Hotel Ristorante Nettuno in Viale dei Navigatori, 7 – 48122 – Punta Marina (RA) (hereinafter, “Owner”), as the owner of the processing of personal data by Articles 4 and 28 of Legislative Decree 30 June 2003, n. 196 – Privacy Code (hereinafter “Code”) and Articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals concerning the processing of personal data (hereinafter, “Regulation”) informs according to art. 13 of the Code and 13 of the Regulation that it will process personal data relating to customers or persons who request information through forms (where they are natural persons).
1. Object of the processing
The data processed are:
name, surname and contact information such as telephone number, e-mail address.
The personal data indicated above will be processed exclusively for the provision of the service as requested by the customer and for all the related activities, including the purposes of establishing and managing contractual relationships of any kind, as defined by industry regulations.
The provision of the requested data is mandatory as it is necessary to perform the service and any refusal to provide such data could result in the failure to complete or maintain the contractual relationship; the data will be processed both manually and through the use of computerized procedures; the data will not be disclosed.
2. Purpose of the treatment
The data will be carried out to allow the performance of activities related to the establishment and management of the service requested by the Owner.
The same data will be processed lawfully, according to correctness and with the utmost confidentiality, mainly with electronic and computerized instruments and stored both on computer and paper supports and any other type of suitable support, in compliance with the minimum security measures as provided by the Code and the Regulations.
3. Methods of processing
The processing of personal data is carried out through the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subject to both paper and electronic and/or automated processing.
The Owner will process personal data for the time necessary to fulfil the above purposes and in any case for:
no later than 10 years from the conclusion of the contract;
no later than 2 years from the request for information.
4. Access to data
The owner may provide access to personal data to the following subjects (to fulfil the obligations connected to the relationship established or for security purposes of data storage):
to employees and collaborators of the Data Controller in their capacity as authorised persons and/or DPOs and/or system administrators, all formally appointed or appointed;
5. Communication of data
The Data Controller may communicate the data for the purposes outlined in art. 2 to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is mandatory by law for the fulfilment of the purposes provided for by the law. The aforesaid data will in any case not be disclosed.
6. Data Storage and Transfer
The management and storage of personal data will take place on servers located within the European Union of the Owner and/or third-party companies appointed and duly appointed as Data Processors.
Currently, the servers are located in Italy.
The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers to other European Union countries and/or non-EU countries. In this case, the Data Controller ensures from now on that the transfer of the data outside the European Union will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
The data will be transferred only in the event of the acquisition or transfer of a company or branch of business and in any case after sending new information to the user.
7. Rights of the interested party
The customer, as interested party, has the rights under Article 7 of the Privacy Code and Article 15 of the Regulations and precisely:
The interested party has the right to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet recorded, and their communication in an intelligible form.
The interested party has the right to obtain the indication:
a) the origin of the personal data;
b) the purposes and methods of the processing;
c) the logic applied in case of processing carried out with the aid of electronic instruments;
d) the identification details of the owner, managers and representative;
e) the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. The interested party has the right to obtain:
a) the updating, rectification or, when interested therein, the integration of the data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. The interested party has the right to object, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning him/her for the pursuit of purposes not covered by art. 2.
Where applicable, the data subject also has the rights under Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
8. Modalities of exercise of the rights
The customer may at any time exercise the rights referred to in the previous article by sending an e-mail to email@example.com