DATA PROCESSING NOTICE

We inform you that the processing of your personal data will be carried out with correctness and transparency, for lawful purposes, protecting your privacy and rights. Additionally, we provide you with the following information:

Data Controller: The data controller for the collected data is Hotel Ariadimari, located at Via Anglona 4, 07039 Valledoria (SS).

Purpose of Processing: The data controller processes personal data, and in specific situations, sensitive data (particularly health-related information related to the provision of services such as dietary intolerances or the presence of motor disabilities) communicated by you during the provision of catering and/or hotel services.

Legal Basis for Processing: Personal data and, if applicable, sensitive data are processed for the following purposes:

A)

  • Fulfilling obligations arising from the contract, including your specific needs/requests;
  • Complying with legal obligations, as well as current accounting and tax obligations;
  • Exercising the rights of the data controller, such as the right to defense in legal proceedings;

B)

Only your personal data, with your specific and separate consent (Art. 7 GDPR), for the following marketing purposes:

Sending communications and/or promotional material via email, mail and/or SMS and/or phone contacts regarding initiatives and offers promoted by the data controller.

C)

Only your personal data and information about stays, with your specific and separate consent, will be used for the purpose of analyzing and processing your habits and preferences (profiling) to send you personalized promotional information and any offers from the data controller. Your consent can always be freely changed (given or denied), in whole or in part, by sending an email with the subject “REVOKE MARKETING CONSENT” to info@ariadimari.it.

Data Processing Methods and Data Retention Period: The processing of your data is carried out through the operations specified in Art. 4 no. 2) GDPR, including collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data is subject to both paper and electronic and/or automated processing.

The data controller will process personal data for the time necessary to fulfill the purposes mentioned above, not exceeding ten years from the termination of the service relationship for service purposes and not exceeding five years from the data collection for marketing purposes. The data controller will process sensitive data for the time necessary to fulfill the purposes mentioned above, not exceeding 30 days from the end of the stay, unless specific situations require the need to keep such data for a longer period (for example, in the presence of tax exemptions related to disability status).

Data Access: Your data may be made accessible for the purposes of Art. 2. A), 2.B), and 2.C) to:

  • Employees and collaborators of the data controller, in their capacity as subjects authorized to process and/or responsible for processing and/or system administrators. All appointed individuals will exclusively carry out processing operations on behalf of the data controller and/or the responsible party, within the limits, forms, and methods expressly indicated in their respective appointment acts.
  • Third-party companies or other entities (such as professional studios, consultants, insurance companies, service companies, etc.) that perform outsourcing activities on behalf of the data controller, acting as external data processors.

Nature of Data Provision and Consequences of Refusal to Respond: The provision of data for the purposes of Art. 2.A) is mandatory. Without it, we cannot guarantee the services mentioned in Art. 2.A). The provision of data for the purposes of Art. 2.B) and 2.C) is optional. You can decide not to provide any data or deny the possibility of processing data already provided later. In this case, you will not receive newsletters, commercial communications, and advertising material related to the services offered by the data controller. You will, however, continue to have the right to the services mentioned in Art. 2.A).

Data Communication: Without the need for explicit consent (according to Art. 6 letters b) and c) GDPR), the data controller may communicate your data for the purposes of Art. 2.A) to control authorities and judicial authorities, as well as to those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data as autonomous data controllers, and the list of data controllers in outsourcing, which the undersigned relies on, is available at any time at the company’s headquarters.

Your data will not be disclosed and will not be transferred to non-EU countries or international organizations.

Rights of the Data Subject and Exercise Modalities: As the data subject, you have the rights specified in Art. 15 GDPR, including the right to request and obtain confirmation from the data controller – without “undue delay” – of whether or not personal data concerning you is being processed. You also have the right to request information about the purposes of the processing, the categories of personal data involved, the recipients or categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing, and the right to object to such processing. Additionally, you have the right to update, integrate, delete, transform into anonymous form, or block data processed in violation of the law. The data controller has the right to object, for legitimate reasons, to the processing of data.

If applicable, you also have the rights specified in Art. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the supervisory authority. You can exercise these rights at any time by sending an email to info@ariadimari.it.

Site Security Measures: Specific security measures have been adopted for the management of the site to ensure secure access and protect information contained in the reserved area from risks such as accidental loss or destruction of data, unauthorized access, or processing not allowed or not in line with the purposes of the collection.

The antivirus software is automatically updated. Customers are provided with an identification code and a password for access to the reserved area of the site. These are assigned and communicated confidentially to the person designated by the customer, if an entity or company, or to the customer himself/herself, if an individual. The user is required to keep the identification code and password confidential.