Information on the processing of personal data
Why this notice
Hotel Cirillo – Sogea S.r.l. (hereinafter also referred to as “Company” or “Owner” or “Hotel Cirillo”) is committed to respecting and protecting your privacy and wishes to offer a clear and transparent view of what information related to individuals we collect and process regarding our customers, partners, suppliers, collaborators, visitors and candidates who spontaneously send cv’s, or information related to users of the site.
Following the full application of the General Data Protection Regulation 2016/679 (the so-called “GDPR,” or “Regulation”), throughout the European Union, and the national legislation (Legislative Decree, 196/2003 as amended by Legislative Decree 101/2018, which came into force on September 19, 2018), SOGEA S.r.l. has set itself the following objectives:
– make sure that data subjects understand what personal data we collect, for what purposes and for how long;
– explain in a clear and transparent way how we use the personal data that data subjects provide us with and with whom we share them, in order to offer an increasingly efficient service;
– explain to data subjects what their rights are (including the new ones introduced by the GDPR) and their possible choices in the processing of personal data, ensuring, on the one hand, greater control over them and, on the other hand, greater protection by the actors of the processing.
INFORMATION ON THE PROCESSING OF PERSONAL DATA USERS OF THE WEBSITE AND COOKIE POLICY
pursuant to Article 13 of the EU Regulation 2016/679
DATA CONTROLLER
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980
The institutional website has the following address: https://www.hotelcirillo.it
DESCRIPTION OF THE PROCESSING AND CATEGORIES OF THE INTERESTED PARTIES
This website www.hotelcirillo.it belongs to the company Hotel Cirillo, which processes the personal data of the users of the website in its capacity as Data Controller.
Your personal data collected through the website will be processed in full compliance with applicable legislation, guaranteeing the security, confidentiality and protection of the data it holds and the fundamental rights and freedoms that are recognized to the data subjects, in accordance with the rules set by the GDPR.
TYPES OF DATA COLLECTED AND ORIGIN OF DATA
Among the personal data collected by this website are: technical cookies, website usage data, day and time of connection, time spent on the website.
The various information we collect includes information that can identify you as an individual (“personal data”), and some device, and activity data in relation to the types of services used may be processed, including with your consent where applicable.
The personal data processed through the website are as follows:
A. Automatically collected navigation data: the information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow the identification of navigating users. This category of data includes the “IP addresses” or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the Data Subject. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the HOTEL CIRILLO website. IP addresses are saved in “anonymized” form (portion of IP).
B. Cookies: the site uses some cookies and the data collected through them can be used to access parts of the site or for statistical purposes and or to make the browsing experience more pleasant and more efficient in the future, trying to evaluate the behavior of users and to modify the proposition of offering content according to their behavior. More information regarding cookies is available a in the section “Cookie Policy” below.
C. Data related to websites, third-party services, plug-ins: the site may contain links to other websites or applications. The site also incorporates social media plug-ins and/or buttons to enable easy sharing of content on your favorite social networks. Such plug-ins are programmed not to set any cookies when you access the page, to safeguard your privacy. Eventually cookies are set, if so provided by the social networks, only when the user makes actual and voluntary use of the plug-in (e.g. by playing Youtube video clips that are embedded on our site). Keep in mind that if the user browses while being logged into the social network then he/she has already consented to the use of cookies conveyed through this site at the time of registration with the social network services may be used that analyze the traffic of this website, potentially containing personal data of users, in order to filter it from parts of traffic, messages and content recognized as SPAM (Google reCAPTCHA, SPAM protection service provided by Google Inc.). The collection and use of information obtained by means of the plug-ins are governed by the respective privacy policies of the social networks or platforms (Google, Facebook, YouTube, or others) that represent autonomous owners and for which you are reminded to refer to their respective privacy and cookie policies.
Data are collected from the data subject. The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of the Internet.
PURPOSE OF THE PROCESSING
The site requires certain information from the browser in order to provide quality service.
The Data Controller may process the data to:
1. Enable web browsing and delivery of the Services. These are browsing preferences, logins and cookies used for the smooth operation of the site and in order to offer an increasingly better service.
2. To derive statistical information about the use of the Web Services.
3. To keep the site secure and for liability investigation in case of computer crimes against the Web site and legal protection.
4. Commercial and promotional communications (marketing purposes).
LEGAL BASIS
1. Need to execute a contract to which the data subject is a party or to provide a service at the data subject’s request.
2. Consent.
3. Legitimate interest of the Company.
4. Consent of the data subject.
The use of technical cookies does not require consent as it is necessary for the execution of a contract or pre-contractual measures (Art. 6 par.1.b of the GDPR) of the Data Controller so that the functionalities of the company’s website can be used and enjoyed as a result of the navigation carried out by the user; the use of the remaining cookies, on the other hand, is carried out with the consent of the data subject.
POLICY ON COOKIES AND SIMILAR TECHNOLOGIES
Cookies are small text strings sent by the server to the web client (browser) and sent back by the latter to the server. They are used to provide a better browsing experience for the user, for technical reasons and for the analysis of the site’s performance. the user has the possibility to decide not to install cookies or to accept them, as well as to change his decision later. By way of information, in addition to blocking cookies on this site, the user has the option of managing browsing data through the settings related to the storage of cookies on his or her device by accessing the settings of the browser, or application, and setting the relevant rules.
Cookies can be first or third-party, where “first-party” means cookies that carry the site as their domain, and “third-party” means cookies that are related to external domains. Third-party cookies are necessarily installed by an external party, always defined as a “third party,” which is not managed by the site.
Technical cookies allow certain sections of the site to function properly.
Cookies can be of two categories: persistent and session cookies:
1) persistent cookies: once the browser is closed, they are not destroyed but remain until a preset expiration date;
2) session cookies: they are destroyed each time the browser is closed.
Express user consent is not always required for the use of cookies. In particular, technical cookies, i.e., those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user, do not require consent. These are, therefore, cookies that are indispensable for the operation of the site or necessary to perform activities requested by the user.
These cookies, always sent from our domain, are necessary to properly display the site and in relation to the technical services offered, they will therefore always be used and sent, unless the user changes the settings in their browser (thus affecting the display of pages on the site).
