This page describes how to the site processes the personal data of users who consult it. This information is also provided pursuant to art. 13 of Regulation (EU) 2016/679 applicable from 25 May 2018 - General Regulation for the Protection of Personal Data (GDPR), to anyone using the web services of Villa Appiani Hotel Srl accessible electronically from the address:
The information is provided only for the https://villappiani.com/ site and not for other websites accessed via links, and complies with Recommendation no. 2/2001 on minimum requirements for online data collection in the European Union, adopted on 17 May 2001 by the Article 29 Working Party.
Pursuant to art. 4, point 7) of the GDPR 2016/679, the Data Controller is Villa Appiani Hotel Srl with registered offices in Via Sala 17 - 20056 Trezzo sull'Adda, Milano (Italy)
Pursuant to art. 28 of GDPR 2016/679, Vertical Booking S.r.l., with registered office in Piazza Pontida 7 - 24122 Bergamo, is responsible for processing bookings.
Pursuant to art. 28 of GDPR 2016/679, the web agency Relactions S.r.l. with registered office in Via Prenestina 369D, 00177 Rome and operational headquarters in Via Saturnia 55, 00183 Rome is responsible for processing technical assistance and website management activities
DATA PROCESSING SITE
The processing operations connected to the web services of this site take place at the head offices of the data controller and the data processors. No data deriving from the web service is disclosed to third parties or published.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not currently persist for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Personal data is processed using automated instruments for the amount of time required to fulfil the purposes for which they were collected. Specific safety measures are observed to prevent data loss, illicit and incorrect use and unauthorised access.
PURPOSE, LEGAL BASIS AND TYPE OF THE DATA PROVIDED
The Personal Data you provide through the Site will be processed by Villa Appiani Hotel Srl. for the following purposes:
a) to perform a contract to which the person concerned is a party or pre-contractual tasks performed at their request (e.g. reservations, participation in special offers, contact requests, etc.). Consent Not Required. The legal basis is found in art. 6 par.1 lett. b) GDPR 2016/679 - i.e. processing is required to perform a contract of which the person concerned is a party or pre-contractual tasks performed at their request;
b) registering for the company's newsletter. Consent Required The legal basis is based on the consent of the person concerned in accordance with art. 6 par.1 lett. a) of GDPR 2016/679
c) sending promotional and marketing material via email in the form of soft spam for reservations that have been contracted. Consent Not Required The legal basis is to pursue according to art. 6 par.1 lett. f) of the GDPR 2016/679 a legitimate interest on the part of the data controller and in accordance with art. 130 par. 4 of Legislative Decree 196/2003;
d) for registration to the PlanetClub program by accessing the appropriate section that provides discounts and benefits reserved for registered customers. Consent Not required. The legal basis is based on Article 6 par. 1 letter b) of the GDPR 2016/679 or the processing is necessary for the execution of a contract of which the interested party is a party or to the execution of pre-contractual measures adopted at the request of the same;
d) to evaluate possible job applications by acquiring CV via email or through online advertisements. Requires explicit consent. The legal basis is based on art. 111 bis of Legislative Decree 196/2003
f) research and statistical analysis on anonymous aggregated data, aimed at monitoring the operation of the Site, measuring traffic and evaluating usability and interest to make it more functional and performing; Consent not necessary as it does not involve the processing of personal data
g) compliance with laws and regulations; Consent not required The legal basis is based on art. 6 par. 1 lett. c) of GDPR 2016/679;
h) the establishment, exercise or defence of rights in judicial proceedings or whenever the courts exercise their judicial functions. Consent not required The legal basis is based on art. 6 par. 1 lett. f) of the GDPR 2016/679, i.e. the processing is necessary for the pursuit of a legitimate interest of the data controller;
CVs considered of interest may be held for up to 24 months, and will be processed in full compliance with the security measures set out in Regulation (EU) 2016/679.
At the end of the 24-month period, the CVs will be destroyed or the interested party may be contacted to request authorisation to receive an updated curriculum.
The CVs will not be disclosed to third parties.
