DISCLOSURE UNDER REGULATION EU 2016/679 (GDPR)
This communication is given pursuant to articles 13 and 14 of the European Regulation 2016/679 regarding protection of personal data (hereafter “GDPR”), and subsequent modifications and integrations and of the Italian reference law, including Legislative decree 101 of 10th August 2018, by A.C.D. HOTELS s.r.l. with registered offices at Via Carlo Cattaneo 23, 00185 Rome (hereafter also the “Company”) in its capacity of Data Controller of your personal data, and is provided for those who interact with the web services of the Company accessible electronically at the address www.alessandropalace.com.
This Disclosure has the purpose of communicating to the user the personal data processing methods concerning them.
TYPE OF DATA PROCESSED
The website offers informative and sometimes interactive content. When browsing the website www.alessandropalace.com, it may, therefore, gather information on the visitor in the following ways:
During their normal operation, computer systems and software procedures used to operate this website acquire some data, the transmission of which is implicit in the use of Internet communication protocols. It is information that CANNOT be associated to identified data subjects or include personal data. This category of data only includes IP addresses, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, failed, etc.) and other parameters associated with the user’s operating system and computer environment. This data is only used to obtain anonymous statistical information on the use of the site and to ensure that it operates correctly and it is cancelled immediately after processing; the way things stand, the data on the web contacts does not persist for more than seven days.
Data provided voluntarily by the User
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website involves the subsequent acquisition of the sender’s address, as well as any other personal data included in it, which are needed to respond to the requests. The personal information regarding those visiting the Website is not collected or used.
The visitors remain anonymous. The only exception concerns the information for personal identification necessary for executing the booking service and for subsequently providing the hotel accommodation services requested by the user/data subject.
The personal information regarding those visiting the Website is not collected or used. However, in the event of booking through the website, the user is obliged to provide name, billing address, email and telephone number. A.C.D. HOTELS s.r.l. will only use this information for processing the booking and for sending specific information necessary for confirming it including, but not limited to, receipt, booking code and conditions. The information provided will not be used for commercial purposes and will not be sold, transmitted, licensed or forwarded to third parties in another manner. The information on the payment methods and the data related to the credit card are managed by A.C.D. HOTELS s.r.l. only for the time necessary for checking the payment; this information will be cancelled on the successful outcome of the transaction and anyway kept for no longer than 30 days from when the Customer ends their stay. The sole subject that can process the booking data is our on-line booking services provider hostelworld l.t.d. (to which the Customer provides the data freely before granting it to A.C.D. HOTELS s.r.l.), which is responsible for processing the bookings online together with the credit card issuing companies, who can be contacted to verify their validity. In any case, the payment website administrator is solely responsible for this data and has ensured A.C.D. HOTELS s.r.l. in writing that it adopts scrupulous procedures to protect browsing data and uses particular care for storing the data regarding the credit card provided when booking online, as well as aligning with the provisions of the GDPR.
OPTIONAL NATURE OF PROVIDING THE DATA
Besides what has been specified above in relation to browsing data, the user is free to provide the requested personal data by means of the data collection Form or through the “contacts” section of the online Booking Office to obtain explanatory information or other communications or information. Failure to provide such data may, however, make it impossible to obtain what is requested. Sending the data requires acquisition of the sender’s email address and all the other personal details included, necessary for replying to the requests.
The personal data is processed with electronic instruments for the time strictly necessary to achieve the purposes for which it was collected. Specific safety measures are respected to prevent the loss of the data, unlawful or incorrect use and unauthorised access.
Processing is carried out by means of organisational methods and with logic strictly correlated to the indicated purposes. Apart from the Data Controller, specific categories of Authorised personnel involved in organising the website (administrative, commercial, legal, system administrators) or external subjects (like third party technical service providers, hosting providers, IT companies, communication agencies) appointed as Data Processors by the Data Controller, may have access to the data.
The updated list of the Data Processors may always be requested from the Data Controller by sending a specific communication to the Company to the addresses reported in the “Contact data” section of this disclosure.
While exercising the business activity and exclusively for the same purposes as those listed in this Disclosure, the personal data may be transferred to the following categories of recipients:
•Commercial partners of A.C.D. HOTELS s.r.l. to which the same company communicates the data exclusively to fulfil the contractual obligations or the requested services;
•People, companies or professional offices that provide assistance and consultancy to A.C.D. HOTELS s.r.l. in accounting, administrative, legal, tax and financial matters;
•Subjects whose entitlement to access your data is acknowledged by legal provisions or orders from authorities;
The updated list of Data processors is available at the registered offices of the Data Controller and will be provided on written request.
PERSONAL DATA PROTECTION
A.C.D. HOTELS s.r.l. has conducted a study on “impact assessment” and on “risk assessment” in relation to the Processing of the data according to the provisions of the GDPR: it has, therefore, prepared and implemented all the technical and organisational measures necessary to provide a suitable level of security and confidentiality to the personal data, in order to avoid destruction, accidental or unlawful modification, loss, disclosure to third parties, unauthorised access and, in general, any possible data breach.
