PRIVACY: Information provided to guests for the processing of personal data (Art. 13 D.Lgs 30 June 2003, No.196)
Dear Guest, privacy has always been a key point of our work philosophy. Is for fulfilling this will that we prepared this communication and detailed information plus specific forms in which guests shall recognize our policies and appreciate our transparency
We invite our Guests to examine them and to give their consent, where required, in registration form at the reception desk.
WHICH DATA ARE TREATED
> Information provided by the guest or by a third party acting on his / her behalf (generality, identity card details, generality of the companion, particulars required to meet the special needs of the host or his / her accompanist), also through the Organization (travel agency, company, association, other) that has organized or offered to the visitor the permanence at our facilities,
> Information about staying in our facilities (period and time of stay, room / structure occupied or reserved, reservations)
> Information about the services requested or used (phone calls made, alarm clocks, wifi, etc.)
> Information that originates from the stay in our facilities (needs treated by the staff responsible for meeting them, requests and reservations sent to the reception or through the reception, etc.), which, in the absence of a specific consent or particular needs, are preserved only for the time necessary to ensure the best service
> In some cases data relating to the Organization (travel agency, company, association, etc.) that has organized or offered to the visitor the stay at our facilities
> Data obtained from the questionnaires of "satisfaction rating" or during telephone interviews, always assessing the degree of satisfaction
> When using the wifi internet access: information about visited sites and internet transactions associated with the IP address used by the guest (navigation log) more specifically, such data:
- will be kept for at least 6 months and will remain available to the Police Authorities to which they may be notified in connection with activities related to the prevention or repression of crimes
- could be associated with the host exclusively through specific procedures that will only be activated on after request by the Authority
> In the case of payment by credit card or check, a photocopy of the identity document can be requested and obtained as guarantee of correct identification of the customer, which will be kept, unless different requirements, until the payment is well completed and/or the in the case of possible controversy. We recall that the law (Article 26 of Legislative Decree 196/2003) establishes special protection for sensitive data: data suitable for revealing racial or ethnic origin, religious, philosophical or other beliefs gender, political opinions, membership of parties, syndicates, associations or organizations of a religious, philosophical, political or trade union type, as well as personal data suitable for revealing the state of health and sexual life. " They may be processed only with the written consent of the person concerned. Some of the data described above, such as those relating to particular guest requests, might fall technically in this category; for this reason specific consent will be required to the person concerned, where the characteristics or the methods of treatment should be required.
Recruitment and updating of data is done primarily through the person or persons acting on his / her behalf (eg family members, travel agencies, tour operators, associations, etc.) or from sources freely accessible to anyone, with the exception of data about the required / used serivices, which originate during the stay.
WHY ARE DATA TREATED
The treatments that will be carried out have the following aims:
A) to comply with obligations deriving from Community laws, regulations and regulations, including the obligation to inform the Authorities provided in art.109 of Royal Decree 773 of 18 June 1931 and subsequent amendments;
B) fulfill contractual and accounting and tax obligations; The services required by the interested party or by third parties on behalf of the person concerned.
C) offer guests attentive and customized services throughout their stay in our facility including, for example: secretarial service, reception of mail, delivery of mail and parcels, passage of telephone calls, reservation of external services, communications concerning special offers or events;
D) Recognize the guest and always guarantee the same personalized services in all the facilities operated by ELITE VACANZE GESTIONI Srl
E) purposes connected with the public relations, information, commercial and customer satisfaction. In particular, the addresses, email and email addresses provided may be used for sending courtesy and / or advertising material relating to services similar to those in the current business relationship. It is understood that the guest has the right to object at all times to this treatment. In this regard, it should be noted that paragraph 4 of art. 130 of Legislative Decree 196/2003 allows the use of the e-mail address provided by the interested party when purchasing a travel / subscription ticket, provided that it does not deny such use;
F) assert or defend a right, even by acting as representative agents, either in an out-of-court or in an administrative or judicial capacity;
G) regarding any reports:
- Ensure a timely and accurate response to guest reports, facilitating the creation of an effective communication channel between the Company and the Customer-user;
- Enhance the customer acquisition system, needed for verification, to improve a service that is more and more adapted to environmental demand and constraints;
- Provide systematic registration and systematic analysis of service disparities to correct defects.
HOW THE DATA ARE TAKEN AND WHEN HOLD
Personal data processing can take place using paper and / or computer and / or telematic tools chosen according to criteria of functionality, safety, efficiency and speed in the continuous search for the best service standard and protection for the guest, always guaranteeing the utmost privacy and not excessive in relation to the purposes described above. In this context, and to speed up the check-in procedures in the treatmente of the identity document data, required for mandatory communications to the Police Authorities, can be obtained through an electronic reading system that will save the image of the document, preserving them for the time strictly necessary (max 48 hours unless further requirements) In any case, the administrative data will be kept in accordance with the terms of the law; the other data acquired or filed during the stay at the facilities will be kept in a confidential form, until the payment is well completed and the time available for any disputes is exceeded, however not for 6 months, except for different needs; With the consent of the person concerned, such data will be kept indefinitely in a database of ELITE VACANZE GESTIONI Srl for the sole purpose of recognizing the guest and always guaranteeing the same personalized services in all the facilities managed by the subsidiary companies.
WHO CAN TREAT (RESPONSIBLE AND APPOINTEE)
For the same purposes, the data can only be processed, within the limits of what is actually necessary to perform its functions, from the following categories of agents and / or managers: Management; Administrators, reception staff for the management of the guest's stay, plant maintenance or cleaners; Appointee for the management / maintenance of IT systems and, finally, Subsidiary Companies / Subsidiaries / Associates or other entities (companies / professionals) appointed for this purpose and who need access to certain data for auxiliary purposes as described in the previous point 3, always within the limits strictly necessary to carry out the tasks delegated to them.
