Hotel Abano Ritz Terme

S.I.R.A. S.r.l.

Via Monteortone 19 - 35031 Abano Terme (PD) - Italia

P.I. e C.F.  00333440287




PRIVACY NOTICE PURSUANT TO NEW EU REGULATION 2016/679

PRIVACY OF DATA COLLECTED FROM DATA SUBJECT Privacy notice pursuant to and for the effects of art. 13-14, EU Reg. 2016/679 (European Regulation on the protection of personal data)


We wish to inform you that the new EU Reg. 2016/679 "European Regulation on the Protection of Personal Data" provides for the protection of persons and other entities and respect for the processing of personal data. Pursuant to articles 13 and 14, we therefore provide you with the following information:



DATA CONTROLLER is ABANO RITZ S.I.R.A. S.r.l., e-mail: abanoritz@abanoritz.it 

DATA PROCESSOR is Mrs. IDA POLETTO, e-mail: abanoritz@abanoritz.it

DPO internal Data Protection Officer to whom reference may be made is Mrs. IDA POLETTO,

e-mail: ida.poletto@abanoritz.it or abanoritz@abanoritz.it


1. Purpose, legal basis of data processing

The processing of the personal data provided by you is aimed solely at fulfilling contractual obligations and fulfilling your specific requests, as well as fulfilling regulatory obligations, especially accounting and tax obligations. For the purposes of the aforementioned processing, the data controller may become aware of data defined as "sensitive" in accordance with EU Regulation 2016/679.


2. Processing methods

In relation to the purposes indicated above, your data are processed using electronic and paper media. The processing  operations are carried out in such a way as to ensure the logical and physical security and confidentiality of your personal  data.


3. Legitimate interests pursued by the data controller or third parties

In relation to the purposes indicated above, your data are processed in order to pursue legitimate interests provided for by civil and tax law related to contractual obligations in order to fulfil your specific requests.


4. Nature of the personal data

Processing refers to your personal and sensitive data relating to the performance of the service requested by you. During the provision of the service it may be necessary to acquire and carry out operations of processing of your sensitive personal data, e.g., regarding medical  treatments to be performed. You are therefore requested to give your Y/N consent in writing on a form provided for this purpose.


5. Mandatory or optional nature of providing personal data

The provision of your personal and sensitive data is not mandatory, but any refusal could make it impossible or extremely difficult to provide The services you requested.


6. Scope of communication and dissemination of data 

Your data may be communicated to:

     - our collaborators, employees, as part of their duties;

     - to all those natural persons and/or legal entities, public and/or private when the communication is necessary or functional to the carrying out of our business activity and in the ways and for the purposes indicated above.


7. Transfer of personal data to a third country

To fulfil the contractual obligations and specific requests, the transfer is not envisaged of your personal data to a third country.


8. Personal data storage procedures and duration

The documentation provided by you containing the data defined as personal and the data defined as "sensitive" will be kept in paper and computer format. The duration of storage is correlated to the required period of 5 years provided for by fiscal regulations and 10 years provided for by civil law. Storage may, therefore, extend, as provided by law, for a period of time not exceeding that strictly necessary to achieve the purposes for which the data are processed.


Cookies

The cookies are small text files stored in the user’s PC. Our site uses either the ID session cookies (temporary) or persistent cookies. The ID session cookies vanish permanently once the browser is closed. The persistent cookie files remain in the hard disk of the computer if not manually deleted by the user.

The Site uses the cookies for various purposes. For instance, the cookies are used to automatically recognise if the user has been previously connected to the Site. Furthermore, they are used to trace the user’s navigation course and to understand better the way the Site is being used.

The majority of Internet users accept automatically the cookies, but if they prefer to block them, they can do this by reconfiguring their browser protection. However, if choosing this last option, they might meet some obstacles in their attempt to access some sections of the Site. 

When the user visits the Site, information are gathered on the computer and a cookie is sent to the User’s Computer. These data are not supplied by the user, but automatically picked to the purpose of backing up Their visit to our Site. 
If the user doesn’t sign up to the Site, the personal data collected will be limited. We will collect the user’s IP address so as to single out potential problems connected to our server, administer the Site and compile statistics of use. 

Anyhow, unless the user decides to register, the cookie will not have access to information that allows us to identify him/her. In fact, the cookies are not used to acquire information present on the hard disk and cannot pick information by other cookies present on the user’s computer and derived from other sites. We make use of cookies with the aim to understand how the users use our Site and of how this can be improved.

In any case it will be extremely difficult to identify the user beginning only from the IP address and no attempt will be made in this way.

Once the user has registered to the Site, the personal information of the user is associated to the Cookie and remains in the User’s computer if not deleted manually.


