WHAT’S PRIVACY POLICY
This page describes the website’s management methods as concerns the handling of the personal data of users visiting it.
This notice is provided pursuant to GDPR 679/2016 to those who interact with web services of the company Hotel Majestic Toscanelli SNC di Italo Morosi & C., electronically accessible from the address: www.toscanelli.com
The information is provided only to the website Hotel Majestic Toscanelli SNC di Italo Morosi & C. (Controller company) and not to other websites the user may visit via links.
THE DATA “CONTROLLER”
Pursuant to GDPR 679/2016, Controller of the Data is the Company Hotel Majestic Toscanelli SNC di Italo Morosi & C. registered office in Padova.
THE DATA “PROCESSOR”
Pursuant to GDPR 679/2016, the external data Controller for the site management and personal data acquisition during booking is the D-EDGE SAS Paris (F) Boulevard Poissonière 14/16, tel +33144710505, owner of the hotel booking engine incorporated into this website.
Another external data Controller is ALL IN ONE SRL Padova via Astichello, 10 email aio@allinone.srl, owner of the electronic devices where registered data are stored.
The personal data provided voluntarily and optionally by users sending requests for information about the hotel facilities (rates, room availability, etc.), or simply requests for recruitment by sending CVs in electronic format, are used for the sole purpose of performing the service or provision requested and are not disclosed to third parties unless disclosure is required by law or is strictly relevant and necessary for the fulfilment of the requests.
In particular, personal data provided voluntarily by the parties concerned by the processing shall be collected and processed, including by electronic means directly and/or through delegated third parties (company for the e-mail service, company hosting the website) for the following purposes:
checking the availability of the requested room against information in the booking form;
to make and confirm the reservation by providing personal identification data and credit card data as a guarantee;
activating eventual promotional and commercial activities pursuant to GDPR 679/2016;
to comply with current administrative, accounting and tax obligations, as well as with laws and regulations;
providing responses concerning our hotel services (room availability, prices, conference rooms, catering, etc.);
registering in the newsletter to receive periodic commercial or promotional communications;
assessing CVs that may be received for compatibility with any internal requirements;
for action by the Controller in court or in the preliminary stages leading to possible legal action against abuses arising from illicit use of the website or related services by the User;
statistical purposes in anonymous form (to assess the number of visits, etc.).
DATA STORAGE PERIOD
The data collected through the website will be stored for the entire duration of the registration on the site, after which it will be deleted/destroyed.
BOOKINGS
Personal data for the reservations shall be processed in electronic and paper format for the sole purpose of guaranteeing the rooms are booked in the conditions agreed.
The booking platform is owned by D-EDGE, the external processor, which will communicate the data of the party concerned to the hotel for the normal activities related to managing the accommodation.
The data shall be recorded in our electronic databases accessible to staff properly instructed and trained in personal data security and confidentiality.
To confirm the booking a credit card given as firm guarantee must be provided, it being understood that the customer can choose to pay in cash at the end of the stay.
CURRICULA MANAGEMENT
This Statement prepared in accordance with GDPR 679/2016 can be used by the company Hotel Majestic Toscanelli SNC di Italo Morosi & C. including for eventual advertisements on sites or portals not directly managed by the company Hotel Majestic Toscanelli SNC di Italo Morosi & C. to recruit staff.
The Company shall process the curricula received by e-mail or through third-party recruiting companies (publications on portals, etc.) to evaluate the potential applications inside the company or that might be made in the near future.
The processing occurs electronically excepting curricula received by post.
The curricula considered “interesting” shall be stored at the company headquarters for a period not exceeding one year and shall be processed while fully complying with the minimum security measures referred to in GDPR 679/2016.
The curricula deemed irrelevant as well as those retained over 12 months shall be trashed.
The curricula shall be retained at the headquarters of the company and not disclosed to unauthorized third parties.
The same may be assessed by the company’s employees or collaborators appointed to be responsible for the processing (GDPR 679/2016).
However, the applicants are still invited to respect the following rules in transmitting the curricula in electronic format:
Fill in your own CV in European format; transmit the curriculum in pdf format; avoid putting sensitive data (relating, in particular, to state of health, religious, philosophical, or political beliefs) not relevant to the job offer in the curriculum; give consent to the processing.
The company reserves the right to trash the curricula that do not meet the above requirements.
The Company shall provide appropriate information pursuant to GDPR 679/2016 during any interviews with the applicants.
The purpose of the processing relating to managing the curricula shall concern activities closely relating to the appraisal, recruitment, or selection of personnel, for the purposes of collaboration, hiring on a temporary or permanent basis, internships, or rather to enable the successful applicant to prepare his degree thesis at our headquarters.
COMMERCIAL COMMUNICATIONS VIA E-MAIL
The society Hotel Majestic Toscanelli SNC di Italo Morosi & C. reserves the option of sending promotional and commercial e-mails in accordance with GDPR 679/2016.
The sending is made only to the subjects who have explicitly given their consent in the correct procedure (autographed subscription on paper forms or ticked on the appropriate box on the website).
ALL IN ONE Srl, external data processor, is entrusted with the sending of these messages as e-mail service provider.