Analytical cookies are used to collect information on the use of the site. This type of cookie collects data anonymously about user activity and how they arrived at the site. Analytical cookies are sent from the site itself or from third-party domains.
Profiling cookies, where used, are necessary to create user profiles in order to send advertising messages in line with the preferences expressed by the user within the pages of the site. The consent of the data subject is required for the use of profiling cookies. According to Order No. 229 of May 8, 2014 and Order No. 231 of June 10, 2021, the user must be able to authorize or deny consent to the installation of profiling cookies if they are present.
Our computer systems use the following cookies:
As noted above you may access the site or connect to areas where you may be enabled to post information using blogs or message boards, communicate with others, for example by coming from the HOTEL CIRILLO (SOGEA S.R.L.) page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, review products and offers, and post comments or content. Before interacting with these areas, we invite you to carefully read the general conditions of use, bearing in mind that, under certain circumstances, the information you post may be viewed by anyone with access to the Internet, and any information you include in your postings may be read, collected, and used by third parties.
As is well known, social networks independently regulate their own privacy for those who browse, publish posts and communicate through them, being in that case the main data controllers.
However, when the user is on the social pages managed by HOTEL CIRILLO (SOGEA S.R.L.) and communicates, in various ways, their personal data (e.g., through a private message or by commenting on a post or leaving a review), or when the social networks provide some statistics on the use of the pages in a non-anonymous way (and therefore reconnectable to the activity carried out on the page by the specific person), it is HOTEL CIRILLO (SOGEA S.R.L.) that becomes the Data Controller.
The user’s personal data will be processed by means of the tools provided by the social networks themselves.
If technical and/or analytical functionality cookies are disabled, the Site may be unavailable or some services or certain features of the Site may not be available or may not function properly.
In the case of third-party cookies, the site has no direct control over individual cookies and cannot control them (it can neither directly install them nor delete them). You can, however, manage these cookies through your browser settings (follow the instructions below), or the sites listed in the “Cookie Management” section.
Below are the ways in which your browser stores cookies during your browsing with related links on the sites of the respective providers.
Mozilla Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Safari on Mac: https://support.apple.com/it-it/guide/safari/sfri11471/mac
Safari on iPhone, iPad, or iPod touch: https://support.apple.com/it-it/HT201265
Opera: https://help.opera.com/en/latest/web-preferences/#cookies https://help.opera.com/en/latest/web-preferences/#cookies
In any case, you will always be able to delete cookies from your Computer’s hard drive at any time. Please remember that if cookies are disabled, not all the functions of the site will be available.
At any time, you may freely revoke the consent given (if required), without any charge and prejudice to the lawfulness of the processing carried out up to that point, and exercise the following rights of the data subject vis-à-vis the Data Controller.
RECIPIENTS, RESPONSIBILITIES AND AUTHORIZED PERSONS
Personal data processed by the Data Controller are not disseminated.
They may, on the other hand, be communicated to workers employed by the Data Controller, and to external parties who collaborate with it designated as Data Processors (such as third party technical service providers, postal couriers, hosting providers, IT companies, communications agencies, website management personnel, website cookie and consent management platform) or authorized to process them as they operate under the authority of the Data Controller, or other parties involved in the organization of this website (administrative, sales, marketing, legal, system administrators).
Finally, they may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations. For requirements of compliance with regulatory obligations or to ascertain responsibility in case of computer crimes to the detriment of the site, the data may be communicated to, or allocated at, third parties.
The updated list of Data Processors can always be requested from the Data Controller.
The obligation of HOTEL CIRILLO to communicate the data to Public Authorities upon specific request remains unaffected.
TRANSFER ABROAD
The data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, so the Controller does not transfer this personal data to third countries or international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided by Art. 46 GDPR 2016/679. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of information and data that may be disclosed to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed, and the prescribed regulatory instruments will be applied.
DURATION OF PROCESSING
According to the principle of storage limitation (art.5, GDPR), verification on the obsolescence of retained data in relation to the purposes for which they were collected is carried out periodically.
In particular:
a) automatically collected data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation, including for security purposes or in accordance with the deadlines provided for by legal regulations;
b) data voluntarily provided by the user in online forms or via email will be retained for a period of time not exceeding the achievement of the purposes for which they are processed data for a maximum of 24 months.
(c) Browsing data will not persist for more than 6 months (except for any need to ascertain crimes by judicial authorities).
METHODS AND NATURE OF DELIVERY
Data are collected and recorded lawfully and fairly for the purposes stated above in accordance with the principles and requirements of Art. 5 par. 1 of the GDPR.
The processing of personal data is carried out using manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
The provision of data for the aforementioned purposes is entirely optional. Any refusal on the part of the data subject to provide personal data, lack of consent or withdrawal of consent for one or more purposes will result in the impossibility of using the services related to them.
The data subject may refuse to provide the Data Controller with his/her browsing data. To do so, you must disable cookies by following the instructions provided by your browser. Disabling cookies may worsen or prevent navigation and enjoyment of site features.
RIGHTS OF THE INTERESTED PARTIES
In accordance with, within the limits and under the conditions provided for by the data protection legislation regarding the exercise of the rights of the Interested Parties (Articles 15 to 22 of the GDPR), with regard to the processing operations covered by this information notice, as an interested party, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdrawal of consent at any time
– Opposition to the processing of your data
– Access to your Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of your personal data
– Portability
In addition, you have the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action, if you believe that the processing operations concerning you violate the rules of the GDPR, pursuant to Art. 77 of the GDPR.
The data subject may revoke any consent given at any time.
How to exercise your rights
If you would like to request further information about the processing of your personal data or for the possible exercise of your rights, you may contact us in writing at info@hotelcirillo.it using also the “Exercise of Rights Form”. Le richieste sono depositate a titolo gratuito e evase dal Titolare nel più breve tempo possibile, in ogni caso entro un mese.
AUTOMATED PROCESSING
In no case, with respect to the indicated processing, does the Controller carry out processing consisting of automated decision-making processes on the data of natural persons.
CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
INFORMATION ON THE PROCESSING OF PERSONAL DATA FORM ON LINE CONTACT pursuant to Article 13 of the EU Regulation 2016/679
DATA CONTROLLER
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980.
