In accordance with applicable privacy laws (EU Regulations n. 679, 2016), we would like to take this opportunity to inform you that your personal information will be processed in an ethical and transparent manner, only for lawful purposes, and in a manner that safeguards your privacy and your rights.
1. Data Controller>
P.M.D. Servizio Srl, P.IVA: 01656690227, Via Giovanni XXIII – 38065 Mori (TN), Email: firstname.lastname@example.org, Tel. +39 0464 721517
2. Data Protection Officer
Michele Trainotti, Via Rossini, n. 7 – 38064 Folgaria (TN), Email: email@example.com, Tel. +39 348 2550783
3. Data Processor
Dario Piccoli, Via Giovanni XXIII, n.50 – 38065 Mori (TN), Email: firstname.lastname@example.org, Tel. +39 348 2550783
Irene Piccoli, Via Rossini, n. 7 – 38064 Folgaria (TN), Email: email@example.com, Tel. +39 348 3726091
4. Purposes of the processing for which personal data and related legal basis are intended
Your personal data will be processed:
a) without your consent (article 6, letter b, c, f, GDPR), for the following purposes:
1. To obtain and confirm your booking of accommodations and other services, and to provide such services as requested. Processing shall cease once you check out, although some of your personal information may (or in some instances, has to) continue to be processed for the purposes and in the manner described below;
2. To comply with our “Public Safety Law” (Article 109 Royal Decree n. 773, 18/6/1931) which requires that we provide identification data of our guests to the police, for purposes of public safety, in the manner established by the Ministry of the Interior (Decree of 7 January 2013). Data submission is mandatory, and does not require your consent. Data acquired for such purposes shall not be retained by us;
3. To comply with applicable administrative, accounting, and tax regulations. For these purposes, your consent is not required. Personal information is processed by us and our persons in charge of data processing, and is disclosed outside the company only when and if required by law. Data acquired for such purposes is retained by us for the required statutory period (10 years – or longer, in case of tax audits);
Since this processing is required to define our contractual relationship and to perform under our contract with you, your consent is not required, unless certain “sensitive” information is submitted. Should you refuse to submit your personal information, we will not be able to confirm your booking or provide you with the requested services.
b) with your consent (article 7, GDPR), for the following purposes:
1. To allow you to receive messages and telephone calls during your stay. Such processing, where consent is granted, shall end when you check out;
2. To speed-up check-in on your next visit to our hotel. For such purposes, your information will be retained for a maximum of 5 years after your stay, and will be used the next time you are our guest, for the reasons listed supra;
3. To send you advertising messages and updates on special rates and promotions. For this purpose, your information shall be retained for a maximum of 5 years after your stay and will not be disclosed to third parties. You may revoke your consent at any moment.
You may revoke your consent at any moment sending a mail to firstname.lastname@example.org.
5. Categories of personal data processed
For the purposes of the processing indicated in paragraph 4 above, only personal data concerning:
· name and surname, tax code, birth data, residence data, residence data, e-mail or PEC address, telephone number and fax number;
· payment information, such as payment card number and other card information, and other billing details;
· hotel stay data such as date of arrival, departure date, rooms used, number of guests, amount of stay, discount, amount of extra costs, etc.
6. Categories of recipients of personal data
No personal data deriving from the web service is communicated or disseminated (save communication to judicial or police bodies if necessary).
The data are processed by personnel specifically appointed in writing to the processing of data (administrative staff and persons in charge of relations with the public; administrative staff in charge of the management of information systems, even those external to the Company, which may also perform functions as system administrator and in this case are appointed as such; administrative staff in the marketing sector even outside the Company, interns, data processors and their collaborators, in charge of the specific sector to which a request is addressed; web site management personnel even outside the Company) only if the processing is necessary to carry out their duties by performing only the operations necessary for the performance of the tasks.
Personal data may also be processed by data processors (including external companies that perform shipping, marketing, and server management and storage). The external companies can process the data also through specifically appointed persons in charge who can perform the same activities and processes for the same purposes, for which the managers have been appointed by P.M.D. Services S.r.l.
I dati forniti dall’utente potranno essere comunicati ai soggetti per i quali sussista un obbligo di comunicazione ai sensi di legge, o per i quali sussista una necessità di comunicazione per far valere un giusto diritto della società presso gli organi preposti.
7. Storage and transfer of personal data abroad
The data process will take place mainly in Italy and the EU. If considered functional to the efficient fulfillment of the objectives pursued in compliance with the guarantees in favor of the interested parties, the treatment can also take place in the United States of America with companies that have adopted the Privacy Shield agreement.
8. Period of storage of personal data
Personal data collected for the purposes indicated in the previous point 4, paragraphs a) will be processed and stored for 10 years. Personal data collected for the purposes indicated in the previous point 4, paragraph b) processed and stored for 5 years from the last stay or from the newsletter subscription.
9. Your rights
The European Regulation grant you certain rights, including rights of access to, adjustment, erasure, limitation of, or objection to the processing of your data, as well as data portability rights, when and insofar as applicable (Articles 15-22 of the EU Regulations n. 679, 2016). You can also file a complaint with the Data Protection Authority, according to the procedures set forth under applicable regulations.
For any other concern, and to assert your rights under the EU Regulation, please contact the Data Protection Officer.
10. Method of treatment
The processing of your personal data is carried out by means of the operations indicated in article 4, no. 2), GDPR – performed with or without computer systems – namely: collection, registration, organization, structuring, updating, preservation, adaptation or modification, extraction and analysis, consultation, use, communication by transmission, comparison, interconnection, limitation, cancellation or destruction. There is no automated decision-making process (eg for profiling).
In any case, the logical and physical security of the data and, in general, the confidentiality, integrity and availability of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures.
11. Policy update
This information is subject to periodic updates to take into account any legal obligations or to integrate information relating to any other treatments, we ask you to regularly review the same to stay updated on the evolution of the document.