Below we report:
Pursuant to EU Regulation no. 679/2016 (the General Data Protection Regulation, “GDPR”), this page describes the methods of processing the personal data of users who visit the site.www.hotelvillaedera.it(hereinafter “Website”)
Furthermore, if the user decides to make a reservation and/or purchase by completing the appropriate booking forms on the aforementioned Website, they will be connected to a booking engine. This booking engine is provided by our Partner Blastness, appointed as Data Controller, as indicated in this policy.
This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the Website but refer to resources outside the Hotel Villa Edera domain.
THE DATA CONTROLLER
The data controller of the personal data of the user of the Website is Hotel Villa Edera Sas, the company that manages the Hotel Villa Edera (hereinafter also referred to simply as “Hotel Villa Edera”), VAT number 01361200460 and Tax Code 01361200460, with registered office in Marina di Pietrasanta, in via Astoria, 17, telephone number: 0584-20089 e-mail: info@hotelvillaedera.it.
WARNINGS AND PROTECTION OF MINORS
Unless expressly indicated, the provision of personal data through the collection points on the Site is reserved for adults.
TYPES OF DATA PROCESSED PURPOSE OF THE PROCESSING
Browsing dataThe computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining statistical information on the use of the site, forto check itcorrect functioning and for security reasons. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the site.
Cookies. For all information regarding the cookies on these websites, please refer to our Cookie Policy at the following link: [https://www.hotelvillaedera.it/cookies/]
Data communicated by the user.The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website, as well as the completion and submission of forms on the Websites or on the booking engine managed by BLASTNESS Srl, entail the acquisition of the sender's contact details, necessary for a response, as well as all personal data included in the communications.
The Data Controller normally processes so-called common data (e.g., personal details, residence or domicile data, billing information, payment information, email contact information, telephone number, fax number, etc.). Only upon explicit request from the user may data belonging to special categories (pursuant to Article 9 of the GDPR) be processed, hereinafter also referred to as "Special Data," such as information revealing the data subject's health conditions (allergies or other health problems) or religious/philosophical beliefs (for example, in the case of customer inquiries regarding religious affiliation).
The personal data provided in the manner described above will be processed for the following purposes:
1) To allow the user to navigate the Website.Legal basis for processing: the need to allow the user to use the Website's navigation service.
2) to execute pre-contractual measures (such as, for example, requests for information or a quote).Legal basis for processing: execution of pre-contractual measures carried out at the data subject's request. In the event that Specially Needed Data is provided, the legal basis for processing is also the data subject's consent.
3) to manage your contractual relationship relating to the requested service, to acquire and confirm your booking of accommodation services and ancillary services, to perform the pre-check-in service before the customer's arrival at the facility and to provide the requested services.Legal basis for processing: performance of the requested contractual service. In the event that Specially Needed Data is provided, the legal basis for processing is also the data subject's consent.
4) to fulfill the obligation set forth in the "Consolidated Law on Public Safety" (Article 109 of Royal Decree 18.6.1931 no. 773) which requires us to communicate to the Police Headquarters, for public safety purposes, the personal details of guests staying in the accommodation according to the procedures established by the Ministry of the Interior (Decree of 7 January 2013).Legal basis for processing: compliance with legal obligations.
5) for administrative purposes and to fulfill legal obligations such as those of an accounting or fiscal nature, or to comply with requests from the judicial authorityLegal basis for processing: fulfillment of legal obligations;
6) in the presence of specific consent, for the periodic sending of newsletters via email.Legal basis for processing: consent of the interested party;
7) in the presence of specific consent, to receive promotional communications and invitations to events, special promotions (marketing).Legal basis for processing: consent of the interested party;
8) in the case of sending a CV, exclusively for selection purposes.Legal basis for processing: consent of the interested party to process CV data for selection purposes;
9) to allow the Company to carry out surveys aimed at improving the quality of the service provided (“Customer Satisfaction”).Legal basis for processing: legitimate interest of the Data Controller to verify the quality of the contractual service provided to the Customer.
10) for sending direct marketing communications relating to services offered by the Data Controller that have already been used by the interested party, and/or for which the interested party has previously shown interest/requested a quote.Legal basis for processing: legitimate interest of the Data Controller in sending direct marketing communications.
11) Specific summary information will be progressively reported or displayed on the Website pages that may be set up for the provision of certain services.
