Guest Privacy & Personal Data

Information on the processing of personal data

pursuant to European Regulation 2016/679 of the European Parliament and Council of 27 April 2016,concerning the protection of natural persons with regard to the processing of personal data (in short “GDPR”).

Dear Client,
FELDBERG SRL in the person of its pro-tempore legal representative, in its role of Controller of the personal data directly collected from the interested party, provides you with this notice pursuant to Art. 13 of the GDPR (in short “Notice”). In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be guaranteed by taking all technical and organisational measures necessary to guarantee their security.

A)  Identity and contact information of the Controller
FELDBERG SRL
FUCINI STREET, 10
F. E P.IVE 01746430402
Tel 0541641942
E-mail: info@hotelfeldbergriccione.com

B) Purpose of the processing the personal data will undergo and relevant legal basis
Your personal data will be processed:
(i) without consent to:

• online account registration, acquisition and confirmation of booking of accommodation services and ancillary services, management and provision of hotel services, customer service management, payment management, management of contacts with the customer;
• management of public security communications, administrative and accounting management and related obligations (issuing of receipts, invoices, preparation of payments) possible protection of credit positions and defence in court;
• internal statistics, business analysis and management, simplification of registration procedures in case of subsequent stays, as well as, in relation to the contact data provided during the contract, sending advertising of similar products with the right to cancel immediately upon request; The above treatment respond respectively to the following legal bases;

The above treatment respond respectively to the following legal bases:

• fulfilment of a contract or pre-contractual measures, satisfaction of a request of the interested party - condition of lawfulness article 6, letter b) GDPR;
• legal obligation to which the Data Controller is subject - lawfulness of Article 6, letter c) GDPR - or for the assessment, exercise or defence of a right in court;
• pursuit of a legitimate interest of the Data Controller - condition of lawfulness article 6, letter f) GDPR - related to the improvement of the business operation and market surveys, improvement of services provided to its customers, direct marketing and customer loyalty.

The granting of data for the purposes explained in the form with (*) is compulsory, and the lack of data and / or any express refusal to processing will make it impossible for the Data Controller to execute the contract or pre-contractual measures, the fulfilment of the obligation with possible non-fulfilment and responsibility of the data subject also to penalties contemplated by the legal system.

(ii) with your consent (article 7, GDPR), for the following purposes:

• various types of marketing activities, including the promotion of products and services, the distribution of posters and informative and /or digital promotional material, the sending of newsletters and commercial communications via e-mail, invitations;
• profiling activity of various type, including the analysis of the behaviour for advertising purposes, creation of lists for advertising, commercial purposes and dispatch of newsletters, processing profiles for the provision of targeted services and customized to customer needs.
• receive and transfer phone calls and/ore messages;

The granting of data for the purposes explained in foregoing section (ii) is optional, with the consequence that you may decide to not give your consent, or to revoke it at any time. For this treatment automated processes are used through the use of software that provide in any case human decision-making intervention aimed at avoiding unwanted consequences for the person concerned, always and only limited to the personalization of the services and the receipt of communications from the Controller.

C) Data recipients or categories of data recipients
For the purposes explained in the foregoing paragraph, the personal data you have given may be disclosed or made accessible: 

1. to employees and collaborators of the Controller in their capacity of staff authorised to process the data (or “data processing operators”);
2. third parties managing outsourcing activities on behalf of the Controller, in their quality of Data Processors (service suppliers for managing the IT system and the telecommunications networks and the company appointed to manage online bookings, suppliers of services to manage the filing of the hard copy and/or electronic documents, suppliers of services to managing customer service activities, also through websites (e.g. call centers, help desks, etc.), suppliers of services to manage sales communication activities, banks and credit and insurance institutions for carrying out economic activities (payments / collections) and insurance);
3. to judicial or supervisory authorities, administrations, entities and public bodies (national and foreign); The complete and updated list of the Data Processors can be received by sending a request in writing to the address of the Controller

D) Storage and transfer of personal data abroad
Personal data are managed and stored in the cloud and on servers located inside and outside the European Union owned by and/or available to the Controller and/or owned by and/or available to appointed third parties duly appointed Data Processors or however located within the European Union. Your personal data will not be transferred or disclosed abroad to non-EU countries.

E) Period of storage of the personal data
The personal data collected for the purposes explained under foregoing paragraph (B), section (i) shall be processed and stored for the time necessary to fulfil said purposes. From the date of termination of this relationship, for any reason or cause, the data will be retained for the period of 5 years, unless otherwise provided for by the applicable prescription terms ex lege of 10 years. Personal data collected for the purposes indicated in the previous paragraph (B), section (ii) will be processed and stored for the time necessary to fulfil these purposes and in any case for a period of no more than 5 years for processing as from the date we receive your consent. After this deadline, data will be destroyed or made anonymous.

F) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights specified by simply sending a request by email to the Controller’s address, and in particular:

• Right of access- Obtain confirmation that processing of personal data concerning you is or is not in progress and, if so, receive information particularly concerning: purpose of processing, categories of personal data processed and storage period, recipients to whom they might be disclosed (Art. 15, GDPR),
• Right to correction- Obtain, without unjustified delay, correction of the incorrect personal data concerning you and the addition of incomplete personal data (Article 16, GDPR),
• Right to cancellation- Obtain, without unjustified delay, erasure of the personal data concerning you as provided for by GDPR (article 17, GDPR),
• Right to restriction- Obtain restriction of the processing in those cases provided for by the GDPR (article 18, GDPR)
• Right to portability- Receive the personal data concerning you in a structured format of common use readable by an automatic device, and obtain their transfer to another controller without impediments in those cases provided for by the GDPR (Art. 20, GDPR)
• Right of opposition- Objection to the processing of personal data concerning you, unless there are legitimate reasons for the Controller to continue the processing (Art. 21, GDPR)
• Right to make a complaint to the control authority - Make a complaint to the Privacy Guarantor, Piazza di Montecitorio no. 121, 00186 Roma (RM).