Information on the processing of personal data (art. 13 of EU Regulation 2016/679)
for the website www.hotelcasapoli.it owned by Hotel Casa Poli Srl
This is a statement made pursuant to art. 13 of EU Regulation 2016/679 for the Users of the Web portal services. The indications given below concern in particular the collection of personal data on the Internet, with the aim of identifying the minimum measures that must be implemented towards the persons concerned in order to ensure the transparency and lawfulness of such practices.
From Articles 4, 37-39 of Regulation (EU) 2016/679 (hereinafter also Regulation)
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Usage Data: information that are collected automatically by this Application (or by third party applications that this Application uses), including: IP addresses or domain names of the computers used by the User that connects with this application, addresses in URI (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details of the itinerary followed within the application, with particular reference to the sequence of the pages consulted, the parameters related to the operating system and the User’s IT environment.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
User: the individual who uses this application, which must coincide with the Data Subject or be authorized by him and whose personal data are subject to any processing.
Processing: any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Controller (or Controller): the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
This Application or Platform: the hardware or software tool through which the personal data of Users are collected.
Data Protection Officer (DPO): mandatory figure in certain cases as per art. 37 of the Regulation. He advises, monitors, coordinates and manages relations with the Supervisory Authority regarding the processing of personal data
1. THE DATA CONTROLLER
The “Data Controller” of his personal data possibly processed as a result of the use of this website, pursuant to art. 26 of Regulation (EU) 2016/679, is Hotel Casa Poli Srl, at Corso Garibaldi 32 – Mantova, Italy, no. tel. +39 0376 288170, Email email@example.com
2. PURPOSE AND LAWFULNESS OF DATA PROCESSING
The personal data provided by the Users who access this site, and possibly use the following web services, will voluntarily provide the related information as listed below.
- “CONTACT US”: this section is addressed to the Users interested in receiving information about the products/services offered by the Owner. The personal data required to access this service are exclusively the following: Name, Surname, E-Mail, Telephone.
- “RESERVATIONS”: this section is intended for Users interested in buying the services offered by the Owner. The personal data required to access this service are exclusively the following: Name, Surname, E-Mail, Telephone, Payment Information.
The data of Users collected through the sections listed above are used for the sole purpose of performing the service or provision requested and will not be disseminated to third parties. The Data Controller has determined the purposes of the processing identified in the performance of its activities. The User data are collected to allow the Owner to provide its services, as well as for the following purposes: statistics, advertising, hosting and backend infrastructure, interaction with social networks, external platforms and display of content from external platforms. In particular, the navigation data are exclusively processed:
for the operational management of navigation;
for the processing of statistical data on access and consultation;
for the management of personal data security.
As for personal data voluntarily provided by the User, they are processed for the following purposes, in addition to those indicated below:
processing of anonymous and aggregated usage statistics;
protection or defence of rights in court;
compliance with obligations under laws and regulations in force, including accounting and tax matters;
fulfillment of the specific purposes for which such data were provided by the User (e.g. provision of a service, response to specific questions submitted through contact forms, assistance requests, etc.);
management of the User’s registration and/or access to any reserved areas available on the site.
In order to pursue the purposes of processing described above, this site uses the following services, listed for processing purposes.
Hosting and backend infrastructure. This type of service has the function of hosting data and files that allow the site to function, allow its distribution and provide a ready-to-use infrastructure to deliver specific functionalities of this application. Some of these services operate through servers which are geographically located in different places, making it difficult to determine where your Personal Data are stored exactly. The site www.hotelcasapoli.it is activated through a hosting service provided by Netsons Srl and is managed in collaboration with MT Creazioni Web of Truzzi Mattia.
Interaction with external social networks and platforms. This type of service allows the interaction with social networks, or other external platforms, directly from the pages of www.hotelcasapoli.it and it is possible that, even if users do not use the service, the same collects traffic data related to the pages where it is installed. Interactions and information acquired are in any case subject to the privacy settings of the User relating to each social network.
TripAdvisor Widget (TripAdvisor). TripAdvisor is a search engine managed by TripAdvisor LLC and TripAdvisor Limited that allows the website to integrate such content into its pages. Personal Data collected: Cookies and Usage Data
Widget HotelsCombined (HotelsCombined). HotelsCombined is a search engine managed by HotelsCombined Pty Ltd that allows the website to integrate such content within its pages. Data collected: Cookies and Usage Data
Displaying content from external platforms. This type of service allows you to view content hosted on external platforms directly from the pages of the website and to interact with them. Therefore, it is possible that, even if Users do not use the service, the same will collect traffic data related to the pages where it is installed.
