INFORMATIVE NOTE AND REQUEST OF CONSENT TO PERSONAL DATA PROCESSING
art. 13 of the Regulation (UE) 2016/679
we inform you that according to art 13 of the Regulation EU 2016/679 (GDPR 2016/679) related to processing of personal data, all personal data you provide will be processed lawfully, fairly and in a transparent manner in relation to the data subject, with particular attention to integrity, in a manner that ensures appropriate security of the personal data.
The controllers of your personal data in our hotel and during your stay in it is:
-The Company, processing data as per this informative note
Purpose of data processing
Your personal data are used for the following purposes:
a.Fulfilment of the hotel contract, including the compulsory registration and the communication to the local authority of our inhouse guests data,together with compliancy with fiscal and accounting obligations
b.Data storage in our server and website to facilitate future hotel check in
c.Send communications related to services, newsletters and personalized news with material and promotional offers related to activities andservices (ie. promotion, invitation to events, etc) via straight through processes (emails). Special categories of data Data processing by THE CUBE SRL could concern – following your stated consent – also data related to your health (ie. physical handicap, for which a particular typology of room is requested at time of booking). In these cases, we assure you that the data processing will be limited to the essential operations needed to fulfil to obligations (also precontactive ones) related to hotellerie services, within the services requested at time of booking or during your stay in our hotel. Health data granting is optional, however refusing to give such information will make impossible for the society to fulfil to legal and contractual obligations Way of processing data Data processing will be automatic and /or manual, with automatic and computerized methods, in respect of security regulation indicated in art. 32 GDPR 2016/679 and carried out by processors on behalf of the controller, according to art. 29 GDPR 2016/679. The controller will apply security measures to guarantee the confidentiality of data and to avoid access to this information from third parties or no- authorized staff.
Data retention We inform you that your data retention period is established for a period of time not exceeding the terms required by law, respecting the principles of lawfulness, limit of purposes and minimization of data, according to art 5 GDPR 2016/679.
Nature of Assignment Data assignment is elective, however refusing to provide your data or the lack of approval on data processing will make impossible for INCHOTELS srl to offer in full its services.
Communication and dissemination Data will not be disseminated. In relation to purposes above, persona data could be communicated to the following addresses: -Third party consultants in charge for processing / consultancy for substitute for taxes;-Public entities that need to receive data as per law (social security office, financial office, etc)-Subsidiaries and other societies linked with THE CUBE SRL, on charge for activities such as mailing lists.
Transfer of personal data to third countries The controller does not transfer persona data to third countries; however, it reserves the right to use cloud services and in this case service suppliers will be selected among who give appropriate safeguards as per art. 46 GDPR 2016/679 Controller and DPO THE CUBE SRL is the controller, in the person of its legal representative. The list of controllers is available at the registered office of the society located in Via Reggio 51/A 43126 Parma. No DPO has been nominated.
To assert your rights and / or to request further information, please contact the Controller THECUBE SRL, registered office in Via San Michele Campagna, 25 - 43036 Fidenza – VAT nr 02822260341, mail: firstname.lastname@example.org
Rights of the Data Subject
As per art. 15-22 del GDPR 2016/679, whenever you have right to:
a)Request the confirmation of the existence of your personal data and, in case of confirmation, get access to personal data and to informationindicated in point b) that follows;
b)Have indications about purposes of data processing, data categories, addressees or addressee categories your data have been or will be communicated to (especially in case of addressees of third countries or international organizations) and when possible the period of retention;
c)Amend or cancel your data;
d)Limit the data processe)Receive your personal data you have provided to the controller, in a structured, commonly used and machine-readable format and have theright to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
f)Object at any time to the processing and also to processing for direct marketing purposes;
g)Object to automated decisional process, including profiling;
h)Get confirmation of fulfilment of what indicated in art. 19 GDPR 2016/679 at the point “The Controller”, that is the communication – to each of the addresses of the personal data – of possible amendments or cancellations or limitations of the processing according to the art. 16 DDPR 2016/679, except the case in which this fulfilment is impossible or needs an excessive effort;
i)Suggest complaint to the Authority in charge.