Information regarding the handling of personal information
This page describes the website management modes in reference to the processing of personal data referring to the visitors and customers that access it. It is information provided pursuant to art. 13 Reg. EU no. 679/2016 – hereinafter referred to as the GDPR – for those persons interacting with web services of the company NAMASTE S.R.L., owner and holder of the website WWW.HOTELPOSILLIPO.COM, accessible remotely from the address: https://WWW.HOTELPOSILLIPO.COM, corresponding to the home page of the Hotel Posillipo official website. The information is only made available for the website WWW.HOTELPOSILLIPO.COM and not for other websites that may be consulted by the user via links.
The Data Controller
After consulting this website, data may be processed that refers to identified or identifiable people. The Data Controller is HOTEL POSILLIPO belonging to NAMASTE S.R.L. , with registered offices in via Archimede 13, 47841 Cattolica (RN) and operational site in Via Dell’Orizzonte 1, 61011 Gabicce Mare (PU), enrolled in the Rimini Company Register.
Location of data processing
Personal data connected with web services on this website is collected and processed at the premises of the company NAMASTE S.R.L. using automated tools.
Purpose of data processing
The user’s personal data is collected and processed for the time strictly necessary to achieve the purposes for which they are acquired, and in particular:
- for reasons directly connected with and instrumental for the provision and management of booking services for the rooms provided by HOTEL POSILLIPO
- to obtain statistical information about the use of software and to check that it functions correctly;
- for the sending of information, sales and promotional material (for marketing purposes) regarding the HOTEL POSILLIPO services, in the event of specific authorisation from the data subject;
- for surveys about service quality and customer satisfaction (surveys carried out with the user’s consent), both directly and also with collaboration of specialised operators;
Personal data are collected and processed by the Data Controller, also in pursuit of their legitimate interests, including:
- fulfilment of legal obligations (for example the remote transmission of data to Police in fulfilment of obligations set out in article 109 of the Consolidated Text of Laws on Public Security. – Notification of guests to local police station);
- protection against fraud;
- safety measures;
- for the reporting of crimes to the judicial authorities.
The processing of personal data collected via the HOTEL POSILLIPO website is legally based on the data subject’s consent, which can always and in all cases be revoked via a request for erasure by the latter. Processing will be carried out in automatic and/or manual mode, in observance of the content of article 32 of the GDPR 2016/679 on security measures, carried out by the above-stated data controller and in fulfilment of the content of article article 29 GDPR 2016/ 679. In observance of the principles of legality, limitation of the purposes and minimisation of data, pursuant to article 5 GDPR 2016/678, and further to the free, express consent provided electronically on the website www.hotelposillipo.com, the personal data will be stored for the time required to achieve the purposes for which the data was collected and processed. In particular, once collected, the data will be entered and categorised in a specific data archive in both hard and digital format, managed and maintained by the data controller. Specific security measures are observed by the data controller to prevent any loss of data, illicit or incorrect use and unauthorised access.
Types of data processed
User’s Personal Data (Registration Data). To user the booking services on the website www.hotelposillipo.com, the user must fill out the registration form and provide specific information. The data considered essential for the service are highlighted by an asterisk. Non-provision of the data marked with an asterisk will prevent the services requested by the user from being provided. Other data that are not necessary for the service to be provided, may be requested, but can be provided freely, with the consequence that refusal to provide said information will not prejudice the carrying out of the service that the user has requested. Browsing data, computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the internet communication protocols. This is information that is not collected to be associated with identified subjects, but by its very nature could, by processing and association with data held by third parties, allow users to be identified. IP address or domain names of the computers and terminals used by the users connecting to the website, URI (Uniform Resource identifier) addresses of requested resources, the request time, the method used when making the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc) and other parameters regarding the operating system and the user’s IT environment are all included in this category. These data can be used solely to obtain anonymous statistical information about website use and to check their correct function and are erased immediately after processing. Data provided voluntarily by the user. The optional, express and discretionary sending of emails to the addresses provided on this website will entail the subsequent acquisition of the sender’s email address, which is necessary for responding to requests and for any other personal data entered in the letter.
Transfer of personal data
The data subject’s data as collected on the website www.hotelposillipo.com will not be transferred to member states of the European Union or to third countries that do not belong to the European Union.
Existence of an automated decision-making process, including profiling
NAMASTE S.R.L. does not implement any automated decision-making process, including profiling, as set out in article 22, paragraphs 1 and 4, EU Regulation no. 679/2016.
Realm of communication and diffusion
Collected data will never be distributed and will not be communicated without the data subject’s express consent, with the exception of communications required to fulfil legal obligations.
Strictly necessary cookies:
to provide the requested and essential services, to allow the user to browse the website and to use the characteristics without which some services (e.g. Room booking) cannot be provided.
which allow a user to remember the choices made (e.g. Name, language, region, character and size of text) and provide optimised, personalised characteristics to improve their online experience.
that collect anonymous information on the web pages visited for statistical purposes.
for tracking users, used to personalise and improve website use.
