Privacy Policy

Personal data and legal foundations of processing

 

EU Reg. 679/2016 – PROCESSING OF PERSONAL DATA  – SHORT PRIVACY NOTICE FORM

Hotel Città S.r.l.- GmbH acting as Controller of Personal Data, based in Bolzano, Walther Square n. 21, aims at providing appropriate information to the natural person (“Person Concerned”) acting in the name and on behalf of providers, clients, partners and other subjects under art. 13, E.U. Reg. 679/2016. Such processing is done to carry out the agreement that any supplier, client, partner and any other subject if part of, or to carry out pre-agreement or post-agreement measures taken upon request of the above person. Therefore, personal data of natural persons acting in the name of and on behalf of the above mentioned subjects might be processed with the following purposes: send communications, make requests or deal with a request, exchange information aimed at carrying out a contractual relation, including pre and post agreement activities.

 

 

With reference to art. 7 and articles from 15 to 22, EU Reg. 679/2016, the Person Concerned might exercise the following rights: rights related to the access, rectification, erasure, restriction of processing, portability, objection, objection to the automated decision making. The Person Concerned exercises their rights by writing to the abovementioned Data Controller, or to the following email address: privacy@hotel-citta.com, indicating the subject of their request, the right they want to exercise and attaching the copy of an ID document that certifies the legitimacy of a claim.

 

 

The Data Controller reserves the right to change, update, add or omit parts of this Privacy Notice Form, following any amendments in the field. The Person Concerned is required to check any amendment, from time to time, on the Company website.

 

 

PRIVACY NOTICE FORM ON THE PROCESSING OF PERSONAL DATA

Pursuant to art. 13 EU Reg. 2016/679 on the protection of natural persons, with reference to the processing of personal data (hereinafter, “Regulation” or “EU Reg.”)

 

Hotel Città S.r.l.- Gmbh aims at contributing to the achievement of general strategic and profit aims while carrying out its own statutory activities. Having said that, pursuant to and to the effect of article 13 of EU Reg. 679/2016, Hotel Città S.r.l.- Gmbh provides you with the following information in relation to the processing of your personal data.

 

Purposes of processing personal data and legal foundations of processing

The Data Controller processes identification personal data (e.g., name, surname, corporate name, address, telephone, e-mail, bank and payment details) hereinafter, “personal data” or “data” that you provided when closing the agreements about the services provided.

 

Data were voluntarily provided through specific areas of the website, including with the aim to execute specific requests.

 

Data were voluntarily provided to sign up to the newsletter/form and receive communications and information.

 

Collection and processing of your personal data aim at:

 

Achieving Hotel Città Srl- GmbH aims, described in the statutory norms and regulations, with the aim to carry out its entrepreneurial activities. In particular, data processing is done, inter alia, for:

 

–  hotel management and other tourism-accommodation activities;

– provision of food and beverages;

– organization of trade fairs, events and other public or private demonstrations.

– to fulfill other specific requests received.

 

In these cases, the legal basis for the processing is the execution of contractual obligations by Hotel Città Srl – GmbH;

 

Fulfilling the obligations provided by laws, regulations, or by EU regulations; fulfilling regulations issued by public authorities, supervisory and watchdog authorities that Hotel Città is subject to. In these cases, the legal basis for processing is the fulfillment of a legal obligation under art. 6.1, lett. c), GDPR;

 

Fulfilling additional aims, subject to your explicit consent, for the provision of statutory services such as, as a way of example, using “News Alert” services via email or text message, to receive the newsletter with information on Hotel Città activities or corporate and/or promotional brochures, to measure service quality or take statistical and marketing surveys. In these cases, the legal basis for processing is the declaration of explicit consent under art. 6.1, lett. a) of the EU Reg.;

 

Nature of data provision and consequences of the failure to communicate data

 

Providing such data is necessary to manage contractual and commercial relations. The failure to provide personal data or the failure to provide consent for data processing makes it impossible for Hotel Città to execute any request and carry out the aims described in item 1, letters a) and b) of this form.

 

However, providing data for the purposes referred to in point 1, letter c) of this form is optional and the person concerned is free to give or deny his/her consent. Even after such consent has been given, the person concerned can revoke this consent at any time.

 

Data Processing methods

Processing of your personal data is based on the principles of lawfulness, correctness, transparency, protecting your privacy, as well as your family member’s privacy, in compliance with the principles referred to in art. 5 of the EU Reg. Data Processing can be done manually, with paper documents and with the use of electronic or computerized means.

 

Data are collected and processed at Hotel Città S.r.l.- GmbH, with specially provided document archives/servers.

 

Your Personal Data are processed using appropriate technical and organizational security measures under art. 32 of the EU Reg., in order to guarantee a security level adequate to the risk and to minimize the risks of destruction or loss, unauthorized access or processing which is not compliant to the purposes of data collection.

 

Your Personal Data are not subject to an automated decision-making, nor to profiling.

