Privacy Policy

Privacy Policy and information pursuant to art. 13 of EU Regulation 2016/679

Nature of data provision

The personal data requested are collected by the Hotel “Al Faro” and processed on IT supports, in order to satisfy requests for contact, reservations and information.

Data controller

Romagna Antica srl (owner of the Hotel Al Faro), with headquarters in Cervia, via Nazario Sauro, 158-160, ( VAT number: 02250670391) is the Data Controller pursuant to and by effect of Reg. UE 2016/679.

Responsible for data processing

The personal data of Users may be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as “External Data Processors”, such as, by way of example, IT service providers functional to the company’s operations, suppliers of outsourcing or cloud computing services, professionals and consultants. Users have the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated below.

Purpose of the treatment

The data provided will be retained by the Data Controller for the following purposes and in compliance with EU Regulation 2016/679 (GDPR):
1. install technical-optional cookies on the user’s device as per the cookie policy;
2. make the data available to third parties for purposes instrumental to what is strictly necessary to implement the services requested by the interested party or to implement legal provisions;
3. manage reservations;
4. manage user data to provide feedback;
5. execute requests to exercise the rights of the data subject;
6. ensure correct and lawful processing of data, safeguarding confidentiality, also by applying suitable security measures.
All treatments carried out within this site will be carried out with electronic or telematic tools, with logics related to the purposes for which the data were collected and in compliance with current safety standards, for the specified purposes. Consent for such treatments, except for that relating to the installation of optional cookies, is mandatory; any refusal will make it impossible to manage the activities listed in points 1 to 6 of this paragraph.

Data Recipients

For purposes related to the provision of the service to which the interested party has subscribed, the data will be made available to third parties, who will act as data processors, and who provide services instrumental to satisfying the user’s request (for example, consultants of labour, banking institutions, professionals in the administrative/accounting field) or to whom the communication of data is necessary to comply with laws or regulations or community legislation (for example, public bodies). They may also be made available to law enforcement agencies (e.g.: prevention and repression of crimes, including computer crimes), the judiciary, authorities and public bodies competent for individual matters for their institutional activities or in case of asserting or defending their own rights in court. The list of names of these third parties can be requested directly from the Data Controller in the ways specified in this privacy policy. Personal data will be made available to persons expressly authorized by the Data Controller – and appointed for this purpose in charge of processing – who carry out processing activities essential for the pursuit of the aforementioned purposes; the categories of persons in charge are specified from time to time in the information. In general, these are the people in charge of providing specific services, administration, management of information services, relations with actual and potential associates. The data provided will not be transmitted outside the Community territory.

Storage period

Based on the purposes identified, the following data retention periods are defined:

  1. installation on the user’s device of technical and analytics cookies and other optional ones: as per the cookie policy.
  2. make the data available to third parties for purposes instrumental to what is strictly necessary to execute the services requested by the interested party or to implement legal provisions: up to the request for cancellation by the user or for the periods identified by the rules of law;
  3. execute requests to exercise the rights of the interested party: up to 10 years from collection.
    The retention times of personal data are documented in our records of processing activities.

Rights of the interested party

The following rights of the interested party are guaranteed:
– Right to access data (Article 15 of EU Reg. 2016/679)
– Right of rectification (Article 16 of EU Reg. 2016/679)
– Right to cancellation (Article 17 of EU Reg. 2016/679)
– Right of limitation (Art. 18 EU Reg. 2016/679)
– Right to data portability (Art. 20 EU Reg. 2016/679)
– Right to object (Article 21 of EU Reg. 2016/679)
The interested party, if the acquisition of data by the owner took place following the release of consent, has the right to withdraw consent at any time.

Furthermore, if the interested party considers one or more of his rights violated, he can lodge a complaint with the Privacy Guarantor Authority according to the methods indicated at the following link: -to-protect-your-personal-data.
It should also be noted that automated decision-making processes are not used by the Data Controller.
All the above rights can be exercised, at any time and without any charge, by writing to the email address

Personal data security

The security standards used by the Data Controller to make your personal information private and confidential, including “firewalls” and data transmission via SSL (Secure Socket Layer), are the highest in the state of the art. Furthermore, specific techniques are used to protect this data from unauthorized access by third parties. In any case, the minimum security measures indicated by the Privacy Code and subsequent amendments are guaranteed.
You can check if you are operating in safe mode in several ways:
• receiving a warning message from your browser;
• checking that the address of the page where you are is preceded by the acronym Https;
• checking the symbol that appears at the bottom, left or right, of your browser window: if you see an entire key or a closed padlock, it means that SSL is active.
In any case, the Data Controller adopts suitable and preventive security measures aimed at safeguarding the confidentiality, integrity, completeness and availability of personal data. As established by the regulatory provisions governing the security of personal data, technical, logistic and organizational measures are developed which aim to prevent damage, loss, even accidental, alteration, improper and unauthorized use of data. Similar preventive security measures are adopted by third parties (data processors) who are entrusted with data processing operations on our behalf and towards whom the Data Controller has dictated rules of conduct and instructions of security procedures to be followed, supervising the correct implementation of the same by the managers.
The Owner is not responsible for untruthful information sent directly by the user (example: correctness of the e-mail address or postal address or other personal data), as well as for information concerning him and which has been provided by a subject third, even fraudulently.

Navigation data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users, but which by their very nature could, through processing and association with data held by third parties, allow the users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.