Hotel Crystal, has a high regard for the treatment of personal information and operates according to a series of strict rules, which also conform to national and EU laws on privacy.
Privacy notice in compliance with the provisions of article 13 of Legislative Decree no. 196 of 30.6.2003 – the «Personal Data Protection Code»
1. PURPOSE OF OBTAINING PERSONAL DATA
The data is processed solely for the purposes of correct and complete fulfilment of the contractual, pre-contractual or commercial relationship established and for notifying any future promotions.
2. DATA PROCESSING METHODS
Data is processed using the operations or set of operations indicated in art. 4, paragraph 1, letter a) of the Consolidated Act: collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, erasure and dissemination of data.
The operations may be carried out with or without the help of electronic or automated means.
Processing operations may only be performed by the data controller or by persons in charge of the processing that act under the direct authority of the data controller complying with the instructions received in accordance with the provisions of art. 30 of Legislative Decree no. 196/2003.
3. SUPPLYING DATA
Supplying common personal data is strictly necessary for the purposes of carrying out the activities referred to in point 1.
4. REFUSAL TO SUPPLY DATA
Any refusal by the data subject to supply the personal data referred to in point 3 will make it impossible to fulfil the activities referred to in point 1.
5. DATA COMMUNICATION
Personal data may become known to those in charge of processing it and may be disseminated outside the company for the sole purposes referred to in point 1, in particular to:
– our affiliated companies.
– firms or professionals for accountancy purposes.
– our network of agents
– credit institutions
– debt collection agencies
6. DISSEMINATION OF DATA
Personal data will not be disseminated to third parties.
7. TRANSFER OF DATA ABROAD
Personal data may be transferred to countries within the EU and to third countries outside the EU within the scope of the purposes referred to in point 1.
8. DATA SUBJECT’S RIGHTS
Art. 7 of the Consolidated Act allows the data subject to exercise certain rights, including that of obtaining from the controller confirmation as whether or not personal data concerning him/her exists and communication of such data in intelligible form; the data subject has the right to be informed of the source of the data, the purposes and the methods used to process it, the logic applied to the processing, the identification details regarding the data controller and the entities or categories of entities to whom the data may be communicated; the data subject also has the right to obtain updating, rectification and integration of the data, erasure, anonymisation or blocking of data that has been processed unlawfully; the data subject has the right to object to the processing of personal data on legitimate grounds.
9. DATA CONTROLLER
The data controller is Hotel Crystal – Via Terraglio 136 – 31022 Preganziol (TV)
The person responsible for processing the data collected is the legal representative of Hotel Crystal , who can be contacted at the registered office in Via Terraglio 136 – 31022 Preganziol (TV) – Tel. +39 (0)422.630813 | firstname.lastname@example.org – Fax. +39 (0)422.93713
Legislative Decree no.196/2003, Art. 7 – Right to access personal data and other rights
1. A data subject has the right to obtain confirmation as to whether or not personal data concerning him/her exists, even if not yet recorded, and communication of such data in intelligible form.
2. A data subject has the right to be informed:
a) of the source of the personal data;
b) of the purposes and the methods used to process it;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning the data controller, data processors and the designated representative pursuant to article 5, paragraph 2;
e) of the entities or categories of entities to whom or which the personal data may be communicated and who or which may come to know such data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of processing.
3. A data subject has the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymisation or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected of subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, also related to their contents, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected.
4. A data subject has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though relevant to the purpose of its collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or for the performance of market research or commercial communication surveys.