Privacy policy
In accordance with the current legislation on the protection of personal data (EU Regulation No. 679 of 2016), we wish to inform you that the processing of your personal data is carried out fairly and transparently, for legitimate purposes, while protecting your confidentiality and rights.
The processing is also carried out using information technology means for the following purposes:
To acquire and confirm your reservation of accommodation and additional services, and to provide the requested services. Since these processing activities are necessary for the definition and execution of the contractual agreement, your consent is not required, unless you provide sensitive data. If you refuse to provide your personal data, we will not be able to confirm your reservation or provide the requested services. The processing will cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and methods indicated in the following points;
To fulfill the obligation provided by the "Public Security Consolidation Act" (article 109 R.D. 18.6.1931 n. 773), which requires us to communicate to the Police Headquarters, for public security purposes, the personal information of guests staying with us, as established by the Ministry of the Interior (Decree 7 January 2013). The provision of data is mandatory and does not require your consent, and in case of refusal to provide them, we will not be able to accommodate you in our facility. The data acquired for this purpose is not stored by us, unless you give consent to such storage as specified in point 4;
To fulfill current administrative, accounting, and tax obligations. For these purposes, the processing is carried out without the need to acquire your consent. The data is processed by us and our appointees and is only communicated externally to comply with legal obligations. If you refuse to provide the data necessary for the above obligations, we will not be able to provide the requested services. The data acquired for these purposes will be stored by us for the time provided for by the respective regulations (10 years and even more in the case of tax audits).
Sharing of Data:
• Other service providers: We use service companies to manage your data on our behalf. Such management is for the purposes described in this statement, such as managing payment for reservations. These service providers are bound by confidentiality agreements and are not authorized to use your personal data for other purposes.
• Competent authorities: We share personal data with law enforcement and other government authorities when required by law or if absolutely necessary for the detection, prevention, or prosecution of fraud or crimes.
International Data Transfer:
The transmission of personal data as described in this statement may involve the international transfer of information to countries where data protection laws are not as detailed as those within the European Union. Where required by European law, we will transfer personal data only to entities that offer an adequate level of data protection. In these situations, we will enter into contractual agreements to ensure that your personal data is protected according to European standards. You can request a copy of these agreements using the contact information below.
As an interested party, you have the right to exercise your rights with the data controller at any time by contacting D'Apuzzo Holding srl at Largo della Fontanella di Borghese, 19. Whatsapp: +39 320 367 9495 Mail [email protected]. To ensure the proper exercise of your rights, you must be unmistakably identifiable. The company undertakes to provide a response within 30 days, and in the event of impossibility to meet these deadlines, to justify any extension of the prescribed terms. The response will be provided free of charge unless the request is unfounded (e.g., no data concerning the requesting party) or excessive (e.g., repetitive over time) for which a contribution not exceeding the actual costs incurred for the research in the specific case may be charged. The rights concerning personal data concerning deceased persons may be exercised by those with their own interest or acting to protect the interested party or for family reasons deserving protection.
Furthermore, you have the right to lodge a complaint with the supervisory authority and to withdraw your consent.
In the event of a data breach suffered by the company (Data Breach), in compliance with Article 33 of the GDPR, the data controller will notify the competent supervisory authority within 72 hours from the moment the incident is discovered and will also inform the data subject unless excluded by the provisions of Article 34, paragraph 3 of the GDPR.
As the interested party, you have the right to obtain information about:
• the origin of personal data;
• the categories of data processed;
• the purposes and methods of processing;
• the period of storage of personal data;
• the logic applied in case of processing carried out with the aid of electronic instruments;
• the identification details of the Data Controller;
• the subjects and categories of subjects to whom personal data may be communicated or who may become aware of it as Data Processors or Persons in charge, even in Third Countries;
• the existence of the profiling process.
As the interested party, you have the right to obtain:
• confirmation of the existence or otherwise of personal data concerning you and that such data is made available in an intelligible form;
• updating, rectification, integration of data, and limitation;
• erasure (right to be forgotten), anonymization, or blocking of data processed in violation of the law (including those for which storage is not necessary in relation to the purposes for which they were collected or subsequently processed);
• attestation that the operations referred to above have been brought to the attention of those to whom the data has been communicated or disseminated, except where this fulfillment proves impossible or involves a use of means manifestly disproportionate to the right protected by the company;
• data portability (direct transmission from one data controller to another);
• a copy of the data undergoing processing.
As the interested party, you have the right to object to:
• the processing of personal data concerning you, including profiling, for legitimate reasons, even if they are relevant to the purpose of collection;
• the processing of personal data concerning you for the purposes of sending advertising material, direct sales, carrying out market research, commercial communications;
• the processing of data processed for scientific or historical research or statistical purposes unless in the case of public interest in processing.
Read, undersigned, and approved.