Informative note according to article 13
of European Regulation no. 679/2016 (GDPR)
As per Law Decree No. 196/2003 (the "Personal Data Privacy Law") and according to Articles 13 and 14 of EUROPEAN REGULATION NO. 679/2016 (hereinafter “EU Regulation”) our hotel, Villa Cortine Palace Hotel, with registered office in 2 C. Gennari street - 25019 – Sirmione (BS) Italy, VAT 00558140987 – fiscal code 00300910171, intends to process the personal data that you have provided exclusively for the fulfillment of the obligations prescribed by contract or law that govern the business relationship between us. For this reason, we will not process confidential data or data of judicial pertinence.
As per Art. 13 and 14 of the above-mentioned law, we are obliged to inform you of the following:
Purpose of Processing
On this regard, we hereby inform you that your personal data will be processed for institutional purposes, related or connected to the activities of our company, including:
- execution of a hotel services, and the deriving operations, or any other operation contractually agreed;
- performance of legislative obligations provided by fiscal and accounting regulations in force;
- operational and managerial internal needs of Villa Cortine and related to the service provided, with particular, but not exclusive, reference to activities performed within the course of ordinary administration and accounting purposes; and, subject to the acquisition of his free consent, specific and distinct;
- exercise the rights of the Data Controller, for example the right of defense in court;
- process the data of your child/children on which you exercises parental authority in order to be able to make the booking and registration at the hotel.
Types of Personal Information We Collect
The term “personal information” in this Policy refers to information that identifies or is capable of identifying you as an individual. The specific kind of information collected will depend on the context of your interactions with Villa Cortine, and the services you use. The types of personal information that we process (which may vary by jurisdiction based on applicable law) include:
- your name, gender, personal and work contact details, business title, date and place of birth, image, nationality, and passport and visa information;
- guest stay information, including dates of arrival and departure, goods and services utilized, special requests made, observations about your service preferences (including room and vacation preferences);
- payment information (including payment card numbers, billing address, and bank account information);
- any information necessary to fulfill special requests (e.g., health conditions that require specific accommodation or services);
- copies of your correspondence if you contact us;
- contact and other relevant details concerning the employees of corporate accounts and vendors and other individuals with whom we do business (e.g., travel agents or meeting and event planners); and in limited cases, information relating to the credit of customers;
- information related to your use and interaction with our website.
The methods used for processing your Personal Data, which are listed in Article 4, Point 2) of the EU Regulation, are as follows: collection, storage, organization, structuring, saving, adaptation or modification, extraction, consulting, use, communication (i.e. transmission, disclosure or any other way of making data available), comparing or linking, limitation, deletion or destruction, blocking. Your Personal Data are processed on paper and by electronic and/or automatic means (in such way as to guarantee data security and confidentiality).
To the extent permissible by applicable law, we will retain your personal information for such period as necessary to satisfy or to fulfill the following:
- the purposes for which that personal information was provided,
- an identifiable and ongoing business need, including record keeping,
- a specific legal or regulatory requirement, and/or
- a requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings.
Where there is no sufficient justification to retain such personal information, such personal information will be safely and securely deleted, disposed of, anonymised and/or blocked.
Legal basis: EUROPEAN REGULATION NO. 679/2016 Law Decree No. 196/2003 (the "Personal Data Privacy Law")
We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws.
We also reserve the right to retain personal information collected and to process such personal information to comply with accounting and tax rules and regulations and any specific record retention laws.
Withdrawal of consent
Reference to the Law Decree No. 196/2003 and according to Article 6 of European Regulation No. 679/2016, the interested can withdrawal of the informed consent at any time.
Right of access by the data subject
As per Article 7 of Law Decree No. 196/2003 and according to Article 15 “Right of access by the data subject”, Article 16 “Right to rectification”, Article 17 “Right to erasure”, Article 18 “Right to restriction of processing”, Article 20 “Right to data portability”, Article 21 “right to object”, you may exercise any of these rights in relation to your personal data by contacting our Processor, on following address: Villa Cortine Palace Hotel, 2 C. Gennari street - Sirmione (BS) 25019 Italy, or by e-mail at firstname.lastname@example.org Pec: Villacortinedir@pec.it
1 - The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2 - Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3 - The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4 - The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Villa Cortine does not knowingly collect personally identifiable information from our websites from any person under the age of 18. Villa Cortine may collect personally identifiable information from people under the age of 18 as part of the guest registration process, but always with the consent of such person’s parent or guardian.
How secure is your information?
We implement reasonable administrative, organizational and technical safeguards and security measures to protect personal information within our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.
Changes to this Policy
Just as our business changes constantly, this Policy may also change. Where the Policy changes, we will take appropriate steps to bring the amendment to your attention. To assist you, this Policy has an effective date set out at the end of this document.