| DATA CONTROLLER | |||||||
| Data Controller Registered office Address PIVA / CF Contacts Ceo Privacy contact |
TURISMO ITALIA S.R.L. Contrada S. Matteo 42, 66030 Poggiofiorito (CH) Località Casagliana, Via Sole Ruju 14 - 07026 Olbia (OT) 02679790697 / 02679790697 PEC: turismoitaliasrl@pec.it D'Arrezzo Ambrogio Giampiero Ulacco (management@turismoitalia.org) |
||||||
| CATEGORIES OF PERSONAL DATA | |||||||
| Categories of personal data list |
Customers and potential customers | ||||||
| DATA PROCESSING | |||||||
| Description of customers' data processing | Processing of personal data of customers within the accommodation facilities that provide accommodation and other services. | ||||||
| ORIGIN, PURPOSES, LEGAL BASIS AND NATURE OF DATA PROCESSING | |||||||
| Origin of data | Data are generally collected from the data subject, but they may be taken through online booking platforms, external booking platforms (Data Controllers). Data comes from a not public source. | ||||||
| Purposes and Lawfulness of processing | Processing takes place manually and using IT tools, and is done, by us and our persons in charge of data processing, for the following purposes:
|
||||||
| Type of Personal Data | Name, address or other elements of personal identification, company name, type and no. of ID doc., social security number and other personal identification numbers, bank details, credit card data, accounting, tax and financial data, contact and communication data, days of stay, e-mail address, information relating to the family and to the components of the same reservation, navigation data of the visitor device for wi-fi access (log file of use of the wifi network: ip addresses or device names used, addresses in uri notation of the requested resources, the start and end time of connection, the time of the request). Art. 109 of the Consolidated Law on public security laws establishes that the managers of accommodation facilities cannot give accommodation to people without an identity document. | ||||||
| Special categories of personal data | Data concerning health: health informations for particular needs because of diseases (for example allergies) or handicap. | ||||||
| Lawfulness art. 9.a of GDPR |
Explicit consent to the processing of those personal data. | ||||||
| RECIPIENTS AND CATEGORIES OF RECIPIENTS | |||||||
| Categories of recipients | Communication of your personal data could carried out on the lewfulness provided by Article 6 of Regulation 2016/679/EU, to the following third parties: Judicial Offices, Consultants and freelancers also in associated form, Police, Other public administrations, Insurance companies, Authorities, Revenue Agencies, Internal managers, External managers, Authorized subjects, , Tax Agencies. Furthermore, the managers are obliged to communicate to the police headquarters, by computers, details of the people hosted, arrival and nights of stay, family relations, according to procedures established with a specific law (DM of 7 January 2013). | ||||||
| These organizations, companies and professionals act as Data Processors appointed by TURISMO ITALIA S.R.L. or they are Data Controllers of the personal data sent to them. | |||||||
| Your personal data may also be communicated to external companies, to which TURISMO ITALIA S.R.L. request the execution of services. Only necessary data will be transmitted. All employees, consultants, temporary workers and/or any other person carry out their activities on the basis of the instructions received from TURISMO ITALIA S.R.L., and, pursuant to art. 29 of the GDPR, they are designated "Authorized subjects of processing". To those authorized subjects, TURISMO ITALIA S.R.L. issues appropriate operating instructions, with particular reference to compliance with security measures, in order to ensure the confidentiality and security of the data. The obligation of TURISMO ITALIA S.R.L. remains unaffected to communicate data to Public Authorities for specific request. |
|||||||
| TRANSFER OF PERSONAL DATA | |||||||
| Data are processed in the EU. If the extra-EU transfer becomes necessary, the transfers will take place on the basis of an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. |
|||||||
| METHODS, PROCESSING LOGICS AND DURATION OF DATA STORAGE | |||||||
| Duration of processing | Data will be processed for the period strictly necessary to guarantee the correct provision of the services purchased - except for the need for storage for a longer period in compliance with the Law, including accounting rules Data acquired for such purposes is retained by us for the required statutory period (10 years – or longer, in case of tax audits). The data will be processed for the entire duration of the contractual relationship, for the fulfillment of all legal obligations. The DM of 7 January 2013 requires to send the data of customers to the Police, and pursuant to article 109 of the Tulps, data are canceled from the Controller after sending to the Police headquarters. However, regular customers can ask to store data, in order to speed up the check-in procedures in case of future reservations. Contact data processed for marketing messages shall cease if you request to cancel your data using unsuscribe link of the footer of mails, we will store data for not more of 24 months. You may revoke your consent at any moment. Data acquired for such purposes shall not be retained by us, unless you provide consent to their retention as required. Your information will be retained for a maximum of 24 months, and will be used the next time you are our guest. Such processing, where consent is granted, shall end when you check out; your information shall be retained for a maximum of 24 months, and will not be disclosed to third parties. Videosurveillance recorded images are erased after 24 hours, except on holidays or other days the business is closed; images are never retained for more than 72 hours. These images are not subject to third-party disclosure, except as required to comply with a specific investigatory demands from a court or the police. The wi-fi navigation data will be deleted at the end of the stay in the hotel. |
||||||
| Your data is collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and requirements set out in art. 5 c 1 of the GDPR. The processing of personal data takes place using manual, IT and telematic tools for the related purposes and, in any case, in order to guarantee their security and confidentiality. The data processing connected to the management of the guests are stored at headquarters of the Data Controller. |
|||||||
| DATA SUBJECT RIGHTS (Artt. from 15 to 22, art.77 of GDPR) | |||||||
| European Regulation grant you certain rights, including rights of access to, adjustment, erasure, limitation of, or objection to the processing of your data, as well as data portability rights, when and insofar as applicable (Articles 15-22 of the EU Regulations n. 679, 2016). You can also file a complaint with the Data Protection Authority, according to the procedures set forth under applicable regulations. |
|||||||
| AUTOMATED DECISION-MAKING | |||||||
| No automated decision-making | |||||||