3. LEGAL BASIS FOR THE PROCESSING
By using the services listed in point 2), the interested party expresses his consent to the processing of his personal data for the purposes described above in Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679.
4. LEGITIMATE INTERESTS PURSUED BY THE DATA CONTROLLER
At the same time, the Data Controller, for Direct Marketing purposes, pursues its own legitimate interests pursuant to art. 6, paragraph 1, letter f) of Regulation (EU) 2016/679.
5. COMMUNICATION AND RECIPIENTS OF THE PERSONAL DATA
The communication will be made only and exclusively to employees and direct collaborators of the Data Controller for the sole purpose of performing the service requested by the User, unless the communication is required by law.
The optional, explicit and voluntary sending of email to the addresses indicated on the site implies, by its very nature, the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
We invite our Users, in requests for services or questions, not to send names or other personal data of third parties that are not strictly necessary or data defined as “sensitive and / or special” under Articles 9 and 10 of Regulation (EU) 2016/679 within the limits and for the purposes specified in this statement.
6. MODALITIES AND MEANS OF TREATMENT
Personal data are processed by automated means, for the time necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent loss of data, illicit or incorrect use and unauthorised access in compliance with the obligations to adapt to adequate security measures. In fact, all data will be acquired and stored in accordance with Articles 32, 33 and following of EU Regulation 2016/679.
The Data Controller is not responsible for errors, content, cookies, publication of illegal immoral content, advertising, banners or files that do not comply with current legislation by sites not managed by the same.
7. TRANSFER OF DATA TO A THIRD COUNTRY
No transfer of data to a third country is foreseen.
8. AUTOMATED DECISION-MAKING PROCESS
There is no automated decision-making process.
9. DURATION OF TREATMENT
The personal data acquired, also through the “CONTACTS” service, will be kept for the duration necessary to carry out the activities requested by the User and in any case for a period not exceeding 5 years from the date of insertion.
The storage time may be extended and involve the acquisition of further data subsequently, in the event that the User requests further services; in this case the duration of the processing, for administrative, accounting, tax and contractual purposes may be extended up to 10 years from the termination of the relationship, as required by current regulations (art. 2220 of the Civil Code, art. 22 of the Decree of the President of the Republic of 29 September 1973 no. 600 and art. 2200 Civil Code).
The technical navigation cookies (described below), will be stored for the sole purpose of allowing the correct technical functioning of the site itself and will expire automatically when the browser is closed.
10. TYPE OF PROCESSED NAVIGATION DATA
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the communication protocols of the Internet.
This information is not collected to be associated with identified interested parties, but that by its very nature could, through processing and association with data held by third parties, allow the users to be identified.
This category of data includes IP addresses or domain names of computers used by Users who connect to the site, URL (Uniform Resource Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and the user’s IT environment.
These data are only used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
The data in question could be used to ascertain liability in case of any computer crimes against our site.
If the Users book through the ‘reservations’ section of www.hotelcasapoli.it, the purchase data are collected, and may, depending on the type of sale and treatment status, include the following information:
- serial number;
- details of the service purchased (definition, type of room, etc.);
- data on the means of payment;
- communications and messages in connection with the booking (e.g. withdrawal statements, complaints and communications to customer service);
- booking and payment status.
The company offers the common means of payment in online commerce, in particular, prepay by credit or debit card. For the execution of the payment, the payment data communicated are managed through Paypal’s Braintree and kept until the transaction is concluded.
11. RIGHTS OF DATA SUBJECTS
The subjects to whom the personal data refer, pursuant to art. 13 of EU Regulation 2016/679, have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request to integrate, update or correct them. The subjects whose personal data also have the right to request cancellation, transmission of data to other owners, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. Data subjects also have the right to lodge a complaint with the supervisory authority (Garante Privacy).
Requests related to art. 13 of EU Regulation 2016/679 must be addressed to the Data Controller at the telephone number +39 0376 288170 or at the email address firstname.lastname@example.org
Rights of the data subject
European Regulation 2016/679
art. 13 “Information to be provided where personal data are collected from the data subject”
Information to be provided where personal data are collected from the data subject
1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller’s representative;
(b) the contact details of the Data Protection Officer, where applicable;
(c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
4. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.
12. WHAT COOKIES ARE
A cookie is a text file that is stored on the user’s computer or mobile device (smartphone or tablet) by the server of a website to which a user accesses and that can be read or retrieved from the server that installed it during subsequent visits to the site. The cookie contains certain information (e.g. the server from which it comes, a numeric identifier, the expiry date of the cookie, etc.) and allows the website that installed it to remember, for example, the preferences expressed by the User when browsing or purchasing, perform authentication to access restricted areas or to monitor sessions.
