This policy statement describes the methods of website management with respect to the processing of the personal data of users who consult it, together with practices for processing data transmitted through this site from persons concerned to the Data Controller.
This statement is made pursuant to GDPR UE 697/2016 – the Code for the Protection of Personal Data – to those who interact with the web services of the company Hotel Galli Fetovaia srl, which can be accessed telematically through the web address www.hotelgalli.it .
The statement applies exclusively to the website in question and not to other websites which users may access through links.
THE DATA CONTROLLER
The “controller” of the data processing is : Hotel Galli Fetovaia srl, Via Fetovaia 115 – 57034 Campo nell’Elba – LI – Italia, Tel: +39 0565 908006 E-mail email@example.com
2 The Application of this Policy
This Policy applies to personal information regarding guests and the other individuals or who visit us and to the use of that personal information in any form, whether oral, electronic and/or written. This Policy gives effect to our commitment to protect your persona data.
3 Types of Personal Information We Collect
The term “personal information” in this Policy refers to information that identifies or is capable of identifying you as an individual. The types of personal information that we process may include:
- your name, gender, personal and work contact details, business title, date and place of birth, image, nationality, and passport and visa information;
- guest stay information, dates of arrival and departure, goods and services utilised, special requests made, observations about your service preferences (including vacation preferences), faxes, texts and telephone messages received;
- your credit card details, payment method details;
- any information necessary to fulfil special requests (e.g., health conditions that require specific accommodation or services);
- information, feedback or content you provide regarding your marketing preferences to our websites and those of third parties;
- information collected whilst you access to our website;
- contact and other relevant details concerning individuals with whom we do business (e.g., travel agents); and
in limited cases, information relating to the credit of customers.
There may be instances in which the personal information that you provide to us or that we collect is considered Sensitive Personal Information under the privacy laws. Those laws define “Sensitive Personal Information” to mean personal information from which we can determine or infer an individual’s racial orethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional association, physical or mental health or condition, medical treatment, genetic data, biometric information, and information about an individual’s sexual life or sexual orientation. If we rely on consent to process your Sensitive Personal Information, you have the right to withdraw that consent at any time.
Save to the extent required by law, you are not obliged to provide Residence On Line srl with any of your Sensitive Personal Information, and should you choose not to, this will not prevent you from purchasing any products or services from Residence On Line srl.
4 How We Use Personal Information
Subject to applicable laws, we may collect, use and disclose portions of your personal information in order to:
- provide and charge for apartment accommodation and other goods and services;
- provide you with a better or more personalized level of service, including information and services from a third party (such as local attractions and transportation options);
- facilitate services on your behalf, including restaurant and transportation transactions;
- fulfil contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g., travel agents, group travel organizers) and vendors (e.g., credit card companies);
- provide for the safety and security of staff, guests and other visitors;
- administer general record keeping;
- meet legal and regulatory requirements;
When we process your personal information as one of our guests or someone else with whom we do business, we do so in our legitimate interests (as detailed above), because of legal obligations we are subject to or because the information is required to fulfil contractual obligations to you, anyone involved in making your travel arrangements (e.g., travel agents, group travel) and vendors (e.g., credit card companies). Hotel Galli Fetovaia srl uses and retains your personal information for as long as is necessary to fulfil the purpose for which it is being processed, and in line with our legal and regulatory obligations and risk management guidelines.
5 Disclosures of your Personal Information
From time to time, we may disclose your pers sonal information. We would always make that disclosure in accordance with applicable law. Circumstances where we might make such disclosure (in addition to those described in Section 4 above) include:
5.1 Legal Requirements
We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain personal information collected and to process such personal information to comply with accounting and tax rules and regulations and any specific record retention laws.
6 Information We Collect When You Visit Us Online
If you access our website, you may wish to know the following:
6.1 You Can Browse Without Revealing Who You Are
You can always visit our websites without logging in or otherwise revealing who you are.