NATURE OF DATA PROVISION
Providing browsing data is necessary to enable navigation on the website. If you do not provide consent, you will not be able to browse our website.
Providing the data required for the execution of pre-contractual measures, the conclusion of the contract, and the fulfillment of legal obligations is not mandatory; however, it is necessary for the conclusion of the contract and/or to carry out pre-contractual measures, and to comply with the legal obligations to which the data controller is subject. Failure to provide such data may make it impossible to obtain what you have requested.
Providing your data to send your CV is optional; however, if you fail to provide your contact information, we may not be able to respond to your application.
Providing your data for marketing purposes, such as subscribing to our newsletter, is optional; failure to provide your data will only result in your not receiving our marketing communications and/or newsletters.
Providing personal data for the purpose of conducting Customer Satisfaction surveys is not mandatory and is not a necessary requirement for the conclusion of a hotel and/or catering contract. We would like to point out that, pursuant to Article 21, paragraph 1, of EU Regulation 679/2016, the data subject has the right to object at any time to processing based on legitimate interests. Objecting to processing will have no consequences other than the data subject not receiving our Customer Satisfaction surveys.
Providing personal data for direct marketing purposes (being contacted by the hotel regarding services in which the customer has expressed interest) is not mandatory and is not a necessary requirement for the conclusion of a hotel and/or catering contract. Pursuant to Articles 21, 2, and 3, paragraphs 1, 2, and 3, of EU Regulation 679/2016, the data subject has the right to object at any time to processing for direct marketing purposes. Objecting to processing will have no consequences other than not receiving direct marketing communications.
Providing video surveillance footage is necessary to finalize the catering and hotel contract, as access to the facility is not possible without the interested party's consent.
The interested party may refuse the use of cookies and disable them at any time, following the instructions detailed in the cookie policy. However, please note that in this case, the Site or some of its features may not function properly.
If you have given your consent to receive marketing materials, newsletters, or to process your CV for personnel selection purposes by Hotel Villa Edera, you may revoke this consent at any time, as specified in point 10.
DATA RETENTION PERIOD.
Web browsing data is stored for the time strictly necessary to process site statistics and to ensure the functioning and security of the website.
Any Special Data provided by the interested party will be retained exclusively for the time strictly necessary to perform the requested service, unless you provide us with consent to retain it for a longer period.
The data provided for pre-contractual purposes will be processed for the time strictly necessary to respond to requests and communications voluntarily sent by the customer.
In the case of sending a CV, only for the time strictly necessary to evaluate the application.
Data processed for contractual purposes and to fulfill legal obligations related to the contract will be retained for the entire duration of the relationship and subsequently, once payment has been made, for 10 years (the period required for the ordinary statute of limitations).
The data processed for the purpose of fulfilling the legal obligations related to the contract will be retained for the time necessary to satisfy the legal obligations to which the data controller is subject.
The data acquired to fulfill the legal obligation indicated in letter d) are not retained by us after the termination of the contractual relationship.
Personal data provided to receive newsletters and promotional offers (marketing) will be retained for 10 years.
The data processed to conduct customer satisfaction surveys are retained for the time necessary for the overall evaluation of the data controller's survey and subsequent action to resolve any organizational deficiencies found.
Data processed for direct marketing purposes is retained for a maximum of 1 year after termination of the contractual relationship.
Images recorded by video surveillance cameras are deleted after 24 hours, except on holidays or other business closures, and in any case no later than one week. They are not disclosed to third parties, except in the case of a specific investigative request from the judicial authorities or the criminal police.
Cookies are stored for the period indicated in thepolicy cookies.
SECURITY METHODS AND INFORMATION PROCESSING
The processing of Personal Data will take place using manual, computerised or telematic tools, suitable forto guarantee itsecurity and confidentiality and will be carried out by personnel duly trained to comply with current legislation.
Specific security measures are implemented to prevent data loss, illicit or incorrect use, and unauthorized access, in compliance with Articles 24, 25, and 32 of the GDPR.
In any case, the Data Controller cannot be held responsible for unauthorized access or loss of personal information attributable to the interested party or in any case beyond its control.
No data acquired via the web will be communicated to third parties unless otherwise indicated on the pagehttps://www.hotelvillaedera.it/cookies/
SITE SECURITY MEASURES
Specific security measures are implemented to prevent data loss, illicit or incorrect use, and unauthorized access, in compliance with Articles 24 and 25 of the GDPR.
