Privacy Policy pursuant to articles 13-14 of Regulation (EU) 2016/679 (so-called GDPR)

In accordance with applicable privacy laws we would like to take this opportunity to inform you that your personal information will be processed in an ethical and transparent manner, only for lawful purposes, and in a manner that safeguards your privacy and your rights.
 
DATA CONTROLLER
Data Controller
Registered office
Address
PIVA / CF
Contacts
Ceo
Privacy contact
 
TURISMO ITALIA S.R.L.
Contrada S. Matteo 42, 66030 Poggiofiorito (CH)
Località Casagliana, Via Sole Ruju 14 - 07026 Olbia (OT)
02679790697 / 02679790697
PEC: turismoitaliasrl@pec.it
D'Arrezzo Ambrogio
Giampiero Ulacco (management@turismoitalia.org)
CATEGORIES OF PERSONAL DATA 
Categories of personal data list
 
Customers and potential customers
DATA PROCESSING
Description of customers' data processing Processing of personal data of customers within the accommodation facilities that provide accommodation and other services.
ORIGIN, PURPOSES, LEGAL BASIS AND NATURE OF DATA PROCESSING
Origin of data Data are generally collected from the data subject, but they may be taken through online booking platforms, external booking platforms (Data Controllers). Data comes from a not public source.
Purposes and Lawfulness of processing Processing takes place manually and using IT tools, and is done, by us and our persons in charge of data processing, for the following purposes:
  1. To obtain and confirm your booking of accommodations and other services, and to provide such services as requested. Since this processing is required to define our contractual relationship and to perform under our contract with you, your consent is generally not required. Should you refuse to submit your personal information, we will not be able to confirm your booking or provide you with the requested services.
  2. To comply with our "Public Safety Law" (Article 109 Royal Decree n. 773, 18/6/1931) which requires that we provide identification data of our guests to the police, for purposes of public safety, in the manner established by the Ministry of the Interior (Decree of 7 January 2013). Data submission is mandatory, and does not require your consent. Should you refuse to provide such information, we will not be able to host you in our hotel.
  3. To comply with applicable administrative, accounting, and tax regulations. For these purposes, your consent is not required. Personal information is processed by us and our persons in charge of data processing, and is disclosed outside the company only when and if required by law. Should you refuse to submit the required data for the above purposes, we will not be able to provide you with the requested services.
  4. To speed-up check-in on your next visit to our hotel. For such purposes, upon obtaining your consent (which can be revoked at any moment).
  5. To allow you to receive messages and telephone calls during your stay. Your consent is required for such purposes. You can revoke your consent at any time.
  6. To send you marketing messages and updates on special rates and promotions. For this purpose, upon obtaining your consent.
  7. To protect people, property, and company assets, using a videosurveillance system for some areas of the hotel, which are duly identified by signage. Your consent is not required for such processing because it is conducted pursuant to our legitimate interest to safeguard people and property against potential violence, theft, robbery, damage, and vandalism. Surveillance is also conducted for purposes of fire prevention and occupational safety and health.
  8. To manage wi-fi access to the network of visitors' devices, for security purposes of the network, company assets and for defensive needs. The provision of data is mandatory and does not require your consent, for legitimate interest in protecting IT security.
  9. To offer personalized services to guests with special needs, illnesses or handicap.
Type of Personal Data Name, address or other elements of personal identification, company name, type and no. of ID doc., social security number and other personal identification numbers, bank details, credit card data, accounting, tax and financial data, contact and communication data, days of stay, e-mail address, information relating to the family and to the components of the same reservation, navigation data of the visitor device for wi-fi access (log file of use of the wifi network: ip addresses or device names used, addresses in uri notation of the requested resources, the start and end time of connection, the time of the request). Art. 109 of the Consolidated Law on public security laws establishes that the managers of accommodation facilities cannot give accommodation to people without an identity document.
Special categories of personal data Data concerning health: health informations for particular needs because of diseases (for example allergies) or handicap.
Lawfulness art. 9.a of GDPR
 
