INFORMATION FOR THE PROCESSING OF PERSONAL DATA
GRAZIA DELEDDA SRL with registered office in VIALE DANTE, 47 – 07100 SASSARI (SS), Tax code 01569820929 Vat Number 01523290904 (hereinafter called “Data Controller”), as data controller, informs you pursuant to art. 13 D.Lgs. 30.6.2003 n. 196 (later called “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter referred to as “GDPR”) that your data will be processed in the manner and for the following purposes:
1.Object of the Processing
The Data Controller processes personal data, identifying them as:
• Business name
• Bank and payment details
(hereafter called “personal data” or also “data”)
2. Purpose of the processing
Your personal data are treated:
1. A) without your express consent (Art. 24 letter a), b), c) Privacy code and art. b), e), GSPR), for the following services purposed:
– finalize contracts with services of Data controller;
– fulfill pre-contractual obligations, contractual and tax obligation originated from relations with you in existence;
– fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
– exercise the rights of the owner, for example the right to defense in court;
1. B) Only subject to your specific and distinct consent (art. 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
– sending email, ordinary post, text messages, telephone calls, newsletter, advertising materials on services and products offered by the data controller and survey on satisfaction on quality of services;
– sending email, ordinary post, text messages, telephone calls, commercial communications, advertising of third parties (ex: business partners, insurance companies, other societies of group Card Protection Plan).
Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, subject to your disagreement (Article 130 paragraph 4 of the Privacy Code).
3. Data processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, Comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic processing
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer 10 years from the termination of the relationship for the purposes of the Service.
4. Data access
Your data can be accessible for the purposes referred to in art. 2.A) and 2.B):
– to employees and collaborators of the owner or of the companies of the Card Protection Group Plan in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
– to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the data controller, in their capacity as external managers Processing.
5. Data communication
Without the need for express consent (pursuant to Art. 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Your data will not be spread.
6. Data transfer
Personal data are stored on servers located in SASSARI – VIALE DANTE, 47 , within the European Union. In any case, it is understood that the Data Controller, where necessary in the future, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
• Servers located outside the European Union. In this case, the Controller ensures that the placement of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.
7. Nature of the provision of data and consequences of refusal to reply
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we can not guarantee the services of the art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. It can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, it will not be able to receive the services referred to in art. 2B). However, you will continue to be entitled to the Services referred to in art. 2.A).
8. Rights of the interested party
In your capacity as an interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights of:
1. The right to be informed about how your data are processed
2. Right to access personal data
3. Right to rectify personal data
4. The right to cancel your personal data
5. The right to limit the processing of personal data
6. The right to the portability of personal data
7. The right to object in whole or in part to the type of treatment that the Data Controller submits for use
8. Rights in relation to decision making and automated profiling A vademecum of the specifications listed above for the rights of the interested party will be available online (at the software supplied to the Associate) and / or on paper.
Being the interested party, you have the right of art.7 Privacy code and art. 15 GDPR and precisely rights of:
9. Right to be informed about how your data are processed
10. Right to access personal data
11. Right to rectify personal data
12. Right to cancel your personal data
13. Right to limit the processing of personal data
14. Right to the portability of personal data
15. Right to object in whole or in part to the type of treatment that the Data Controller submits for use
16. Rights in relation to decision making and automated profiling
A vademecum of the specifications listed above for the rights of the interested party will be available online (at the software supplied to the Associate) and / or on paper.
9. How to exercise rights
You can exercise your rights at any time by sending a registered letter to: GRAZIA DELEDDA SRL with registered office in VIALE DANTE, 47 – 07100 SASSARI (SS)
10.Data controller, Responsible persons and officers
The data controller is BRUNELLA SEGHENZI – VIALE DANTE, 47 – 07100 SASSARI (SS). The updated list of responsible persons and officers is kept at the registered office of the Data Controller.
Notice regarding Cookies, Privacy and the Newsletter
We are committed to protecting the privacy of our users in accordance with the Privacy Code (art. 13 law. n. 196/03 and guidelines published in the Official Gazette).
According to the law, data processing is based on the principles of fairness, legality and transparency and the protection of your privacy and your rights.
What are Cookies
Cookies are small text files used to improve website navigation. Thanks to cookies, navigation preferences can be stored by your browser, such as the language spoken, display options, etc.
Cookies are used to facilitate the use of online content; they are saved to the device used and they can be read only by the website that created them.
The site of the Hotel Grazia Deledda uses the following cookies:
These cookies are essential to allowing you to browse the site and fully make use of its features. The cookies used are strictly necessary to the website’s technical operation and navigability, and cookies to save preferences in order to optimize their use (for example language preferences). Without cookies, some features may not be available or may not function properly.
Performance Cookies (third party)
This site uses Google Analytics service, provided by Google Inc. to collect statistical information about the site with a clear intention to improve its performance and usability.
All information collected by these cookies are aggregated in an anonymous form and are only used to improve the functionality of the site.