In any case, the Data Controller cannot be held responsible for unauthorized access or loss of personal information attributable to the interested party or in any case beyond its control.
PLACE OF TREATMENT
Personal data is stored on servers located within the European Union, unless otherwise indicated below and in the Cookie Policy.
The Online Chat service on the Site is provided by Tawk.to Inc., with registered office in Las Vegas, Nevada (the company designated as data controller pursuant to Article 28 of the GDPR). Therefore, the personal data provided by the data subject in the chat may also be transferred outside the European Union. This transfer is authorized because Tawk.to Inc. and the Data Controller have signed the standard contractual clauses (pursuant to Article 46 of the GDPR) to ensure an adequate level of protection for data transferred outside the European Economic Area.
For further information and/or a copy of the data subject to this transfer, please contact the data controller using the contact details provided in this notice.
The Data Controller ensures that where it is necessary to use external data processors (Article 28 GDPR) with servers located in third countries, the assignment will be carried out in compliance with applicable legal provisions, guaranteeing an adequate level of protection and/or subject to adequate safeguards (for example, based on an adequacy decision of the third country by the European Commission, or through the stipulation of standard contractual clauses provided by the European Commission).
DATA ACCESS. DATA RECIPIENTS.
Access to the Personal Data collected following consultation of the website and the sending of requests and/or reservations via the website is permitted only to those in charge of processing, expressly authorized by the Data Controller, and to the data processors designated with a mandate having the characteristics set out in Article 28 of the GDPR.
The Data Controller is aware of the importance of data security for our customers and has selected data processors very carefully.
The Data Controller has appointed the following as Data Processors pursuant to Article 28 of the GDPR:
The updated list of external processors is available at the data controller's registered office. You may request the updated list at any time by contacting the data controller at the addresses and contact details indicated in this document.
No data deriving from the web service will be disclosed. The data will not be disclosed to third parties except to external parties who, in fulfilling the contract and limited to the purposes indicated above, collaborate with the Data Controller (professionals/companies providing legal, tax, and accounting advice and assistance, competent authorities for the fulfillment of legal obligations, parties providing IT systems management and website support services), all of whom are bound by confidentiality obligations. In any case, in compliance with the data processing principles set forth in the GDPR, only the data necessary for carrying out the activities entrusted to them will be disclosed to external parties.
The data collected will not be disclosed under any circumstances.
Please note that if you stay at this property, the Data Controller, pursuant to current Italian legislation, is required to transmit the data of the people staying at the property to the authorities.
The personal data provided by users who request informational materials are used solely to perform the requested service and are disclosed to third parties only if necessary for this purpose (for example, shipping companies or carriers).
The information may also be disclosed whenever necessary to comply with requests from judicial authorities or public security agencies.
RIGHTS OF THE INTERESTED PARTIES (art. 7, articles 15 to 22 GDPR).
Pursuant to current legislation and the provisions of the GDPR, you have the right to:
Requests addressed to the Data Controller may be sent to the Data Controller's contact details at the following address: Hotel Villa Edera, Via Astoria, n. 17, 55045 Marina di Pietrasanta, telephone number: 0584.20089, email: info@hotelvillaedera.it.
The Data Controller must proceed in this manner without delay and, in any case, no later than one month after receiving the request. This deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you within one month of receiving your request and provide you with the reasons for the extension.
Complaints to the supervisory authority may be addressed to the Italian Data Protection Authority, Piazza Venezia, 11 – 00187 Rome, IT-00186 Rome, email: protocollo@pec.gpdp.it.
CHANGES
The Data Controller reserves the right to modify or amend this privacy policy at any time, wherever published on the site, especially in light of the entry into force of new industry regulations. All users can review the latest version of the privacy policy, as updated from time to time by the Data Controller, at any time by connecting to the site.
Last updated October 2023
******************
This document ("Privacy Policy") is intended to provide information regarding the processing of information you provide to the Data Controller and that will be processed by the latter for the purposes indicated herein. This Policy is provided pursuant to Article 13 of EU Regulation No. 679/2016 ("GDPR") and subsequent national implementing regulations (jointly with the GDPR, "Applicable Legislation").
