This page describes how to the site processes the personal data of users who consult it. This information is also provided pursuant to art. 13 of EU Regulation 2016/679 applicable from 25 May 2018 - General Regulations for the Protection of Personal Data (GDPR), to anyone using the web services of VILLA APPIANI HOTEL SRL accessible electronically from the address:
Pursuant to Article 4 point 7) of the GDPR 2016/679, the Data Controller is the Company VILLA APPIANI HOTEL SRL with registered office at Via Sala 17 - 20056 Trezzo sull'Adda, Milano (Italy).
Pursuant to art. 28 of GDPR 2016/679, Vertical Booking S.r.l., with registered office in Piazza Pontida 7 - 24122 Bergamo, is responsible for processing bookings.
Pursuant to Article 28 of the GDPR 2016/679, the Data Processor for technical assistance and website management activities is the web agency Relactions S.r.l. with registered office at Via Taranto 21, 00182 Rome.
DATA PROCESSING SITE
The processing operations connected to the web services of this site take place at the head offices of the data controller and the data processors. No data deriving from the web service is disclosed to third parties or published.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not currently persist for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Personal data is processed using automated instruments for the amount of time required to fulfil the purposes for which they were collected. Specific safety measures are observed to prevent data loss, illicit and incorrect use and unauthorised access.
PURPOSE, LEGAL BASIS AND TYPE OF THE DATA PROVIDED
The Personal Data you provide through the Website will be processed by VILLA APPIANI HOTEL SRL for the following purposes:
a) to perform a contract to which the person concerned is a party or pre-contractual tasks performed at their request (e.g. reservations, participation in special offers, contact requests, etc.). Consent Not Required. The legal basis is based on Article 6 paragraph 1 letter b) of GDPR 2016/679, i.e. the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject;
b) registering for the company's newsletter. Consent Required The legal basis
is based on the consent of the person concerned in accordance with art. 6 par.1 lett. a) of GDPR 2016/679
c) sending promotional and marketing material via email in the form of soft spam for reservations that have been contracted. Consent Not Required The legal basis
is to pursue according to art. 6 par.1 lett. f) of the GDPR 2016/679 a legitimate interest on the part of the data controller and in accordance with art. 130 par. 4 of Legislative Decree 196/2003;
d) to register for the PlanetClub programme by accessing the appropriate area, which provides discounts and benefits reserved for registered customers. Consent Not Required. The legal basis is based on Article 6 paragraph 1 letter b) of GDPR 2016/679, i.e. the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject;
e) to evaluate possible job applications by acquiring CV via email or through online advertisements. Requires explicit consent. The legal basis is based on Article 111 bis of Legislative Decree 196/2003
g) research and statistical analysis on anonymous aggregated data, aimed at monitoring the operation of the Site, measuring traffic and evaluating usability and interest to make it more functional and performing; Consent not necessary as it does not involve the processing of personal data
h) compliance with laws and regulations; Consent not required The legal basis is based on Article 6, paragraph 1, letter c) of GDPR 2016/679;
i) the establishment, exercise or defence of rights in judicial proceedings or whenever the courts exercise their judicial functions. Consent not required The legal basis is provided by Article 6, paragraph 1, letter f) of GDPR 2016/679, i.e. the processing is necessary for the pursuit of a legitimate interest of the controller;
CVs considered of interest may be held for up to 24 months, and will be processed in full compliance with the security measures set out in EU Regulation 2016/679.
At the end of the 24-month period, the CVs will be destroyed or the interested party may be contacted to request authorisation to receive an updated curriculum.
The CVs will not be disclosed to third parties.
In any case, we recommend you follow these indications for submitting CVs in electronic format:
fill in your curriculum vitae in the European format;
submit your CV in pdf format;
avoid putting sensitive information as defined by art. 9 of EU Regulation 2016/679 on your CV (in particular regarding your state of health, religious, philosophical or political beliefs) that is not relevant to the job offer;
grant your consent to process any sensitive data that may be relevant to your application (e.g. if you belong to a protected category under Law 68/99).
The Company will provide adequate information pursuant to art. 13 of EU Regulation 2016/679, during any interviews with candidates.
The data in CVs will be handled for purposes strictly relating to staff assessment, recruitment or selection for long or short term employment or work experience, or to allow the selected candidate to prepare their degree thesis at our facilities.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The data controller undertakes to limit the areas of circulation and processing of personal data (e.g. storage, archiving, preservation of data on its servers) to countries within the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of the protection measures provided for by EU Regulation 2016/679 - CHAPTER V (adequacy decision, Standard Contractual Clauses or explicit consent from the data subject).
PERSONAL DATA COMMUNICATION AREAS
Personal data acquired through this website may be communicated to:
public authorities or offices, in order to meet legal and/or contractual obligations;
persons authorised to process data by VILLA APPIANI HOTEL SRL;
group subsidiaries, which provide hotel and catering services for the individual hotels of the Brand (for details, see the individual privacy policies of the hotel web pages);
the external manager Vertical Booking S.r.l. for the management of the booking platform;
the web agency Relactions S.r.l. with registered office at Via Taranto 21, 00182 Rome for technical assistance activities on the website;
Serenissima Informatica S.p.A., a company that manages the Protel customer management platform, given that the site bookings are integrated with the hospitality management software;
companies that provide management and technical assistance services for the IT infrastructure of VILLA APPIANI HOTEL SRL and its subsidiaries;
debt collection companies and banks for the management of collections and payments relating to the stay;
any consultants and external companies specifically appointed to carry out tax and fiscal consultancy activities on our behalf;
service providers or consultants where necessary to allow the data subject to access the hotel's services;
third party companies that install profiling cookies;
The data controller will provide an updated list of external data processors on request, pursuant to art. 28 of GDPR 2016/679.
VILLA APPIANI HOTEL SRL will process the user’s Personal Data for the time strictly necessary to achieve the purposes indicated in this statement and until the time allowed by Italian law to protect their interests (Article 2947(1)(3) of the Italian Civil Code).
The user will remain registered for the company's newsletter until they exercise their right to cancel, which can be exercised simply by clicking directly on the email received.
VILLA APPIANI HOTEL SRL does not process data based on an automated decision-making process, including profiling, which produces legal effects or which may have a significant impact on those who interact with the website.
DATA SUBJECT RIGHTS
The user may freely exercise the rights referred to in articles 15 and following of GDPR 2016/679 or:
revoke consent at any time. The user may revoke consent to the processing of their Personal Data as expressed above;
oppose the processing of their personal data. The User may object to the processing of their Data if it takes place on a legal basis other than consent;
access their Data. The User has the right to obtain information on the Data processed by the Data Controller and on certain aspects of the processing, and to receive a copy of the Data processed;
verify and request correction. The User may verify the accuracy of their Data and request that it be updated or corrected;
ask for its processing to be limited. When certain conditions are met, the User may request that the processing of their Data be limited. In this case, the Data Controller will not process the Data for any purpose other than its storage;
obtain the deletion or removal of Personal Data. When certain conditions are met, the User may request the cancellation of their Data by the Data Controller;
receive their Data or have them transferred to another data controller. The User has the right to receive their Data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain its transfer without hindrance to another data controller. This provision is applicable if the Data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it;
file a complaint. The User may file a complaint with the competent data protection supervisory authority or take legal action.
HOW TO EXERCISE USER RIGHTS
To exercise these rights, the data subject may contact the management of the company at the e-mail address: firstname.lastname@example.org
UPDATING AND REVISION