The institutional website has the following address: https://www.hotelcirillo.it
DESCRIPTION OF THE PROCESSING AND CATEGORIES OF THE INTERESTED PARTIES
This website belongs to the company HOTEL CIRILLO (SOGEA S.R.L.), which processes the personal data of users who enter their data in the “Request a quote” section of the website itself.
The processing is carried out in full compliance with applicable legislation, guaranteeing the security, confidentiality and protection of the data it holds and the fundamental rights and freedoms that are recognized, in accordance with the rules set by the GDPR.
TYPES OF DATA COLLECTED AND ORIGIN OF DATA
The personal data processed are those provided voluntarily and directly by the user by filling out the online forms.
The personal data that are collected through the contact section are: first name, last name, email and telephone.
PURPOSE OF THE PROCESSING
Personal data are processed to process requests for information regarding the services offered and any commercial or other requests made by filling out the forms.
1. Request for information.
2. Overnight reservation (personal data may also be collected from third-party sources if the reservation is made through external booking service providers).
LEGAL BASIS
The legal basis of the processing is the execution of pre-contractual measures or the contract with regard to the fulfillment of requests made by filling out the form and personal data are acquired by the Controller exclusively to handle users’ requests for assistance and information.
RECIPIENTS, RESPONSIBILITIES AND AUTHORIZED PERSONS
The personal data processed by the Data Controller are not disseminated.
They may, however, be communicated to employees working in the employ of the Data Controller, to external parties working with it designated as Data Processors or authorized to process as they operate under the authority of the Data Controller. All employees, consultants, temps and/or any other “natural person” who, authorized to the processing, carry out their activities based on the instructions received by HOTEL CIRILLO, pursuant to art. art. 29 of the GDPR, are designated as “Authorized Data Processors”. To the same, HOTEL CIRILLO gives adequate operating instructions, with particular reference to the adoption and compliance with security measures, in order to be able to ensure the confidentiality and security of data.
It is envisaged that your personal data will be communicated to the following third parties, companies and professionals act as Data Processors appointed by HOTEL CIRILLO or are themselves Data Controllers of the personal data transmitted to them.
The updated list of Data Processors can always be requested from the Data Controller.
The obligation of HOTEL CIRILLO to communicate the data to Public Authorities upon specific request remains unaffected.
TRANSFER ABROAD
Data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, so the Controller does not transfer this personal data to third countries or to international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided by Article 46 GDPR 2016/679. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated.
LENGTH OF PROCESSING
The Data Controller shall retain and process personal data for as long as necessary to fulfill the stated purposes.
The data voluntarily provided by the user will be retained for a period of time not exceeding the fulfillment of the purposes for which they are processed or in accordance with the deadlines stipulated by legal regulations.
In this case, data entered in online forms will be retained for a maximum of 24 months.
METHODS AND NATURE OF SUBMISSION
Data are collected and recorded lawfully and fairly for the purposes indicated above in compliance with the principles and requirements of Article 5 par. 1 of the GDPR.
The processing of personal data is carried out using manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
The provision of personal data is essential for the processing of your request and failure to provide them determines the impossibility of following up the request.
RIGHTS OF THE INTERESTED PARTIES
In accordance with, within the limits and under the conditions provided for by the data protection legislation regarding the exercise of the rights of the Interested Parties (Articles 15 to 21 of the GDPR), with regard to the processing operations covered by this information notice, as an interested party, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdrawal of consent at any time (where required)
– Opposition to the processing of your data
– Access to your Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of your personal data
– Portability
In addition, you have the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action, if you believe that the processing operations concerning you violate the rules of the GDPR, pursuant to Art. 77 of the GDPR.
How to exercise your rights
If you would like to request further information about the processing of your personal data or for the possible exercise of your rights, you may contact us in writing at info@hotelcirillo.it, also using the appropriate “Rights Exercise Form”. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
AUTOMATED PROCESSING
In no case, with respect to the indicated processing, does the Controller carry out processing consisting of automated decision-making processes on the data of natural persons.
CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
INFORMATION ON PERSONAL DATA PROCESSING FOR CUSTOMERS pursuant to Article 13 of EU Regulation 2016/679
DATA CONTROLLER
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980.
The institutional website has the following address: https://www.hotelcirillo.it
DESCRIPTION OF THE PROCESSING AND CATEGORIES OF THE INTERESTED PARTIES
This website belongs to the company HOTEL CIRILLO (SOGEA S.R.L.), which processes the personal data of users who enter their data in the “BOOK NOW AT THE BEST PRICE” section of the website itself to make a reservation, or by sending reservation requests via email.
The processing is carried out in full compliance with the applicable legislation, guaranteeing the security, confidentiality and protection of the data it holds and the fundamental rights and freedoms that are recognized, in accordance with the standards set by the GDPR.
TYPES OF DATA COLLECTED AND ORIGIN OF THE DATA
The personal data processed are those provided voluntarily and directly by the user by filling out the online booking forms.
The personal data that are collected through the contact section are: first name, last name, email, telephone, address, data relating to the payment of the deposit.
The email address you provide may be used in order to confirm the reservation and send you communications relating to the services usable at the facility or other communications required by law.
PURPOSE OF THE PROCESSING
Personal data are processed to fulfill requests for booking services (which may also be from third-party sources, if the booking is made through external booking service providers) or by email or telephone.
LEGAL BASIS
The legal basis for processing is the execution of pre-contractual measures or the contract with regard to the fulfillment of requests made by filling out the form, and personal data are acquired by the Data Controller exclusively to handle the requests.
RECIPIENTS, RESPONSIBILITIES AND AUTHORIZED PERSONS
The personal data processed by the Data Controller are not disseminated.
They may, however, be communicated to employees working in the employ of the Data Controller, to external subjects who collaborate with it designated as Data Processors or authorized to process as they operate under the authority of the Data Controller. All employees, consultants, interims or collaborators who, authorized to the processing, carry out their activities on the basis of the instructions received by HOTEL CIRILLO, in accordance with art. art. 29 of the GDPR, are designated as “Authorized Data Processors”. To the same, HOTEL CIRILLO gives adequate operating instructions, with particular reference to the adoption and compliance with security measures, in order to be able to guarantee the confidentiality and security of data.
