Personal data treatment
Information pursuant to European Union Regulation no. 2016/679 - European regulation on the protection of personal data
in accordance with Article 13 of the “European Rule 2016/679” (following called GDPR), We desire to inform you, the processing of Your personal data will follow an ethos of correctness, lawfulness and trasparency, in full compliance with Your privacy right.
Purpose of the Processing
Your data will be processed, only Your prior specific consent, for the following purposes:
- Registration to the "Newsletter";
- Provision of the service "Guestbook";
- Notification through the area "Contacts";
- Provision of the service "Booking On-line", made through the gateway https://secure.soltourism.it/Rooms.aspx
Method of Processing
The processing of Your data will be made through the operations mentioned in Article 4 n. 2 of the GDPR, that is: collecting, recording, organization, maintenance, consultation, elaboration, modification, selection, extraction, compares, use, interconnection, block, communication, cancellation and destruction of the data.
The processing of the collected data will be made both in papery form and with the aid of computer, telematic and automated tools, inserting them in files managed by entity in charge.
The data will be processed throughtout the relationship and kept for the time limits provided for in laws, rules or in the community legislation and, however, for no longer than is necessary for the purposes for which they have been picked and/or processed.
The processing of Your personal data is carried out by the staff working into Hotel Palazzo Guardati located in Via Sant'Antonino, 24/26 – 80067 – Sorrento (NA).
Data connected to the service “Contact Us” and “Guestbook” and/or “Newsletter” can be also processed by the staff working for the company which maintains the technological part of our web site, JUSTWEB S.r.l. (Responsible in Outsourcing for Processing), at the premises of the company in question and/or consulting data stored on their own server.
Data connected to the service of booking on line can be processed by the staff working with the company managing the system “Booking On Line”, SOLTOURISM S.r.l (Responsible in Outsourcing for Processing), at the premises of the company in question and/or consulting data stored on their own server.
Access to Data
Your Data could be made accessible for the above referred purposes:
- To the employees and co-workers of the Controller, as internal in charge of and/or responsible for the processing;
- To third companies or other subjects (for example professional firms, consultants, web site maintenance and management firms, payment online management companies, etc.) operating in outsourcing on behalf of the Controller, as external in charge of the processing, and having access to the data with appropriate timeframes and for the only purposes connected with the administering of above written services.
Disseminating and Communicating of the data
Your data won’t be spread and, without asking Your express consent – Article 6 letter b) and c) of the GDPR - We can communicate them only to:
- Institution’s bodies to monitor on grounds of Public Security;
- External entity formally entrusted with;
- Credit Institutions, tourist agencies and data processing companies regarding the temporary handling of the only data connected with the commercial and financial aspect of the transaction with Hotel Palazzo Guardati.
All further correspondence will be only with Your express consens.
Your personal data are stored in servers located at the Registered and Field Office in Sorrento within the European Union. It is in any case understood that the Controller, if necessary, can move servers also in places outside the European Union. In this case, the Controller shall ensure from now that the data transfer outside the European Union will take place in accordance with the legal requirements applicable, after concluding the standard contract terms laid down by the European Commission.
From time to time, the precondition for the legal data transfer is:
a) the existence of adequacy decisions delivered by the European Union Commission for some countries which guarantee the same degree of protection of data transferred as guaranteed in the European Union (so that it will be possible to transfer dat without restrictions or consent, as for example in case of data transfer to Australia, Argentina, New Zelanda, Uruguay, Israel, Hong Kong, Switzerland);
b) the need to fully implementation of the commitments undertaken by Hotel Palazzo Guardati, also of a contractual nature, or, finally, to achieve the legitimate contractual interests on the society in reference.
Nature of the providing of the data and consequence of the rejection to answer
The providing of the data, within the referred processing, is optional.
But the refuse to provide these data will imply the lack or partial possibility for the Hotel Palazzo Guardati, to furnish the above mentioned services. In any event and in reference to all the personal data given through the web site, the conferment and every operation of processing sensitive and judicial data is excluded.
The Controller is:
Place of business: Via S. Antonino 24/26 – 80067 – Sorrento (NA)..
The name of the processor is available at the place of business, also calling at the following contact details:
Data subject's rights
As data subjects, at any moment You can resume Your rights against the Controller, in accordance with the article 15 of the GDPR:
i. obtaining the confirming of existence of any personal data concerning You, even if not yet registered, and the communication of them in an intelligible form;
ii. obtaining informations regarding: a) the source of the personal data; b) purposes and modalities of data processing; c) logic involved in any automatic processing of data; d) the identification details of the Controller, of the processors, and of the designated representatives in accordance with article 3, paragraph 1, GDPR; e) the subjects and the categories of subjects to which the personal data may be communicated or which may become aware as designated representative in the territory of the State, as data controller or processor;
iii. obtaining: a) the updating, the correction or, if interested, the integration of data; b) the erasure, the change anonymously or the blocking of the data processed in violation of the law, including data, which is not necessary to store in relation to the purposes for which these data were collected and processed; c) the attestation that the operations referred to in letters a) and b) have been brought also regarding their content to the attention of whom the data were communicated or spread, except if this obligation is impossible or requires using means disproportionate with the protected right;
iv. objecting, in whole or in part, a) for legittimate reasons to the processing of personal data, even if relevant to the purpose of the collection; b) to the processing of Your personal data with the purpose to send advertising material or to sell directly or to do market research or commercial communications, using automated calling systems without human intervention or electronic mail or using traditional marketing systems with phone or paper mail. It is recalled that the objection right referred in point b) to direct marketing purpose made with automatic means covers also traditional marketing forms and however this is without prejudice to the right of the person concerned to exercise his right only in part. Therefore the individual citizens can choose to receive only communications through traditional means or only automated communications or none of the two tipes of communications.
Where applicable, You have also rights under articles 16-21 GDPR:
- Right to rectification (article 16);
- Right to cancellation - Right to be forgotten (article 17);
- Right to restriction of processing (article 18)
- Duty of notification in case of rectification or cancellation of personal data or in case of restriction of processing (article 19);
- Right to data portability (article 20);
- Right to object (article 21);
- Right to withdraw Your previous consent to processing Your personal data at any time;
- Right to lodge complaints with the Competition Authority.
How to exercise rights
You can exercise your rights at any time by contacting the following addresses: