INFORMATION ON THE PROCESSING OF PERSONAL DATA
1. Controller of the data processing
The controller of the data processing is Hotel Gries Snc (C.F./P.IVA 00624100228) 38032 – Canazei (TN), Via L. Rio di Soracrepa n. 24 – mail: firstname.lastname@example.org
2. Purposes of the data processing and legal basis for the treatment
The treatment of your personal information will be based on the principles of lawfulness, correctness, transparency, limitation of purpose and storage, minimisation and accuracy, and accountability, and will be aimed at the protection of integrity and confidentiality of the information.
When staying at our hotel, the controller can collect your data (such as date of arrival, days of stay, surname and name, date and place of birth, nationality, gender, type of identification document, place and number of the document issue, type of guest (one person, head of household, group leader), and contact information, through our staff in charge, with the purpose of:
a) fulfilling the obligation pursuant to the “Consolidated Law on public security”, which requires the hotel to communicate the guests’ personal information to the central police station, for public security.
b) fulfilling the administrative, accounting and tax obligations in force, and in general to fulfil the obligations related to the hotel contract, and the related or connected services, and/or for pre-contractual negotiations;
c) exercising and asserting the controller’s rights (besides for the above mentioned data, the concerned person’s credit card data and full address might be required).
In order to achieve these goals, the transfer of such data is mandatory. Refusal to supply said data shall hinder the possibility for the controller to host you at our hotel.
Your personal data will be stored for the necessary time so as to meet the legal, contractual, and tax obligations and to exercise and / or assert the controller’s rights.
With your consent, the controller will also:
d) store your personal data, to accelerate the registration procedure in case of further stays at the controller’s hotel. In this case your data shall be stored until withdrawal of consent / request of cancellation;
e) receive messages on your behalf and forward phone calls and messages to you. This service/treatment of data implies the possibility for the controller to confirm / communicate your presence at the hotel to third parties.
This data treatment shall be limited to the time of your stay. Your data will not be stored in connection to this purpose.
f) send information / promotions / offers about our services and our facilities via mail, e-mail, newsletter, SMS or similar means of communication.
We highlight that there is a legitimate interest of the controller in keeping a direct and lasting relationship with the guest who has already used services and products offered by our hotel. In order to do that, the controller could send communications, customer satisfaction surveys, information, promotions and similar mails. In any case, the interested party reserves the right to object the data treatment;
g) take pictures or shoot videos to be published on the controller’s website, social networks or on magazines, in order to promote the activities of the facility. Such data shall be stored until withdrawal of consent or request of cancellation, or in case of objection to the data treatment. The provision of data for the purposes as in d), e), f) and g) is discretionary and the lack of consent / objection / opposition or request of cancellation makes it impossible for the controller to process data for the above mentioned purposes. In the case of information requests or bookings, either online, via mail, telephone or in paper, the controller can collect your data (such as personal details, contact information, days of stay at the facility, and codes for the credit card) to be able to confirm the services related to your booking and/or ancillary services, or to answer your requests. The provision of data for this purpose is discretionary but in case of objection to the provision of personal data, the controller will not be able to supply services or information as requested and/or confirm the booking. This data will be stored for the time necessary to process your enquiry and, in case of stay, the data will be stored for the time necessary to meet the legal, contractual and tax obligations and exercise the controller’s rights. The updated informative document is available on our website www.hotelgries.it – www.hotelgries.com in the area "privacy-GDPR" and, in any case, is always exhibited in the reception hall.
3. Method of processing.
The data can be processed with or without the help of electronic or automated methods.
This informative document covers, being compatible, the data collected through Gries Snc applications or websites.
4. Recipients or categories of recipients of personal data.
Regarding the above mentioned purposes, your personal data can be communicated:
a) to third party companies, in order to fulfil contractual and pre-contractual obligations;
b) in order to meet tax, legal, and similar obligations, to the subjects in charge of fiscal, accounting, legal and contractual management (for example, tax accounting firm);
c) in order to meet obligations which are pursuant to provisions in force, to public authorities or administrative authorities for fiscal or legal requirements (e.g. Central Police Station);
d) in order to meet contractual or legal obligations, to subjects who work in the processing, registration and storage of data with third parties;
e) to consultants (e.g. law firm), within the limits which are required to do their work in our company;
f) to banks, for the management of collections and payments;
g) to marketing companies, in order to send information material;
h) to companies which supply software and give assistance to software for the biometric signature – advanced electronic signature.
In any event, only the data which are required by, and related to, the purposes of the treatment will be disclosed to the above mentioned subjects.
Your personal data can be seen and processed by our internal employees, whose confidentiality is required.
Furthermore, your personal data might be seen by external subjects who are in charge of checking and maintaining hardware and software, during the necessary interventions for their correct functioning.
All those who are not named for being in charge of the data treatment (for example travel agency, tour operator, online booking platforms) shall be considered autonomous data controllers.
The complete list of those in charge of data treatment is available on simple request.
6. Transfer of personal data to a third country or to international organizations, presence of an automated decisional process.
The controller shall not transfer personal data to any third country or international organization.
The controller doesn’t use automated decisional processes.
7. Rights of data subject
The data subject, natural person, has the right to:
1) obtain confirmation of the existence or not of personal data concerning themselves, even if not yet registered, and their communication in an intelligible form;
2) obtain the indication of:
a) the origin of personal data;
b) the purpose and the modality of processing;
c) the logic applied whenever the processing involves electronic tools;
d) the identification details of the data controller, of the person in charge of the treatment, and of the designated representative;
e) the subjects and categories of subjects to whom the personal data may be communicated, or person who may become aware of the data;
a) update, rectify, and, when deemed of interest, integrate the data;
b) erase, change into an anonymous format or block data that has been processed in violation of the law, including data that do not need to be retained for the purposes for which they were collected or processed;
c) confirmation that the operations described in letters a) and b) were made known, including their content, to the parties to whom the data was communicated or transmitted, except in cases when it may not be possible to do so or when it necessitates a disproportionate effort compared to the protected right;
d) limitation of the treatment of personal data regarding themselves, and reservation of the right to data portability, as established by applicable regulations;
4) object, in whole or in part:
a) to the processing of personal data concerning themselves, in case of legitimate reasons, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning themselves when in order to the purpose of sending advertising or direct sales material or of carrying out market research or commercial communication.
The data subject has the right to withdraw, for free, their consent to the data treatment at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The data subject has the right to lodge a complaint to the supervisory authority.
The full text of the EU Regulation 2016/679, to fully understand the data subject’s rights (articles from 15 to 22) is available at the controller’s headquarters and on the website www.garanteprivacy.it
9. Procedure for the exercise of rights
The data subject can, at any time, exercise their rights and write to the e-mail address email@example.com or to the following address Hotel Gries Snc (C.F./P.IVA 00624100228) 38032 – Canazei (TN), Via L. Rio di Soracrepa n. 24.
This document doesn’t exclude that other information is given, also orally, to the data subject when collecting data.
Information document updated to July 31,2018