This information is provided pursuant to article 13 of the RGPD 679/2016 "General Data Protection Regulation”, laying down provisions on the processing of personal data.
through software applications provided by us for use on PCs and mobile devices (the Apps);
from third party entities such as Subsidiaries, Owners, as well as from Other Sources such as public databases, marketing partners and other third parties;
when you visit or stay at one of our properties, hotels, hospitality businesses.
Collectively, we refer to the Websites, Apps and our Social Pages as "Online Services".
1 – IDENTITY AND CONTACT DETAILS
The "Data Controller is:
Savoy Beach Hotel S.r.l.
Registered office: Via Poseidonia 41, 84047 Capaccio-Paestum (SA)
email address: email@example.com
2 – WHAT DATA WE PROCESS
The information that concerns you as an interested party and which is processed is:
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
PERSONAL DATA WE MAY COLLECT
On the occasion of contact or interaction with the user, we may collect personal data which may include: personal data and contact details; nationality, gender, passport or identity card number with date and place of issue; information relating to the reservation and stay at one of our facilities; information relating to the purchase of a service; payment data, such as your credit card number and other information about it; preferences regarding marketing, consumption choices and habits; information on packages booked, including hotel, flight and car rental; data relating to participation in a survey relating to the stay.
Data collected at our properties and/or through pre-registration/online check-in:
During registration/check-in at our properties, in addition to the above information, we may also use CCTV cameras, displaying or recording images of guests and visitors in common areas in order to ensure the safety of guests, our people and properties. We may also collect personal information related to the services available at the properties, such as through the concierge service, wellness centers, spas, activities, babysitting services, equipment rental, car rental, the use of "electronic money" (monet); with the consent of the guest, also in relation to children under 18 staying in our properties (subject to the consent of the parent and/or legal guardian) we can also process particular data, relating for example to specific allergies, food intolerances in order to provide a better service and satisfy the special needs of the guest.
Participation in surveys
Subject to your explicit consent, given on the Website or in our hotel, you may provide us with information about you when you participate in a survey related to your stay. The information we process may include your first and last name, country of residence, address, email and telephone number, date of arrival and departure, your personal opinion about our services or your requests, products and services purchased, special requests made, notes relating to your preferences (including rooms, holiday preferences, type of services requested, equipment and other services used).
Data collected at events, cocktail parties, meetings:
In case of organization of an event, information will be recorded such as the date, the number of guests, information on the Organisation, details of the guest rooms (the latter type of data can only be collected in case of guests staying) . If there is a need for third parties to intervene offering specific services for the event, information on the Organization may also be communicated to these third party service providers (e.g. wedding planners, etc.).
Links to third-party websites and services:
Personal data we collect from customer service/email/phone bookings and from third parties:
We collect personal data when a telephone reservation is made, when an e-mail or fax is sent to us, or when the reservations service is contacted. These communications may be recorded in order to ensure quality and staff training. We may also collect personal information about you from third parties including social media services in line with your service settings (e.g. WeChat, Twitter, Facebook, Google, etc) and from our partners (airlines, travel, etc.).
If you submit or disclose Personal Data about other people to us or our suppliers (for example if you make a booking for another person), you represent that you have the authority to do so and you authorize us to use the data in accordance with this Privacy Notice .
We may collect Personal Data from spas, restaurants, health clubs, concierges and outlets within our facilities.
Linked Accounts: We collect your Online Services login information.
Other Sources and Service Providers. We collect Personal Data from various third parties, such as public databases, joint marketing partners and online travel agencies.
Online Services: We collect Personal Data when you interact with our Online Services, performing actions such as, but not limited to, browsing, booking, purchasing goods and services from our Website, when you send us messages, when you contact us or post on social media, when you sign up for a newsletter, when you fill out forms on the Website, or participate in surveys, contests or promotional offers.
Internet Connected Devices: We collect Personal Data from Internet connected devices available in our facilities. For example, when you connect a device to the hotel network.
3 – PURPOSE OF THE TREATMENT
Your data will be processed for the followingpurpose:
To manage online reservations, through the telephone reservation service and via e-mail, in order to follow up on your requests. The processing of your personal data for these purposes does not require consent as it is necessary to fulfill legal obligations and the execution of the residence contract, any refusal could make it impossible to host you (for example with reference to the data reported on the identity document) or the impossibility of providing the requested services.
