Privacy
This notice applies exclusively to this website.
Privacy Policy pursuant to Legislative Decree No. 196 of June 30, 2003, and Regulation (EU) No. 2016/679 (GDPR) and subsequent amendments.
The EU Regulation 2016/679 (GDPR – General Data Protection Regulation) provides protection for individuals and others with respect to the processing of personal data, which must be based on the principles of fairness, lawfulness, transparency, and the protection of privacy and personal rights.
The confidentiality, protection, and security of the processed data are of particular importance, which is why Hotel San Giorgio pays utmost attention to the protection of your personal data. When we collect, process, and store personal data, we comply with all legal requirements, particularly the provisions of the EU Data Protection Regulation (Regulation (EU) 2016/679 “GDPR”) and all applicable personal data protection laws.
1 - DATA CONTROLLER
Hotel San Giorgio di Salsedine Srl, based at Viale Carducci, 298 Cesenatico (FC), VAT number 04455830408; email: info@hotelsangiorgio.it;
You can send any questions or requests regarding your personal data and privacy compliance through the contacts provided in this notice.
We inform you that the Personal Data you provide through this site will be processed, in particular, by Èdita Srl (marketing agency and web agency) as the Data Processor (“Processor”) on behalf of the Data Controller. For more details, see section 9) of this policy.
2 - DATA SUBJECTS
The categories of data subjects are the website users who use the services available on this website.
3 - LEGAL BASIS FOR PROCESSING
The personal data processed on this website are processed based on the following legal grounds:
- Execution of contractual/pre-contractual measures
- Legal obligations
- Legitimate interest
- Consent
4 - PURPOSES OF PROCESSING
The personal data collected through this website are processed for the following purposes:
A – Request for a quote and information: The personal data provided by filling out the request form for a quote, offers, pricing, and information requests (e.g., via email, phone contact, etc.) are processed in order to satisfy and/or fulfill the request. The data is mandatory, and without it, we will not be able to finalize your request.
The legal basis for this data processing is contractual and pre-contractual obligations; legitimate interest; consent, in the case of special/sensitive data being provided, such as health data, ethnicity or religious origin, etc.
These types of special data can also be processed to:
- Fulfill legal obligations, regulations, national and community laws, and provisions issued by authorities authorized by law;
- Verify, exercise, and/or defend a right in court;
- Gain knowledge of health-related data, such as food intolerances, allergies, temporary or permanent disabilities of you and/or your family members or companions.
If the data subject communicates sensitive categories of data (e.g., health data, etc.) through contact forms (or other free text fields), portals, or through phone or email contact, these statements represent a free, specific, informed, and unequivocal manifestation of the data subject's consent for the processing of personal data.
If the user provides personal data of third parties, they must ensure that these third parties are aware of and adequately informed of this privacy policy and have consented to the processing.
B – Commercial/Marketing: With consent, personal data entered on this website will also be collected for commercial and marketing purposes, through the sending of emails/newsletters, to update you on new initiatives, events, promotions, offers, and other promotional material. The newsletter service is performed using dedicated software. The legal basis is consent, and processing will continue until consent is revoked by the data subject.
C – External platform links: This website may contain links to external platforms (social media links or links to associated structure websites). In these cases, data is processed to enable publications, interactions, reviews, and comments via social networks or other external platforms. Interactions and information gathered from this website are subject to the privacy settings of the user’s social network accounts. Once leaving this website, the user is redirected to a third-party website or application and is no longer subject to this privacy notice.
D – Administrative/Tax Purposes: The personal data collected on this website are intended for the administration, accounting, and tax activities related to the requested service. The legal basis for this processing is legal obligation.
The consent provided can be revoked at any time in the same manner as it was given, by contacting us using the details provided in this notice, without affecting the lawfulness of the processing based on consent before its revocation.
Providing data for purposes A) and D) is mandatory; failure to provide personal data will prevent us from performing the requested services and fulfilling the users' requests.
Providing consent for purposes B) and C) is not mandatory; failure to give consent will not affect other requested services.
5 - COLLECTED DATA
The use of this website is restricted to visitors who are over 18 years of age; they explicitly agree to this privacy policy as described in the methods and purposes outlined.
The categories of data that may be collected include:
- Common personal data (e.g., name, surname, date and place of birth, email address, phone number, residential address)
- Special/sensitive personal data (e.g., health data, ethnic and religious origin, and other categories of sensitive data)
It is possible that some data, in addition to those necessary for the functioning of the site, may be used solely for generating anonymous statistical information about site usage and to ensure proper functionality; specifically, reference is made to the cookie policy.
6 - AUTOMATED DECISION-MAKING AND PROFILING
The Data Controller informs that the personal data provided by users for the purposes listed in section 4) of this policy will not be processed through fully automated decision-making processes; however, they may be subject to profiling related to the choices made and the type of service requested. For information on the processing of browsing data on this website, refer to the specific cookie policy.
7 - PROCESSING METHODS
Personal data will be processed by acquiring documents electronically (also through data entry into software/management systems) and/or in paper form, using IT and manual methods that ensure confidentiality and security. The data are collected according to the guidelines of the relevant legislation, particularly with regard to security measures outlined in the GDPR (Art. 32), aimed at ensuring data security and confidentiality.
8 - DATA RETENTION PERIOD
Personal data will be retained for no longer than necessary to achieve the purposes for which they were collected and subsequently processed, and may be kept for a longer period:
- Until the completion of the purposes in question and also later for compliance with legal obligations;
- Within the time limits set by applicable regulations, including fiscal/administrative data retention requirements;
- For the period necessary to protect the data subject’s rights in case of disputes related to service provision.
Consent given may be revoked at any time, following procedures similar to those used to grant consent, by contacting the Data Controller at the details provided in this notice.
9 - DATA COMMUNICATION
The data provided will be processed under the authority of the Data Controller and by personnel/collaborators appointed by the Data Controller; by Data Processors and/or Sub-processors chosen based on specific regulatory requirements. For example, the data may be processed by:
- The Data Controller and partners;
- Authorized personnel/collaborators;
- Data Processors and Sub-processors duly appointed;
- Èdita Srl (marketing agency and web agency), Data Processor on behalf of the Data Controller for website management and web marketing activities;
- Associated accommodation structures, such as hotels and residences, receiving specific requests through the website forms.
10 - USER RIGHTS
Under Regulation (EU) 679/2016 (GDPR) and national legislation, the User can exercise the following rights (Articles 15 to 22 of the GDPR):
- Request confirmation of the existence of personal data concerning them (right of access);
- Know its origin;
- Receive intelligible communication;
- Obtain information about the logic, methods, and purposes of processing;
- Request updates, corrections, limitation, integration, deletion, transformation into anonymous form, or blocking of data processed unlawfully, including those no longer necessary for the purposes for which they were collected;
- In cases where processing is based on consent, receive their data in a structured, readable format commonly used by electronic devices.
11 - DATA TRANSFER
Your data may also be transferred to countries outside the EU; if necessary, this transfer will be based on an adequacy decision or through Standard Contractual Clauses (EU SCCs) or Binding Corporate Rules.
12 - CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to modify this privacy policy at any time.
Changes and clarifications will take effect immediately after publication on the website. Users are encouraged to periodically check this notice to verify any changes.