It is envisaged that your personal data will be communicated to the following third parties, companies and professionals act as Data Processors appointed by HOTEL CIRILLO or are themselves Data Controllers of the personal data transmitted to them.
The updated list of Data Processors can always be requested from the Data Controller.
The obligation of HOTEL CIRILLO to communicate the data to Public Authorities upon specific request remains unaffected.
TRANSFER ABROAD
Data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, so the Controller does not transfer this personal data to third countries or to international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided by Article 46 GDPR 2016/679. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated.
DURATION OF THE PROCESSING
The Data Controller keeps and processes the personal data for the time necessary to fulfill the indicated purposes.
In this case, the data entered in the online forms are kept for the duration of the reservation and thereafter for a maximum of 12 months.
In case of confirmation, they will be kept for the period of overnight stay and thereafter, for administrative-accounting needs, in compliance with the terms established by the reference regulations (10 years).
METHODS AND NATURE OF CONFIDENTIALITY
If one makes use of booking services made available by third parties (providers of online booking services, such as Iperbooking by Iper-net S.r.l.), the collection of personal data will take place through said third parties, who act as personal data controllers, who are in charge of the storage of data including those related to payment with adequate security measures.
Security information provided by the service provider: Securely escrow credit card management (and validity verification) with Verisign Secure Site Pro SSL Secure Sockets Layer (SSL) 128bit certificate with Extended Validation; Information Security Certifications complying with international standards;
The credit card details page is protected by powerful technology with encryption. SSL technology encrypts your credit card details before they travel over the Internet. This ensures that your credit card details remain completely confidential during transit.
In addition, credit card usage is verified directly through a secure connection with the banking system at the time of charging. This ensures that credit cards known to have been stolen cannot be used and fraudulent transactions are minimized.
Data are collected and recorded lawfully and fairly for the purposes stated above in accordance with the principles and requirements of Article 5(1) of the GDPR.
The processing of personal data is carried out by means of manual, computerized and telematic tools with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee their security and confidentiality.
The provision of personal data is indispensable for the processing of your booking request and failure to provide them determines the impossibility of following up the request.
RIGHTS OF INTERESTED PARTIES
In accordance with, within the limits and under the conditions provided for by the data protection legislation regarding the exercise of the rights of the Data Subjects (Articles 15 to 21 of the GDPR), with regard to the processing operations covered by this notice, as a data subject, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdrawal of consent at any time (where required)
– Opposition to the processing of your data
– Access to your Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of your personal data
– Portability
In addition, you have the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action, if you believe that the processing operations concerning you violate the rules of the GDPR, pursuant to Art. 77 of the GDPR.
How to exercise your rights
If you would like to request further information about the processing of your personal data or for the possible exercise of your rights, you may contact us in writing at info@hotelcirillo.it, also using the appropriate “Rights Exercise Form”. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
AUTOMATED PROCESSING
In no case, with respect to the indicated processing, does the Controller carry out processing consisting of automated decision-making processes on the data of natural persons.
CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
INFORMATION ON PERSONAL DATA PROCESSING FOR CUSTOMERS pursuant to Article 13 of EU Regulation 2016/679
DATA CONTROLLER
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980.
The institutional website has the following address: https://www.hotelcirillo.it
DESCRIPTION OF THE PROCESSING AND CATEGORIES OF THE INTERESTED PARTIES
HOTEL CIRILLO (SOGEA S.R.L.) informs you that the personal data of customers collected of the accommodation, will be processed to provide accommodation and ancillary services, and thus for the purpose of the conclusion of the contract with the customer.
As part of the execution and / or conclusion of the contract, the data will be processed in accordance with the GDPR legislation, in order to ensure the rights, fundamental freedoms, and dignity of natural persons, with particular reference to confidentiality and personal identity.
TYPES OF DATA COLLECTED AND ORIGIN OF DATA
Common data processed: Name, address, company to which it belongs, type and no. doc. identity, tax code and other personal identification numbers, bank details, credit card data, accounting, tax and financial data, contact and communication data, days of attendance, e-mail address, information related to the family and the members of the same reservation, navigation data of the visitor device for wi-fi access (log file of use of the wifi network: ip addresses or the device names used, addresses in uri notation of the requested resources, the time of the start and end of the connection, the time of the request).
Article 109 of the Consolidated Law on Public Security states that managers of accommodation facilities may not give accommodation to people without identification.
Particular data processed: in some cases, data on health status may be collected, i.e., information necessary for special requests that may infer an illness (e.g., allergy) or disability.
Data source: data are generally collected from the data subject, but it may happen that bookings are made through online booking platforms, external booking platforms (autonomous Holders). The data come from a source that is not publicly accessible.
PURPOSES OF PROCESSING
Processing is carried out for the following purposes:
1. To acquire and confirm your reservation of accommodation and ancillary services, and to provide the requested services.
2. To fulfill the obligation under the “Consolidated Law on Public Security” (Article 109 R.D. 18.6.1931 No. 773), which requires us to communicate to the Police Headquarters, for public security purposes, the personal details of the customers accommodated in accordance with the procedures established by the Ministry of the Interior (Decree January 7, 2013).
3. To fulfill current administrative, accounting and tax obligations. For these purposes, processing is carried out without the need to acquire your consent.
4. To expedite registration procedures in the event of your subsequent stays at our facility.
5. To fulfill the function of receiving messages and phone calls addressed to you during your stay.
6. To send you for marketing purposes our promotional messages and updates on our rates and offers.
7. Protection of people, property and company assets through a video surveillance system of certain areas of the facility, identifiable by the presence of appropriate signs.
8. Managing wi-fi access to allow visitors’ devices to access the network, for purposes related to network security, corporate property and defensive needs.
9. Providing personalized services to guests with special needs, illnesses, or disabilities.
LEGAL BASIS
With reference to the above-mentioned purposes, the legal bases of the processing are:
– Purpose 1: The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request.
– Purposes 2, 3: Processing is necessary to fulfill a legal obligation to which the data controller is subject.