These measures take into consideration:
– the state of the art of the technology;
– the costs of implementing it;
– the nature of the data;
– the risk of processing it.
For managing your personal data, Cattaneo:
– collects and processes only those suitable and pertinent to the contractual purposes or to the information or services requested and anyway not excessively according to the legal provisions
– ensures that the personal data remains updated and accurate and suitably deleted
The personal Data is processed with automatic instruments for the time strictly necessary to achieve the purposes for which it was collected. Specific safety measures are observed to prevent the loss of the data, unlawful or incorrect use and unauthorised access.
The billing data will only be stored for the fiscally binding times; the data of a user who asks for an online quote but does not make purchases will be immediately cancelled.
The user may always ask the Data Controller to interrupt the Processing or to delete the Data by sending a specific communication to the Company to the addresses reported in the “Contact data” section of this disclosure.
PURPOSES OF PROCESSING THE DATA COLLECTED
The User’s Data is collected to allow the Data Controller to provide the contractual service or the services requested of it and, furthermore, for the following purposes: to contact the User for any problems regarding the booking; interacting with social networks and external platforms; Registration; Access to the accounts on third party booking services; Managing payments; Monitoring the third party online booking websites; Managing addresses and sending email messages on request of Users (quotations, etc…no marketing); Statistics; Viewing content from external platforms; Franchising or Branding operations; Interaction with the support and feedback platforms; Managing user databases; Managing requests for support and contact and Hosting and backend infrastructure.
The types of Personal Data used for each purpose are indicated in the specific sections of this document.
RIGHTS OF THE DATA SUBJECTS
The rights connected to the personal Data that A.C.D. HOTELS s.r.l. processes are:
Right to rectification: you can obtain rectification of the personal data concerning you or communicated by you to us. A.C.D. HOTELS s.r.l. carries out reasonable efforts to ensure that the personal data collected is precise, complete, up-to-date and pertinent, on the basis of the most recent information available;
Right to restriction: you are entitled to obtain a limitation to the processing of your personal data if:
You dispute the accuracy of your personal data in the period in which the Company must verify its accuracy;
The processing is unlawful and you request a limitation of the processing or the deletion of your personal data;
A.C.D. HOTELS s.r.l. no longer needs to keep your personal data but you need it to ascertain, exercise or defend your rights legally or
You oppose processing while A.C.D. HOTELS s.r.l. verifies whether its legitimate motivations prevail over yours.
Right of access. You may ask the Company for information on the personal data stored that concern you, including the information on which categories of personal data A.C.D. HOTELS s.r.l. possesses or controls, what purpose they are used for, where they were collected (if not directly from you), and who they may have been communicated to;
Data portability right. Following your request, A.C.D. HOTELS s.r.l. will transfer your personal Data to another Data Controller , if technically possible, as long as the processing is based on your consent or is necessary for executing a contract;
Right of erasure. You can ask for the Company to erase your personal data if:
The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
You are entitled to oppose a further processing of your personal data and exercise this right to oppose it;
The personal Data has been processed unlawfully.
Unless the processing is necessary by virtue of legal or fiscal obligations in order to establish, exercise or defend a right in a court of law.
Right to object. You may oppose the processing of your personal data at any moment, on condition that the processing is not based on your consent but on the legitimate interests of companies or of third parties. In these cases A.C.D. HOTELS s.r.l. will no longer process your personal Data, unless it is possible to demonstrate to you the binding and legitimate reasons for a prevalent interest in processing or ascertaining it or exercising or defending a right before legal courts. If you oppose processing, please specify whether you intend to cancel your personal data or limit the processing thereof;
Right to lodge a complaint. In the event of alleged violation of the law in force regarding privacy, you may lodge a complaint with the competent authority of your country or of the place where the presumed violation took place.
DISCLOSURE ON COOKIES
Cookies are used on our Website to provide users with a service and an enhanced browsing experience. Cookies are small files stored on your hard disk. They make browsing easier and make it easier to use the website itself.
In compliance with Regulation EU no. 679/2016 no explicit consent for using cookies will be required as long as session cookies alone are used. These cookies are instrumental to the correct operation of the website. No use will, therefore, be made of cookies to transmit personal data, nor will so-called persistent cookies of any kind, or systems for tracing the users be used. The cookies used on the website www.alessandropalace.com are not intended to store specific information regarding the users who access the website and do not store personal Data , but are necessary for allowing the safe and efficient exploration of the website.
If cookies are disabled there are no consequences; however, if the user blocks or deletes a cookie, it might be impossible to restore the preferences or the customised settings specified previously along with our capacity to make browsing quicker.
DATA CONTROLLER, REFERENCES FOR DATA PROTECTION and CONTACT DATA
To exercise the rights as laid down by arts. 15 and foll. of Regulation EU 2016/679, you may contact the Data Controller: A.C.D. HOTELS s.r.l. with registered offices at Via Carlo Cattaneo 23, 0085 ROME, or by email at firstname.lastname@example.org