Doc. INF-SGDP.04.EN – Rev. 0 of. 01/03/2024
Privacy Policy of the website: hotelbelvederefortedeimarmi.com
(hereafter simply “Site”)
This information is issued pursuant to Articles 12, 13 and 14 of the EU Regulation 2016/679 GDPR and is intended to comply with the latest guidelines of national and European Authorities.
The following applies only to websites, Apps, social profiles and services, whose domains or properties are registered or traceable to ‘publisher Hotel Belvedere Srl.
Specifically: website hotelbelvederefortedeimarmi.com.
In order to facilitate the use of this document, recurring terms found in it are defined.
To whom is this document addressed?
This Notice (hereinafter “Policy”), made pursuant to Articles 13 and 14 of Regulation (EU) April 27, 2016 no. 679 (so-called “GDPR”), is intended to explain how the owner of the site , Hotel Belvedere Srl, (hereinafter also “Owner“), processes personal data collected as part of the use by Users, applications and services offered through this website.
Who are we and how can you contact us?
Hotel Belvedere Srl as Publisher and Data Controller, is primarily responsible to you for any questions, concerns or complaints regarding this Policy or the processing of your personal data.
In case you, as a User and “data subject” need any clarification regarding the processing of your personal data, please contact us at the following contact details:
Main treatment site:
IV November Street, 5
Forte dei Marmi , 55042, LU
Contact information:
A data protection officer (DPO) has not been appointed. The processing carried out by us does not fall within the scope of the conditions of mandatory appointment set forth in Article 37 of the GDPR.
Why can we process your data?
The processing of your personal data is lawful only if there is a valid legal basis under the GDPR. The following legal bases are used for the treatments considered in this policy:
Consent - Article 6.1 (a) of the GDPR
You have consented to the processing of your personal data for one or more specific purposes.
Contract - Article 6.1(b) of the GDPR
Processing is necessary for the performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request.
Legal obligation - Article 6.1(c) of the GDPR
The processing is necessary to fulfill a legal obligation to which you are subject or our company is subject.
Legitimate interest - Article 6.1(f) of the GDPR
Processing is necessary for the pursuit of a legitimate interest of our company or a third party, provided that your interests, fundamental rights or freedoms do not prevail.
For more information about our legitimate interests in processing your personal data, please contact us via the information we have previously provided.
For what purposes do we process your personal data and on what basis of lawfulness?
We process your personal information to give you the best possible experience when you access our website, use our services, and interact with us. This includes the following purposes:
Navigating the Site
Description of processing: When you visit our website, you automatically give us the following data: your IP address, login information, browser type and version, browser plug-in types and versions, operating system, and platform. In addition, as you browse our site, we may collect data about your visit, including the Clickstream URL through and from our website, items viewed or searched, viewing and download errors, times and duration of visits to certain pages, and page interaction. We may collect this data automatically through the use of various technologies, including through “cookies” (see the specific section in this policy).
Acquisition mode: Your data is automatically conferred by your systems in the Internet network protocol (TCP/IP)
Basis of lawfulness: We process this data by virtue of our Legitimate Interest - art. 6.1 lett. f) of the GDPR - to provide and improve the navigation on our Site, propose efficient and secure web services trying to ensure the continuous improvement of your browsing experience over time.
How long we keep your data: We keep your personal data only as long as necessary to enable you to browse the Site. Specifically, some data is retained the duration of your stay on the Site itself and some until you decide to delete it by deleting technical and functional cookies. For more information regarding the management of Cookies, see our Cookie Policy;
What we don't do: We do not keep data indefinitely by fictitiously updating the basis of processing.
Use of the services offered by the Site
Description of processing: As a user, you can provide us with your personal information, including information that allows your identification, when you want to activate or use the services offered through our Web site. For example, when you fill out specific forms (so-called” Form”) posted on our pages in order to request or activate specific services.
Method of acquisition: the data are voluntarily given by you in filling out our Forms. Failure to provide them will result in our inability to provide you with the requested service.