 

Special categories of Personal Data (“Sensitive Data”)

Under art. 9, paragraph 1 of the EU Reg., “Sensitive Data” are “personal data reveling racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”.

 

In order to fulfill its own statutory aims and, in particular, with reference to health services to be integrated to the National Health Service,  Hotel Città s.r.l. – GmbH might process your sensitive data, such as data about your health or the health of your family members, as well as your registration to a trade union.

 

The processing of Sensible Data shall take place with full guarantees and in full respect of the limitations provided in the EU Reg. In particular, data processing shall include only data that are strictly relevant to the abovementioned obligations, tasks or aims that cannot be fulfilled or carried out by processing anonymous data or personal data of a different category.

 

The processing of Sensible Data can take place if the person concerned has provided his/her explicit consent, under art. 9, para. 2, lett. d) of the EU Reg., even without the consent of the person concerned provided that data processing is made, within the legitimate activities and with appropriate guarantees by a no profit association or body with trade union aims, upon the condition that data processing affects only members, former members, or people who have regular contacts with the association or body because of its purposes and that personal data are not disclosed outside without the consent by the person concerned.

 

Under art. 9, para. 2, lett. h) of the EU Reg., sensible data may be processed without consent even when processing is required, inter alia, to manage health or social systems and services, on the basis of the Italian and EU law.

 

Data Communication

Your personal data are not disclosed.

 

To achieve the purposes referred to in point 1) of this form, Hotel Città S.r.l.- GmbH might need to communicate your personal data to third subjects that they trust, especially:

 

  1. a) to professional bodies, including their local branches, as well as companies of the group, within certain limits, where necessary, required to carry out services and tasks;
  2. b) to credit institution for banking services and payments, to companies that manage computerized postal services, document archiving and storage companies, other suppliers of outsourced collateral services;
  3. c) to health facilities and to physicians with whom a prearranged relationship exists;
  4. d) to medical consultants, health staff and legal advisors of Hotel Città S.r.l- GmbH;
  5. e) to insurance and re-insurance companies or directly to third parties responsible in case the Fund has a recourse action.
 

The abovementioned subjects, as the case may be, will process data as independent processors or “Persons in charge of processing”, duly charged with the task as provided by contractual agreements written in compliance with the provisions referred to in art. 28 of the EU Reg.

 

Your personal data will not be transferred to a non-EU third country or to international organizations. Sometimes, upon specific request by the person concerned (e.g. partners domiciled abroad), in compliance with the provisions of the EU Reg., data can be transferred beyond the national territory to remit payments to foreign banks.

 

Period for which personal data will be stored

Your personal data are stored during the period of the contractual obligation and also after the termination of such obligation, for the time necessary to perform all the applicable legal obligations (e.g. fiscal obligations) and/or administrative fulfillment connected to or derived from the membership obligation itself.

 

Identity and contact details of Data Controller

Data Controller is Hotel Città S.r.l-GmbH, registered office in Walther Square 21, 39100 Bolzano.

 

Data Controller can be contacted at the following address: privacy@hotel-citta.com or at the secretary’s office number – Public Relation Office 0471 533533, fax 0471 210533, Certified Email: phc-hotel-poh@pec.it.

 

The updated list of Data Controllers, is available, upon request, at the registered office of Hotel Città S.r.l – GmbH, in Bolzano, Walther Square, 21.

 

The Privacy person of reference to whom you can speak to exercise the rights provided by the EU Reg. listed at the point 8 below can be contacted using the following contacts: Via Galilei, 10,  Bolzano, Fax: 0471 210533, certified email:  phc-hotel-poh@pec.it, email: privacy@hotel-citta.com, Tel. 0471 533533.

 

Rights of the person concerned

You will have the following rights, at any time, in case you can exercise such rights, pursuant to art. 7 and articles from 15 to 22 of the Regulation:

 

  1. a) asking whether or not your personal data are being processed;
  2. b) obtaining information about the purpose of the processing, the categories of personal data, the recipients to whom personal data have been or will be disclosed and, when possible, envisaged period for which the personal data will be stored;
  3. c) obtaining rectification or erasure of personal data;
  4. d) obtaining a restriction of processing;
  5. e) (when applicable) obtaining data portability, i.e. receiving from the Data Controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance;
  6. f) objecting to the processing at any time and also when the processing has direct marketing purposes;
  7. g) objecting to an automated decision-making about natural persons, including profiling.
  8. h) asking the Data Controller to access personal data and rectify or erase them or limit the processing or objecting to the processing, in addition to the right of data portability;
  9. i) withdrawing the consent at any time without affecting the lawfulness of processing based on the consent before its withdrawal;
  10. j) lodging a complaint with a Supervisory Authority for the protection of personal data, based in Rome, Piazza Venezia n. 11, website: garanteprivacy.it
 

The exercise of rights is not subject to any bind and it is free of charge.

The Data Controller reserves the right to change, update, add or remove parts of this Privacy Notice Form following amendments on the subject.