Information note pursuant to and by effect of article 13 of the GDPR 679/2016
In compliance with the provisions of GDPR 679/2016, we inform you about the processing of personal data concerning you and those of your family members, including minors, acquired by us as a result of contractual relationships and to enable us to properly carry out our activity and in accordance with the provisions of the law in force. The methods of data processing, using both paper and IT means, meet the security guarantees required by the new regulations.
- CONTACTS OF THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER (DPO)
The Data Controller is Villa Torcis with registered office in Li Crineddi 1, 07020 Telti, E-Mail: firstname.lastname@example.org.
The Data Controller, pursuant to art. 37 of the European Regulation 679/2016, appointed a Data Protection Officer, which can be contacted by email at the following address: email@example.com for all issues concerning the processing of personal data and the exercise of rights concerning it.
The identity of the DPO and further contact details are available on the website www.villa-torcis.it in the “Privacy” section.
- PROCESSING PURPOSES AND LEGAL BASIS
The data will be processed by us for the performance of the following activities:
- Acquisition of pre-contractual/contractual information and fulfillment of obligations deriving from the residence contract and the ancillary agreements connected to it;
- Fulfillment of the obligations to communicate guest data to the Police Authorities in order to fulfill the obligation required by the “Consolidated Law on Public Security” (article 109 of Royal Decree No. 773, dated 18.06,1931);
- Direct marketing by sending newsletters and/or material and/or advertising and promotional communications concerning the products, services or events related to the activity of our Company
- Profiling of guests in order to ensure maximum satisfaction during their stay in the facilities and facilitate their registration in subsequent stays.
- Implementation of a video surveillance system expressly marked as present in the concerned areas by special signs in order to protect people and property from the occurrence of possible offenses.
- The administrative and accounting management of clients, in particular: management of health documentation in agreement with the Local Health Authorities, management of contractual relationships, invoicing and tax obligations.
The provision of personal data even if it is not mandatory, is necessary to pursue the above mentioned purposes. Failure to provide the data makes it impossible to carry out the contractual relationship at the basis of the processing.
- SCOPE OF COMMUNICATION AND RECIPIENTS OF THE PROCESSING
Your data may be communicated by us exclusively to the third parties indicated below, and to the Police authorities if it is required by law:
- Accounting, tax, and legal consultants and management software managers.
- Public health authorities, courts and financial authorities and other institutions, if required by laws, regulations and EU directives.
- Company responsible for the surveillance of the premises.
- Emergency Medical Service and occupational doctor and hotel health management team.
The aforementioned parties act as external Data Protection Officers for the personal data provided.
The treating doctors are co-data controllers of the processing of the specific data entrusted to them for the implementation of the health service provision.
- STORAGE TIME OF THE DATA COLLECTED
Except for the legal obligations, the data collected will be stored for the entire period of the contractual relationship as well as for a further 5 years after the end of the relationship, in relation to the direct marketing and profiling purposes.
If the data are provided only during the pre-contractual stage, they will be stored for a 12-month period.
In the event of a dispute, the data will be processed and stored until the dispute is settled.
After the storage period, as described above, the data provided by you will be erased in full.
- RIGHTS OF THE CONCERNED PARTY
European Regulation No. 679/2016 recognizes to the concerned party special rights, which can be exercised only by contacting the Data Controller:
- Right of access to the data collected and processed – Art. 15
- Right to obtain the data correction – Art. 16
- Right to obtain the data erasure and the right to be forgotten – Art. 17
- Right to limit the data processing – Art. 18
- Right to portability of the data to another data controller – Art. 20
- Right to refuse processing – Art. 21
- Right not to be subjected to automatic processing – Art. 22
- Right to lodge a complaint at the Data Protection Authority – Art. 77;
- Right to lodge an appeal against the Data Protection Authority (Art. 78) and against the Data Controller and/or the Data Protection Officer (Article 79);
- Right to revoke consent at any time, without prejudice to the lawfulness of the processing based on consent provided prior to the revocation.
- COMPLAINT TO THE DATA PROTECTION AUTHORITY
The concerned party has the right to lodge a complaint at the Data Protection Authority in the event that the requests for information, or requests to exercise the rights specified in the previous paragraph 5, did not obtain the expected response.
The Authority of reference is the Data Protection Authortiy