Information regarding the processing of personal data

Pursuant to Article 13 of Legislative Decree 196/2003 (hereinafter, the “Privacy Code“) and art. 13 of the 2016/679 EU Regulation of 27 April 2016 (“Regulations”, the Regulation and the Privacy Code are together referred to as “Applicable Regulations“), we wish to provide, as Data Controller, appropriate information on the fundamental elements of the processing to be we performed.

1.Title and Data Processors

1.1. The owner of the treatment is Reginna Palace Hotel – Ge.Al. Srl – with registered office in Via C. Colombo, 1 – 84010 Maiori (Sa) – info@reginna.it

The complete and updated list of designated parties is available, at the request of the interested party, at the holder’s office.

2. Purpose of the processing

2.1. Personal data are collected and will be processed lawfully pursuant to art. 6 of the Regulations exclusively for the following purposes:

1. a) for purposes connected and consequent to the establishment, execution and termination of the contract or for the satisfaction of a request and / or pre-contractual obligations. Personal data collected for this purpose include: name and surname, e-mail address, telephone number, credit card data and any other data that you deem appropriate to communicate in order to enable us to satisfy your request;
2. b) to fulfill the obligations established by law (tax), by an authority, by a regulation or by European legislation in relation to the existing contractual relationship (eg Consolidated law of public security that requires us to communicate to the police generality of customers);
3. c) to perform the function of receiving messages and telephone calls addressed to you during your stay;
4. d) to speed up the registration procedures in case of your subsequent stays at our facility;
5. e) for the purposes of commercial and promotional communication of our products and / or services (eg promotional messages, updates on rates and offers);
6. f) for the purposes of protecting people, property and corporate assets through a video surveillance system of some areas of the structure, identifiable by the presence of appropriate signs.

2.2. The provision of personal data for the purposes of processing pursuant to art. 2.1 lett. a) and b) it is indispensable and obligatory for the establishment and execution of the contract, therefore failure to provide them could result in the impossibility of establishing or executing the contractual relationship. The provision of data for the purposes referred to in art. 2.1 lett. c), d), e) instead it is optional, therefore we will be able to process your personal data, even after the termination of the contractual relationship, only if you expressly consent to it.

3. Processing methods and data retention times

The processing of personal data will be carried out both on paper and through the use of information technology for the time necessary to achieve the purposes for which it was collected or in any case for the time necessary for verification, exercise and defense. in court of the rights of the owner and of the interested parties.

Credit card data will be collected and processed in accordance with the PCI DSS (Paymant Card Industry Data Security Standard). Specific security measures will be observed to prevent data loss, illicit or incorrect use of data, unauthorized access.

In particular:

– The processing of personal data for the purpose of facilitating registration in the case of your subsequent stays, as per art. 2.1 lett. d), will take place after obtaining your consent, revocable at any time, and your data will be kept for a maximum period of 5 years;

– The processing of personal data for the purpose of commercial communication, pursuant to art. 2.1 lett. e), will take place after obtaining your consent, and your data will be kept for a maximum period of 2 years and will not be disclosed to third parties. You can, however, revoke your consent at any time;

– The processing of personal data for video surveillance purposes, as per art. 2.1 lett. f) does not require your consent, as it pursues our legitimate interest in protecting people and property with respect to possible aggressions, thefts, robberies, damage, acts of vandalism and for purposes of fire prevention and job security. The recorded images will be deleted after 24 hours, except holidays or other cases of closure of the exercise. They will not be communicated to third parties, except in cases where it is necessary to adhere to a specific investigation request by the judicial or judicial police authorities.

4. Scope of communication and dissemination of data

The personal data provided by users who forward hotel reservation requests are used only to perform the service or provision requested and are not disclosed to third parties, except in the following cases:

– our business partners to whom we will be able to communicate data exclusively to process reservations;

– persons, companies or professional firms providing assistance and advice in accounting, administrative, legal, tax, financial and technical matters;

– subjects whose right to access data is recognized by legal provisions or by orders of the authorities.

5. Rights of the interested parties

You can directly contact the Data Controller or the Responsible to assert your rights, as required by the Applicable Regulations.

The rights guaranteed by the Applicable Regulations can be exercised by contacting us by registered mail at the registered office of Reginna Palace Hotel – Ge.Al. Srl or by sending an e-mail to the following address info@reginna.it.

In accordance with the Applicable Regulations, we inform you that you have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the owner and managers; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to know them as managers or agents.

Furthermore, he has the right to obtain:

1. a) access, updating, rectification or, when interested, integration of data;
2. b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
3. c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.

Furthermore, it has:

2. a) the right to withdraw consent at any time, if he has consented to the processing of personal data for the purposes referred to in art. 2.1. lett. c), d) and e) of this information;
3. b) if applicable the right to the portability of data (right to receive all personal data concerning you in a structured format, commonly used and readable by automatic device), the right to limit the processing of personal data and the right to cancellation (“Right to be forgotten”);
4. c) the right to object, in whole or in part, for reasons connected to your personal situation, to the processing of personal data concerning you, even if pertinent to the purpose of the collection, and to oppose, at any time, the processing of data for purposes marketing or to oppose only with regard to some modalities;
5. d) if he considers that the processing of personal data carried out by the Controller violates the Rules, the right to lodge a complaint with a Supervisory Authority (in the Member State in which he resides habitually, in the one in which he works or in the one in which he has verified the alleged violation). The Italian Supervisory Authority is the Guarantor for the protection of personal data, located in Piazza di Monte Citorio n. 121, 00186 – Rome (http://www.garanteprivacy.it/).