Information notice ex art. 13 EU Regulation 679/2016
we would like to inform you that the EU Regulation no. 679 of April 27th, 2016 («GDPR») provides for the protection of persons and other entities with regard to the processing of personal data concerning them. The information on the processing of the underlying data is valid only for the website www.arshotel.com and does not cover possible websites accessible through external links on the pages of the site. According to the law, this processing will be based on principles of correctness, lawfulness and transparency and protection of your privacy and your rights.
Pursuant to Article 13 of EU Regulation no. 679/2016, therefore, we would like to inform you of the following:
1. The Hotel collects and processes personal data concerning you for the purposes of booking, checking in, invoicing, receive payment and sending you communications directly connected to hosting you or booking you in. If provided by you, communicating in order to adapt our services to your personal needs, we will also treat your sensitive data to detect your state of health.
2. Furthermore, provided you give your express consent, these data will be used to send you advertising material, commercial communications, to carry out market research, send greetings cards, as well as to register your stays in the Hotel.
3. The data processing will be performed either out with or without the help of computer systems and all the necessary precautions will be taken to guarantee the security and the secrecy of the information. To ensure the security of all the data processed by electronic means, we have adopted all the security measures.
4. Within the Hotel the data may be processed by all the « persons in charge » of the data process nominated in writing by the Data Processor and adequately trained to comply with the regulations of the law on Privacy.
5. The data may be communicated to third parties, exclusively in order to fulfill the technical and operational needs strictly related to the achievement of the objectives listed above, and, in particular, to the following entities: a) to agencies, professionals, companies or other bodies charged by us with certain administrative, book-keeping, commercial and managerial responsibilities with the aim of sustaining our economic activity, including debt collection; b) to public authorities and administrative bodies for purposes connected with the fulfillment of legal requirements; c) to Travel Click company based in N.Y. – U.S.A. for the online booking service;
6. You are at liberty both to provide us with the data and to give your consent to their processing, but a refusal to consent to data processing referred to paragraph 1 of this statement will make it impossible for us to comply with the provisions of the law;
7. Your data will be stored for a maximum period of 24 months, unless otherwise indicated by law;
8. The Data controller is Ars Hotel srl, in the person of its Legal Representative Massimo Arnone.
9. The Data Processor is ARS HOTEL. You can request at any time the updated list of data processors contacting us at our facility in Via Monte Altissimo, 20/24 00141 Rome Tel. +39 0687180200 Fax. +39 068184403 or by writing to the e-mail: firstname.lastname@example.org
10. At any time you can exercise your rights towards the Data Controller, pursuant to art. 15 and following of the EU Reg. N. 679/2016. For your convenience we reproduce below the text of the art. 15.
Art. 15 – Right of access of the party concerned
1. The data subject shall have the right to obtain from the data controller confirmation as to whether or not a personal data process concerning him exist and, in this case, to obtain access to personal data and the following information:
a) Purpose of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the concerned party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose to their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the party concerned, all information available on their source;
h) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the interested party.
2. Where personal data are transferred to a third country or to an international organization, the party concerned subject shall have the right to be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer.
3. The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 shall not affect the rights and freedoms of others.