Basis of lawfulness: Processing is necessary for the performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request - art. - 6.1(b) of the GDPR.
How long we keep your data: We keep your personal data only as long as it is necessary to provide you with the service you have activated or requested.
Newsletter: At the bottom of each page of the site is a contact form to sign up for the gallery invitations newsletter, such data collection bases the processing on the categories of consent and lawfulness.
Online shop: In the event that the platform provides an e-commerce service or online sale of products, the personal data protection conditions that apply can be traced back to those provided by the service that supplements the platform's terms of sale, specifically Woocommerce.
What we don't do: We do not create contact forms specifically to obtain your data; the information requested is strictly for the specific purpose at hand.
Communicate
Description of Processing: We collect your personal information when you communicate with us in person, through our website, email, by phone, or by any other means using the contact information we have given you through this Site. For example, we collect your contact information and details of our messages to you and from you including data on when you sent them, when we received them, and in some cases even where you sent them from.
Mode of acquisition: The data are partly automatically conferred in the communication protocol used by your chosen tool and partly conferred by you in the content of the communication.
Basis of lawfulness: Primarily we process this data by virtue of our Legitimate Interest - art. 6.1(f) of the GDPR - to respond to your requests and handle necessary communications. However, in some cases we may be held accountable by virtue of specific contractual or legal obligations-articles 6.1 lett. (b) and lett. (c) of the GDPR.
How long we keep your data: How long we keep your data: By following up on contact or support requests you decide to send us, your personal data is only processed for as long as necessary to provide you with the information and/or assistance you need. Data are deleted after 12 months from the last response we send you.
What we don't do: We retain your data only to fulfill the purposes for which the communication was made.
Site Administration and Security
Treatment Description: We process your data to administer and securely maintain our Website also to ensure its proper functioning, including troubleshooting and to understand any errors encountered during its use by you or other users; We also process data collected on our Website to properly maintain, manage and administer the IT systems and services necessary for its operation; We also collect this data through our security systems (e.g. Antivirus and Firewall) while you are browsing our web pages or if you use our services or web applications.
Mode of acquisition: The data are partly voluntarily given by you through registration to our services the services and partly acquired automatically through communication protocols and your activities on the pages of the Site.
Basis of lawfulness: We process this data because of our legitimate interest in administering the Site, ICT systems and ensuring their availability, integrity and confidentiality. - Art. - 6.1(f) of the GDPR.
How long we keep your data: We keep your personal data only as long as necessary to achieve the purposes described above.
What we don't do: We do not submit requests that are not unique to IT so as to obtain more information than necessary.
Legal reporting requirements
Description of processing: We may process your information in order to make necessary communications, in response to requests we are legally required to fulfill, to law enforcement or judicial authorities, or in defense of a right.
Mode of acquisition: The data are already in our possession as they are collected for other purposes.
Basis of lawfulness: The processing is necessary to fulfill a legal obligation - art. 6.1 lett. c) of the GDPR to which you are subject or our company is subject.
How long we keep your data: We keep your personal data for as long as necessary to fulfill our obligations.
What we don't do: We do not under any circumstances shirk a legal obligation.
Further retention of personal data
Treatment Description:
After the above retention periods have expired, we may further retain your personal data to fulfill specific legal obligations or to ascertain, exercise or defend a right of ours or of a third party before the Judicial Authority.
We are legally required to comply, to law enforcement or judicial authorities or in defense of a right.
Method of acquisition: Data were provided to us for all other purposes listed above.
Basis of lawfulness: We process this data because of our Legitimate Interest to protect our rights or the rights of third parties- art. 6.1(f) of the GDPR.
How long we keep your data: Subject to specific legal obligations, we keep your personal data until the litigation is closed or the prescriptive periods expire.
What we don't do: We do not prolong data storage/processing beyond the necessary time.
Processing of personal data for marketing and retargeting purposes
Basis of lawfulness: We process this data only by virtue of your prior consent under our Legitimate Interest - Art. 6.1(f) of the GDPR.