TO WHOM MAY BE COMMUNICATED
Personal information regarding guests may be communicated:
> To the persons indicated by the guest or by someone acting on their behalf at the time of acceptance or during stay in our facilities
> To the Public Safety Authority or to Public Bodies in compliance with statutory requirements
> Limited to accounting and tax data to banks, lenders, data processing companies and credit card companies, for activities strictly related to the execution and administrative management of the contract.
> To insurance institutes, public bodies and public bodies for the fulfillment of legal obligations.
> Only at the guest's request, to foreign embassies / consulates / indicated by the host,
> To vector companies (Travel Agencies, Tour Operators, etc.) in the form of confirmation, who have direct contact with the host and who have been involved in the organization of the stay;
> The data concerning the presence in our facilities, possibly with reference to the occupied accommodation, may only be communicated with the consent of the host:
- if needed to find him from the outside, eg. phone.
- in the form of a list of names, to companies that manage some of the internal services to the facility to whom the guest hosts, who retain the title for all the personal data, needs to provide such informations in order to obtain such services: such companies will comply with privacy law obligations
> To parent companies, subsidiaries and affiliates, always and for the purposes described in paragraph 3 above
> To other subjects who need access to certain data for auxiliary purposes in accordance with the previous point 3, always within the strictly necessary limits to carry out the duties delegated to them, such as: tax compliance, accounting, assurance, insurance, information system management, financial services;
Of course, all the above-mentioned communications are limited to the data required by the recipient body (which will remain a self-titular holder for all subsequent treatments) for carrying out their duties and / or for achieving the purposes associated with the communication itself.
The processing of the data may also consist of their communication abroad, both inside and outside the European Union, to the country of origin or destination of the guest and to the strictly necessary data in relation to specific requests by the guest himself.
The data in will not be disseminated.
However, it should be remembered that the structure has many common areas where guests or visitors can shoot video or photo where other visitors or visitors may then appear, spreading it, for example, on social channels or websites.
WHEN YOU MUST COMMUNICATE YOUR DATA
The communication of your data is:
- compulsory as far as is necessary for the treatments referred to in points (a) and (b) of paragraph 3 above and if not allowed it may make impossible the execution of the contract;
- obviously optional in relation to points (c), (d) and (f) of paragraph 3 above, so a specific consensus is required, without which there will be no consequences except the inability to serve the host better.
It should be specified that most treatments are not subject to the obligation to acquire a consent, exception are the cases mentioned above or the case of sensitive data processing, even if made at the guest's request.
The presence of a video surveillance system is duly signaled by specific alerts in the monitored areas, which also indicates if there is a video recording system. Images can be viewed in real time by reception and security personnel in order to provide the necessary assistance and promptly detect possible security situations for the security of the guests; More specifically, the plants can be installed for the following purposes:
> Support staff in security and access control activities
> Preventing from possible damages, thefts or goods removals
> Ensure the safety of staff and guests by detecting situations of particular danger or accidents
> Identify the most suitable form of intervention, enabling correct sizing in case of special hazard or accident
> To allow for the reconstruction of the dynamics of significant facts for the protection of the safety of persons or in the case of illicit perpetrators of damage to the guests and / or to the structure and its staff
> To comply with provisions issued by the Judicial Authority and / or the Judicial Police;
> To claim or defend a right by a third party;
> Eventually to complete the documentation accompanying the complaint filed with insurance companies.
WHO IS THE HOLDER OF THE TREATMENT
The holder of the treatment is the Company indicated in the header
Regarding the further retention referred to in paragraph 4 above, the parent company ELITE VACANZE GESTIONI Srl, based in Figline and Incisa Valdarno (FI), Via Norcenni n.7
WHO CAN I ASK TO FOR MORE INFORMATION
The Data Processing Manager, whom the guests can apply to exercise their rights as provided for by article 7 of Legislative Decree 196/2003, which, for convenience, is given in full in the Annex: the Director of the accommodation facility, which can be contacted via the front desk or contact details or by e-mail firstname.lastname@example.org
Legislative Decree 30 June 2003, no. 196 (Personal Data Protection Code). art. 7 (Right of access to personal data and other rights):
1. The person [the natural or legal person concerned] shall have the right to obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
2. The person concerned has the right to obtain the indication: a) of the origin of the personal data; B) the purposes and methods of the treatment; C) the logic applied in the case of processing carried out with the aid of electronic instruments; D) the identification details of the holder, the persons responsible and the designated representative within the meaning of Article 5, paragraph 2; (E) the subjects or categories of persons to whom the personal data may be disclosed or who may become aware of it as appointed representative in the territory of the State, of persons in charge or in charge.
3. The person concerned has the right to obtain: a) updating, rectification or, where relevant, the integration of the data; B) cancellation, transformation into anonymous form or the blocking of data processed in violation of law, including those that are not required to be kept in relation to the purposes for which the data was collected or subsequently processed; (C) the attestation that the transactions referred to in points (a) and (b) have been made aware, including their content, of those to whom the data have been communicated or disseminated, except where such fulfillment is Reveals it impossible or involves the use of means manifestly disproportionate to the protected right.
4. The person concerned has the right to oppose, in whole or in part: (a) for legitimate reasons for the processing of personal data concerning him, even though relevant to the purpose of the collection; (B) the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communications.