1. INTRODUCTION
E.G.A. Emiliana Grandi Alberghi S.r.l. attaches great importance to your privacy and the security of your personal data; for this reason, we collect and process these data with the utmost care and attention, by adopting specific technical and structural measures to ensure the complete security of the processing.
In compliance with Art. 13 of the General Data Protection Regulation (GDPR) EU no. 2016/679 (hereinafter briefly “GDPR”), this Privacy Policy Information Sheet is sent to inform you about how we process the personal data you provided to us as User (hereinafter also briefly “Party” or “User”) of the website www.hotelbrun.com (hereinafter also briefly the “Website”).
2. DEFINITIONS
Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, data regarding his or her location, an online ID or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Processing means any operation or set of operations, performed with or without the help of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special categories of personal data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.
Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Purpose of data processing
E.G.A. Emiliana Grandi Alberghi S.r.l. collects personal data such as name and surname, email, address, navigation data the transmission of which is implicit in the use of Internet communication protocols (IP addresses, URI addresses, other parameters regarding the operating system and the User’s IT environment).
In particular, such personal data are processed for the following purposes:
Purpose
|
Legal basis
|
|
A
|
Navigation on the Website
|
In this case, personal data are processed to fulfil contractual obligations and there is no need for a specific consent by the data subject.
|
B
|
Fulfilment of the obligations arising from laws, regulations, European legislation or provisions laid down by Authorities
|
In this case, personal data are processed to fulfil legal and statutory obligations, and to allow users to enjoy the service or good requested, and there is no need for a specific consent by the data subject.
|
C
|
Forwarding of commercial communications relating to promotions and/or other offers in the interest of the Data Controller or other Companies related to the Data Controller
|
In this case, personal data are processed based on specific User consent, except for commercial communications relating to products and/or services that are similar to those already purchased and/or subscribed by the User, for which the processing of data is based on a legitimate interest of the Data Controller.
|
D
|
Profiling activities, i.e. analysis and processing information regarding the customer, his/her preferences, habits and consumer choices.
|
In this case, personal data are processed based on specific User consent, except for the analysis of elementary data relating to his/her consumer preferences.
|
3. DISCLOSURE OF DATA TO THIRD PARTIES
Your personal data are processed by staff of EGA Emiliana Grandi Alberghi S.r.l. specifically authorized, pursuant to Art. 4, paragraph 10, of GDPR, to process data under specific instructions from the Data Controller.
Furthermore, your personal data will be transmitted to third parties we use for the provision of our services; these entities have been carefully selected by us and ensure compliance with regulations on personal data protection. These entities have been appointed as data processors pursuant to Art. 28 of GDPR, and are required to carry out their activities in accordance with the specific instructions received from EGA Emiliana Grandi Alberghi S.r.l and under its control.
These third parties may belong to the following categories: financial operators; internet providers; IT services specialists; couriers; marketing agencies; market survey and data processing companies. A specific and updated list of these entities is available for consultation by the data subject at the Data Controller’s premises.
The data may be transmitted to third parties in case of mergers, acquisitions, company or branch transfer, and other extraordinary operations, as well as to anyone who is a legitimate recipient of communications under any law or regulation. For the processing purposes described above, your personal data may be transmitted to other companies of the Group of which EGA Emiliana Grandi Alberghi S.r.l. is a member, which will process them in compliance with the applicable data protection legislation and European regulations. It is understood that your personal data will not be disclosed to third parties for use in their own promotional activities and will in no way be disseminated.
Furthermore, your data may be transmitted to police forces and judicial or administrative authorities as required by law for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, as well as to allow EGA Emiliana Grandi Alberghi S.r.l. to exercise or protect their own or third party rights before the competent authorities, and for other reasons related to the protection of the rights and freedoms of others.
The personal data supplied by you may also be disclosed to third parties appointed as Data Processors.
SECURITY BOOKING SYSTEM
D-EDGE uses the credit cards provided at the time of booking in accordance with the PCI DSS (Data Security Standard of the Payment Card Industry) security protocol. All information sent to this site, if in an SSL session, is encrypted and protected against disclosure to third parties.
4. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
As a rule, personal data are not transferred to non-EU Countries or to international organizations; however, some of the third parties referred to in the preceding paragraph 4 may have their headquarters in States not belonging to the European Union.
In such cases, if these third parties do not provide an adequate level of data protection, as determined by specific decisions of the European Commission, your personal data will be transferred only with your consent or after specific agreements have been signed between E.G.A. Emiliana Grandi Alberghi S.r.l. and said third parties, which agreements should contain specific safeguard clauses and appropriate guarantees for the protection of your personal data – so-called “Standard Contract Terms”, also approved by the European Commission, or when the transfer is required to enter into and to execute an agreement between you and E.G.A. Emiliana Grandi Alberghi S.r.l. or for the management of your requests.