In any case, we recommend you follow these indications for submitting CVs in electronic format:
• fill in your curriculum vitae in the European format;
• submit your CV in pdf format;
• avoid putting sensitive information as defined by art. 9 of Regulation (EU) 2016/679 on your CV (in particular regarding your state of health, religious, philosophical or political beliefs) that is not relevant to the job offer;
• grant your consent to process any sensitive data that may be relevant to your application (e.g. if you belong to a protected category under Law 68/99).
The Company will provide adequate information pursuant to art. 13 of Regulation (EU) 2016/679, during any interviews with candidates.
The data in CVs will be handled for purposes strictly relating to staff assessment, recruitment or selection for long or short term employment or work experience, or to allow the selected candidate to prepare their degree thesis at our facilities.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
No personal data shall be transferred outside the European Community.
Otherwise, the transfers are based either on a decision of adequacy or on the Standard Model Clauses approved by the European Commission, as well as in compliance with the principles of Privacy By Shield in the case of transfers to the USA.
PERSONAL DATA COMMUNICATION AREAS
Personal data acquired through this website may be communicated to:
• persons authorised to process data by Villa Appiani Hotel Srl.;
• group subsidiaries, which provide hotel and catering services for the individual hotels of the Brand (for details, see the individual privacy policies of the hotel web pages);
• the external manager Vertical Booking S.r.l. for the management of the booking platform;
• the web agency Relactions S.r.l. with registered office in Via Prenestina 369D, 00177 Rome for technical assistance activities on the website;
• Serenissima Informatica S.p.A., a company that manages the Protel customer management platform, given that the site bookings are integrated with the hospitality management software;
• companies that provide management and technical assistance services for the IT infrastructure of Villa Appiani Hotel Srl. and its subsidiaries;
• for the management and technical assistance of the website;
• public authorities or offices, in order to meet legal and/or contractual obligations;
• debt collection companies and banks for the management of collections and payments relating to the stay; any consultants and external companies specifically appointed to carry out tax and fiscal consultancy activities on our behalf;
• service providers or consultants where necessary to allow the data subject to access the hotel's services;
• third party companies that install profiling cookies;
The data controller will provide an updated list of external data processors on request, pursuant to art. 28 of GDPR 2016/679.
Villa Appiani Hotel Srl will process the user’s Personal Data for the time strictly necessary to achieve the purposes indicated in this statement and until the time allowed by Italian law to protect their interests (art. 2947(1)(3) in the Italian Civil Code).
The user will remain registered for the company's newsletter until they exercise their right to cancel, which can be exercised simply by clicking directly on the email received.
Villa Appiani Hotel Srl does not process data based on an automated decision-making process, including profiling, which produces legal effects or which may have a significant impact on those who interact with the website.
DATA SUBJECT RIGHTS
The user may freely exercise the rights referred to in articles 15 and following of GDPR 2016/679 or:
• revoke consent at any time. The user may revoke consent to the processing of their Personal Data as expressed above;
• oppose the processing of their personal data The User may object to the processing of their Data if it takes place on a legal basis other than consent;
• access their Data. The User has the right to obtain information on the Data processed by the Data Controller and on certain aspects of the processing, and to receive a copy of the Data processed;
• verify and request correction. The User may verify the accuracy of their Data and request that it be updated or corrected;
• ask for its processing to be limited; When certain conditions are met, the User may request that the processing of their Data be limited. In this case, the Data Controller will not process the Data for any purpose other than its storage;
• obtain the deletion or removal of Personal Data. When certain conditions are met, the User may request the cancellation of their Data by the Data Controller;
• receive their Data or have them transferred to another data controller. The User has the right to receive their Data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain its transfer without hindrance to another data controller. This provision is applicable if the Data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it;
• file a complaint. The User may file a complaint with the competent data protection supervisory authority or take legal action.
HOW TO EXERCISE USER RIGHTS
In order to exercise these rights, the interested party may contact the management of the company at the following email address email@example.com
UPDATING AND REVISION