How long we keep your data: We keep your personal data until the marketing activity is exhausted.
What we don't do: We do not use the consent provided for other purposes to put in place marketing campaigns or re-targeting.
What we don't do: We do not use additional services other than those expressly mentioned, such as Meta and Google Ads. The specific data processing policies are those attached contextually.
Who can process your personal data?
For the achievement of the above purposes, the following parties may have access to your personal data:
1 – Our employees and contractors duly trained in the necessary measures to protect your rights and the security of your data. These individuals act as individuals authorized in writing to process only the data necessary to perform their job duties.
2 – Companies/professional firms that provide assistance and/or consulting services to the Holder, in accounting, administrative, tax, legal, fiscal and financial matters, as well as to third parties to whom the communication is necessary for the fulfillment of the services covered by the contract.
3 – Our service providers, consultants and other third parties necessary for the purpose of facilitating, extending and protecting our services and information systems. Each individual supplier involved, after we have ascertained the relevant level of competence and reliability, will be required to apply at least the same levels of protection of your data as guaranteed by us, by signing an appropriate agreement with our Company pursuant to Art. 28 of the GDPR and thus acting as our data controller.
4 – We may also disclose your data to administrative, institutional and/or judicial authorities and any other entity to which disclosure is required by law and/or for the fulfillment of the purposes outlined in this policy.
Said parties will process the data in their capacity as autonomous Data Controllers.
The full list of providers who process your personal data is available from the Controller.
Cookies and other technologies used
1 – The website is made entirely using the web development service provider WordPress, and at each stage of its development and design is in accordance with Art. 25 ff. GDPR, therein the conditions of use of the platform can be consulted.
2 – We automatically collect data through the use of “cookies”. A cookie is a text file containing small amounts of data that a website can send to your browser, which can then be stored on your computer as a tag that distinguishes your computer but does not identify you. Some of our Web site pages use cookies to provide you with better service during subsequent uses of the Web site. You can set your browser to notify you before you receive a cookie so that you have a chance to decide whether or not to accept it. You can also set your browser to disable cookies; however, if you do this, some pages on our Web site may not function properly.
Instructions for disabling cookies can be found on the following web pages:
Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera – Apple Safari
3 – For information about the specific cookies used on this Web site, please see the Web site’s Cookie Policy via the link provided at the bottom of all pages (footer)
What are your Rights?
In accordance with applicable law, under certain circumstances and in relation to your personal data you may exercise the following rights. Before responding to any request, also in order to protect the confidentiality of your information, we reserve the right to verify your identity and/or have further details regarding your request.
Right of access to personal data.
You have the right to obtain confirmation of whether or not we are processing personal data about you and if so, to obtain access to the personal data processed. You have the right to obtain a copy of the data being processed. This right is enforceable only if it does not lead to the infringement of the rights and freedoms of others. On this point, it should be noted that in the event of your request for additional copies, you may be charged a fee by us based on our administrative costs.
Right to rectify, delete, or restrict processing of personal data.
If you wish to rectify, delete, or limit the processing of your personal data, please contact us through the information we have provided in Section 1. It is your responsibility to ensure that you provide true, accurate, complete data and keep it up to date.
Right to withdraw consent.
If you have given us consent to process your data, you can revoke it at any time
Right to data portability.
If the processing is based on your consent or contract and is carried out by electronic means, you have the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to us and you have the right to transmit such data to another data controller without hindrance from us.
Right of opposition.
As a user, you have the right to object to the processing of your data under certain circumstances. For example, you may benefit from this right if the processing is based on our legitimate interests (or those of third parties). It is possible for you to challenge the merits of our legitimate interests, however, we may have the right to continue to process such personal data on the basis of our legitimate interests or when it is relevant in connection with legal action, or the data is necessary for the establishment, exercise or defense of a right in court. You also have the right to object to the processing of your personal data for direct marketing purposes.
Right not to be subjected to automated decision making.
Compensation.
