Privacy Policy
Privacy Policy pursuant to GDPR 2016 on the processing of personal data
Definition of Personal Data Processing
The processing of personal data refers to any operation or set of operations, carried out with or without the aid of automated processes, and applied to personal data or sets of personal data, even if not recorded in a database. These operations include the collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, deletion, or destruction.
Personal data provided directly by the user to Mare Hotel F.lli Tiranini s.r.l., also through the web pages available at (URL) www.marehotel.it ("Website"), at the time of registration and subsequently for the use of services provided by the company, will be processed in compliance with Legislative Decree 196/2003 on the protection of personal data ("Privacy Code") and, after the entry into force of EU Regulation 679/2016 ("GDPR"), in accordance with Article 13 of the European Regulation.
Mare Hotel F.lli Tiranini s.r.l. informs the user as follows.
According to the mentioned regulation, such processing will be based on the principles of fairness, lawfulness, and transparency, ensuring the protection of the user's privacy and rights, in compliance with the principles of data minimization and limitation, meaning that data will be used only to the extent necessary for the purposes for which they are processed. Accordingly:
All reasonable measures must be taken to promptly delete or rectify inaccurate data concerning the purposes for which they are processed;
Integrity and confidentiality must be ensured, meaning that data will be processed in a way that ensures adequate security, including protection from unauthorized or unlawful processing and accidental loss, destruction, or damage, through appropriate technical and organizational measures;
Compliance with the controller's accountability obligations must be ensured.
Based on the above, we provide the following information.
1. Purpose of Processing
The user's personal data, freely provided and acquired in relation to the activities of Mare Hotel F.lli Tiranini s.r.l., will be lawfully and fairly processed for the following purposes:
A. Without the user's explicit consent (Art. 24, letters a, b, c of the Privacy Code and Art. 6, letters b, c, f of the GDPR):
The data will be collected and used exclusively for purposes directly related and instrumental to the activation and operation of services provided by the data controller, to comply with all legal obligations, including accounting and tax obligations, to fulfill the obligation under Article 109 of Royal Decree No. 773 of 18.6.1931, which requires the recording and communication of guest details to the police headquarters, and for the legitimate interest of the company.
B. Only with the user's specific and distinct consent, and until its revocation (Arts. 23 and 130 of the Privacy Code and Art. 7 GDPR):
The use of personal data, in particular the email and postal address, by the data controller for sending offers and advertising material related to commercial communications, including newsletters about offers on the Website ("marketing purpose").
C. Only with the user's specific and distinct consent, and until its revocation (Arts. 23 and 130 of the Privacy Code and Art. 7 GDPR):
The use of personal data, in particular the email and postal address, by the data controller for market research to evaluate user satisfaction and provide personalized services ("profiling purpose").
D. Only with the user's specific and distinct consent, and until its revocation (Arts. 23 and 130 of the Privacy Code and Art. 7 GDPR):
The use of photos taken by the data controller within the premises for publication on Mare Hotel’s Facebook page.
E. Only with the user's specific and distinct consent, and until its revocation (Arts. 23 and 130 of the Privacy Code and Art. 7 GDPR):
The use of personal data for sharing with third parties in case of receiving messages and phone calls during the stay.
The user may object to processing under points B, C, D, and E at any time after giving consent by sending an email to info@marehotel.it.
Refusing consent for the purposes specified in this section will not affect the user's ability to use the services of Mare Hotel F.lli Tiranini s.r.l..
F. Without the user's explicit consent (Art. 24, letters a, b, c of the Privacy Code and Art. 6, letter f of the GDPR):
Video surveillance systems are in place. The collected data may be processed for security reasons in compliance with the law. The presence of cameras is properly signposted as per legal requirements.
2. Processing Methods
The processing will be carried out as follows:
The Data Controller processes users' personal data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.
Processing is carried out using manual, IT, and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.
In addition to the Data Controller, in some cases, data may be accessed by categories of employees involved in the organization of the business (administrative, commercial, marketing, legal staff, system administrators) or by external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
In particular, the user's personal data may be disclosed to specific parties engaged by the Data Controller for the provision of instrumental or necessary services for fulfilling business activities.
3. Legal Basis for Processing
The legal basis for processing consists of:
The user’s consent,
The performance of a contract,
Compliance with legal obligations,
The pursuit of a legitimate interest (Art. 6(1), letters a, b, c, f of GDPR).
4. Place of Data Processing
Data is processed at the headquarters of the Data Controller, located in Savona, Via Nizza 89R, and at the premises of external Data Processors appointed under Article 28 GDPR, carefully selected for their reliability and expertise.
5. Retention Period
Data is processed and stored for the period necessary to fulfill the purposes related to the service, specifically for the purposes mentioned above (five years), unless a longer retention period is required by law.
Data will be kept for an additional period concerning disputes and potential litigation. The user may request the interruption of processing or the deletion of data at any time.
6. Website or Mailing List Registration
By registering for the mailing list, newsletter, or website, the user's email address is automatically added to a list of contacts who may receive email messages containing information, including commercial and promotional content related to the Data Controller’s activities.
The user’s email address may also be added to this list after concluding a contract.
Personal Data collected: Email and Name.
7. Identity and Contact Details of the Data Controller
The Data Controller is:
Mare Hotel F.lli Tiranini s.r.l.
Address: Via Nizza 89R, Savona
Email: info@marehotel.it
8. User Rights
At any time, users may exercise their rights against the Data Controller.
According to Article 7 of the Privacy Code and Articles 15 and following of the GDPR, the user has the right to:
Obtain confirmation of whether or not personal data concerning them exist, even if not yet recorded, and their communication in an intelligible form;
Obtain information about:
a) The origin of personal data;
b) The purposes and methods of processing;
c) The logic applied in case of processing carried out with automated tools;
d) The identity of the Data Controller, Data Processors, and their representatives under Article 5(2) of the Privacy Code and Article 3(1) GDPR;
e) The parties or categories of parties to whom personal data may be disclosed or who may become aware of it in their capacity as designated representatives in the State territory, Data Processors, or persons in charge of processing.
Request:
a) The updating, rectification, or, where interested, integration of the data;
b) The deletion, anonymization, or blocking of data processed in violation of the law, including data that do not need to be kept in relation to the purposes for which they were collected or subsequently processed;
c) Confirmation that the operations under points a) and b) have been communicated to those to whom the data were disclosed, except where impossible or disproportionately difficult.
Object, in whole or in part:
a) For legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection;
b) To the processing of personal data for sending advertising material or direct sales, for carrying out market research, or for commercial communication using automated call systems without human intervention, by email and/or traditional marketing methods (phone and/or postal mail).
Users are reminded that the right to object to direct marketing through automated means also extends to traditional means. Users may choose to receive only traditional communications, only automated communications, or neither.
Request from the Data Controller:
a) Access to personal data (Art. 15 GDPR),
b) Correction (Art. 16 GDPR) or deletion (Art. 17 GDPR) of data,
c) Limitation of processing or objection to processing (Art. 18 GDPR);
d) Portability of automatically processed data, where applicable;
e) Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
f) File a complaint with the Data Protection Authority.
To exercise these rights or to receive information about the entities where data is stored, disclosed, or accessed, users may contact the Data Controller by sending an email to info@marehotel.it.