IN ACCORDANCE WITH ARTICLES 13 AND 14 OF THE GENERAL DATA PROTECTION REGULATIONS (EU) OF 2016/679 AND LEGISLATIVE DECREE 196/2003 AS AMENDED
While consulting this website, it is possible that personal information and data will be collected as indicated in this disclosure. The disclosure refers exclusively to this website.
The data controller is:
TM PROPERTY MANAGEMENT Srl – HOTEL LEONE
Via Vittorio Emanuele II, 60
63853 Montelparo (FM)
Vat number IT01960440442
The Data Controller has not identified a Data Protection Officer (DPO), as it is not subject to the obligation to make this designation under Art. 37 of the Regulations.
Types of data processed and purposes of processing
During normal operations, the information systems and software responsible for the functioning of this site obtain certain personal data, the transmission of which is implicit in the use of internet communication protocols. This category includes type of web browser, operating system, domain name of ISP, the pages you visit and the date and duration of the visit.
This data, necessary to use the web service, is also processed in order to:
– obtain statistical information on use of our services (pages visited most often, number of visitors by time or day, geographical areas of origin, etc.);
– check proper functioning of the services offered.
Data communicated by the user
Messages sent to the Data Controller’s contact addresses are on an optional, explicit and voluntary basis, private messages users send to profiles/pages on social media (where this is possible), and completion and sending of forms found on the Data Controller’s site, will result in acquisition of the sender’s contact data necessary in order to respond, as well as all personal data included in the communications.
It is mandatory for the data subject to send certain personal data in order to use the requested services, and failure to do so could prevent them from accessing these services.
In particular, data may be collected as follows:
Personal data may be communicated to the Data Controller through the “CONTACTS” page.
Data transmitted through this page is processed only for purposes of responding to the user’s requests, based on the pre-contractual relationship between the parties.
By completing the “Hotel Enquiry” form, your data will be used for the purpose of responding to your enquiry only.
Cookies and other tracking systems
Cookies are used on our pages. A cookie is a small text file that is place on your hard drive by a website. Cookies do not cause any damage to your computer and do not contain viruses. The cookies on our website does not collect any personal data. We use the information contained in cookies to facilitate your use of our pages and to tailor them to your needs.
You can also view our website without cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. You can delete stored cookies at any time in your browser’s system settings. However, if you do not accept cookies this may lead to functional limitation of our offer
The data collected in this way is not personal data. The data used by cookies are for the purpose of safeguarding our legitimate interests as well as those of third parties in accordance with Art. 6 sec 1, lit. f, GDPR. Cookies are stored only if you agree.
Most browsers automatically accept cookies. You can, however, configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created.
You may ask the Data Controller to clarify the actual legal basis for each processing, and in particular to specify whether the processing is based on the law or whether there is a contractual or pre-contractual relationship.
Data are processed by the assigned company personnel and are not communicated to unauthorised third parties.
Processing is performed by specially assigned persons under Art. 29 GDPR 2016/ 679, using computerised and/or electronic instruments, and may be either automatic and/or manual, as provided by Art. 32 GDPR 2016/679 on security measures.
The Data Controller takes appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of personal data.
In some cases, in addition to the Data Controller, other parties involved in providing the services offered and organising this website (hosting providers, information companies, parties involved in archiving, collecting, printing, sending and managing email, communication agencies, mail couriers), as well as outside parties and Data Processors appointed by the Data Controller, if necessary, may have access to the data. The updated list of Data Processors may always be requested from the Data Controller.
Transfer of personal data
The data are processed at the Data Processor’s operating headquarters and in any other place where the parties involved in the processing are located. For additional information, contact the Data Controller.
In accordance with the principles of lawfulness, limitation of purposes and minimisation of data, under Art. 5 GDPR 2016/679, the data subject’s personal data will be retained for the period of time necessary to achieve the purposes for which they were collected and processed or to protect/exercise a right.
If processing is based on the data subject’s consent, the Data Controller may retain the personal data longer, until said consent is revoked. In addition, the Data Controller could be required to retain the personal data for a longer period in order to meet a legal obligation or to comply with an order from an authority.
At the end of the retention period, the personal data will be deleted. Therefore, after this period, the right of access, deletion, rectification, and data portability may no longer be exercised.
Rights of the data subject
At any time, under Articles 15 to 22 of EU Regulation no. 2016/679, the data subject may exercise the right to:
a) request confirmation of whether or not personal data regarding them exists;
b) obtain information on the purposes of the processing, the personal data categories, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
c) rectify or delete data;
d) limit processing;
e) obtain data portability, that is receive them from a data controller, in a structured, commonly used and machine-readable form, and transmit them to another data controller without impediments;
f) oppose processing at any time; data subjects are reminded that if their data are processed for purposes of direct marketing, they may oppose processing without providing any reasons.
g) ask the data controller for access to the personal data and rectify or delete them, limit their processing, or oppose their processing, as well as the right of data portability;
h) revoke consent at any time, without prejudice to the lawfulness of processing based on consent prior to the revocation;
i) file a complaint with a supervisory authority. The data subject has the right to file a complaint with the Personal Data Protection Authority, located at Via di Monte Citorio 121, Rome (tel. +39 06696771), following the procedures and instructions published on the Authority’s website at www.garanteprivacy.it
Data Controller’s contact information
The Data Controller may be contacted in the following ways:
– by email at firstname.lastname@example.org
– by telephone at +366 5749 1693
– by normal post to Via Vittorio Emanuele II, 60, 63853 Montelparo (FM)
The following applies to any video surveillance we carry out:
The accompanying processing of personal data:
(a) Purpose of data processing: performance of domestic law, prevention of criminal data (e.g. damage to property or theft), safeguarding of prosecution.
(b) Legal basis for data processing: Article 6 (1), lit. f GDPR, Section 4 (1) p. 1 No. 2 and 3 BDSG n. The predominant legitimate interests of our company are, to ensure a safe stay for our guests in the hotel and our interest in enforcing our material and intangible claims and the exercise of our right and to defend against unjustified claims.
(c) Categories of recipients of personal data: Potential recipients of the data are law enforcement authorities as well as persons or companies that we entrust with the exercise of our rights (such as lawyers). The personal data will not be transmitted to third countries or international organizations.
(d) Duration of storage of personal data: If a recording of the surveillance recordings takes place, the relevant recordings shall be deleted after 72 hours; after this storage period, only data that is needed for the investigation of specific incidents or for the enforcement of claims based on a specific event (e.g. criminal offence) will be stored. After the purpose is omitted, this data will also be deleted.