Privacy Policy
PURSUANT TO ART. 13 OF THE “PERSONAL DATA PROTECTION CODE” (“Privacy Policy”).
Dear Guest,
here below we provide you with the information regarding the processing of your personal data and their free circulation which will be carried out by IL RASTRELLO SRL with headquarters in VIA ANTONIO GROSSI 10, 06064 PANICALE (PG), C.F. and VAT number 03623100546 (hereinafter simply the “Rastrello”), in relation to the services offered by the same and this in the application of the provisions of art. 13 of the “Italian code regarding the protection of personal data” introduced by Legislative Decree 30/6/2003 No. 196 (repeal of law 675/96) and subsequent additions.
Rastrello in its capacity as Data Controller of personal data has the obligation to provide you with all the information relating to the purpose and method of processing your personal data, the indication of the subjects to whom your data could be communicated, and all the rights that the law recognizes in relation to the management of personal data by the Data Controller. Therefore, we invite you to take note of the information contained therein and express your consent to the processing by signing this information.
A- Holders of the treatment
Independent owner of the processing of personal data communicated by you at the Il Rastrello facility and during your stay at the same is: IL RASTRELLO SRL.
B- Categories of personal data and Source of personal data.
The personal data held by IL RASTRELLO accommodation facility are collected directly from customers and are treated in compliance with current legislation. After the entry into force of the Gasparri Decree and the new rules on anti-terrorism (ART.7 DL 27.7.2005, N.144 converted into Law 31.7.2005, n.155 and subsequent amendments), the accommodation operators are obliged to identify their Guests. In particular, the personal data that the Company collects are name, surname, residence/domicile, copy of identity document, email, landline and/or mobile phone number, tax code and/or VAT number, room type, any third parties and/or children, even minors, with whom the stay will be shared (hereinafter the “Data”).
The processing of the aforementioned Data by the Data Controller could also concern – subject to your express consent – data relating to your health (e.g. physical handicap, for which a particular type of room is requested when booking). In these hypotheses, we guarantee that the processing will take place limited to the data and operations essential to fulfill the obligations, including pre contractual ones, relating to the provision of the Services, within the limits of the services and services requested by you during the booking phase or during the stay at our facility.
C. Purpose and legal basis of the processing
The data will be processed in strict compliance with the provisions of the law, according to the principles of lawfulness and correctness and in compliance with the right to privacy. The Data will be processed for the correct fulfillment of contractual and/or legal obligations in order to implement the Services offered by our Hotel. Furthermore, your Data will be processed to fulfill the obligation set forth in the “Consolidated text of public safety laws” (article 109 of Royal Decree 18.6.1931 n. 773) which requires the personal details of the residents to be communicated to the Police Headquarters (Questura) for public safety purposes according to the methods established by the Ministry of the Interior. The data acquired for this purpose will not be stored at the accommodation facility, unless the resident provides specific authorization.
The provision of data for the purposes highlighted above is necessary for the provision of hotel services and to fulfill public safety purposes. In this regard, there is an obligation to provide such Data for the achievement of the aforementioned purpose; their missing, partial or incorrect conferment could have as a consequence the impossibility of providing the Services requested by you and therefore the impossibility of hosting you at our accommodation facility.
Video surveillance solely on-premises of VIA ANTONIO GROSSI 10, 06064 PANICALE -PG ITALY: for the purpose of protecting people, property, and corporate assets through a video surveillance system of some areas of the structure. The processing falls within the scope of legitimate interest in the protection of people and property with respect to acts of vandalism,
Mod.05 Privacy – Rev.02 – June 2019 thefts, robberies, assaults, damages and for fire prevention and occupational safety purposes by part of the Company art. 6 paragraph 1 lett. f EU Reg. 679/2016 for which your consent is not required. The recorded images are deleted after 24 hours, except for holidays or other cases of closure of the business and in any case no later than 7 days as required by law. They are not communicated to third parties except in the case in which it is necessary to adhere to a specific investigative request from the judicial authority or judicial police.
D. Methods of Treatment
The processing of personal data will take place using paper, IT or telematic tools and with adequate security measures to guarantee the security and confidentiality of your personal data. The data will be processed by personnel and collaborators of the Company and/or by external subjects duly designated contractually as managers and persons in charge of processing.