While browsing, the User can also receive on his terminal cookies sent by different websites or web servers (so-called third parties), on which may exist some elements (eg. images, maps, sounds, specific links to pages of other domains) on the site that the User is visiting.
More generally, some cookies (defined as session cookies) are assigned to the User’s device only for the duration of access to the site and expire automatically when the browser is closed. Other cookies (defined as persistent) remain in the device for an extended period of time.
Cookies are text files that are placed on the computers of Web users to allow safe and efficient exploration of the site and monitor its use. This website uses two types of technical cookies: session cookies for authentication (online services) and statistical monitoring/profiling cookies (Google Analytics).
As defined in the previous paragraph, cookies are text files that are stored on the computers of Web Users to allow safe and efficient exploration of the site and monitor its use.
This site does NOT use profiling cookies to create User profiles, which are then used to send advertising messages in line with the preferences expressed by the User when surfing the web.
This site uses third-party cookies.
Technical Session Cookies (essential for the use of online services). This site uses session http cookies to manage authentication to online services. The use of session cookies (which are not permanently stored on the User’s computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient exploration of the site. Disabling these cookies does not allow the use of online services.
Technical Cookies for monitoring/statistical profiling (Google Analytics). The monitoring cookies can be disabled without any effect on the navigation of the portal: to disable them see the next section.
The Owner uses the Google Analytics service of the company Google, Inc. (hereinafter Google) for the generation of statistics on the use of the web portal.
According to the current terms of service, Google will use this information, as an independent data controller, for the purpose of tracing and evaluating the use of the website, compiling reports on website activity for website operators and providing other services relating to website activity, connection methods (mobile, PC, browser used, etc.) and search methods and access to portal pages. Google may also transfer this information to third parties where required by law, or where such third parties process the information on Google’s behalf. Google will not associate IP addresses with any other data held by Google.
By using the Data Controller’s website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Alternatively, you can only disable Google Analytics cookies by using the opt-out provided by Google for your primary browsers. In this way it will be possible also to use the online services of the Owner.
14. HOW TO DISABLE COOKIES BY CONFIGURING THE MAIN BROWSERS SPECIFICALLY
Run Chrome Browser.
Click on the menu in the browser toolbar next to the url entry window for navigation.
Click Show Advanced Settings.
In the “Privacy” section click on the “Content settings” button.
- In the “Cookies” section, you can change the following cookie settings:
- Allow data to be saved locally;
- Change the local data only until the browser is closed;
- Prevent sites from setting cookies;
- Block third-party cookies and site data;
- Manage exceptions for some websites;
- Delete one or all cookies.
Run Mozilla Firefox Browser.
Click on the menu in the browser toolbar next to the url entry window for navigation.
Select the Privacy panel.
Click Show Advanced Settings.
In the “Privacy” section click on the “Content settings” button.
In the “Tracking” section, you can change the following cookie settings:
- Ask sites not to do any tracking;
- Inform the sites of its willingness to be tracked;
- Do not communicate any personal data tracking preferences.
From the “History” section you can:
- By enabling “Use custom settings”, select to accept third party cookies (always, from the most visited sites or ever) and to store them for a certain period (until their expiration, closure of Firefox or ask each time);
- Remove individual stored cookies.
Run Internet Explorer Browser.
Click the Tools button and choose Internet Options.
Click the Privacy tab and in the Settings section, change the slider to the action you want for cookies:
- Block all cookies;
- Allow all cookies;
- Selection of the sites from which to obtain Cookies: move the cursor to an intermediate location in order not to block or allow all cookies, then click on Sites, enter a website in the Website Address box and then click Block or Allow.
Run Safari Browser
Click Safari, select Preferences, and press Privacy.
In the Block Cookies section, specify how Safari should accept cookies from the websites.
To view which sites have stored the cookies, click on Details.
Safari iOS (mobile devices)
Run iOS Safari Browser.
Tap on Settings, and then on Safari.
Tap on Block Cookies and choose between “Never”, “Third Party and Advertiser” or “Always”.
To delete all cookies stored by Safari, tap on Settings, then on Safari, then on Delete Cookies and Data.
Run Opera Browser.
Click on Preferences then on Advanced and then on Cookies.
Select one of the following options:
- Accept all cookies;
- Accept cookies only from the site you visit: third party cookies that are sent by a domain other than the one you are visiting will be rejected;
- Never accept cookies: all cookies will never be saved.