DISCLOSURE ACCORDINF TO GDPR
“Personal data” means information that identifies you personally or allows you to identify a person. At each point of contact along your journey we collect your Personal Data in the manner prescribed by law, such as:
- First name
- Mailing address
- Telephone number
- Email address
- Credit / debit card number or other payment information
- Financial information in certain circumstances
- Language preference
- Date and place of birth
- Nationality, passport, visa or other identification data issued by the government
- Employer data
- Information regarding the travel itinerary, the tourist group or the activities
- Previous stays or interactions with guests, goods and services purchased, special services and requests for services
HOW TO COLLECT PERSONAL DATA
We collect Personal Data when you visit our facilities and our website. If you do not provide the requested data or we are prohibited from collecting such information, we may not be able to provide the requested Services.
We use your data for our legitimate economic interests, including the following:
- Provision of the requested services
– to facilitate bookings, make payments, send administrative messages, send confirmation messages or before arrival, assist you at meetings and events and to provide you with other information about the area and the facilities where you will be staying;
– to complete your booking and your stay, for example to process the payment, to guarantee that your room is available and to provide you with the relative assistance;
– to support our electronic receipt program. When you use an e-mail address to make a reservation, we use that address to send you a copy of your bill. If you make a reservation for another person using your e-mail address, that person’s bill will always be sent to your address. You can cancel the invoice by e-mail and receive a paper copy instead by contacting the front desk.
- Communication on goods and services based on personal preferences
– send you marketing communications, promotional offers, market research and periodic customer satisfaction or quality surveys.
We are committed to taking all appropriate organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or archiving system can guarantee 100% security. If you believe that your interaction with us is no longer safe (for example if it seems to you that your account security has been compromised), please notify us immediately.
Your data may be made accessible:
- to employees and collaborators of the Data Controller, in their capacity as authorized parties and / or internal processing managers and / or system administrators;
- to third-party companies or other subjects, web site providers, cloud providers, e-payment service providers, suppliers, hardware and software support technicians, shippers and carriers, credit institutions, professional offices, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data controllers.
The criteria used to establish the data retention periods on our part are the following:
- how long we have started the relationship with you by providing you with our Services (for example, since you opened an account with us or when you use our Services);
- if we are subject to a legal obligation (for example, according to some laws we are required to file your transactions for a certain period of time before being able to cancel them);
- if it is advisable to keep the data in consideration of our legal position (for example in the case of prescriptions, disputes or regulatory investigations).
Without your express consent (art. 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Owner may communicate your data to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is obligatory by law for the fulfillment of the said purposes. Your data will not be disclosed.
RIGHTS OF THE INTERESTED PARTY
In your quality as interested, you have the rights referred to in art. 7 Privacy Code and art. 15 GDPR and precisely the rights of:
- i. obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
- ii. obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) of the identification data concerning the data controller, data processors and the representative designated pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or appointees;
- iii. obtain: a) updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the event that such fulfillment occurs it proves impossible or involves a manifestly disproportionate use of resources with respect to the protected right;
- iv. object, in whole or in part: a) for legitimate reasons to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by phone and / or mail. Please note that the interested party’s right of objection, set out in the previous point b), for direct marketing purposes by automated means, extends to the traditional ones and that the possibility for the interested party to exercise the right of opposition also remains valid only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, you also have the rights set forth in articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right to object), as well as the right to complain.
You can at any time exercise your rights by sending an email to firstname.lastname@example.org.
HOLDER, RESPONSIBLE AND AUTHORIZED PARTIES
The Data Controller is Baia Taormina Costruzioni SpA, Via del Bosco, 19 S. Agata Li Battiati (CT).
The internal data processor is dott. Biondi Pierpalo.
The updated list of the subjects authorized for processing is kept at the headquarters of the Data Controller.