With this document, CDB Osticcio Hotel provides you, in accordance with Articles 13 and 14 of the European Regulation No. 2016/679 on the protection of individuals with regard to the processing of personal data (hereinafter “GDPR”), with certain information regarding the use of the website https://www.hotelsinmontalcino.com/ (hereinafter only “Site”) and any processing of personal data related to it.
- DATA PROCESSED AND NATURE OF PROVISION
2.1 Data collected during the use of the Website.
Personal data may be used to identify or contact you, as well as to provide better services to all our users.
Automatically collected data
The computer systems and software procedures used to operate the website and all applications CDB Osticcio Hotel acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but could, by its very nature, allow users to be identified through processing and association with data held by third parties. This category of data includes the IP address or domain name of the device used, the operating system, the model and brand of the device, the telephone operator, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computing environment of your device. This data is used to process anonymous statistics on the use of the website and to check that it is working properly.
Data provided voluntarily by the user
If you choose to interact with any forms on the site or contact us via email, you may have to submit and/or provide some personal information, necessary to identify you and/or to fulfill your requests. For example, information you may be asked to provide are: first and last name, e-mail address, and type of request.
You are responsible for the accuracy of the personal information sent/provided to CDB Osticcio Hotel.
2.2 Data submission
Apart from what is specified for navigation data, the user is free to provide his/her personal data. However, not providing them may make it impossible to obtain what has been requested.
- PURPOSE OF PROCESSING AND LEGAL BASIS
3.1 Your data will be processed:
- To enable you to use the functions made available by the site;
- To respond to your possible requests;
- for the technical management of the site services;
- to exercise the rights of the Data Controller;
- to define and confirm your reservation, at our facility. Various activities associated with this purpose are possible, such as: to facilitate your accommodation and lodging; to provide you with any additional services you request and offered by Our facility; to handle Your eventual requests or special needs; to process payments; to manage compliance with applicable regulations; and other.
Other purposes may be indicated in disclosures related to the use of specific services.
3.2 The legal bases of the processing
In relation to purposes 3.1.a and 3.1.b, the legal basis of processing is the performance of a contract to which the data subject is a party and/or the execution of pre-contractual measures taken at the request of the data subject.
For purposes 3.1.c and 3.1.d, the legal basis for processing is the legitimate interest of the Data Controller in the proper administration of the systems, as well as in exercising and defending its rights.
For purposes 3.1.e, the execution of a contract to which the data subject is a party and/or the execution of pre-contractual measures taken at his or her request as well as the fulfillment of legal obligations arising from the finalization of his or her reservation.
- RETENTION PERIOD
Your data will be processed for the time necessary to achieve the purposes listed above as well as – where necessary – for the period required by law.
Once the above retention periods have expired, your personal data will be destroyed, deleted or anonymized, in accordance with the technical procedures for deletion and backup.
- METHODS OF PROCESSING AND THEIR USE
The data will be processed, respecting the necessary security and confidentiality, collected and recorded for determined, explicit and legitimate purposes.
All processing of data shall be based on the principles of fairness, lawfulness and transparency and may be carried out either manually or by automated means and shall be carried out by means of appropriate technical and organizational measures, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, unlawful use, as well as by reasonable measures to delete or rectify any inaccurate data in a timely manner.
- RECIPIENTS OF DATA
Personal data provided will be processed by designated, appropriately trained personnel operating under the authority and responsibility of the Data Controller. Personal data may also be processed by third parties who provide instrumental services, including communication services, electronic mail, hosting and maintenance of the site and other service providers inherent to the purposes mentioned above. Only the data strictly necessary for the performance of the relevant functions will be communicated to the above-mentioned subjects.
An updated list of all recipients is available at the Data Controller’s office and will be provided upon request by the data subject by writing to the following e-mail address: firstname.lastname@example.org.
- YOUR RIGHTS
In relation to the data itself, you may exercise at any time the rights provided by CHAPTER III of the GDPR.
In particular, you have the right to request access to the data relating to you from the Data Controller, their rectification or erasure, the integration of incomplete data, the restriction of processing; to receive the data in a structured, commonly used and machine-readable format; to object in whole or in part to the use of the data, as well as to exercise the other rights recognized by the applicable regulations. You may exercise your rights by writing to the contact details below.
In accordance with Article 77 of the GDPR, you also have the right to complain to the Data Protection Authority if you think that the processing violates the above-mentioned Regulations.
At the following link: https://www.hotelsinmontalcino.com/cookie-policy/ you can find all the information about the cookies installed through this site, as well as the necessary guidance on how to manage your preferences in this regard.
- CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller of your personal data is SI Montalcino Hotel – CDB Osticcio Hotel S.r.l., Loc. Castiglion del Bosco c/o Borgo S.n.c. 53024 Montalcino (SI). E-mail: email@example.com
Latest update: December 2022