Nature of data provision
The personal data requested are collected by the Hotel “Al Faro” and processed on IT supports, in order to satisfy requests for contact, reservations and information.
Romagna Antica srl (owner of the Hotel Al Faro), with headquarters in Cervia, via Nazario Sauro, 158-160, ( VAT number: 02250670391) is the Data Controller pursuant to and by effect of Reg. UE 2016/679.
Responsible for data processing
Purpose of the treatment
The data provided will be retained by the Data Controller for the following purposes and in compliance with EU Regulation 2016/679 (GDPR):
2. make the data available to third parties for purposes instrumental to what is strictly necessary to implement the services requested by the interested party or to implement legal provisions;
3. manage reservations;
4. manage user data to provide feedback;
5. execute requests to exercise the rights of the data subject;
6. ensure correct and lawful processing of data, safeguarding confidentiality, also by applying suitable security measures.
All treatments carried out within this site will be carried out with electronic or telematic tools, with logics related to the purposes for which the data were collected and in compliance with current safety standards, for the specified purposes. Consent for such treatments, except for that relating to the installation of optional cookies, is mandatory; any refusal will make it impossible to manage the activities listed in points 1 to 6 of this paragraph.
Based on the purposes identified, the following data retention periods are defined:
- make the data available to third parties for purposes instrumental to what is strictly necessary to execute the services requested by the interested party or to implement legal provisions: up to the request for cancellation by the user or for the periods identified by the rules of law;
- execute requests to exercise the rights of the interested party: up to 10 years from collection.
The retention times of personal data are documented in our records of processing activities.
Rights of the interested party
The following rights of the interested party are guaranteed:
– Right to access data (Article 15 of EU Reg. 2016/679)
– Right of rectification (Article 16 of EU Reg. 2016/679)
– Right to cancellation (Article 17 of EU Reg. 2016/679)
– Right of limitation (Art. 18 EU Reg. 2016/679)
– Right to data portability (Art. 20 EU Reg. 2016/679)
– Right to object (Article 21 of EU Reg. 2016/679)
The interested party, if the acquisition of data by the owner took place following the release of consent, has the right to withdraw consent at any time.
Furthermore, if the interested party considers one or more of his rights violated, he can lodge a complaint with the Privacy Guarantor Authority according to the methods indicated at the following link: https://www.garanteprivacy.it/home/diritti/come-agire -to-protect-your-personal-data.
It should also be noted that automated decision-making processes are not used by the Data Controller.
All the above rights can be exercised, at any time and without any charge, by writing to the email address email@example.com.
Personal data security
The security standards used by the Data Controller to make your personal information private and confidential, including “firewalls” and data transmission via SSL (Secure Socket Layer), are the highest in the state of the art. Furthermore, specific techniques are used to protect this data from unauthorized access by third parties. In any case, the minimum security measures indicated by the Privacy Code and subsequent amendments are guaranteed.
You can check if you are operating in safe mode in several ways:
• receiving a warning message from your browser;
• checking that the address of the page where you are is preceded by the acronym Https;
• checking the symbol that appears at the bottom, left or right, of your browser window: if you see an entire key or a closed padlock, it means that SSL is active.
In any case, the Data Controller adopts suitable and preventive security measures aimed at safeguarding the confidentiality, integrity, completeness and availability of personal data. As established by the regulatory provisions governing the security of personal data, technical, logistic and organizational measures are developed which aim to prevent damage, loss, even accidental, alteration, improper and unauthorized use of data. Similar preventive security measures are adopted by third parties (data processors) who are entrusted with data processing operations on our behalf and towards whom the Data Controller has dictated rules of conduct and instructions of security procedures to be followed, supervising the correct implementation of the same by the managers.
The Owner is not responsible for untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as for information concerning him and which has been provided by a subject third, even fraudulently.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by their very nature could, through processing and association with data held by third parties, allow the users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.