INFORMATION FOR THE PROCESSING OF PERSONAL DATA
Winter Services Srl (hereinafter referred to as Owner), with registered and operative offices in Grassobbio (BG) via Padergnone, nr. 52 – 24050 Italy, Fiscal Code and V.A.T number 03790640167, as data controller, informs you under art. 13 EU Regulation n. 2016/679 (hereinafter also “Regulations”) that your data will be processed in the manner and for the following purposes:
1. Object of the Treatment
The Data Controller processes personal data, (such as name, surname, company name, address, telephone number, e-mail, bank and payment details) – hereinafter, “personal data” or even “data” you have communicated at the conclusion of contracts for the services of the Owner – in order to optimize the service provided to you. According to the legislation, this treatment will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
2. Purpose of the processing
Your personal data are necessary for purposes strictly connected and instrumental to the management of business relationships, for administrative and accounting purposes and for purposes related to legal obligations.
We inform you in particular that your personal data are processed:
A) Without your express consent and if directly provided by you (Article 6 letter b) and e) of the GDPR), for the following Service Purposes:
- to conclude contracts for the services of the Owner;
- to fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
- to fulfill the obligations established by the law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
- to exercise the rights of the owner, for example the right to defense in court;
B) Only subject to your specific and distinct consent (Article 7 of the GDPR), for the following Marketing Purposes:
- to send you via e-mail, mails and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and recognition of the level of satisfaction with the quality of services;
- to send via e-mail, mails and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example, business partners).
Please note that, if you are already our customer, we can send you commercial communications concerning services and products of the owner similar to those you have already used, exercising our legitimate interest, under art. 6 of the GDPR, except your expressed dissent through the modalities indicated in the art. 9 of this Information.
3. Data-Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process the personal data for the time necessary to fulfill the after mentioned purposes and in any case for no more than 10 years from the cessation of the service relationship and no later than 2 years from the collection of data for the Marketing Purposes.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller in Italy and in Europe, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
- to third-party companies or other subjects (for indicative purposes, professional offices, consultants, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data controllers, or to other autonomous owners (indicative, institutes banking, mailing services, etc.), who will provide directly their information for the purposes and means of their own.
5. Communication of data
Without the need for express consent (Article 6 letters b) and c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.a) to Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Your personal data will not be disseminated.
6. Data transfer
Personal data may also be stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the data on servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the assessment of the existence of adequate guarantees under art. 46 of the GDPR related to the transfer. If such guarantees are not present, the Holder cannot make any transfer without customer’s explicit consent.
In any case, your data will not be disclosed.
7. Nature of the provision of data and consequences of refusal to reply
The provision of data for the purposes referred to in art. 2.A) is mandatory. In its absence, we cannot guarantee the proposed Services.
The provision of data for the purposes referred to in art. 2.B) and for the possible transfer of your personal data in non-EU countries in the absence of adequate guarantees, as specified in art. 6, is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller.
However, you will continue to be entitled to the Services referred to in art. 2.A).
8. Rights of the interested party
As data subjects you can ask:
a) access to personal data;
b) their correction in case of inaccuracy;
c) the cancellation of data referable to you;
d) the limitation of treatment;
e) the right to oppose the processing of data where the conditions are met;
d) the right to data portability, namely to receive the personal data supplied in a structured format that is commonly and automatically readable by automatic means and to transmit them to another Data Controller without hindrance.
Although not expressly provided for by the provisions referred to above, reference should be made to the legislation in force on the subject of Privacy and specifically to articles 15, 16, 17, 18, 20 and 21 of the GDPR.
9. PRESENTATION OF COMPLAINTS
Interested parties may submit complaints to the Company whenever they consider it necessary, using the following email address: privacy@wintergarden-hotel.com
Or they can also file a complaint with the National Data Protection Authorities (APD).
10. How to exercise rights
You may exercise your rights at any time by one of the following methods:
- registered mail to Winter Services Srl Via Padergnone, 52 – 24050 Grassobbio (BG) – Italy;
- e-mail to the address: privacy@wintergarden-hotel.com
11. Cookies Policy
We also inform you that, if you now use our website for reservations or for the simple visit you can get in touch with cookies (a “cookie” is a small piece of data that is stored in the browser of your computer or your mobile device).
In the event that we authorize other parties to release cookies through the site, those cookies are called “third-party”.
Our Web page uses:
- Technical cookies in order to offer our visitors a state-of-the-art and user-friendly website, which automatically adapts to their needs and wishes. To make this happen, we use technical cookies to allow you to view our website, to make it work properly and manage your reservations. Technical cookies are essential for the proper functioning of our site.
- Commercial cookies and marketing; we use our and third-party cookies to insert personalized advertising on our website.
Updated on 25th May 2018, under EU Regulations 2016/679.