Viale Italia, 329 – 31015 Conegliano TV
VAT No. 04153350261
pursuant to art. 13 of EU Reg. No. 2016/679 (hereinafter referred to as the “Regulation or GDPR”), in relation to the personal data that will be acquired by Valeo SRL (hereinafter referred to as the “Data Controller”), please be informed of the following:
1. SCOPE OF THE PROCESSING
The Data Controller processes identifying personal data (e.g. name, surname, company name, address, telephone number, e-mail address, bank reference and payment details), hereinafter referred to as ‘personal data’, or just ‘data’ related to the conclusion of contracts and services provided by the Data Controller, communicated by you upon the conclusion of contracts and services provided by the Data Controller.
2. PURPOSES OF THE PROCESSING
Your personal data are processed:
A) without your express consent as per art. 6 letters b), e) of the GDPR, for the following service purposes:
– to conclude any contracts for the Data Controller’s services;
– to fulfil any pre-contractual, contractual and tax obligations arising from the currently ongoing relations with you;
– fulfilment of the obligation provided for in the “Consolidation Act on Public Security Laws” (article 109 of Royal Decree № 773 of 18.6.1931), which requires the general information of guests to be communicated to the Police Headquarters for public safety purposes, in accordance with the procedures provided for by the Ministry of the Interior. The data acquired for this purpose will not be stored at the accommodation facility;
– exercise of the Data Controller’s rights, e.g. the right of defence before the courts;
Failure to provide such data or the partial or incorrect provision thereof could result in the inability to provide the Hotel Services requested by you and, consequently, in the impossibility to give you hospitality at our accommodation facility.
B) only subject to your specific and distinct consent (compliance with art. 7 of the GDPR), for the following marketing purposes:
– to send you by e-mail, through the postal service and/or text messages and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and surveys on the degree of satisfaction with the quality of services;
Please note that if you are already our customer, we may send you commercial communications relating to services and products of the Data Controller similar to those you have already used, unless except in the event that you express your disagreement in this regard (in compliance with art. 130 par. 4 of the Privacy Code).
3. METHOD OF PROCESSING AND PERIOD OF DATA RETENTION
The processing of your personal data is performed through the operations stated under art. 4 No. 2) of the GDPR, and namely:
– collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are subjected to both hardcopy and electronic and/or automated processing.
The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes, and in any case in compliance with the current legislation, for a minimum of 120 days (if you chose the “I do not authorize” option under point 1 of the tablet) and up to a maximum of 1095 days (if you chose the “I authorize” option under point 1 of the tablet).
For the purposes referred to under point 2.B, it will be kept until you oppose the processing in the form and manner set out in point 9, and in any case for a maximum of 1095 days.
4. ACCESS TO DATA
Your data may be made accessible for the purposes referred to under articles 2.A) and 2.B):
– to Data Controller’s employees and collaborators in their capacity as agents and/or internal managers in charge of the processing and/or system administrators;
– to third-party companies or other subjects (by way of example, credit institutes, professional firms, etc.) that carry out activities on behalf of the Data Controller, in their capacity as external data supervisors.
The updated list of data supervisors and persons in charge of the processing is kept at the Data Controller’s operating headquarters.
5. DATA COMMUNICATION
Without the need for an express consent pursuant to art. 6 letters b) and c) of the GDPR, the Data Controller will be entitled to communicate your data for the purposes referred to under art. 2.A) to:
entities, professionals, companies or other organisations appointed by us to be in charge of processing related to the fulfilment of administrative, accounting and management obligations related to the ordinary performance of the economic activity, also for purposes of credit recovery;
public Authorities, Administrations, Supervisory Bodies, Police Headquarters, and Judicial Authorities, for the purposes connected with the fulfilment of any legal obligations;
banks, financial institutions or other subjects to which the transfer of the aforesaid data is necessary for the performance of our company’s activity in relation to the fulfilment by the Data Controller of the contractual obligations undertaken towards us.
6. DATA DISSEMINATION
Your personal data will not be disseminated.
7. DATA TRANSFER
Personal data is stored at the Data Controller’s premises, and in any case within the European Union.
8. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES ARISING FROM THE REFUSAL TO RESPOND
The provision of data for the purposes referred to under art. 2.A) is mandatory.
Failing to do so will result in our inability to guarantee you the Services referred to under art. 2.A).
On the other hand, the provision of data for the purposes referred to under art. 2.B) is optional. You can therefore decide not to provide any data or to subsequently refuse the possibility to process previously provided data:
In this case, you will not be able to receive any newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to under art. 2.A).
9. RIGHTS OF THE INTERESTED PARTY
This shall be without prejudice to your right to exercise the rights of access to personal data provided for under art. 15 and ff. of the GDPR, in the form and manner in the manner set out under art. 12 of the GDPR. In order to submit a request for the exercise of the rights referred to above, please send an e-mail at firstname.lastname@example.org or write a letter addressed to the company headquarters.
10. RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
In the event that the Data Controller fails to send you a reply within the time provided for by the relevant legislation or that the response to the exercise of your rights proves to be inappropriate, you will be entitled to lodge a complaint wit the Data Protection Authority pursuant to art. 77 of the Regulation.
Please refer to the following details concerning the Authority: Garante per la protezione dei dati personali – Piazza di Monte Citorio n. 121 – 00186 Rome, Italy – www.gpdp.it – www.garanteprivacy.it – E-mail: email@example.com – Fax: (+39) 06.69677.3785 – Tel. switchboard: (+39) 06.69677.1
11. DATA CONTROLLER
The Data Controller is Valeo SRL – Viale Italia, 329 – 31015 Conegliano TV – VAT No. 04153350261, acting thorough its legal representative.