– Purposes 7, 8: The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, to protect persons and property against possible assault, theft, robbery, damage, vandalism, and for purposes of fire prevention, work safety, and information security.
– Purposes 4,5,6: Processing is carried out with the consent of the Data Subject.
– Purpose 9: Processing is carried out with the explicit consent of the Data Subject.
It should be noted that the Data Controller may collect a single consent for the marketing purposes described herein, pursuant to the General Measure of the Guarantor for the Protection of Personal Data “Guidelines on Promotional Activities and Countering Spam” of July 4, 2013. The provision of consent to the use of data for marketing purposes is optional and should, the data subject wish to object to the processing of data for marketing purposes carried out by the means indicated herein, as well as to revoke the consent given; he/she may at any time do so without any consequences (except for the fact that he/she will no longer receive marketing communications) by following the instructions present in the “Rights of the Data Subject” section of this Notice.
In case of refusal to provide the necessary personal data, for which consent is not required, the reservation cannot be confirmed and the requested services cannot be provided. Conversely, in cases where consent is required, the consent may be revoked at any time.
RECIPIENTS, RESPONSIBILITIES AND AUTHORIZED PERSONS
The personal data processed by the Data Controller are not disseminated, i.e., they are not made known to unspecified persons, in any possible form, including making them available or simply consulting them. They may, on the other hand, be communicated to workers working in the employ of the Data Controller, to external subjects who collaborate with it designated as Data Processors or authorized to process them as they operate under the authority of the Data Controller.
They may also be communicated, to the extent strictly necessary, to subjects who for the purpose of fulfilling your requests must supply goods or perform services or services on behalf of the Data Controller. Finally, they may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations (Judicial Offices, Consultants and freelancers also in associated form, Armed Forces, Police Forces, Other Public Administrations, Brokerage Agencies, Insurance Companies, Judicial Authorities, Revenue Agency, Guarantor Authority, Guardia di Finanza).
In particular, on the basis of the roles and work duties performed, workers have been legitimized to process your personal data, within the limits of their competencies and in accordance with the instructions given to them by the Data Controller.
In addition, the operators are obliged to communicate to the Police Headquarters, using computer or telematic means, the personal details of the persons accommodated, arrival and nights of accommodation, family relationships, according to the modalities established by a specific ministerial decree (Ministerial Decree January 7, 2013). These entities, bodies, companies and professionals act as Data Processors appointed by HOTEL CIRILLO or are themselves Data Controllers of the personal data transmitted to them.
The updated list of Data Processors can always be requested from the Data Controller.
The obligation of HOTEL CIRILLO to communicate the data to Public Authorities upon specific request remains unaffected.
TRANSFER ABROAD
Data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, so the Controller does not transfer this personal data to third countries or to international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided by Article 46 GDPR 2016/679. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated.
DURATION OF THE PROCESSING
The data will be kept for the period strictly necessary to ensure the proper provision of the services purchased, without prejudice to the need to keep them for a longer period in compliance with the applicable regulations, including accounting regulations (10 years, and even longer in the case of tax audits). The data will be processed for the entire duration of the contractual relationship established, and even thereafter, for the fulfillment of all legal obligations.
The Ministry of the Interior Decree of January 7, 2013, which regulates the procedures for sending the data of accommodated clients to the police headquarters, stipulates that the data notified under Article 109 of the Tulps are deleted by the accommodation facility immediately after the sending to the police headquarters has been carried out. However, regular customers may request the accommodation facility to retain the data in order to expedite the check in procedures in case of subsequent stays.
Contact data for sending promotional communications are retained until requested for deletion by the interested party through a special link in the footer of the email, with retention of the same for no more than 24 months.
Data related to concierge services are deleted upon the departure of the customer.
Video surveillance images are deleted after 24 hours, except for holidays or other cases of closure of the establishment, and in any case no longer than 72 hours. They are not subject to disclosure to third parties, except in the case of adhering to a specific investigative request of the judicial authority or judicial police.
Wifi browsing data will be deleted at the end of the stay in the facility.
METHODS AND NATURE OF THE CONFERMENT
Your data are collected and recorded lawfully and fairly for the purposes indicated above in accordance with the principles and requirements of Article 5 c 1 of the GDPR.
The processing of personal data is carried out using manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
The processing related to the management of the guests of the facility are stored at the operational headquarters of the Owner.
The provision of personal data is essential for the processing of your registration request and failure to provide it determines the impossibility of following up the request.
RIGHTS OF THE INTERESTED PARTIES
In accordance with, within the limits and under the conditions provided for by the data protection legislation regarding the exercise of the rights of the Interested Parties (Articles 15 to 21 of the GDPR), with regard to the processing operations covered by this information notice, as an interested party, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdrawal of consent at any time (where required)
– Opposition to the processing of your data
– Access to your Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of your personal data
– Portability
In addition, you have the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action, if you believe that the processing operations concerning you violate the rules of the GDPR, pursuant to Art. 77 of the GDPR.
How to exercise your rights
If you would like to request further information about the processing of your personal data or for the possible exercise of your rights, you may contact us in writing at info@hotelcirillo.it using also the appropriate “Rights Exercise Form”. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
AUTOMATED PROCESSING
In no case, with respect to the indicated processing, does the Controller carry out processing consisting of automated decision-making processes on the data of natural persons.
CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
INFORMATION ON THE PROCESSING OF PERSONAL DATA SUBSCRIBERS NEWSLETTER pursuant to Article 13 of the EU Regulation 2016/679
DATA CONTROLLER
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980.
The institutional website has the following address: https://www.hotelcirillo.it
DESCRIPTION OF THE PROCESSING AND CATEGORIES OF THE INTERESTED PARTIES
The personal data of newsletter subscribers are collected through the subscription form to the same.
The processing is carried out in full compliance with applicable legislation, ensuring the security, confidentiality and protection of the data it holds and the fundamental rights and freedoms that are recognized, in accordance with the rules set by the GDPR.
TYPES OF DATA COLLECTED AND ORIGIN OF DATA
The personal data processed are those voluntarily provided by the user by filling in online forms or when checking in by signing up for the newsletter. The data collected are: email of the data subject.
