PRIVACY POLICY

PURSUANT TO (EU) REGULATION 2016/679 (“GDPR”) ARTICLES 13 AND 14
AND ALL APPLICABLE NATIONAL LAWS

This (“Privacy Policy“) document intends to provide you with information regarding the processing of data – as specified below – that you have provided or is otherwise available at our organisation and which will be processed by our organisation and/or other individuals identified for the purposes indicated below. This privacy policy is provided pursuant to EU Regulation No. 679/2016 (“GDPR”) and all applicable national laws (“Applicable Regulations” in conjunction with the GDPR below).

1. Data controller identification and contact details
Pursuant to Articles 4 and 24 of EU Regulation 2016/679, the data controller is Hotel Promenade SNC of FRIGNANI GIORGIO & C. – Lungomare Zara 119, 64021 Giulianova (TE), VAT number 00840710677, Tel. 0858 003338, info@hotelpromenade.com, in the person of its pro-tempore legal representative (hereafter referred to as the “Data Controller“).

2. Data protection officer contact details (“RPD-DPO”)
The data controller does not perform activities that require the designation of a person responsible for protecting personal data.

3. Purpose and legal basis for data processing
All collected personal data will be processed for the purposes and on the legal bases listed below:
Purpose
a)  Point 3 (A): in order to manage your contractual relationship or to perform pre-contractual tasks (such as, for example, an information request or quote). You are free to give us your personal data, however, if you fail to provide certain information, you will not be able to establish the aforementioned relationship with the company and we won’t be able to adequately respond to your request.
b)  Data collection (by filling out a form) in order to send newsletters or promotional communications via email.
Legal basis for data processing
a) 
Data processing is necessary in order to fulfil a contract that you belong to.

b)  Your consent. 
Data processing is also based on Article 6(1)(f): (recital 47) and takes into account an individual’s reasonable expectations at that moment in time and within the context of personal data collection, when an individual can reasonably be expected to have his or her data processed for this purpose.

4. Personal data categories (pursuant to Article 14)
Information considered to be “personal data” may be processed within the limits of the purposes and methods described in this privacy policy. Said information includes your personal information and contact details (for example, your mobile number, email address, etc.).

5. Recipients and recipient categories
Personal data will not be sent or disclosed to unknown parties. Data may be included in communications sent to well-known individuals in full compliance with the provisions of the law for purposes strictly related to those previously indicated. Access to your personal data is limited to individuals authorised by the data controller. Information is sent to identified recipients for the purposes referred to in point 3 above. Collected and processed personal data may therefore be:
a)  used anonymously for statistical purposes;
b) made available to the data controller’s colleagues, such as managers or persons authorised to process personal data
c) disclosed to third parties, both physical and legal, as well as public administrative bodies, professionals, law enforcement agencies,                            government agencies, regulatory bodies, courts or other public authorities authorised by law;
d) sent to another data controller if necessary, in accordance with the provisions of the GDPR, including the right to transfer data.

Information may also be disclosed in order to comply with Judicial Authority or Public Safety requests. Collected data will never be distributed.

The list of persons in charge of processing personal data is available at the data controller’s headquarters.

6. Transferring data abroad
Data will not be transferred outside the European Union.

7. Data retention period (determination criteria)
The table below contains information regarding personal data retention times (determining criteria):
Purpose
a)  Point 3 (A): contract management
b)  data collection (by filling in forms) in order to send newsletters or promotional communications via email
Tempi di conservazione
a)  
For the entire duration of the relationship and for 10 subsequent years (ordinary prescription).
b)  Two years from the date of collection, the interested party may modify and/or revoke his or her consent at any time (changes dependent on the GDPR “accountability” principle)

8. Data processing methods
Personal data will be processed using manual, computerised or digital tools suitable for guaranteeing security and confidentiality and will be carried out by duly trained employees in compliance with applicable legislation. No automated decision-making processes are used.

If we need to contact you regarding the management of your position, you may be contacted by email, text message, an equivalent electronic tool, post or a call operator via the contact details you have provided. If you prefer to be contacted via just one or some of these addresses, you can send a specific written request without the need for procedural formalities to the data controller.

9  Your rights
We inform you that you may exercise the rights recognised by applicable laws including, but not limited to, the right:
a) to access your personal data and know its origin, the reasons and purposes for processing it, as well as information regarding the individuals to whom your data has been sent, the data retention period and any determining criteria (Article 15);
b) to request that information is corrected (Article 16);
c) to request deletion if data is no longer necessary, incomplete, incorrect or collected in violation of the law (Article 17);
d) to request that data processing be limited to only some of the information about you (Article 18);
e) to receive information concerning you or provided by you in a structured format (so-called “transfer of data”) or to request that it be sent to a specific third party, where technically feasible (Article 20);
f) to oppose data processing based on legitimate interests (Article 21);
g) to revoke your consent at any time if it constitutes the basis for processing (revocation of consent, however, does not affect the lawfulness of data processing carried out based on consent given before revocation).

The aforementioned rights may be exercised by means of a written request addressed without procedural formalities to the data controller via the contact details listed in point 1.

The data controller must proceed with the request without delay and will complete said request no later than one month after receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and the number of requests received by the data controller. If this is the case, the data controller will inform you of the reasons for the extension within one month of receiving your request.

We would like to remind you that if you do not deem our response to your request to be satisfactory, you can contact and lodge a complaint with the Authority for the Protection of Personal Data (http://www.garanteprivacy.it/) in the manner stated in the applicable regulations.

Last Updated: May 2018