6.2 Usage Information
When you visit our websites, we collect information about how you use those websites. Examples of such information include the Internet Protocol address automatically assigned to your computer each time you browse the Internet, the date and time of your visit, the pages you access and the amount of time you spend on each page, the type of Internet browser you use, your device’s operating system and the URL of any websites that you visited before and after visiting our website. That information is not linked to you as an individual.
We use cookie technology on our websites to allow us to evaluate and improve the functionality of our websites. Our cookies by themselves cannot be used to reveal your identity. They identify your browser or device, but not you, to our servers when you visit our websites. If you do not want to accept cookies, you can block them by adjusting the settings on your Internet browser. However, if you block them, you will not be able to use all of the features of our websites, including the customization features associated with creating a user profile. Further information about cookies and other similar technology and how they work is available at allaboutcookies.org.
6.4 Links to Other Websites
If you visit our website and decide, for example, to purchase the ferry ticket, you may be seamlessly linked to websites maintained by third parties with whom we have contracted to provide those services. This Policy, and our responsibility, is limited to our own information collection practices. We are not responsible for, and cannot always ensure, the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites.
The personal information we collect from you online is stored by us and/or our service providers on databases protected through a combination of physical and electronic access controls, firewall technology and other reasonable security measures. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of personal information that may affect you so that you can take the appropriate actions for the due protection of your rights.
6.6 Minor Children
Our websites do not sell products or services for purchase by children and we do not knowingly solicit or collect personal information from children. If you are under the age of 18 (or a minor in the jurisdiction in which you are accessing our websites), you may only use our websites with the involvement of a parent or guardian.
You may always choose what personal information (if any) you wish to provide to us. However, if you choose not to provide certain details, some of your experiences with us may be affected (for example, we cannot take a reservation without a name).
8 Your rights
Under data protection law in Europe, you have various rights in relation to the personal information about you that we process. With some limited exceptions, you have rights to access and update personal information held about you. If you want to inquire about any personal information we may have about you, you can do so by sending us a written request by letter or email to the addresses set out in Section 10 below. Please be sure to include your full name, address and telephone number and a copy of a document evidencing your identity (such as an ID card or passport) so we can ascertain your identity and whether we have any personal information regarding you, or in case we need to contact you to obtain any additional information we may require to make that determination. Where you make more than one request in quick succession, we may respond to your subsequent request by referring to our earlier response and only identifying any items that have changed materially.
You may request that we correct, delete, and/or stop or restrict processing or using personal information that we hold about you by sending a letter or email to the addresses set out in Section 10 below. If we gree that the personal information is incorrect, or that the processing should be stopped, we will delete or correct the personal information. If we do not agree that the personal information is incorrect we will tell you that we do not agree, explain our refusal to you and record the fact that you consider that personal information to be incorrect in the relevant file(s).
You may also seek to exercise your right to data portability by sending a letter or email to the addresses set out in Section 10 below.
Finally, you may in some circumstances have the ability to object to the processing of your personal information on the grounds of your particular situation. You may do so by sending us a written request by letter or email to the addresses set out at Section 10 below. If we agree that you are entitled to so object, we will cease to process your personal information.
If you are unhappy with the way we have handled your request, you can escalate your concern to the Chief Privacy Officer by sending an email to firstname.lastname@example.org
9 Changes to this Policy
Just as our business changes constantly, this Policy may also change. Where the Policy changes, we will take appropriate steps to bring the amendment to your attention. To assist you, this Policy has an effective date set out at the end of this document.
10 Request for Access to Personal Information/Questions or Complaints
If you have any questions about this Policy, about the processing of your data described, or any concerns or complaints with regard to the administration of the Policy, or if you would like to submit a request to exercise your rights in relation to the personal information that we maintain about you, please contact us by any of the following means: by e-mail at email@example.com or by mail at Hotel Galli, via Fetovia 115, 57034 Campo nell’Elba (LI-Italia)
All requests for access to your personal information must be submitted in writing by letter or email. We may respond to your request by letter, email, telephone or any other suitable method.
Effective Date: 22 May 2018