The Data Controller, i.e. the legal person that determines the purposes and means of processing personal data, is Hotel Villa Edera Sas, the company that manages the Hotel Villa Edera (hereinafter also referred to simply as “Hotel Villa Edera”), VAT number 01361200460 and Tax Code 01361200460, with registered office in Marina di Pietrasanta, at Via Astoria, 17, telephone number: 0584-20089 e-mail: info@hotelvillaedera.it.
Within the limits of the purposes and methods described in this Policy, we may process information that can be considered as: a) "General Data", which includes your personal details, those of the people staying with you, your bank details, your contact details, billing information (such as, for example, mobile phone number, residential or domicile address, email address); b) "Special Data", as they are characterised, pursuant to applicable legislation, by a particular nature; for example, this refers to data that can provide information on the user's health status or conditions, or religious or philosophical beliefs (Article 9 of EU Regulation 679/2016).
For ease of reference, within this Policy, the term “Personal Data” shall be understood as referring to both all of your Data of a common nature and Special Data, unless otherwise specified.
The Personal Data collected will be processed for the purposes and pursuant to the legal bases set out below:
3.1 To execute pre-contractual measures (such as, for example, requests for information or quotes), to manage your contractual relationship regarding hotel and/or restaurant services, to acquire and confirm your bookings for accommodation and ancillary services, and to provide the requested services. You may decide to provide the Data Controller with Special Data in order to report any health-related needs, such as allergies, pathologies, and/or food or other intolerances, i.e., data revealing health-related conditions.
Since this processing is necessary for the definition of the contractual agreement, for its subsequent implementation, and/or to perform the services requested by you, you are free to provide your Personal Data. However, if you fail to provide it, we will not be able to confirm the booking and/or provide you with the requested services.
Legal basis for processing: execution of pre-contractual measures at the data subject's request; execution of a contractual relationship to which the data subject is a party. Consent of the data subject in the event of provision of Specially Designated Personal Data.
Retention periodFor this purpose, your data will be retained for the entire duration of the relationship and subsequently for 10 years (the period required by the standard statute of limitations). Any Special Data you provide will be retained exclusively for the time strictly necessary to perform the requested service, unless you provide us with your consent to retain it for a longer period;
3.2 to fulfill the obligation set forth in the "Consolidated Law on Public Safety" (Article 109 of Royal Decree 18 June 1931, no. 773) which requires us to communicate to the Police Headquarters, for public safety purposes, the personal details of guests staying in accordance with the procedures established by the Ministry of the Interior (Decree 7 January 2013).
Providing your data is mandatory as it arises from a legal obligation. If you refuse to provide it, we will not be able to accommodate you at our facility.
Legal basis for processing: fulfillment of legal obligations.
Retention period: for this purpose, the data acquired will not be retained by us after the termination of the relationship referred to in point 3.1, unless you provide us with consent to retain them as provided for in point 3.5;
3.3 to comply with current administrative, accounting and tax obligations.
Providing data for this purpose is necessary to conclude the contract. If you refuse to provide the data required for the above-mentioned purposes, we will not be able to provide the requested services.
Legal basis for processing: execution of a contractual relationship, execution of legal obligations.
Retention period: for these purposes, your data will be retained for the time required by the respective regulations;
3.4) to provide customer-oriented services, performed at your request, regarding your needs and/or preferences, such as, for example, a preferred room or floor for accommodation, the presence of personal items, and/or other information. For this purpose, you may also decide to provide the Data Controller with Specially Needed Data. These categories of data may be processed by the Data Controller only with your free and explicit consent.
Legal basis for processing: your consent.
Retention period: for this purpose, the data acquired will not be retained by us after the termination of the relationship referred to in point 3.1, unless you give us your consent to retain them.
3.5) to expedite hotel check-in procedures for your subsequent stays at our hotel. For these purposes, subject to obtaining your consent (which can be revoked at any time), your data, provided for the data categories and purposes referred to in points 3.1, 3.2, and 3.3, will be used the next time you are our guest.
Legal basis for processing: your consent.
Retention period: for this purpose your data will be stored for a maximum period of 10 years
3.6) to ensure the provision of the services referred to in purpose 3.4 (aimed at achieving customer satisfaction) during your subsequent stays at our hotel. For these purposes, after obtaining your consent (which can be revoked at any time), your data will be used the next time you are our guest.
Legal basis for processing: your consent.