We would also like to remind you that anyone who suffers material or immaterial damage caused by a violation of Regulation (EU) 2016/679 has the right to obtain compensation from the data controller or processor.
Right to file a complaint with the 'supervisory authority.
Without prejudice to the possibility of approaching our Company for the exercise of your rights related to the processing operations, you may lodge a complaint before the competent independent administrative authority in the Member State of the European Union where you normally reside, where you work, or where an alleged violation of the law on the protection of your personal data has occurred. In the Italian territory you can file a complaint with the 'Control Authority.
🇮🇹 Data Protection Authority
Switchboard: +39 06.696771
E-mail address: [email protected]
PEC address: [email protected]
Website: https://www.garanteprivacy.it
Forms for exercising your rights
To exercise your rights towards the owner, you must use the following form:
https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924
Remember that in order for you to exercise your rights, your identification is required on our part.
If you have an Account, you can access your user profile in order to obtain a copy as well as correct, edit or delete inaccurate data. You also have the option to close your Account at any time.
Data Security
We have taken a number of physical, technical and organizational measures to ensure adequate levels of security for the personal data processed under our control, so as to prevent all reasonably foreseeable risks, with particular but not limited reference to their destruction, loss, modification or unauthorized disclosure or accidental or unlawful access.
The data you provide is stored and archived on secure servers in the EU.
Policy Changes
This Policy was last updated on 01/03/2024
Questions regarding this Policy
The publisher of this site, Hotel Belvedere Srl also acts as the Data Controller of your personal data.
If you have any questions, concerns or complaints about this Policy or the handling of your data, you can contact us by e-mail at: [email protected]
Definitions
User of any digital or pseudo-digital service in question;
Any structured set of personal data accessible according to specified criteria, regardless of whether that set is centralized, decentralized, or functionally or geographically distributed;
The independent public authority established by a member state;
an organization and bodies of public international law subordinate to it or any other body established by or on the basis of an agreement between two or more states;
Clickstream is the analysis of user navigation flow. It allows monitoring of how users browse, purchase processes, reaction to advertising messages, etc;
Any manifestation of the free, specific, informed and unambiguous will of the data subject, by which the data subject indicates his or her consent, by means of a statement or unambiguous affirmative action, that personal data concerning him or her be processed;
personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sexual habits or sexual orientation (Art. 9 GDPR);
Personal data related to criminal convictions and offenses (Art. 10 GDPR);
Any information concerning an identified or identifiable natural person;
The natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party. However, public authorities that may receive communication of personal data as part of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by such public authorities is in accordance with the applicable data protection rules according to the purpose of the processing;
In computer science, it is a term used to refer to the interface of an application that allows the client user to enter and send to the web server one or more data freely typed by the client user; the metaphor of a “form to be filled in” for data entry may be useful to describe it;
EU Regulation 2016/679 (General Data Protection Regulation) on personal data protection;
The identified or identifiable natural person to whom the personal data relate;
the marking of retained personal data with the aim of limiting their processing in the future;
any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
The processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that such personal data is not attributed to an identified or identifiable natural person;
The natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller;
descriptive scenario of an event and its consequences, which are estimated in terms of severity and probability for rights and freedoms.
the natural or legal person, public authority, service or other body other than the data subject, the data controller, data processor and persons authorized to process personal data under the direct authority of the data controller or data processor;
the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to its designation may be established by Union or Member State law;
any operation or set of operations, whether or not involving automated processes, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction (Art. 4.2 GDPR);
security breach that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
display of artworks, objects or digital content that takes place through online platforms or virtual environments, allowing users to visit an exhibition without having to be physically in a gallery;
digital dimension where real and digital elements are combined;
fully digital dimension where the user interacts with the surrounding environment;
This term refers to a dimension that includes both notions (augmented reality and virtual reality). In this reality, digital objects may or may not interact with the real world in a realistic way, creating an experience that combines virtual and physical elements.
an AR (Augmented Reality) or VR (Virtual Reality) viewer is a device that helps define the User’s digital experience in the enjoyment of one or more applications with immersive modes;