For the management of the reception and accommodation services: check-in and check-out management; payment processing; provide customized on-site services (spa, babysitting service, etc); provide concierge, luggage storage, and parking services; make arrangements with third party suppliers on behalf of guests (e.g. organization of taxi service, car rental, restaurant reservations, etc.); manage access to WI-FI (also through social Login), TV and other connectivity and entertainment services; facilitate room service; consider restrictions, food intolerances and disabilities of guests; manage the cleaning and dry cleaning service (considering guests' special preferences and needs); manage any customer complaints; make the presence of guests in the hotel known to third parties, allowing operators to forward communications/messages and phone calls during their stay. In such cases it is necessary to provide personal data for the aforementioned purposes and refusal would make it impossible to follow up on your requests.
to fulfill the obligation established by the "Consolidated text of public safety laws" (article 109 RD 18.6.1931 n. 773) which requires to communicate to the Police Headquarters, for public safety purposes, the personal details of the guests accommodated according to the methods established by the Ministry of the Interior (Decree of 7 January 2013). The data is acquired for this purpose for the fulfillment of a legal obligation.
To manage conferences and events. The processing of your personal data for these purposes does not require consent as it is necessary to fulfill legal obligations and the execution of the contract of which you are a part. Any refusal could make it impossible to host you (for example with reference to the data shown on the identity document) or the impossibility of providing the requested services.
To acquire stay information and carry out statistical processing of the data in aggregate form. Consent for profiling activities is optional and its non-performance does not prevent the normal use of all our services, without prejudice to the impossibility for our company to communicate offers, discounts by telephone, text message, e-mail or postal mail. , and commercial initiatives or service proposals for you and your family resulting from the profiling.
To identify and evaluate aspects concerning preferences, tastes, consumption choices and habits, in order to offer you products and services that are increasingly targeted and responsive to your needs. The processing of data relating to the reservation together with the data collected as part of the customer care activity, including after-sales (for example, administration of questionnaires and surveys in the structure, sending the service satisfaction questionnaire by email, by telephone contact , sms, instant messaging, etc.), is carried out on the basis of the legitimate interest to manage complaints, detect customer satisfaction, guarantee a fixed and constant information reference for the guest, identify solutions and areas for improvement.
To send advertising, direct sales, market research and commercial communication material through traditional tools (paper mail, telephone calls with operator) or through automated tools (text messages, mms, automated telephone calls, newsletters) - direct marketing, as well as for send her multimedia products and holiday and birthday wishes for family members. Consent to the processing of such personal data above is optional and any refusal will make it impossible to communicate commercial information, greetings, multimedia products. Your e-mail address provided in the context of booking the stay will also be used by the Company to offer you services similar to those purchased. This treatment does not require explicit consent (so-called "soft spam"), therefore the right to object may be exercised at any time pursuant to art. 21 GDPR by writing an email to firstname.lastname@example.org and in any case when sending each communication by clicking on the appropriate link.
To communicate your contact details to companies and/or partner companies of the Data Controller, who will be able to process such data exclusively to send commercial and/or promotional communications on their products and services, as well as to carry out market research - third-party marketing. The processing of your personal data for this purpose requires your consent
For activities relating to the search and selection of personnel through the phases described on the site and essentially the evaluation of professional profiles and skills, and in the case of progress in the selection process, the definition of the individual development and career plan, training on culture, models and Company business tools. The personal data collected for this purpose will be processed as necessary to perform pre-contractual measures at your request and/or to execute a contract in which you are a party.
Inside the accommodation there is a video surveillance system, in compliance with the Regulations, the use of which is aimed at the protection and safety of users and company assets. The legal basis for the acquisition of such data must be recognized in the legitimate interest of the Company to protect its corporate assets.
4 – MINORS
The Websites are aimed at a general audience, however its services are intended for persons aged 18 or over. The Company does not solicit, collect, use and deliberately disclose personal data provided by persons under the age of 18 online or at tourist establishments, unless required by law. In the event that you are not of the required age, please do not make online reservations and ask an adult (i.e. your parents or guardian) to carry out the necessary procedures.
5 – HOW AND WHERE WE PROCESS THE DATA
The processing of personal data takes place exclusively within the Savoy Beach Hotel headquarters, at the servers located in Italy and possibly with the collaboration of other subjects specifically designated as Data Processors. Data processing takes place for the time strictly necessary to achieve the purposes, also through the use of automated tools while observing the security measures aimed at preventing data loss, illicit or incorrect use and unauthorized access. The data is processed exclusively by personnel, mainly technical, authorized for processing or by any persons authorized for occasional maintenance operations, according to the principles of correctness, lawfulness, transparency and pertinence.
– ACCESS TO DATA
Your data may be made accessible for the aforementioned purposes to the employees of the Data Controller in the context of their duties, in charge of processing the data and required to comply with the confidentiality obligations.
The Company, subject to your specific consent, may disseminate and publish on the corporate website, on social channels, in printed paper and/or any other means of publication, images and/or audio/video footage that portray you, supplied or acquired by you during events held at the owner's facility. Therefore, without your specific Consent, the images/audio/video recordings cannot be used or will be made unrecognizable.