Explicit consent to the processing of those personal data.
RECIPIENTS AND CATEGORIES OF RECIPIENTS
Categories of recipients Communication of your personal data could carried out on the lewfulness provided by Article 6 of Regulation 2016/679/EU, to the following third parties: Judicial Offices, Consultants and freelancers also in associated form, Police, Other public administrations, Insurance companies, Authorities, Revenue Agencies, Internal managers, External managers, Authorized subjects, , Tax Agencies. Furthermore, the managers are obliged to communicate to the police headquarters, by computers, details of the people hosted, arrival and nights of stay, family relations, according to procedures established with a specific law (DM of 7 January 2013).
These organizations, companies and professionals act as Data Processors appointed by TURISMO ITALIA S.R.L. or they are Data Controllers of the personal data sent to them.
Your personal data may also be communicated to external companies, to which TURISMO ITALIA S.R.L. request the execution of services. Only necessary data will be transmitted. All employees, consultants, temporary workers and/or any other person carry out their activities on the basis of the instructions received from TURISMO ITALIA S.R.L., and, pursuant to art. 29 of the GDPR, they are designated "Authorized subjects of processing". To those authorized subjects, TURISMO ITALIA S.R.L. issues appropriate operating instructions, with particular reference to compliance with security measures, in order to ensure the confidentiality and security of the data. The obligation of TURISMO ITALIA S.R.L. remains unaffected to communicate data to Public Authorities for specific request.
 
TRANSFER OF PERSONAL DATA
Data are processed in the EU. If the extra-EU transfer becomes necessary, the transfers will take place on the basis of an adequacy decision or on the Standard Contractual Clauses approved by the European Commission.
 
METHODS, PROCESSING LOGICS AND DURATION OF DATA STORAGE
Duration of processing Data will be processed for the period strictly necessary to guarantee the correct provision of the services purchased - except for the need for storage for a longer period in compliance with the Law, including accounting rules Data acquired for such purposes is retained by us for the required statutory period (10 years – or longer, in case of tax audits). The data will be processed for the entire duration of the contractual relationship, for the fulfillment of all legal obligations. 
The DM of 7 January 2013 requires to send the data of customers to the Police, and pursuant to article 109 of the Tulps, data are canceled from the Controller after sending to the Police headquarters. However, regular customers can ask to store data, in order to speed up the check-in procedures in case of future reservations.
Contact data processed for marketing messages shall cease if you request to cancel your data using unsuscribe link of the footer of mails, we will store data for not more of 24 months. You may revoke your consent at any moment.
Data acquired for such purposes shall not be retained by us, unless you provide consent to their retention as required.
Your information will be retained for a maximum of 24 months, and will be used the next time you are our guest.
Such processing, where consent is granted, shall end when you check out; your information shall be retained for a maximum of 24 months, and will not be disclosed to third parties.
Videosurveillance recorded images are erased after 24 hours, except on holidays or other days the business is closed; images are never retained for more than 72 hours. These images are not subject to third-party disclosure, except as required to comply with a specific investigatory demands from a court or the police.
The wi-fi navigation data will be deleted at the end of the stay in the hotel.
Your data is collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and requirements set out in art. 5 c 1 of the GDPR. The processing of personal data takes place using manual, IT and telematic tools for the related purposes and, in any case, in order to guarantee their security and confidentiality. The data processing connected to the management of the guests are stored at headquarters of the Data Controller.
 
DATA SUBJECT RIGHTS (Artt. from 15 to 22, art.77 of GDPR)
European Regulation grant you certain rights, including rights of access to, adjustment, erasure, limitation of, or objection to the processing of your data, as well as data portability rights, when and insofar as applicable (Articles 15-22 of the EU Regulations n. 679, 2016).
You can also file a complaint with the Data Protection Authority, according to the procedures set forth under applicable regulations.
 
AUTOMATED DECISION-MAKING
No automated decision-making

The Data Controller reserves the right to make any appropriate changes or made mandatory by current regulations to this information on the processing of personal data, at its sole discretion and at any time. On such occasions, users will be duly informed of the changes that have occurred.
 
17/05/2021
The Data Controller
TURISMO ITALIA S.R.L.