Privacy Policy under the GDPR (General Data Protection Regulation) 2016/679
Dear Customer,
we have always paid attention to the protection of the personal data of all our Customers. Consequently, we are currently implementing a privacy management system based on the principles introduced by the new European Regulation applicable from 25 May 2018.
Data Controller
The Data Controller is
Bari Convention Bureau
Grandi Eventi S.c.r.l.
P.zza Aldo Moro, 28 - Bari
P.IVA 07533150723
In accordance with Regulation (EU) 679/2016 Article 13, The Company (hereinafter the “Data Controller”), as the Data Controller, hereby informs you that your personal data, and your or your underage children's special categories of personal data (EU Regulation Article 9), if any, provided by you shall be processed in a pertinent and transparent manner, and in compliance with the principles of lawfulness and necessity under the current governing regulations.
Purposes of the processing
The personal data shall be processed for institutional purposes associated with or useful for our Company's business, and therefore to:
a) perform the hotel accommodation service and related transactions, or one or more contractually agreed transactions provided by The Company and Ho – Hotels Collection Group (hereinafter the “Group”);
b) comply with legal obligations of a tax, statutory, accounting and administrative nature;
c) meet internal operating and business needs of the Data Controller and the Group, with respect to the service provided;
d) supply, by email, conventional mail or telephone, information regarding products or services provided by the Data Controller or by the Group;
e) supply marketing, advertising and promotional initiatives reserved to the Data Controller or Group customers and implemented by the Data Controller or by subsidiaries, affiliates or other related parties;
f) carry out profiling activities through automated or online data processing in order to provide customized promotions based on the choices and habits of the user;
g) process the data of minors (in accordance with the applicable regulations) over whom you exercise parental authority, for the purpose of making reservations and registering at the hotel.
Legal basis of the processing
The legal basis of the data processing is the specific contractual relationship established and the freely given, specific and informed consent of the data subject.
Mandatory and optional supply of data
Whereas consent is not required for processing personal data preordained to the performance of the contract and fulfillment of the legal obligations referred to in the "Purposes of the processing" section, points a), b) and c), please note that:
- the supply of data for the purposes stated in points a), b) and c) above is optional, but necessary to perform the customer services, and the lack of consent could result in not allowing the service to be performed;
- the consent to processing for the purposes stated in point d), e), f) is freely given and optional, and the data subject may object at any time and in any event to such processing, easily and free of charge, by contacting the Data Controller, even by email, and obtain an immediate reply confirming the termination of such processing; notwithstanding the foregoing, refusal to supply the personal data requested could result in impossibility to be promptly updated on the services offered by our company, to obtain customized promotions based on the choices and habits of the user and to use some services and benefits reserved to the Data Controller and the Group customers;
- the supply of data of minors (in accordance with the applicable regulations) and the consent to the processing of that data for the purposes stated in points a, b, c), g) above from parties who exercise parental authority over such minors are mandatory because they are necessary for the performance of the contractually agreed services.
Data processing method
The data will be processed with paper-based, electronic or telecommunication means, and with suitable security measures to safeguard the security and confidentiality of your personal data.
The transfer, storage and processing of user data collected through the Site are ensured through appropriate technical measures. All user information is protected with AES 256 Bit encryption. Furthermore, the site is provided over HTTPS encrypted connection.
User data are collected and stored on a secure server, protected by a firewall and physically located in Arezzo in a controlled- access web farm. Every super-user access takes place under the protection of a military quality encryption.
Data retention
In observance of the proportionality and necessity principles, the data shall not be retained for longer than is strictly necessary for the purposes stated above, thus for the service offered or compliance with specific laws.
Recipients of personal data
The data collected will be processed exclusively for the purposes stated above and may be communicated to subsidiaries, affiliates or other companies associated with the Group, either in Italy or abroad, exclusively for the management of the services offered to the Data Controller customers. Using adequate security measures put into place by the Data Controller, your data and your child's/children's data may also be communicated to law enforcement agencies and other public and private parties to comply with legal, tax, administrative, financial and similar obligations. The data will not be disseminated in any case.
The Data Controller may provide user data to third parties only for fulfil some processes referred to the "Purposes of the processing" section, points e), f) and g).
Rights of the data subject
The data subject may exercise his or her rights with the Data Controller under Regulation (EU) 679/2016, Articles 15 and subsequent articles, i.e. he or she may obtain confirmation as to whether or not personal data concerning him or her are being processed, and obtain their communication in an intelligible form.
The data subject shall also have the right to obtain the access, updating, rectification, integration, portability and erasure of the data and to impose limitations on their processing.
Moreover, the data subject shall have the right to object, wholly or in part, for legitimate reasons, to the processing of his or her personal data, even if pertinent to the purpose for which it is collected, for the sending of advertising or direct sales materials and for conducting automated market research or business communications, without prejudice to his or her right to lodge a complaint to the supervisory authority.
Those rights may be exercised by contacting the Data Controller.
Cookies
For further information about the use of cookies, please read the Cookie Policy on our site.
Please send an email to info@nicolaushotel.com if you have any questions about the information contained in this page.