PURPOSE OF THE PROCESSING
Newsletter/direct marketing activities of the Data Controller: with the registration in the newsletter, the email address of the Data Subject is automatically included in a list of contacts to whom email messages containing information, informative messages also of a commercial, promotional and/or advertising nature may be transmitted periodically.
LEGAL BASIS
The legal basis for the processing is the consent expressed by declaration regarding the sending of newsletters (Art. 6, para. 1, lett. a GDPR). With reference to Article 7 of the GDPR, the data subject may revoke any consent given at any time. Revocation of consent, which can be done through the appropriate link in the footer of the email newsletter, results in the suspension of the sending of the newsletter. Any revocation does not affect the lawfulness of the processing given before the revocation.
RECIPIENTS, RESPONSIBILITIES AND AUTHORIZED PERSONS
Personal data processed by the Data Controller are not disseminated.
They may, on the other hand, be communicated to workers employed by the Data Controller, and to external parties who collaborate with it designated as Data Processors (such as third party technical service providers for the management of the newsletter and related consents, hosting providers, IT companies, communications agencies providers of website management and development services, server and network support and maintenance services, customer assitance services) or authorized to process as they operate under the authority of the data controller, or other individuals involved in the organization of this website (administrative, sales, marketing, system administrators).
Finally, they may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations. For requirements of compliance with regulatory obligations or for the ascertainment of responsibility in case of computer crimes to the detriment of the site, the data may be communicated to, or allocated at, third parties.
The updated list of Data Processors can always be requested from the Data Controller.
TRANSFER ABROAD
The data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, so the Controller does not transfer this personal data to third countries or to international organizations outside the EU.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 GDPR. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of the information and data that may be disclosed to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the prescribed regulatory tools will be applied.
DURATION OF PROCESSING
The Data Controller will retain and process personal data for as long as necessary to fulfill the stated purposes, i.e., for the period for which the Data Controller will keep the service active, unless the data subject revokes consent. In each message the User will be reminded that he/she has the option to unsubscribe from the service with a special link in the footer of each email.
METHODS AND NATURE OF THE PROVISION
The data are collected and recorded lawfully and fairly for the purposes indicated above in accordance with the principles and requirements of Article 5 par. 1 of the GDPR.
The processing of personal data is carried out using manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
The provision of data for the above purposes is entirely optional. Any refusal on the part of the person concerned to provide personal data, lack of consent or His revocation for one or more purposes, will result in the impossibility of using the services related to them.
Failure to provide it may result in the impossibility of receiving the newsletter.
RIGHTS OF THE INTERESTED PARTIES
In accordance with, within the limits and under the conditions provided for by the legislation on the protection of personal data regarding the exercise of the rights of the Interested Parties (Articles 15 to 22), with regard to the processing operations covered by this Information Notice, as an interested party, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdrawal of consent at any time (where required)
– Opposition to the processing of your data
– Access to your Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of your personal data
– Portability
In addition, you have the right to lodge a complaint with the competent Data Protection Authority or take legal action, if you believe that the processing operations concerning you violate the rules of the GDPR, pursuant to Art. 77 of the GDPR.
The data subject may revoke any consent given at any time, using the appropriate link in the footer of each newsletter email, resulting in the suspension of the sending of the newsletter.
How to exercise your rights
If you would like to request further information about the processing of your personal data or for the possible exercise of your rights, you may contact us in writing at info@hotelcirillo.it, also using the appropriate “Rights Exercise Form”. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
AUTOMATED PROCESS
In no case, with respect to the indicated processing, does the Controller carry out processing that consists of decisions based on automated processes on the data of natural persons.
CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
<h2>INFORMATION ON PERSONAL DATA PROCESSING FOR SUPPLIERS pursuant to Article 13 of EU Regulation 2016/679</h2 >
<strong>TITLE OF TREATMENT</strong>
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980.
The institutional website has the following address: <a href=”https://www.hotelcirillo.it”>https://www.hotelcirillo.it</a>
<strong>DESCRIPTION OF TREATMENT AND CATEGORIES OF AFFECTED</strong>
HOTEL CIRILLO (SOGEA S.R.L.) informs you that the personal data collected for the purpose of the conclusion of the contract with the supplier and in the context of the execution and/or stipulation of the same will be processed in compliance with the aforementioned legislation, in order to guarantee the rights, fundamental freedoms, as well as the dignity of individuals, with particular reference to confidentiality and personal identity.
The management of the contractual relationship with suppliers (mainly legal persons) necessarily involves the processing of personal data (identification, telephone numbers, email) related to the persons with whom one comes into contact. This notice is therefore given to individuals working with suppliers. In view of the difficulty of getting it directly to the data subjects, the information notice is made available to them on the website of the Data Controller, with a request to notify the data subjects.
The data subjects involved in the processing activities are the natural persons who, in the employment or other nature of relationship with the legal persons suppliers, operationally are involved in commercial, pre-contractual and contractual communications. In addition, natural persons suppliers, consultants, freelancers or sole proprietorships may also be processed.
The processing is carried out in full compliance with applicable legislation, guaranteeing the security, confidentiality and protection of the data it holds and the fundamental rights and freedoms that are recognized, in accordance with the standards set by the GDPR.
<strong>TYPES OF DATA COLLECTED AND ORIGIN OF DATA</strong>
The personal data processed are contact data, as well as additional information of an identifying and economic-financial nature in the case of contractual relationships entered into with individuals. The processing of personal data may be performed for all individuals who, by virtue of contracts or collaborations stipulated, or even in the process of being finalized, relate to subjects belonging to HOTEL CIRILLO.
Personal data collected: identification data, telephone numbers, email, profession, bank details, accounting, tax and financial data, address, professional quality certificates, tax code and other personal identification numbers.
This personal data is provided by the data subject in connection with:
– visits or telephone calls;
– direct contact;
– receipt/proposal of offers;
– transmissions and transactions following the order.
The data is partly collected from the data subject and partly may be collected from third parties. The data may also come from a publicly accessible source.
<strong>PURPOSE OF TREATMENT</strong>
The processing of personal data is carried out by HOTEL CIRILLO for the purpose of concluding the contract with the supplier and as part of the execution and/or conclusion of the same.
