Privacy & Policy
PRIVACY POLICY FOR VISITORS OF THE WEBSITE WWW.ALBERGOHERMITAGE.IT
This Privacy Policy is intended to describe the procedures for management of site www.albergohermitage.it, concerning the processing of personal data of users/visitors who consult it.
The policy applies only to the website mentioned above and not to other websites accessed by users through specific links.
S.E.A.R. S.r.L., guarantees compliance with the law on the protection of personal data (Legislative Decree 196/03 and Reg. (EU) 2016/679). Users/visitors should therefore read this Privacy Policy carefully before sending any personal information and/or filling in any electronic form posted on this website.
Data controller
S.E.A.R. S.r.L., with registered office in 55042 – Forte dei Marmi (LU), in Viale Morin n. 169, is the data controller. They can also take on the role of independent data controllers for any partner sites that in turn participate in data processing independently.
Data subject to processing
1) Navigation data
The computer systems and software procedures used to operate this site acquire, during normal operation, some personal data that is then transmitted implicitly in the use of internet communications protocols.
This is information, which by its nature could, through processing and association with data held by third parties, identify users/visitors (e.g. IP address, domain names of computers used by users/visitors connecting to the site, etc.)
This is information that by its nature could, through association and processing with data held by third parties, allow the identification of users/visitors (e.g. IP address, domain names of computers used by users/visitors who connect to the website, etc.).
In any event, web contact data is not retained for more than seven days, except when it is necessary to monitor instances of criminal activities against the site.
No data deriving from the web service is communicated or disclosed.
2) Data provided voluntarily by users/visitors
If users/visitors, connecting to this website, send their personal data in order to access certain services or to make requests through e-mail, they are aware that this involves the acquisition, by the data controller, of the sender’s address and/or any other personal data which, in turn, will be processed exclusively to respond to the request or for providing service to the sender.
The personal information provided by users/visitors will be disclosed to third parties only if such disclosure is necessary to comply with requests made by users/visitors themselves or for legal obligations (such as invoicing).
3) Cookies
in addition to the data expressly provided to the data controller, other data may be stored deriving from the user’s browsing on the site: when the user accesses it, in fact, the site can send the user a „cookie“. A „cookie“ is a small text file that the site can automatically send to the user’s computer when viewing our pages. The „cookies“ are used to make browsing more convenient, as well as to obtain information on the individual user’s navigation within the site and to allow the operation of some services that require identification of the user’s browsing through different pages of the site. For any access to the site, regardless of the presence of a „cookie“, the Site records the type of browser (i.e. Internet Explorer, Chrome, Firefox), the operating system (i.e. Windows, Macintosh) and the host and the URL of origin of the user-navigator, in addition to data on the requested page. These data can be used in an aggregated and anonymous form for statistical analyses on usage of the site. For the complete management of cookies, consult the „Cookie policy“ page of this site.
Data processing procedures
Data is processed with automated means (i.e. using electronic procedures and electronic devices) and/or manually (i.e. hard copies) for the time strictly necessary to achieve the purposes for which the data were collected, however, in accordance with the legal provisions in force.
Purpose for Processing
In addition to those indicated in the individual policies that precede the completion of the forms of the different sections of the site, the purposes of the processing performed by the Data Controller must be understood as:
- a) collection and storage and processing for the purposes of the establishment and operational and administrative management of the contract relationship connected to the provision of the service offered on the site;
- b) use of the user’s personal data (in particular the e-mail address) to send communications relating to the performance of the established contract relationship;
- c) processing of personal data provided and those derived from browsing on the site in order to provide a service consistent with the information transmitted during the use of the service;
- d) collection, storage and processing of data to perform statistical analysis in an anonymous and/or aggregate form;
For the communication of commercial information on future initiatives, announcements of new goods or services;
- e) purposes functional to our business such as the provision of personalised content such as, for example, newsletter services;
- f) for the communication of sales information on future initiatives, new product or service announcements;
- g) for market research, statistic and economic analyses;
- h) to send advertising or promotional material, and for the execution of prize games and promotional initiatives in general.
Legal basis for processing
The legal basis of the processing of customer data performed by the data controller through the site indicated in the epigraph consists of the contract agreements with the data subjects, while in the absence of it the legal basis is to be found in the legitimate interest of the data controller to free economic initiative pursuant to art. 41 Cost. As for the additional purposes that require consent, it will be requested in a specific form and must also be considered a valid legal basis.
Recipients
In addition to the data controller, in some cases, categories of managers and authorised parties involved in the business organisation of the Site (administration, sales, marketing, legal, system administrators) may have access to the data. Furthermore, the Data Controller may use external parties (such as third party technical service providers, carriers, hosting providers, cloud services, IT companies, communication agencies) who may be appointed as external processors. The updated list of processors can be requested from the Data Controller at the address indicated above.
Transfer to a third party country
The data controller uses servers located in the following countries for the services offered by the site:
– Italy
and thus, based on Regulation (EU) 2016/679, considered suitable as falling within the EU.
Data processed by the data controller will never be disclosed.
Data processing location
The processing connected to the web services of this site are held at the aforementioned premises of the data controller and are only processed by technicians in the department in charge of the processing. In case of need, the data related to the newsletter service can be processed by the personnel of the company that manages the Data Center (data processor according to article 28 Regulation (EU) 2016/679), at the company’s headquarters.
Timing and location of data retention
Data is processed for the period necessary to render the service requested by the user and they destroyed with safe destruction means such as document shredders for hard copies and wiping for data on electronic storage devices.
Voluntary or mandatory submission of data
Rights of data subjects Failure to provide data may make it impossible to obtain the requested service.
Rights of data subjects
Pursuant to the GDPR, the data subjects whose personal data is collected have the right at any time to obtain confirmation of the existence of such data and to know its content and origin, verify its accuracy or request its integration, updating, or correction.
In relation to the processing of the aforementioned data, the customer has the right to obtain from the Data Controller:
- confirmation of the existence or not of his/her personal data, their communication in an intelligible form and the knowledge of their origin, as well as the logical reasoning on which the processing is based;
- the cancellation, within a reasonable time, of his/her data, their transformation into anonymous form or the blocking of data processed in violation of the law;
- the updating, modifying or, where required, adding to the data;
- certification that the operations referred to in points 2) and 3) have been brought to the attention of those to whom the data was communicated, provided that it is not impossible or entails a disproportionate use of resources.
- Furthermore, the customer also has the right to obtain the correction or deletion of data concerning him/her or the limitation of processing.
- The customer has the right to revoke the consent related to optional processing and that not connected to the execution of the contract signed with the Data Controller.
- The customer also has the right to object for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection, to request the portability, to exercise the right to be forgotten, and to contact the Supervisory Authority in the matter of personal data protection for any violation s/he believes s/he has undergone which for Italy is the Guarantor for the protection of personal data via e-mail, at: garante@gpdp.it, by fax: 06 696773785, or by post, to the Guarantor for the protection of personal data, located in Rome (Italy), Piazza di Monte Citorio n. 121, postal code 00186.
- Address: SEAR SRL, Viale Morin 169 – 55042 Forte dei Marmi (LU) – email: privacy@augustus-hotel.it – fax: +39.0584.787102
Automated decision-making processes
Automated decision-making processes are not used on collected aggregate data unless to improve site management.
Final provisions
Given the current state of evolution of the legislation regarding the protection of personal data, we inform you that this privacy policy may be subject to updates.