Pursuant to Article 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27/04/2016, hereinafter GDPR, the Company GRAND HOTEL SATA LUCIA S.R.L., as data controller, informs you that this page describes the methods of processing of personal data of users who consult the website www.santalucia.it and that this information does not concern other sites, pages or online services that can be reached through hyperlinks that may be published on the Websites but refer to resources outside the domain of the Hotel Santa Lucia.
Your personal data are processed for the following Purposes of Service:
A1) Pursuing its own legitimate interest, consisting in ensuring the security of the Website www.santalucia.it and the information exchanged on it, i.e. the ability of such Website to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible;
A2) Acquisition of personal data (first name, last name, tax code) and contact data (address, e-mail, telephone), contractual and administrative information (such as the date of the contract, type of business relationship, payment information, etc.) to enable the Holder to carry out pre-contractual activities and comply with contractual obligations, to manage administrative and accounting fulfillments and to allow us to assist and contact the Client via telephone and/or e-mail communications;
A3) to fulfill the obligation under the “Testo unico delle leggi di pubblica sicurezza” (Article 109 R.D. 18.6.1931 n. 773), which requires us to communicate to the Police Headquarters, for public security purposes, the generalities of the clients accommodated according to the modalities established by the Ministry of the Interior (Decree January 7, 2013).
A4) Acquisition of personal data for carrying out para-commercial activities related to Marketing (e.g. Mailing list, web marketing, promotional activities through social campaigns);
A5) Acquisition of personal data to enable the Company to carry out performance quality assessment activities aimed at improving the services provided (“Customer Satisfaction”) through automated processes in an anonymous form;
A6) Fulfill obligations required by law, regulation, EU legislation or an order of the Authority (such as, for example, in the area of anti-money laundering);
A6) To exercise the rights of the Data Controller, for example, the right to defense in court (Art. 24 Const.).
Your personal data subject to processing are collected directly by the Data Controller or by the person expressly authorized by the Data Controller.
The legal basis for the processing of data for the purposes referred to above in A2) is Art. 6 paragraph 1 letter b of the Regulations (processing necessary for the performance of a contract or pre-contractual measures), as the processing is necessary for the provision of services or for the response to requests from the data subject. The provision of Personal Data for these purposes is optional, but failure to provide it would make it impossible to activate the services requested or to respond to Your requests.
The legal basis for the processing of data for the purposes referred to in A3) above is Art. 6 paragraph 1 letter c of the Regulation (fulfillment of a legal obligation), as the processing is in response to a legal obligation and is necessary for the provision of services or for the acknowledgment of requests by the data subject.
The legal basis for the processing of data for the purposes referred to in the aforementioned point A4) is Article 6 paragraph 1 letter a of the Regulations for which your data may be lawfully processed only with your consent, which is specific, separate, express, documented, prior and entirely optional. With regard to those processing purposes for which your consent is required, we inform you that your refusal will not affect the obligations otherwise undertaken.
The legal basis for the processing of data for the purposes referred to in A2), A5) and A6) is legitimate interest within the meaning of Article 6(1)(f) of the Regulations (processing necessary for the pursuit of the legitimate interest of the data controller or third parties) and does not require your consent.
Your data are processed lawfully and fairly, in accordance with the provisions of Articles 5 and 6 of the Regulations for the pursuit of the purposes indicated above and in compliance with the fundamental principles established by the applicable legislation.
The processing of personal data may be carried out using both manual and computer and telematic tools, but always under the supervision of technical and organizational measures suitable to guarantee their security and confidentiality, especially in order to reduce the risks of destruction or loss, even accidental, of the data, unauthorized access, or processing that is not permitted or does not conform to the purposes of collection.
Subject of the processing are personal data concerning your person acquired through the services made available on the website www.santalucia.it, as well as any data transmitted by e-mail or telephone.
Within the limits pertinent to the purposes of the processing of the indicated data, only employees authorized to their processing and belonging to the organizational structure of the Data Controller may become aware of them.
It should be noted that, your data may be transmitted to the following recipients:
— Authorized internal processors
— IT companies
The list is available at the headquarters of the Data Controller
In accordance with the principle of “limitation of storage” set forth in Article 5, of Regulation (EU) No. 679/2016 (GDPR), the collected data subject to processing for the purposes set forth above will be retained in accordance with the deadlines stipulated in the legal regulations and, thereafter, for as long as the Company is subject to retention obligations for purposes stipulated in the law or regulation. Verification of the obsolescence of retained data in relation to the purposes for which they were collected is carried out periodically.
In any case, data are expected to be retained for a maximum period of:
Contractual data: 10 years.
Marketing data: 3 years
Profiling activities are planned for statistical purposes through anonymized processes;
In your capacity as a data subject, you have the rights set forth in Article 15 GDPR, namely the rights to:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent and if there is no other legal basis for the processing;
(c) the data subject objects to processing under Article 21(1) and there is no overriding legitimate ground for processing, or objects to processing under Article 21(2);
(d) personal data have been processed unlawfully;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) personal data have been collected in connection with the provision of information society services referred to in Article 8(1).
(a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
(c) although the data controller no longer needs the personal data for the purposes of the processing, the personal data are necessary for the data subject to establish, exercise or defend a legal claim; and
(d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller override those of the data subject.
Propose complaints to a supervisory authority (Autorità Garante per la protezione dei dati personali — based in Rome, Piazza Venezia n.11 — www.garanteprivacy.it );
The Data Controller is GRAND HOTEL SANTA LUCIA S.R.L. based in Via Santa Lucia 173 — 80132 Naples — P IVA 10481541216.
The Data Controller can be contacted at the following e-mail address: info@santalucia.it
A Data Protection Officer (DPO) has been appointed, Silvio Tortora Maione, who can be contacted at the following e-mail address: silvio@itadvice.it