DATA COMMUNICATION AND DISSEMINATION
Personal data collected from the website in question can be treated only by persons officially appointed and trained in the field of personal data privacy and security.
Personal data may be transmitted to:
Organizations or Public Offices on the basis of legal and / or contractual obligations; FastBooking companies; external processors as companies or consultants who carry out activities for the proper functioning of the site and management of the information acquired through the same on the controller’s behalf;
the Postal Police for determining whether any activities may be harmful to the company website;
to employees or service-providing companies when the communication is necessary for the person concerned to use the hotel services.
Personal data shall not be disclosed.
NAVIGATION DATA
During their normal operation software applications designed to run this website acquire some personal data whose transmission is implicit in the normal IP protocol of Internet communication.
While it is not collected to be associated directly with the data subjects, by its very nature through processing and subsequent correlation with data held by third parties (providers) this information could allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, the date and time of the request, the URI (Uniform Resource Identifier) of requested resources, the size of the files obtained in reply from the server, the digital code indicating the status of the response from the server (ok, error, etc..) and other parameters regarding the operating system and computer environment.
This data is used only to obtain anonymous statistical information about website usage and to check the site is functioning correctly; they are deleted immediately after processing.
This site may disclose personal data which, if required in accordance with law, may be communicated to the judicial authorities for the purposes of defending the State or the prevention, detection or suppression of crime, serve to ensure the protection of the personal data of data subjets’ enjoying on-line services of the site, for eventual defensive investigations as per Law no. 397 of 7 December 2000, or in any event to assert or defend a legitimate right and interest of the Controller in court while still complying with the principles of relevance and proportionality with respect to the processing’s purpose.
NON-OBLIGATORY NATURE OF THE DATA PROVISION
Unless otherwise specified as concerns navigation data, the user is free to provide personal data to make an on-line reservation.
The advancement of the on-line booking procedure implies the data subject’s consent to the processing of his personal data following the privacy policy of this website.
The possible acquisition of other personal data via dedicated forms (e.g. recording in the newsletter) shall require the data subject’s explicit awareness of the information as authorization for processing his personal data.
Failure to provide the personal information provided by the website may make it impossible to fulfil the request.
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
PROCESSING METHODS
The personal data are processed in paper format and/or by automated tools for the time strictly necessary for the purpose for which they have been collected.
In order to prevent data loss, abuse, incorrect use, and unauthorized access specific security measures are observed.
DATA VOLUNTARILY PROVIDED BY THE USER
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
DATA SUBJECT RIGHTS
The data subjects have the right, at any time, to obtain confirmation of the existence or non-existence of the data concerned and to be informed of its content and origin, verify its accuracy or request it to be integrated, updated, corrected or deleted (GDPR 679/2016).
Pursuant to the same article, the data subjects have the right to request the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, and in any event, to refuse its processing on legitimate grounds.
Requests should be addressed to the Company Hotel Majestic Toscanelli (SNC di Italo Morosi and C) Controller of the personal data.
The data subject, in relation to the treatments described in this statement, has the rights referred to the article 7, from 15 to 21 and 77 of the GDPR and, in particular, on:
• right of access – article 15 of the GDPR: right to obtain confirmation that personal data concerning the client is being processed or not and, in this case, obtain access to such personal data, including a copy of the same;
• right of rectification – article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning the clinet and/or the integration of incomplete personal data;
• right to erasure (right to be forgotten) – article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning the customer;
• right to limitation of treatment – article 18 GDPR: right to obtain the limitation of treatment, when: the interested party disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such data; the processing is illegal and the interested party opposes the cancellation of personal data and instead requests that their use be limited; personal data are necessary for the interested party to ascertain, exercise or defend a right in court; the interested party has opposed the treatment pursuant to art. 21 GDPR, in the waiting period of the verification regarding the possible prevalence of legitimate reasons of the Data Controller compared to those of the interested party;
• right to data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning the customer provided to the owner and the right to transmit them to another owner without impediments, if the treatment is based on consent and is carried out by automated means. Furthermore, the right to obtain that the customer’s personal data is transmitted directly to another Data Controller if this is technically feasible;
• right of opposition – article 21 GDPR: right to object, at any time for reasons connected to your particular situation, to the processing of personal data concerning the User based on the condition of lawfulness of the legitimate interest or the execution of a task of public interest or the exercise of public powers, including profiling, unless there are legitimate reasons for the Data Controller to continue processing that prevails over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court. Furthermore, the right to object to the processing at any time if the personal data are processed for direct marketing purposes, including profiling, insofar as it is connected to such direct marketing;
• right of revocation – article 7 GDPR: the customer has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation;
• right of complaint – article 77 GDPR: the Customer has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza Venezia 11, 00187, Rome (RM).
The customer can exercise his rights at any time by sending a registered letter with return receipt to: HOTEL MAJESTIC TOSCANELLI SNC DI MOROSI ITALO & C., PADUA, VIA DELL’ARCO 2, or an e-mail to majestic@toscanelli.com.
The exercise of rights by the Customer is free of charge pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge the Customer a reasonable expense contribution, in light of the administrative costs incurred to manage his request, or deny the satisfaction of his request.