5. DATA RETENTION
We inform you that your data will be stored for a limited period of time varying as a function of the type of processing activity and of the specific purposes of the processing, as per example below:
– data collected within the context of the use of services offered by E.G.A. Emiliana Grandi Alberghi S.r.l.: these data will be stored until the termination of the service or erasure of the User’s registration to the service;
– data related to users’ requests made to E.G.A. Emiliana Grandi Alberghi S.r.l.’s Customer Service: the data we require to support you will be kept until your requesthas been fulfilled;
– data provided for commercial communications, opinion polls and market surveys, until User asks that said activity be interrupted and, in any case, no later than 2 years after the last interaction with E.G.A. Emiliana Grandi Alberghi S.r.l.;
– data provided for profiling activities – these data will be kept for no longer than 12 months.
At the end of said retention periods, your data will be permanently erased or in any case made irreversibly anonymous by E.G.A. Emiliana Grandi Alberghi S.r.l.
The Data Subject’s personal data will not be disseminated. The Data Subject is entitled to request a complete and updated list of the individuals or entities designated as Data Processors from the contact person indicated below.
6. YOUR RIGHTS
We inform you that you may exercise the following rights, as provided for and guaranteed by the GDPR, in connection with the personal data covered by this Privacy Policy:
– Right of access and rectification (Articles 15 and 16 of the GDPR): you may access your personal data and ask for their rectification, amendment or supplementation. If you wish, we will provide you with a copy of your data stored with us.
– Right to erasure (‘right to be forgotten’) (Art. 17 of GDPR): in the cases provided for by the law you can request the erasure of your personal data. After receiving and analysing your request, is this is deemed to be legitimate, we will discontinue the processing and delete your personal data.
– Right to restriction of processing (Art. 18 of GDPR): you have the right to ask that the processing of your personal data be restricted if your data have been unlawfully processed or in case of a dispute concerning the accuracy of the Data Subject’s personal data.
– Right to data portability (Art. 20 of GDPR): you have the right to ask the Controller give you all your personal data in order to pass them to another Data Controller in the cases specified in the recalled article.
– Right to object (Art. 21 of GDPR): you have the right to object, at any time, to the processing of your personal data based on our legitimate interest by explaining the reasons for your request; before accepting it, E.G.A. Emiliana Grandi Alberghi S.r.l. will evaluate the reasons for your request.
– Right to lodge a complaint (Art. 77 of GDPR): you have the right to lodge a complaint with the competent Data Protection Authority if you believe that your rights related to the processing of your personal data have been or are being violated.
You may exercise your rights at any time in connection with the specific processing procedures relating to your personal data performed by E.G.A. Emiliana Grandi Alberghi S.r.l., with an email to: privacy@monrifhotels.com.
For more information about the rights of the Data Subject, contact the Data Controller to ask for a full extract of the articles mentioned above.
7. SECURITY MEASURES
We strive to protect your personal data with specific technological and organizational security measures aimed at preventing your personal data from being used illegally or fraudulently.
We test, check and regularly evaluate the effectiveness of said security measures in order to ensure continuous improvement in the security of our processing system.
8. AMENDMENTS TO THIS PRIVACY POLICY
The constant evolution of our services may involve changes in the characteristics of the processing of your personal data described heretofore. This Privacy Policy may be amended or supplemented from time to time, as deemed necessary under new regulatory measures concerning the protection of personal data, or any new trends or changes in our services.
Therefore, we invite you to periodically check the contents of our Privacy Policy; where possible, we will inform you immediately about any changes and their consequences
The updated version of the Privacy Policy will be published on www.hotelbrun.com with indication of the date of its last update.
COOKIES
Definitions
Cookies are short text fragments (letters and/or numbers) that allow the web server to store information on the client (browser) to be reused during the same visit to the website (session cookies) or later, even at a distance of days (persistent cookies). Cookies are stored, according to user preferences by a single browser on the specific device used (PC, tablet, smartphone). Similar technologies may be used to collect information on the user’s behaviour and on the use of the services.
In the next sections of this document we will refer to cookies and to all similar technologies by simply using the term “cookie(s)”.
Types of cookies
We can distinguish different categories of cookies based on their characteristics and use:
– Strictly necessary cookies. These are indispensable for the proper operation of our website; they are used to manage login and access to restricted functions of the website, generally for faster, improved or customized service levels for users. Their duration is either strictly limited to the single work session (they are erased once the browser is closed) or longer when their purpose is to recognize the visitor’s computer. Their deactivation may affect the use of services that can be accessed through a login, while the public part of the website remains normally usable.