Retention period: for this purpose your data will be stored for a maximum period of 10 years,
3.7) for the protection of people, property, and company assets through a video surveillance system in certain areas of the facility, identifiable by designated signs. Your consent is not required for this processing, as it pursues our legitimate interest in protecting people and property from potential assaults, thefts, robberies, damage, and vandalism, and for fire prevention and workplace safety purposes.
Providing your data for this purpose is necessary to conclude the contract. Failure to provide your consent will prevent you from accessing the hotel.
Legal basis for processing: legitimate interest of the Data Controller in protecting people and property against possible attacks, thefts, robberies, damage, and vandalism, and for fire prevention and workplace safety purposes.
Retention periodFor this purpose, recorded images are deleted after 24 hours, except on holidays or other business closures, and in any case no later than one week. They are not disclosed to third parties, except in the case of a specific investigative request from the judicial authorities or the police.
3.8) to receive messages and phone calls addressed to you during your stay. Your consent is required for this purpose. You may withdraw your consent at any time.
Legal basis for processing: your consent.
Retention period: for this purpose, your data will be retained until your departure from the hotel.
3.9) for marketing purposes, including sending you promotional communications and newsletters, updates on the Data Controller's rates and offers, and communications regarding events organized by the Data Controller. Your data may be processed by the Data Controller for this purpose only with your free and explicit consent, which may be revoked at any time.
Legal basis for processing: your consent.
Retention period: for this purpose your data will be stored for a maximum period of 10 years.
3.10. To conduct direct marketing activities, we aim to offer you services similar to those you have already purchased or for which you have already expressed interest or requested information or quotes. In this regard, you always have the right to object to the processing at any time. This objection will not prevent you from using the service referred to in point 3.1) and any additional services you may have chosen.
Legal basis for processing: legitimate interest of the Data Controller to carry out direct marketing contacts in the event of interest already expressed by the customer or potential customer for the services offered by the Data Controller
Retention period: for this purpose your data will be stored for a maximum period of 1 year.
3.11. To allow the Company to conduct surveys aimed at improving the quality of the service provided (“Customer Satisfaction”).
Legal basis for processing: legitimate interest of the Data Controller to verify the quality of the contractual service provided to the Customer.
Retention period: for this purpose, your data will be retained for the maximum period necessary for the overall evaluation of the data controller's investigation.
Provision of personal data.
Providing data for the purposes specified in this policy is mandatory and/or necessary only in the cases expressly indicated as such in point 3, as this data is essential for entering into a contract and/or for carrying out pre-contractual measures or complying with legal obligations. Failure to provide even partial consent to this data will prevent the contract from being concluded and/or executed.
Unless otherwise specified, providing your data is optional, and failure to provide it will only result in you not being able to benefit from the purposes described (for example, your data will not be stored for future stays, you will not receive promotional communications, etc.).
The processing of Personal Data will take place using manual, computerised or telematic tools, suitable forto guarantee itsecurity and confidentiality and will be carried out by personnel duly trained to comply with the Applicable Regulations.
Your data may be made accessible for the purposes indicated in this document:
– to employees and collaborators of the Data Controller in their capacity as persons in charge in compliance with the requirements of the GDPR, external data controllers, system administrators/IT experts;
– to third-party companies or other entities that collaborate with the Data Controller in fulfilling the contract and/or for the purposes indicated above (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, freight forwarders, etc.). Data processors are expressly appointed by the Data Controller based on a written agreement pursuant to Article 28 of the European Regulation.
The updated list of external processors is available at the data controller's registered office. You may request the updated list at any time by contacting the data controller at the addresses and contact details indicated in this document.
The information may also be disclosed whenever necessary to comply with requests from judicial authorities or law enforcement agencies. The data collected will not be disclosed under any circumstances. In this regard, we inform you that in the event of overnight stays at this facility, the Data Controller, pursuant to current Italian legislation, is required to transmit the data of the people staying at the facility overnight to the aforementioned authorities.
Personal data is stored on servers located in Italy, and in any case within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
We also wish to inform you that under the GDPR you have the right to:
We also inform you that the aforementioned rights may be exercised by submitting a written request without formalities to the Data Controller using the contact details indicated in points 1.
The Data Controller must proceed in this manner without delay and, in any case, no later than one month after receiving the request. This deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller will inform you within one month of receiving your request and provide you with the reasons for the extension.
Last updated October 2023