; perform general administrative-accounting activities; comply with an order from the Authorities; prevent fraudulent activities or harmful abuses for the site; exercise a right in judicial proceedings.
The Data Controller may process the aforementioned personal data even without specific consent, except as required for the completion of specific forms where the possible acquisition of consent is provided, as the legal basis for the lawfulness of the processing derives from the execution of pre-contractual measures adopted at the request of the interested party (e.g., a request for information via email), as well as for the pursuit of the legitimate interest of the Data Controller to promote and achieve its statutory purposes.
The provision of data for the above purposes is free and optional; however, refusal may make it impossible for the Data Controller to pursue the aforementioned purposes.
METHODS OF PROCESSING
Data are entered into an electronic database and/or stored in paper archives.
The data is not subject to automated decision-making, nor is any profiling of any kind performed.
RECIPIENTS OF USER DATA
Users' personal data may be processed and known by collaborators and employees of HOTEL AURORA DUINO as subjects authorized for processing and specially trained for the protection of data.
The data may be communicated to external subjects (e.g., companies that manage the site and web platforms for booking rooms and services, related companies, external consultants, subcontractors, etc.) for the purposes outlined above, should their involvement be necessary. These subjects will operate as independent Data Controllers, or will be designated as external Data Processors, whose complete list can be requested by sending an email to email@example.com.
The data may be communicated to supervisory bodies and judicial authorities, as well as to all other subjects to whom communication is mandatory by law.
The management and storage of personal data will take place in the UE, on servers located in Italy of the Data Controller and/or third-party companies within the UE, appointed and duly named as Data Processors.
DATA RETENTION PERIOD
The Data Controller will keep the data for the time strictly necessary to achieve the purposes outlined above and also to respond to any needs for access and data retrieval. After 24 months from the acquisition (7 days for browsing data), if there are no further contact needs or conservation obligations (10 years for contractual purposes), the data will be deleted.
RIGHTS OF THE DATA SUBJECT
Among the recognized rights are those to:
- request access to personal data and information related to it; the correction of inaccurate data or the integration of incomplete data; the deletion of personal data (when one of the conditions indicated in Article 17, paragraph 1 of the GDPR occurs and in accordance with the exceptions provided in paragraph 3 of the same article); the restriction of processing of personal data (when one of the cases indicated in Article 18, paragraph 1 of the GDPR occurs);
- request and obtain - in cases where the legal basis of the processing is the contract or consent, and it is carried out by automated means - personal data in a structured and machine-readable format, also in order to communicate such data to another data controller (so-called right to the portability of personal data);
- oppose at any time the processing of personal data when particular situations concerning him occur;
- revoke consent at any time, limited to cases where the processing is based on consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or place of residence), or particular categories of data (for example, data revealing health status or sexual life). However, the processing based on consent carried out prior to the revocation of the same retains its lawfulness.
With reference to the purposes indicated above, the interested party has the right to proceed, at any time, to the request for cessation of processing and the sending of email communications by the Data Controller, with a request to be presented to the contacts indicated above.
RIGHT TO LODGE A COMPLAINT
If the data subject believes that there is a violation in the processing of their personal data, they can lodge a complaint with the Supervisory Authority of the place where they habitually reside, work, or where the alleged violation occurred. In Italy, a complaint can be lodged with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
Should the changes affect processing activities based on consent, the Data Controller will, if necessary, re-collect the user's consent.