(that are not stored persistently on the user’s computer and disappear when the browser is closed), strictly limited to the sending of session identification (random numbers generated by the server) required to allow secure, effective website exploration and that prevent the use of other computer techniques that are potentially harmful to the confidential nature of user browsing. Cookies can be eliminated by the browser by using function on their own browsing programme. However, if acceptance is not provided, this may in some cases mean that it is impossible to use the service or to carry out user’s requests correctly.
Social media and third-party cookies and widgets:
While using the website, it may be possible to notice information not belonging to HOTEL POSILLIPO, but to third-party companies that may send their own cookies. On the website www.hotelposillipo.com the following third-party cookies can be found: Google, Tripadvisor, Facebook. The company has no access to or control over these cookies, therefore please refer to the information provided by the respective companies.
The data subject’s rights
– Right of Access and Rectification:
In relation to their own personal data processed by the data controller, ex Art. 13, para. 2, GDPR, data subjects have the right:
- to access these data;
- to the rectification or erasure of data;
- to restrict their data;
- to object to the processing of their data.
– Right to erasure:
Data subjects also have the right to ask for their personal data to be erased without delay, exercising the right to be forgotten, ex article 17 GDPR, if one of the following reasons exists:
- the personal data are no longer necessary with regard to the purposes for which they were collected or otherwise processed;
- the data subject revokes the consent on which processing is based in compliance with article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a) GDPR and if not other legal basis for processing exists;
- the data subject objects to processing pursuant to article 21, paragraph 1 and no prevailing legal reason exists to proceed with processing, or the data subject opposes processing pursuant to article 21, paragraph 2 GDPR;
- the personal data has been unlawfully processed:
- the personal data must be erased to fulfil a legal obligation foreseen by the right of the Union and of the member state that the data controller is subject to;
- the personal data have been collected with regard to the services offered by company aimed at minors.
If personal data has been made public and is forced to erase them, the data controller, bearing in mind available technology and implementation coses, must adopt reasonable measures to inform data controllers that are processing the personal data about the data subject’s request to erase any link, copy or reproduction of their personal data.
The Right to be Forgotten cannot be exercised by the data subject if processing is necessary:
- for exercising the right to freedom of expression and information;
- To fulfil a legal obligation that requires the processing provided for by EU law or that of the member state that the data controller is subject to or to carry out a task performed in public interest or in exercising public powers that the data controller is invested with;
- for reasons of public interest in the public health sector, in compliance with article 9, paragraph 2, letters h) and i), and article 9, paragraph 3 GDPR;
- for the purpose of storing in the public interest, for scientific, historical or statistical purposes pursuant to article 80, paragraph 1 GDPR, to the extent that the right to be forgotten risks making the achievement of goals for said processing impossible or seriously affected;
- for verification, exercising or defence of a right in court.
– Right to restriction of processing:
The data subject has the right to have the data control restrict processing ex article 18 GDPR, when the accuracy of the personal data is contested, for the period required for the data controller to verify the accuracy of said personal data; processing is unlawful and the data subject objects to the erasure of their personal data and instead requests that use is restricted; although the data controller no longer needs the data for processing purposes, but the personal data are required by the data subject to verify, exercise or defend a right in court; the data subject contests processing while awaiting verification of any prevalence of the data controller’s legitimate reasons over the data subject’s.
– Right to data portability:
The data subject also has the right to data portability, pursuant to article 20 GDPR and thus to receive their personal data provided to a data controller in a structured, commonly used and machine-readable format and has the right to send said data to another data controller without being prevented by the data controller to whom it was provided, if processing is based on consent to processing for one or more specific purposes and if processing is carried out automatically.
– Right to object:
The data subject has the right to object, ex. Article 21 GDPR, at any time, for reasons connected with their personal situation, to the processing of their personal data that have been provided by them to the data controller for one or more specific purposes.
Procedure for exercising of the data subject’s rights
Requests for exercising one’s own rights must be made by the data subject to the following email address: firstname.lastname@example.org or by recorded post with proof of receipt to HOTEL POSILLIPO di NAMASTE S.R.L. in VIA DELL’ORIZZONTE 1, 61011 GABICCE MARE (PU)
Lodging a complaint with the control authority
Without prejudice to any other administrative or legal action, the data subject that believes that processing of their data violates the GDPR regulations has the right to lodge a complaint with a control authority, in the member state in which they habitually reside, work or in the place where the alleged violation occurs, pursuant to article 77 GDPR. For the purpose of the herein privacy information, pursuant to article 4 para. I no. 23, GDPR, the processing of personal data carried out on this website by HOTEL POSILLIPO belonging to NAMASTE S.R.L. takes places in the realm of the activities in a single site within the European Union and substantially affects or can affect data subjects in more than one member state. For this reasons, in the event of a data subject who resides in another member state than the one of the site, they may lodge a complaint with the control authority of the EU country where they habitually reside.