Personal data of natural contact persons are processed for:
– forwarding communications of various kinds and by different means of communication (telephone, cell phone, text message, email, fax, paper mail);
– making inquiries or fulfilling requests and proposals received;
– exchanging information aimed at the execution of the contractual relationship, including pre- and post-contractual activities.
In compliance with current legislation on the protection of personal data and without the need for specific consent from the Data Subject, the data will be stored, collected and processed by the Company for the following purposes:
1. fulfillment of contractual obligations, execution and/or conclusion of the contract with the customer/suppliers and management of any pre-contractual measures;
2. fulfillment of any regulatory obligations, tax and fiscal provisions arising from the performance of business activities and obligations related to administrative-accounting activities;
3. scheduling of activities;
4. internal control services;
5. litigation management.
<strong>LEGAL BASIS</strong>
With reference to the above-mentioned purposes, the legal bases of the processing are:
– Purposes 1, 3, 4: The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request.
– Purposes 2: The processing is necessary to comply with a legal obligation to which the data controller is subject.
– Purpose 5: The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties.
DESTINATORS, RESPONSIBILITIES AND AUTHORIZED PERSONS
The personal data processed by the Data Controller are not disseminated, i.e., they are not made known to unspecified persons, in any possible form, including making them available or simply consulting them. They may, on the other hand, be communicated to workers working in the employ of the Data Controller, to external parties who collaborate with the Data Controller designated as Data Processors or authorized to process the data because they operate under the authority of the Data Controller.
They may also be communicated, to the extent strictly necessary, to parties who, for the purpose of fulfilling your requests, must supply goods or perform services or services on behalf of the Data Controller. Finally, they may be communicated to the subjects legitimated to access them by virtue of provisions of the law, regulations, EU regulations.
In particular, on the basis of the roles and work tasks performed, the workers have been legitimated to process your personal data, within the limits of their competence and in accordance with the instructions given to them by the Data Controller.
The updated list of the Data Processors can always be requested from the Data Controller.
The obligation of HOTEL CIRILLO to communicate the data to Public Authorities upon specific request remains unaffected.
<strong>TRANSFER TO FOREIGN COUNTRY</strong>
The data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, therefore, the Controller does not transfer this personal data to third countries or to international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided by Article 46 GDPR 2016/679. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated.
<strong>DURATION OF TREATMENT</strong>
The processing will last no longer than necessary for the purposes for which the data were collected. The data will be processed for the entire duration of the contractual relationship established and also thereafter, for the fulfillment of all legal obligations, as well as for future business purposes.
Even after the termination of the contractual relationship, HOTEL CIRILLO and any other authorized parties may retain your personal data of an administrative-accounting nature – including for compliance with legal and regulatory obligations (eg. 10 years for tax retention, as well as for own or third party defensive finances) or for compliance with specific legal obligations, until the expiration of the regulatory retention period applicable on a case-by-case basis.
Your data are collected and recorded lawfully and fairly for the purposes indicated above in compliance with the principles and requirements set forth in Article 5 c 1 of the GDPR.
<strong>MODALITY AND NATURE OF CONFERENCE</strong>
The data are collected and recorded lawfully and fairly for the purposes indicated above in accordance with the principles and requirements of Article 5 par. 1 of the GDPR.
The processing of personal data is carried out using manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
The provision of data for the above purposes is entirely optional. Any refusal by the person concerned to provide personal data, lack of consent or His revocation for one or more purposes, will result in the impossibility of placing orders.
<strong>RIGHTS OF THE INTERESTED PARTIES</strong>
In accordance with, within the limits and under the conditions provided for by the data protection legislation regarding the exercise of the rights of the Interested Parties (Articles 15 to 21 of the GDPR), with regard to the processing operations covered by this information notice, as an interested party, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdraw consent at any time (where required)
– Object to the processing of their data
– Access to their Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of their personal data
– Portability
In addition, the data subject has the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action if he or she believes that the processing operations concerning him or her violate the rules of the GDPR, pursuant to Article 77 of the GDPR.
<strong>How to exercise your rights</strong>
If you wish to request further information about the processing of your personal data or for the possible exercise of your rights, you may apply in writing to the email address info@hotelcirillo.it using also the appropriate “Rights Exercise Form”. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
<strong>AUTOMATED PROCESSING</strong>
In no case, with respect to the indicated processing operations, does the Controller carry out processing operations that consist of automated decision-making processes on individuals’ data.
<strong>CHANGES TO THIS PRIVACY POLICY</strong>
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
<h2>CANDIDATES PERSONAL DATA PROCESSING INFORMATION pursuant to Article 13 of EU Regulation 2016/679</h2 >
<strong>TITLE OF TREATMENT</strong>
Hotel Cirillo (SOGEA S.r.l.) is the Data Controller of the personal data processed.
The registered office is in Via Garibaldi 19, 64029 Silvi (TE), and for all privacy issues you can contact the following email address: info@hotelcirillo.it, or the telephone number tel. +39 085 9350980.
The institutional website has the following address: <a href=”https://www.hotelcirillo.it”>https://www.hotelcirillo.it</a>
<strong>DESCRIPTION OF TREATMENT AND CATEGORIES OF AFFECTED</strong>
Hotel Cirillo (SOGEA S.R.L.) informs you that it may process your personal data for personnel pre-selection and selection activities, through resume analysis and cognitive interviews.
In particular, those affected by the processing activities are individuals who transmit their Curriculum Vitae either spontaneously, or to apply for open positions. Personal data are processed in paper or automated form for the purposes of personnel recruitment and development and with technical and organizational methods strictly related to these purposes. Collection takes place through spontaneous cv submission, through the website or through recruitment agencies.
The candidate is asked not to include data of special or judicial categories in CVs, which are not strictly necessary, otherwise the same cannot be processed. CVs sent spontaneously will, if deemed not of interest, be destroyed and not stored; otherwise, on the other hand, the candidate will be promptly asked about the request to store the CV on electronic/paper media and will be provided, in addition, with this notice.
<strong>TYPES OF DATA COLLECTED AND ORIGIN OF DATA</strong>
Personal data processed: Name, address or other personal identification, Declared occupation, Professional quality certificates, Tax code and other personal identification numbers, Photo, Residential address, E-mail address, Education and culture, Job (current, previous occupation, resume, etc.),
Data are partly collected from the data subject and partly collected from third parties.
