The ower of this website its commitment and attention to personal data processing, relative to users of the website by adopting a personal data confidentiality policy that complies with Regulation (EU) 2016/679 (henceforth referred to as “GDPR”), on natural persons protection with regard to personal data processing and also the regulation of the code relative to personal data protection (“Privacy Code”), contained in Legislative Decree No. 196 dated 30 June 2003.
This page describes methods for processing personal data of website users, through a specific disclosure that is made, pursuant to article 13 of the GDPR and of Privacy Code, to every users of web services provided by the website, electronically accessible from the official home page of the website.
The information solely applies to the website and not to other websites eventually possibly consulted by the user through links accessible from the site.
The information can be modified due to the introduction of new rules in this regard, so we invite you to check this page periodically.
If the user is under the age of 16, pursuant to article 8, c.1 EU regulation 2016/679, he / she must legitimize his / her consent through the authorization of his / her parents or guardians.
DATA CONTROLLER AND DATA PROCESSOR
Visiting this site may result into the processing of data concerning identified or identifiable persons. The data controller and the data processor is the ower of this website.
PLACE WHERE DATA IS PROCESSED
The processing operations related to the web-based services that are made available via this website are carried out at the aforementioned office of the ower of this wbsite. The personal data obtained from the users who submit hotel reservation requests or through informative material (informative notes, newsletters, registration, etc) is used only to carry out the services or assistance requested and is not transmitted to third parties, except in the following possible cases:
Business partners of the ower of this website transmits the data exclusively in order to avoid on-line reservations;
Persons, companies or professional offices who lend assistance and consulting services to ower of this website concerning accounting, administrative, legal, financial and tax matters;
Subjects who are authorized to have access to the data by law or through requests by the authorities;
CATEGORIES OF PROCESSED DATA
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties.
This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.
These data are only used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the website.
Data Provided Voluntarily by Users
Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender's address, which is necessary in order to reply to any request, as well as of such additional personal data as is contained in the messages. Data will be retained only for reservations, registration request to send the newsletters and or special offers, and will not be disclosed to anyone. Specific summary information notices will be shown and/or displayed on the pages that are used for providing services on demand. The personal information regarding the individual who visited the website is not collected or used. The visitors remain anonymous. The only exception to this rule concerns the information for personal identification needed to fulfill the contractual obligations of reservations on behalf of the user.
In the event of reservations made through the website, the user must provide his name, address, telephone number and information regarding the payment manners and credit card used. Grand Hotel Palace will use said information only to process the reservations and to send specific information, which is relevant to the confirmation of said, such as a receipt, the reservation code and the conditions. The information provided will not be used for marketing purposes and will not be sold, transmitted, given by contract or sent to third parties an any way. In any event, the
administrator of the website guarantees the use of scrupulous procedures in order to protect the navigational data and the use of particular precautions to protect the data pertaining to the credit card, which is provided during on-line reservations.
Personal data is processed with automated means for no longer than is necessary to achieve the purposes for which it has been collected. Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation.
DATA SUBJECTS' RIGHTS
Data subjects are entitled at any time to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy, or else request that such data be supplemented, updated or rectified (Section 7 of Legislative Decree no. 196/2003). The above Section also provides for the right to request erasure, anonymisation or blocking of any data that is processed in breach of the law as well as to object in all cases, on legitimate grounds, to processing of the data. All requests should be emailed to or sent to ower address.