7 – CATEGORIES OF SUBJECTS TO WHOM THE PERSONAL DATA MAY BE COMMUNICATED AND PURPOSE OF THE COMMUNICATION
The Data Controller may also communicate some of your data to third parties for the same purposes, and in particular:
subjects qualified as Managers pursuant to art. 4. no. 8 and Article 28 of the GDPR (professionals, consultancy and service companies, hardware and software assistance companies, companies with technical and organizational tasks on the Site, ...). The list of Data Processors, in addition to those specifically indicated above, can be requested from the Data Controller by writing to the address indicated in this document;
subjects authorized for processing pursuant to art. 29 of the GDPR who operate under the direct authority of the Data Controller (employees and collaborators in various capacities), necessary to carry out activities strictly related to the provision of the requested services, and who are committed to confidentiality or have an adequate legal obligation of confidentiality.
subjects, bodies or authorities, independent Data Controllers, to whom it is mandatory to communicate the personal data of the customer concerned, by virtue of the provisions of the law or orders of the authorities, or to Public Administrations, to the credit institutions with which the Company operates payment purposes, to insurance or reinsurance companies, to financial and/or factoring institutions, to external carriers to whom the shipment will be entrusted.
If the Data Controller intends to further process personal data for a purpose other than that for which they were collected, before such potential and further processing, he will provide the interested party with information regarding this different purpose and any further pertinent information.
No form of disclosure of your Personal Data to unspecified subjects is envisaged.
8 – TRANSFER OF DATA TO THIRD COUNTRIES
Without prejudice to the Data Controller's right to transfer such data to a third country or to an international organization for which there is an adequacy decision of the European Commission or, the reference to the appropriate or opportune guarantees and the means to obtain a copy of such data or the place where they were made available (in the case of transfers referred to in article 46 or 47, or in article 49, second paragraph of the GDPR); in this case you will be promptly notified of the transfer.
9 –DATA RETENTION PERIOD
Personal data is processed for the time required by the purposes for which it was collected. Therefore:
Personal data collected for purposes related to the provision of services requested between the Owner and the User will be retained until the execution of these services is completed. Subsequently, they will be kept for a period of ten years exclusively for the protection of the rights of the owner and for the fulfillment of legal obligations.
The personal data collected through the spontaneous sending of your curriculum vitae will be kept for 12 (twelve) months, in case of non-selection. The interview forms of suitable candidates will be kept for a maximum of 3 years.
For video surveillance images, the data will be kept for 48 hours.
Personal data processed for marketing purposes will be kept for sending commercial communications until your consent is revoked, it being understood that, after 24 (twenty-four) months from your interaction with our services, your data will no longer be processed for these purposes.
In any case, on a periodic basis we will be able to carry out a review in order to verify whether the personal data you have given us should continue to be processed or not and, if necessary, we will re-submit the request for renewal of the provision of consent.
Once the storage terms indicated above have elapsed, the data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures and with the accountability requirements of the Data Controller.
10 – RIGHTS OF THE INTERESTED PARTY. COMPLAINT TO THE SUPERVISORY AUTHORITY
You have the right to request access, rectification, portability and cancellation of your data, as well as limitation and opposition to the treatment.
In relation to the processing of your personal data, you have the right to ask the Data Controller.
Access: you can ask for confirmation as to whether or not data concerning you is being processed, as well as further clarifications regarding the information referred to in this disclosure.
Correction: you can ask to correct or integrate the data you have provided us, if inaccurate.
Deletion: you can request that your data be deleted, if they are no longer necessary for our purposes, in the event of withdrawal of consent or opposition to processing, in case of unlawful processing, or there is a legal obligation to cancel or they refer to persons under the age of sixteen.
The limitation: you can request that your data be processed only for conservation purposes, with the exclusion of other treatments, for the period necessary for the rectification of your data, in the event of unlawful treatment for which you oppose the cancellation, if you have to exercise your rights in court and the data stored by us may be useful to you and, finally, in the event of opposition to the processing and a check on the prevalence of our legitimate reasons with respect to yours is underway.
Opposition: you can object to the processing of your data at any time, unless there are legitimate reasons for us to proceed with the processing that prevail over yours, for example for the exercise or our defense in court.
Portability: you can request to receive your data, or to have it transmitted to another holder indicated by you, in a structured format, commonly used and readable by an automatic device.
You can exercise these rights by sending an email to email@example.com
If you believe that your rights have been compromised, you have the right to lodge a complaint with the Guarantor Authority for the protection of personal data, according to the methods indicated by the same Authority at the following internet address:
https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 or by sending a written communication to the Guarantor Authority for the Protection of Personal Data, Piazza Montecitorio n.121, 00186 Rome .