E. Data communication
Personal data may be transferred and processed by other subjects, in their capacity as authorized, responsible or independent data controllers; they will also be accessible – for the same purposes for which the collection is made – to data processors belonging, by way of example, to the following categories: appointees, data processors, accounting consultants, legal consultants, banks, insurance companies, the Rastrello infrastructure, internet and e-mail service supply companies, police forces, etc.
The Data will in no case be subject to public dissemination. For the performance of most of its hospitality business il Rastrello can turn to external companies for carrying out the work necessary for the execution of all or some orders received from customers for specific needs. This also applies to the performance of services specific to the activity (e.g. breakfast), delegating them to external structures. Or finally for the management of payment services, credit cards, credit recovery, as well as fraud control and risk detection.
F. Transfer of Personal Data
The data may be transferred to countries of the European Union and to third countries with respect to the European Union if this proves necessary to be able to fulfill the obligations assumed or to achieve the purposes of the processing.
G. Storage Period
The Data collected and processed by the Data Controller to implement the Hotel Services may be kept for the period of limitation established by the applicable regulatory provisions, including fiscal ones.
H. Contact details
You can contact Rastrello to assert the rights listed above by writing to the e-mail address info@rastrello.com and/or by sending a communication to the address VIA ANTONIO GROSSI 10, 06064 PANICALE -PG- ITALY.
What are your rights? You will be able to: (I) obtain confirmation of the existence or not of personal data concerning you; (II) know the purposes of the processing and the methods, the recipients of such data, and the retention period; (III) obtain the rectification or cancellation, and where applicable, the limitation of the treatment; (IV) object to the treatment; (V) where applicable,
receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you
provided to the Hotel and transmit such data to another data controller without impediments. The interested party can exercise his rights by contacting the Data Controller directly. If the interested party believes that the rights he enjoys on the basis of the Privacy legislation have been violated, he can lodge a complaint with the Privacy Guarantor – www.garanteprivacy.it.
I – Sensitive data
It may also happen that, in relation to specific operations or products and services requested by the customer, the Hotel comes into possession of data that the law defines as “sensitive”. In fact, they could infer from them whether the customer belongs to associations, confessions, political parties, or information on the state of health.
L – Activities for which it is NOT possible to refuse consent
Personal data is processed as part of the normal accommodation business and for various purposes. Those mandatory strictly connected data and instrumental to the management of customer relations. Three of these are the acquisition of information preliminary to the conclusion of a contract, execution of operations on the basis of the obligations deriving from the contract concluded with customers, debt collection, etc.). Both those mandatory by laws, regulations and community regulations (anti-terrorism laws, anti-money laundering laws, etc.) or instructions given by authorities legitimated by the law and by supervisory and control bodies.
M – Activities you can opt out of
Of a different nature are those functional to the accommodation business for which the interested party instead has the right to refuse consent. The detection of the degree of customer satisfaction on the quality of the services rendered and on the activity carried out by the accommodation facility. This can take place directly or through specialized companies with personal or telephone interviews, questionnaires, etc. These include the promotion and sale of products and services, including those of third-party companies, carried out through letters, telephone, advertising material, automated communication systems, internet, and e-mail.
N – Cases in which consent is not necessary and cases in which consent can be denied Pursuant to and for the purposes of art. 24 of Legislative Decree. 196/2003, the consent of the interested party is not necessary when the data is processed to fulfill an obligation established by law, a regulation or by community legislation. It is not necessary to fulfill obligations deriving from a contract to which the interested party is a party or to fulfill specific requests from the interested
party before the conclusion of the contract. It is also not necessary when it concerns data from public registers, lists, deeds or documents that can be known by anyone, without prejudice to the limits and methods that the laws, regulations or community legislation establish for the knowledge and publicity of the data. Furthermore, it is not necessary when it concerns data relating to the performance of economic activities, processed in compliance with current legislation on corporate and industrial secrecy. Necessary for communications within the landlord for administrative and accounting purposes.
Il Rastrello accommodation facility needs to control itself and the quality of its services as well as to expand its product offering. To this end, it could communicate data relating to its customers to companies that offer this type of service, so that they can verify with the customers themselves whether the structure has met their needs and expectations or if there is a potential demand for other products or services.
However, each Guest has the right to refuse consent for these types of communication and for related treatments. He can do so by ticking the appropriate boxes on the form, which can be downloaded at the bottom of this statement. The same faculty can be exercised for the communication of data to primary external companies, in order to allow them to offer them products.