Privacy Policy 

Last update: [21/06/2023] – Version [2.1]

What is this document? Pursuant to art. 13 European Reg. n. 679/2016 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, Hotel Tiziano Venezia intends to inform each user (the “User”) about the processing of personal data happening on its website https://subitosanto.it/ (the “Website”).

1. Controller and Contact details

Dama Molina S.r.l. (hereinafter “Controller”, pursuant to art. 4(7) GDPR) with registered office in via G. Garibaldi n. 2 – 35043 Monselice (PD).

Contact details: [info@damamolina.it]

2. Purposes of processing, Legal Basis, Personal Data and Retention period

The Controller processes Personal Data for the following purposes, as specified here in below. The following table also shows the legal basis which justifies the processing and the period of data retention.

Purposes Personal Data Legal Basis Data Retention
A) Management of booking request and accommodation

✓ Anagraphic information (Name and surname)

✓ Financial details (credit card number)

✓ Contact details (email, phone number)

Performance of pre contractual and contractual provisions [Art. 6, 1, lett. b) GDPR]

Until the expiry of the data retention period, as provided by the applicable law, and according to Articles 2946 et seq. of the Italian Civil Code.

B) Answer to information requests

✓ Anagraphic information (Name and surname)

✓ Contact details (email, phone number)

Performance of pre contractual and contractual provisions [Art. 6, 1, lett. b) GDPR]

For the period of time necessary to answer the User.

C) Allow the Controller to accomplish all formalities required by law.

✓ Anagraphic information (Name and surname)

✓ Home address

✓ Contact details (email)

Legal obligation [Art. 6, 1, lett. c) GDPR]

Until the expiry of the data retention period, as provided by the applicable law.

D) Improve the website by analyzing how Users navigate and/or use the Website.

✓ Website data usage

Legitimate interest

[Art. 6, 1, lett. f) GDPR] 

Not applicable (aggregate or anonymous data).

E) Detecting or preventing fraudulent activity and exercising the Controller's rights in Court

✓ Anagraphic information (Name and surname)

✓ Contact details (email)

✓ IP Address

✓domain names of the computers utilised by users accessing the site

✓URI Address (Uniform Resource Identifier) of booking request and the time when the request is made.

Legitimate interest [Art. 6, 1, lett. f) GDPR]
10 years

The provision of data for purposes A) and B) is facultative. However, failure to provide it will make it impossible to make a reservation at the accommodation and/or to request information.

The provision of data for purpose C) is mandatory to allow the Controller to comply with the regulatory obligations to which it is subject.

The provision of data for purposes D) and F) is necessary in order to allow the Controller to fulfill its own legitimate interest.

3. Processing modalities

The processing of Personal Data will take place through automated and/or manual tools in order to ensure proper security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.

4. Data sharing

Your Personal Data may be shared with the following external subjects: (i) Internet service providers, software companies and platforms used by the Controller as communication and promotion channel or for booking services; ii) consultants and other third-party service providers who perform services for us or on our behalf and require access to such information to do that job; iii) authorities, government agencies, or judicial courts to meet any applicable law, regulation, legal process, or enforceable governmental request.

These subjects act as autonomous Data Controllers or Data Processors. In the latter case, the Controller has signed a contract pursuant to Art. 28 GDPR (Data Protection Agreement or “DPA”).

The list of data processors is available by sending a request to the Data Controller at [info@damamolina.it].

Personal Data will also be processed by the Controller’s internal staff specifically authorized pursuant to Article 29 of the GDPR.

5. Data Processing Locations

Personal data are processed and stored at the headquarters of the Controller, as well as in the servers that host the Website and the booking engine software established in EUTransfers of Personal Data outside the EEA shall be carried out only with appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.

6. Interaction with social network

The Website also incorporates plug-ins and/or buttons for social networks that allow interactions with social networks directly from the pages of this Site. These plug-ins are programmed so that no cookie is set when the page is accessed, in order to safeguard the User’s privacy. The collection and use of information obtained by means of the plug-in are governed by the respective privacy policies set out below, to which please refer:.

– Facebook (Meta Platforms, Inc.)

Facebook buttons are services for interaction with the social network Facebook, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (https://www.facebook.com/privacy/explanation).

– Instagram (Meta Platforms, Inc.)

Instagram buttons are services for interaction with the social network Instagram, provided by Meta Platforms, Inc. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland – Privacy Policy (https://help.instagram.com/519522125107875).

– WhatsApp (WhatsApp Ireland Limited)

WhatsApp buttons are communication interaction services provided by Whatsapp Ireland Limited. Personal Data collected: Cookies and Usage Data. Place of processing: Ireland- Privacy Policy (https://www.whatsapp.com/legal/privacy-policy-eea).

7. Data subject’s rights

The User may exercise all the rights provided for by Articles 15-21 of GDPR, at any time and without unjustified limitations, by contacting the Data Controller at [info@damamolina.it]. Requests shall be filed free of charge and processed by the Controller within 30 days.

Specifically, the User can:

  • obtain from the Controller confirmation as to whether or not Personal Data are being processed (Art.15);
  • obtain from the Controller the rectification of inaccurate Personal Data or the completion of inaccurate ones (Art. 16);
  • obtain from the Controller the erasure of Personal Data (Art. 17);
  • obtain from the Controller restriction of processing (Art. 18);
  • have the right to receive his/hers Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);
  • have the right to object (Art. 21);
  • with regard to the purposes of processing based on consent, withdraw that consent at any time.

 

8. Complaints

In any case, Users are always entitled to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), under Art. 77 of the Regulation, if they believe that the Data Controller’s processing of their Personal Data is in violation of the applicable law.

9. Amendments

The Controller reserves the right to amend and update that Privacy Policy as a result of any further new or revised provisions of any national and EU laws and regulations on personal data protection.