This page highlights the security policies on personal data that the company AG HOTELS S.r.l. provides for users who consult the website, and more generally for data subjects who interact with our hotel for various reasons.
This is a statement that is provided pursuant to art. 13 of the General Regulation for the Protection of Personal Data EU 2016/679 (hereinafter referred to as GDPR - General Data Protection Regulation) in particular for those who interact with the web services of the Hotel The Britannia, accessible electronically starting from address: https://www.aghotels.it
The information refers only to the website of AG Hotels and not to other websites that may be consulted by the user via links.
The information is also based on Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by the art. 29 of the directive n. 95/46 / EC, adopted May 17, 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
OWNER AND MANAGER OF TREATMENT
1. According to the art. 4 point 7 of the RGPD 2016/679, the data controller of the Site is the company AG HOTELS S.r.l
2. According to the art. 28 of the GDPR 2016/679, External Data Processor and System Administrator for the management of the hotel website and of the online booking platform www.blastnessbooking.com integrated in the site itself is the company BLASTNESS S.r.l. with headquarters in P.zza J.F. Kennedy 27, 19125 La Spezia (SP), Tel. 0187 599737- Fax 0187 020349 - email: firstname.lastname@example.org.
3. According to the art. 28 of the GDPR 2016/679 Responsible for the marketing activities of the site and the newsletter is the company AG HOTELS S.r.l with registered office in Via XX Settembre, 98G - 00187 Rome responsible for the AG Hotels commercial activities
PLACE OF DATA PROCESSING
The processing operations connected to the web services of this site take place at the headquarters of the data controller and the data processors, and are only handled by technical personnel of the service in charge of processing.
Using third-party cookies, processing may also take place outside the European community by Google and companies that install third-party profiling cookies.
The personal data provided by users who request dispatch of informative material are used for the sole purpose of performing the service or provision requested while some data acquisition forms provide for the possibility of communicating the personal data of the interested party to service providers to comply with to the contract and provide the services requested.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment. This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts do not persist for more than thirty days.
Data provided voluntarily by the user
The services on this website are not intended for minors. We do not knowingly collect minor data, including Personal Data.
If we become aware of having collected the personal data of a child, we will immediately cancel them, unless we are obliged by law to keep such data. The User is requested to contact us if he believes that the Hotel has incorrectly or unintentionally collected information on a minor.
METHOD OF TREATMENT
Personal data is processed by automated tools for the time necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
PURPOSE AND LEGAL BASIS AND NATURE OF THE PROVISION
The Personal Data you provide through the Site will be processed by the data controller for the following purposes:
a) purposes related to the execution of a contract of which the interested party is a party or to the execution of pre-contractual measures adopted at your request (eg: booking, adherence to special offers, etc.). Consent Not necessary;
b) purposes linked to the sending of promotional and commercial material via email following voluntary registration of the Hotel newsletter. Requires the explicit consent of the interested party or the exercise of soft spam;
The data processed by us may include special categories of personal data as defined in Article 9 of the GDPR 2016/679 or personal data concerning health or religion (food allergies, services for the disabled, menus related to religion, etc. .) voluntarily provided by you in the Notes fields of the booking form.
The data in question will be processed guaranteeing appropriate security measures limited to the data and operations indispensable to fulfill even pre-contractual obligations that the hotel assumes in its sector of activity, in order to provide specific goods, services or services requested by the interested party.
According to the art. 9 of GDPR 2016/679, however, we will always ask for explicit authorization to process personal data as we cannot know in advance if the interested party will voluntarily enter personal data in the acquisition forms, data that fall into the category in question.
This information drafted in accordance with the art. 13 of the EU Regulation 2016/679, it can be used by the data controller also for any advertisements published for the search of personnel in sites or portals not directly managed by the same.
The Company will process the CVs received via email or through third-party recruting companies (publications on portals, etc.) to assess potential candidates within the company or that could be presented in the near future. The processing is done electronically with the exception of curricula received by ordinary post.
Curricula considered "interesting" will be kept at the company's headquarters for a period not exceeding one year and will be treated in full compliance with the minimum security measures referred to in Article 32 of the GDPR 2016/679
The curricula deemed irrelevant as well as those curricula whose retention time has exceeded 18 months will be trashed.
The curricula will be kept at the Britannia Hotel and will not be disclosed to unauthorized third parties excluding the hotels and companies belonging to the Brand. The same may be evaluated by employees or collaborators of the hotel appointed as data processors (pursuant to Article 29 and 32 paragraph 4 of the GDPR 2016/679).
However, we kindly invite the candidates to respect the following rules in the transmission of the curricula in electronic format:
1. Fill in your European curriculum;
2. transmit the curriculum in pdf format;
3. avoid including in your curriculum particular categories of personal data as defined by article 9 of the GDPR 2016/679 (concerning, in particular, the state of health, religious, philosophical or political convictions) not relevant in relation to the job offer; 4. consent to the processing of sensitive data relevant to the establishment of an employment relationship (for example belonging to protected categories).
The company reserves the right not to discard the CVs that do not comply with the above requirements. The purpose of the processing related to the management of the curricula will involve activities strictly related to the evaluation, recruitment or selection of personnel, with objectives of collaboration, temporary or permanent employment, of internships, or to allow the chosen candidate to prepare his / her own thesis degree at our headquarters.
TRANSFER OF PERSONAL DATA
The transfer of your personal data to non-European countries is not envisaged.
The data controller will process the personal data of the interested parties for the time strictly necessary to achieve the purposes indicated in this information notice. By way of non-exhaustive example, the hotel will process the Personal Data for the newsletter service until the interested party decides to unsubscribe from the service by a simple click in the received email. Without prejudice to the above, the data controller will process your Personal Data up to the time permitted by Italian law to protect his interests (Art. 2947 (1) (3) c.c.). More information about the retention period of Personal Data and the criteria used to determine this period can be requested by writing to email@example.com
RIGHTS OF INTERESTED PARTIES
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence of the same data and to know its content and origin, verify its accuracy or request its integration or updating, or the rectification (Art. 15 - 22 GDPR 2016/679). According to the articles in question we have the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. In accordance with Chapter III of the GDPR 2016/679, the interested party has the right to request at any time, access to his / her Personal Data, the rectification or cancellation of the same or to oppose their treatment, the limitation of treatment and obtaining in a structured format, commonly used and readable by an automatic device, the data concerning him also has the right to oppose the profiling and to propose a complaint to the Control Authority. The interested party also has the right to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation. For the complete and exhaustive list of the rights exercisable by the interested party, please refer to art. 15-22 of the GDPR 2016/679. Requests should be sent by e-mail to the address: firstname.lastname@example.org
UPDATE AND REVISION