Description of source: Data sent by the data subject or employment agencies.
<strong>PURPOSES OF THE PROCESSING</strong>
1. to manage the evaluation of your CV;
2. to schedule and manage selection interviews also in interactive or group mode;
3. preparation of documents for hiring.
LEGAL BASIS
For purposes 1, 2, 3: The processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same.
In the event that the candidate spontaneously includes in the CV the membership of protected categories, the prerequisite for processing, if any, such data of a “special” nature, is that the data are directly rendered by the data subject and that their processing may be necessary to fulfill the obligations and exercise the specific rights of the data controller or the data subject in the field of labor law and social security and social protection.
<strong>RECIPIENTS, RESPONSIBILITIES AND AUTHORIZED PERSONS</strong>
The personal data processed by the Data Controller are not disseminated.
They may, however, be communicated to the employees working in the employ of the Data Controller, to external parties who collaborate with it designated as Data Processors or authorized to process as they operate under the authority of the Data Controller. All employees, consultants, temps and/or any other “natural person” who, authorized to the processing, carry out their activities based on the instructions received by HOTEL CIRILLO, pursuant to art. art. 29 of the GDPR, are designated as “Authorized Data Processors”. To the same, HOTEL CIRILLO gives adequate operating instructions, with particular reference to the adoption and observance of security measures, in order to be able to guarantee the confidentiality and security of the data.
The communication of your personal data to the following third parties is envisaged: Employment Placement Bodies, Vocational Training Institutions, Consultants.
These companies and professionals act as Data Processors appointed by HOTEL CIRILLO or are themselves Data Controllers of the personal data transmitted to them.
The updated list of Data Processors can always be requested from the Data Controller.
The obligation of HOTEL CIRILLO to communicate the data to Public Authorities upon specific request remains unaffected.
<strong>TRANSFER TO FOREIGN COUNTRY</strong>
The data are processed at the Controller’s operational offices and in any other place where the parties involved in the processing are located, therefore, the Controller does not transfer this personal data to third countries or to international organizations.
However, it reserves the possibility of using cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided by Article 46 GDPR 2016/679. The equivalent levels of protection adopted for the processing of personal data of its employees will be required for the processing of the information and data that may be communicated to these parties. In any case, only the data necessary for the pursuit of the intended purposes will be communicated.
<strong>DURATION OF PROCESSING</strong>
Processing will be for a period not exceeding that necessary for the purposes for which the data were collected.The candidate’s data will be retained for a maximum of 24 months from the time the candidate provided it.
<strong>MODALITY AND NATURE OF CONFERENCE</strong>
Your data are collected and recorded lawfully and fairly for the purposes indicated above in compliance with the principles and requirements of Article 5 c 1 of the GDPR.
The processing of personal data is done by manual, computer and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure their security and confidentiality.
For data collected and used for needs attributable to the execution of activities inherent to the contractual relationship and compliance with the legal obligations indicated, your consent is not required. Failure to provide the aforementioned personal data will result in the impossibility of following up on the relationship in question. For data collected and used for the legitimate interest of the Data Controller, Your consent is not required (lett. f, art. 6, of the GDPR). The communication of the above personal data is optional but necessary for the performance of the services offered by the Data Controller. Any refusal to communicate such data will result in the inability to provide all or part of the services requested.
<strong>RIGHTS OF INTERESTED PARTIES</strong>
In accordance with, within the limits and under the conditions provided for by the data protection legislation regarding the exercise of the rights of the Data Subjects (Articles 15 to 21 of the GDPR), with regard to the processing operations covered by this notice, as a data subject, users may exercise certain rights with reference to the data processed by the Data Controller.
In particular, the Data Subject has the right to:
– Withdrawal of consent at any time (where required)
– Opposition to the processing of your data
– Access to your Data
– Verification and rectification
– Limitation of processing
– Deletion or removal of your personal data
– Portability
In addition, you have the right to lodge a complaint with the competent Data Protection Supervisory Authority or take legal action, if you believe that the processing operations concerning you violate the rules of the GDPR, pursuant to Art. 77 of the GDPR.
<strong>How to exercise your rights</strong>
If you wish to request further information about the processing of your personal data or for the possible exercise of your rights, you may apply in writing to the email address info@hotelcirillo.it using also the appropriate “Rights Exercise Form”. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
<strong>AUTOMATED PROCESSING</strong>
In no case, with respect to the indicated processing operations, does the Controller carry out processing operations that consist of automated decision-making processes on individuals’ data.
<strong>CHANGES TO THIS PRIVACY POLICY</strong>
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users via email and on the Website. The Data Controller will collect the consent of the Data Subject again, if necessary.
Last modified: 15/01/2023
DEFINITIONS
Definitions and legal references for the Privacy Policy and Cookie Policy of. https://www.hotelcirillo.it.
Personal Data (or Data): personal data is any information that, directly or indirectly, including in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
Usage Data: is the information automatically collected through this Web Site (including by third party applications integrated in this Web Site), including: the IP addresses or domain names of the computers used by the Data Subject who connects with this Web Site, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, the parameters relating to the operating system and the computer environment of the Data Subject.
User: the individual who uses this Website or other service offered by the Data Controller who, except where otherwise specified, coincides with the Data Subject.
Data Subject: the natural person to whom the Personal Data refers.
Data Processor (or Processor): the natural person, legal entity, public administration and any other entity that processes personal data on behalf of the Controller, as set out in this privacy policy.
Data Controller (or Controller) means the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the means adopted, including the security measures relating to the operation and use of this Web Site. The Data Controller, unless otherwise specified, is the owner of this Web Site.
This Web Site (or this Application): the hardware or software tool by which Users’ Personal Data are collected and processed.
Service: the Service provided by this Web Site or other service offered by the Owner as defined in the relevant terms (if any) on this site/application.
European Union (or EU): unless otherwise specified, any reference to the European Union in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area.
Cookie: small portion of data stored within the Data Subject’s device.
Legal references
This privacy policy is drafted on the basis of multiple legislative orders, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy policy covers this Website only.
Get a quote now, with no obligation!