This page highlights the security policies on personal data that the Hospitality Solution SRL company implements for the users who consult the website, and more generally for those concerned with the processing and in various capacities interact with our hotel.
This information is provided pursuant to art. 13 of the General Regulation for the Protection of Personal Data UE 2016/679 (hereinafter referred to as GDPR – General Data Protection Regulation ) in particular for those who interact with the web services of Hospitality Solution SRL , accessible by telematic means starting from the address : http://www.cis-servizi.com
The information refers only to the Hospitality Solution SRL website and not to other websites that may be consulted by the user via links.
The information is also based on the Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by the art. 29 of the directive n. 95/46 / EC, adopted May 17, 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
HOLDER AND MANAGER OF TREATMENT
1. Pursuant to art. 4 point 7 of the RGPD 2016/679, the data controller of the Site is Hospitality Solution SRL .
2. According to the art. 28 of the GDPR 2016/679, the external Treatment Manager and the System Administrator for the management of the hotel’s website is the Hospitality Solution SRL company .
3. Pursuant to art. 28 of the GDPR 2016/679 Responsible for the marketing activities of the site and the newsletter is the company Hospitality Solution SRL with registered office in c.da Madonna del Piano, – 03017 Morolo (FR) responsible for Popolo Dream Suites commercial activities .
PLACE OF DATA PROCESSING
Data processing connected to the web services of this site takes place at the headquarters of the data controller and the data processors, and is only handled by technical personnel of the service in charge of processing.
Using third-party cookies, processing may also take place outside the European community by Google and companies that install third-party profiling cookies .
The personal data provided by users who request dispatch of informative material are used for the sole purpose of performing the service or provision requested while some data acquisition forms provide for the possibility of communicating the personal data of the interested party to service providers to comply with to the contract and provide the services requested.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI ( Uniform Resource Identifier ) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts do not persist for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
The voluntary compilation of data acquisition forms to request specific services or adhere to offers or to purchase services and products, entails the subsequent processing of the personal data supplied to guarantee the execution of a contract of which the interested party is part or all execution of pre-contractual measures adopted at the request of the same.
The services on this website are not intended for minors. We do not knowingly collect minor data, including Personal Data.
If we become aware of having collected the personal data of a child, we will immediately cancel them, unless we are obliged by law to keep such data. The User is requested to contact us if he believes that the Hotel has incorrectly or unintentionally collected information on a minor.
Personal data is processed by automated tools for the time necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
PURPOSE AND LEGAL BASIS AND NATURE OF THE PROVISION
The Personal Data you provide through the Site will be processed by the data controller for the following purposes:
a) purposes related to the execution of a contract to which the interested party is a party or to the execution of pre-contractual measures adopted at your request (eg: reservation, adherence to special offers, etc.). Consent Not necessary;
b) purposes related to the sending of promotional and commercial material via email following voluntary registration of the Hotel newsletter. Requires the explicit consent of the interested party or the exercise of soft spam;
d) the purpose of research and statistical analysis on anonymous aggregated data, aimed at measuring the functioning of the Site , measure traffic and evaluate usability and interest to make it more functional and efficient; Consent not necessary as it does not involve the processing of personal data;
f) purposes relating to compliance with laws and regulations; Consent Not Required g) purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions. Non-Requested Consent
The data processed by us may include special categories of personal data as defined in Article 9 of the GDPR 2016/679 or personal data concerning health or religion (food allergies, services for the disabled, menus attributable to the religion, etc.) voluntarily provided by you in the Note fields of the booking form .
The data in question will be processed guaranteeing appropriate security measures limited to the data and operations indispensable to fulfill even the pre-contractual obligations that the hotel assumes in its sector of activity, in order to provide specific goods, services or services requested by the interested party.
Pursuant to art. 9 of GDPR 2016/679, however, we will always ask for an explicit authorization to process personal data as we cannot know in advance if the interested party voluntarily inserts personal data in the acquisition forms , data that fall into the category in question.
MANAGEMENT OF CURRICULA
This informative report drafted in compliance with the art. 13 of the EU Regulation 2016/679, it can be used by the data controller also for any advertisements published for the search of personnel in sites or portals not directly managed by the same.
The Company will process the CVs received via email or through third party recruting companies (publications on portals, etc.) to assess potential candidates within the company or that could be presented in the near future.
The processing is done electronically with the exception of curricula received by ordinary post.
The curricula considered “interesting” will be kept at the company’s headquarters for a period not exceeding one year and will be treated in full compliance with the minimum security measures referred to in article 32 of the GDPR 2016/679.
The curricula considered not relevant as well as those resumes whose retention time has exceeded 18 months will be trashed.
The curricula will in any case be kept by Popolo Dream Suites and will not be disclosed to unauthorized third parties excluding the hotels and companies belonging to the Brand. The same may be evaluated by employees or collaborators of the hotel appointed as data processors (pursuant to Article 29 and 32 paragraph 4 of the GDPR 2016/679).
However, the kind candidates are invited to respect the following rules in the transmission of the curricula in electronic format:
1. Fill in the own curriculum the European format;
2. transmit the curriculum in pdf format;
3. avoid including in your curriculum particular categories of personal data as defined by article 9 of the GDPR 2016/679 (concerning, in particular, the state of health, religious, philosophical or political convictions) not relevant in relation to the job offer; 4. consent to the processing of sensitive data relevant to the establishment of an employment relationship (for example belonging to protected categories).
The company reserves the right not to discard the CVs that do not comply with the above requirements. The purpose of the processing related to the management of the curricula will involve activities strictly related to the evaluation, recruitment or selection of personnel, with objectives of collaboration, temporary or permanent employment, of internships, or to allow the chosen candidate to prepare his / her own thesis degree at our headquarters.
TRANSFER OF PERSONAL DATA
The transfer of your personal data to non-European countries is not envisaged.
The data controller will treat the personal data of the interested parties for the time strictly necessary to achieve the purposes indicated in this statement.
By way of non-exhaustive example, the hotel will process Personal Data for the newsletter service until the interested party decides to unsubscribe from the service by a simple click in the received email.
Without prejudice to the above, the data controller will process your Personal Data up to the time permitted by Italian law to protect his interests (Article 2947 (1) (3) of the Italian Civil Code).
More information about the retention period of Personal Data and the criteria used to determine this period can be requested by writing to firstname.lastname@example.org
RIGHTS OF INTERESTED PARTIES
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or the rectification (Art. 15 – 22 GDPR 2016/679). According to the articles in question we have the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. In accordance with Chapter III of the GDPR 2016/679, the interested party has the right to request at any time, access to his / her Personal Data, the rectification or cancellation of the same or to oppose their treatment, the limitation of the processing as well as of obtaining in a structured format, commonly used and readable by an automatic device, the data concerning him also has the right to oppose the profiling and to propose a complaint to the Control Authority. The interested party also has the right to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation. For the complete and exhaustive list of the rights exercisable by the interested party, please refer to art. 15-22 of the GDPR 2016/679.
Requests should be sent by e-mail to: email@example.com
UPDATE AND REVISION