– Analytical/performance cookies. These cookies are used to collect and analyse traffic and the use of the website anonymously. Although they do not identify the user, they allow us, for example, to recognise the same user when he or she comes back in our website at different times. They also allow for the monitoring of the system, in order to improve its performance and usability. These cookies can be disabled without any loss of functionality.
– Profiling cookies. These are persistent cookies, used to identify (anonymously or non-anonymously) the user’s preferences and improve his/her browsing experience by sending him/her advertising messages in line with the preferences expressed during navigation.
Third party cookies
When visiting a website, you may receive cookies from the visited site (“Owner”) or from websites managed by other organizations (“Third Parties”). One example is the presence of “social plugins” (e.g., Facebook, Twitter, Google+) aimed at sharing content on social networks. The presence of these plugins involves the transmission of cookies from and to all the websites managed by third parties. The management of information collected by “third parties” is governed by the relevant information sheets, to which we refer the user.
Management of cookies
Users can decide whether to accept or reject cookies by using their browser settings.
Waiver of cookies
Totally or partially disabling technical cookies could prevent registered users from using certain functionalities of the website. Conversely, public contents can be accessed even if cookies are completely disabled.
Disabling third-party cookies does not affect navigability. Settings can be defined specifically for different websites and web applications. The best browsers allow users to define different settings for proprietary cookies and for third-party cookies.
For example, in Google Chrome, click on the wrench in the upper-right corner and select “Settings”. At this point, select ‘Show advanced settings (“Under the hood”) and change your privacy settings.
Chrome: https://support.google.com/chrome/answer/95647?hl=it
Internet Explorer: https://support.microsoft.com/it-it/help/17479/windows-internet-explorer-11-change-security-privacy-settings
Opera: http://help.opera.com/Windows/10.00/it/cookies.html
AUTOMATED TREATMENTS
D-EDGE does not send profiled emails, however it uses profiling cookies. For the details of the profiling cookies used and their interaction with social tools, refer to the Cookie Policy.
The website uses Google Analytics. This is a web analysis service provided by Google Inc. (“Google”), which uses cookies that are placed in the user’s computer to allow for statistical analysis in aggregated form concerning the use of the visited website.
The website operator has enabled the anonymisation function for the IP address and subscribed the amendment on data processing in accordance with the European Directive 95/46/EC.
The purpose of these cookies is to provide users with advertising spaces that can be installed by third parties. Some are used to recognize individual advertising messages and know which ones have been viewed and when, so that, at the following visit on other affiliated websites, banners and/or advertising relating to certain products will be displayed based users’ navigation patterns. Users are assigned a technical identifier, but in no case shall personal identification data, such as the user’s name or address, be collected.
Other advertising cookies are used to assume a user navigation “profile”, so as to propose advertising in line with his/her behaviour and interests in the web. This “profile” is anonymous and the information collected by these cookies do not allow the user’s identity to be traced.
We specifically highlight the use of “Google Analytics”, “Linkedin Ads” and “Facebook Ads”, including the so-called “advertising function”.
This is a web analysis service provided by Google, Linkedin, and Facebook, which use analytical cookies, that are installed on the user’s computer, to perform statistical analyses on aggregated data regarding the use of the visited websites. They also allow for visitor profiling (after their identification through “detection cookies”) based on the information contained in their ‘advertising cookies’, concerning three categories: age, sex, and marketing segments.
Visit https://www.google.com/analytics/learn/privacy.html?hl=itfor more information about the Google service.
Visit https://it-it.facebook.com/privacy/explanation for more information about the Facebook service.
Visit https://www.linkedin.com/legal/privacy-policy
Google’s Information Sheet: http://www.google.com/intl/it/policies/privacy/ regulates the processing of the personal data of the users who use products and services offered by Google.
To consult the Privacy Policy of Google Inc., the autonomous Data Controller of the data processed by the Google Analytics service, see the following link: Http://www.google.com/intl/en/analytics/privacyoverview.html
The list of the cookies used by Google Analytics is available at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage).
The Google Analytics opt-out browser add-on is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=it.
Linkedin’s Privacy Policy is available for consultation at the following link: https://www.linkedin.com/legal/privacy-policy
The list of the cookies used by Linkedin is available at the following link: Https://www.linkedin.com/legal/cookie-table, where users can also control cookies.
9. DATA CONTROLLER
Your personal data are processed by E.G.A. Emiliana Grandi Alberghi S.r.l., with registered office in via E. Mattei, 106 – 40138 Bologna (Italy), in its capacity of Data Controller pursuant to the EU GDPR.
For any question or request related to the processing of your personal data, you may contact the following
10. GROUP DPO
The contact details of the Group DPO are: dpo@monrif.net