Registration LogFile

As with the majority of servers, we use logfiles. The log files include IP addresses, the type of server, the ISP, the reference and exit pages, the type of platform, the time data (date/hour), and the number of clicks. These files are useful to analyse the tendencies, run the site, trace the navigation course, diagnose the server problems and collect general demographic information on the use of the aggregated IP. The addresses and all the other registration data are not connected to identifiable or retraceable personal information.




Rights of the data subject


7.1   Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679

The data subject is entitled to obtain from the data controller confirmation of whether or not the processing of personal data concerning it is in progress and, if it is, to obtain access to the personal data and to the following information:

  a)   the purposes of processing;

  b)   the categories of personal data concerned;

  c)   the recipients or categories of recipients to whom the personal data have been or will be disclosed;

  d)  the envisaged storage period of the personal data or, if that is not possible, the criteria used to determine such period;

  e)  the existence of the right of the data subject to ask the data controller to rectify or erase the personal data or to limit the processing of the personal data relating to it or to object to their processing;

  f)   the right to lodge a complaint with a supervisory authority;(h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the importance and the expected consequences of such processing for the data subject.


7.2   Right under art. 17 of EU Reg. 2016/679 – right to erasure («right to be forgotten»)

The data subject has the right to obtain from the data controller the erasure of the personal data concerning it without undue delay and the data controller has the obligation to erase the personal data without undue delay, on one of the following ground:

  a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  b) the data subject withdraws the consent on which the processing is based in accordance with article 6, paragraph 1, letter a). or article 9, paragraph 2, letter a), and if there is no other legal basis for the processing;

  c)   the data subject objects to the processing referred to in article 21 par. 1 and there is no overriding legitimate reason for the processing, or objects to processing pursuant to article 21, paragraph 2;

  d)   the personal data have been processed unlawfully;

  e)   the personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the data controller is subject;

  f)   the personal data have been collected in relation to the provision of information company services as referred to in article 8, paragraph 1 of EU Regulation 2016/679.


7.3   Right under art. 18 Right to restriction of processing

The data subject is entitled to obtain the restriction of processing from the data controller when one of the following cases occurs:

  a)  the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

  b)  processing is unlawful and the data subject objects to the erasure of personal data and requests instead that the use of such data be restricted;

  c)  although the data controller no longer needs them for processing purposes, the personal data are needed by the data subject to ascertain, exercise or defend a right in court;

  d)  the data subject has objected to processing pursuant to article 21, paragraph 1, of EU Reg. 2016/679 pending verification of whether the legitimate reasons of the data controller prevail over those of the data subject.


7.4   Right under art. 20 Right to data portability

The data subject is entitled to receive in a structured format, commonly used and readable by automatic device the personal data concerning it provided to a data controller and is entitled to send such data to another data controller without hindrance from the data controller.


7.5   Revocation of processing consent

You are entitled to revoke your consent to the processing of your personal data by sending a registered letter with recorded delivery to the following address: Hotel Abano Ritz S.I.R.A. S.r.l .- Via Monteortone 19 - 35031 Abano Terme (PD) - Italy at the certified e-mail abanoritz@pec.it  accompanied by a photocopy of your identity document, with the following text: <<withdrawal of consent to the processing of all my personal data>>. Following receipt of your revocation request, your personal data will be removed from the archives as soon as possible; at the end of the operation, such removal will be confirmed to you.

If you require more information on the processing of your personal data, or wish to exercise the rights referred to in par. 7 above, you can send a registered letter with recorded delivery to the following address: Hotel Abano Ritz S.I.R.A. S.r.l.- Via Monteortone 19 - 35031 Abano Terme (PD) - Italy or to the certified email address  abanoritz@pec.it. Before any information can be given to you or amended, you will be asked for further confirmation in order to verify your identity. A reply will be forthcoming just as soon as possible.


Yours sincerely

The DATA CONTROLLER

ABANO RITZ  S.I.R.A. S.r.l.





PARTNERS
REVIEW

AbanoRitz

AbanoRitz Spa Wellfeeling Resort Italy - Abano Terme, Padova - Via Monteortone, 19
Tel. +39 049 8633100 - Fax +39 049 667549 - Direct booking +39 049 8633444 / 5
E-mail: abanoritz@abanoritz.it - Skype address: Abanoritz
S.I.R.A. Srl - P.Iva 00333440287

Home  /   Soggiorna  /   Degusta  /   Rigenerati  /   Scopri  /   Download

Facebook Twitter Instagram Google+

Copyright © 2016 Inartis    Privacy policy  -   Condizioni di utilizzo  -   Dati aziendali  -   Operazione Trasparenza