Profiling Cookies (third party)
Some cookies can also be used to show special offers in line with the preferences shown during navigation, with the aim of improving the user’s experience and conditions of purchase.
The cookies we use for profiling do not collect information that would personally identify the user browsing the pages of the site.
The information obtained can identify only the browser and it cannot in any way identify the user.
How it works: a few pages on the site include a remarketing code that allows to read and configure the browser cookie to determine the type of ad that the user will see on the basis of the data relating to their visit to the site.
The remarketing lists thus created are stored in the Google servers where all the cookie IDs associated with interests are stored.
More information about the remarketing tool is available at this link: https://support.google.com/adwordspolicy/answer/143465?hl=en&ref_topic=3123080&rd=1
Social Network Cookies (third-party)
These types of cookies are managed by different companies belonging to individual Social Networks, each responsible for their own cookies.
Using the links below you can find more information about the privacy policies posted:
- Google + / YouTube: http://www.google.com/intl/en-GB/policies/privacy/
- Twitter: https://twitter.com/privacy?lang=en
- Facebook: https://en-gb.facebook.com/policy.php
- Pinterest: https://about.pinterest.com/en/privacy-policy
- Instagram: https://instagram.com/about/legal/privacy/
- Foursquare: https://foursquare.com/legal/privacy
Declaration of consent
To agree to data processing and the use of all cookies just leave this notice by closing the associated page, continue navigating the site or click on any of its elements. To refuse consent or otherwise configure the Cookies settings, follow the instructions contained in the following section.
Managing cookies in the browser
All the major browsers allow you to change the settings to manage cookies. You can choose to: enable storing cookies, completely block cookies, decide on a case by case basis which cookies to accept.
These settings vary depending on the browser used. Below are the links to the information pages of the most popular ones:
- Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Internet Explorer: http://windows.microsoft.com/en-gb/windows-vista/Block-or-allow-cookies
- Safari: https://support.apple.com/kb/PH19214?viewlocale=en_GB&locale=en_GB
- Opera: http://help.opera.com/Windows/10.20/en/cookies.html
If you decide to set your browser to block cookies from this site, please note that some features may not be available, and access to some sections will be limited.
2. INFORMATION ON THE BUSINESS MAILING SERVICE
The website owner http://www.hotelgraziadeledda.it may process some of your personal data (such as e-mail address, etc.) to inform you about site news and offers. Each user mayat any moment choose to delete their registration to these newsletter services by simply clicking on the appropriate link in any communication sent.
3. TYPE OF DATA
The data you supply via the website’s methods, namely: the contact form, the newsletter, the booking engine, the official email provided in the website, will be processed in order to carry out a booking and an information or availability request on the site http://www.hotelgraziadeledda.it.
Except for navigation data, users are free to provide the prompted personal data, however failure to do so may make it impossible to provide the services requested.
4. DATA PROCESSING METHODS
Content and services are provided only to those who allow the processing of personal data. Data processing is done through the use of automated tools, including third parties, manually and according to methods that ensure the outmost safety and confidentiality.
The rights to use the data collected are not transferred to third parties nor are their disclosed or transferred abroad.
Data can be processed electronically or on paper.
Specific security measures are taken to prevent illicit or incorrect and unauthorized access to data. Please note, however, that communications via email on the internet could pass through several countries before being delivered to the recipients. The Hotel Grazia Deledda can not be held responsible for any unauthorized access or loss of personal information outside of its control.
5. USE OF THE DATA
The data will be disclosed only to the extent necessary to execute the contract or booking requests you made. Data will not be disclosed for any other purpose.
6. DATA CONTROLLER AND DATA PROCESSORGRAZIA DELEDDA S.r.l., Viale Dante 47, 07100 Sassari (SS) Sardegna - Italia.
7. RIGHTS OF THE INTERESTED PARTY
At any time you may exercise your rights towards the data controller, under Article 7 of Legislative Decree n. 196 / 2003, that for your convenience is included at the bottom of the page.
8. DATA PROTECTION ON OTHER WEB SITES LINKED TO THE SITE
The site uses a booking system that is essential to check availability and allow an estimate of the requested services. The booking system is accessed by logging into the domain booking.myguestcare.com.This domain is connected to the Google Analytics Site http://www.hotelgraziadeledda.it and uses the same cookies already approved by the user to navigate the site http://www.hotelgraziadeledda.it.
LEGISLATIVE DECREE 196/2003
Section 7 – Right to Access Personal Data and Other Rights
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the right to obtain
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part,
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
The subjects of the personal data have the right, at any time, to obtain confirmation of the existence of such data and to know the content and origin, to verify its accuracy or request its integration or updating, or rectification, pursuant to art. 7 of Legislative Decree no. 196/2003.
According to the same article, one has the right to request the cancellation, the transformation into anonymous form or the blocking of data that violate the law, and to oppose in any case, for legitimate reasons, to their processing, by writing to GRAZIA DELEDDA S.r.l..