ART. 13 AND 14 OF REGULATION (EU) 2016/679
Interested Subjects: Navigators, users of the services.
“MAXIMILIAN’S HOTELS AND RESIDENCES – S.R.L. – HOTEL CONTINENTAL”, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 hereinafter referred to as ‘GDPR’, hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to data processing personal data and that this treatment will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
To achieve its purposes, relating to the management of the relationship, the Data Controller needs to acquire personal data, such as, by way of example, name and surname, telephone or mobile number, email address, tax code.
Your personal data will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations set forth therein.
Processing purposes: Provision of the service: Your data will be processed to respond to any requests that may come from the forms for filling in, and forms available on the website, or requests received by email.
Legal basis: The legal basis of the processing is of a contractual nature in the terms in which data processing is envisaged in response to a request for information which is followed by a response.
Consequences of failure to communicate: the processing of functional data for the fulfillment of these obligations is necessary for a correct management of the relationship and their provision is mandatory to implement the purposes indicated above. The Owner also informs that any non-communication, or incorrect communication, of one of the mandatory information, may make it impossible for the Owner to guarantee the adequacy of the treatment itself.
Processing methods: The treatment is carried out with manual and/or IT and telematic tools, in order to guarantee the security, integrity and confidentiality of the data in compliance with the physical and logical organizational measures, provided for by the provisions in force, in order to minimize the risks of destruction or loss, unauthorized access, modification and unauthorized disclosure in compliance with the methods set out in articles 6, 32 of the GDPR.
Recipients: To carry out certain activities, or to provide support to the functioning and organization
of the activity, some data may be disclosed or communicated to recipients. These entities are divided into:
Third parties: (communication to: natural or legal persons, public authorities, service or other body which is not
the data subject, the data controller, the data processor and the authorized persons responsible for the processing)
• Companies that manage traditional or computerized postal services
• Any other subjects whose communication of data is necessary for the achievement of the above purposes
Data processors: (the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller)
• Providers of IT, web, or other services necessary to achieve the necessary purposes
to relationship management.
Within the corporate structure, your data will be processed only by personnel expressly authorized by the Data Controller, with assurance of adoption of a confidentiality agreement and, in particular, by the following categories of employees:
• Other employees whose treatment is necessary for the correct execution of the relationship;
Spread: Your personal data will not be disclosed in any way.
Transfer of data to third countries: The owner does not transfer personal data to non-EU countries. If there is a need, the interested parties will be informed in advance, and guarantee measures will be adopted for the transfer towards the recipients, which depending on the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission , signing of standard contractual clauses, verification of the adoption of any additional measures in implementation of the EDPB recommendation 01/2020. As an exception to these guarantees, for data processing (in ref. of Article 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the interested party or consent to the transfer is verified.
Storage period: We point out that, in compliance with the principles of lawfulness, purpose limitation,
data minimization, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed, in the event that a contract is signed, this retention period may cease with the forfeiture or withdrawal from the contract, the same data may be kept, where applicable, for a further period of time for the purpose of managing any disputes, the legal basis for this retention is the legitimate interest of the data controller. The retention period for data processing relating to marketing is functional to the purposes pursued by the data controller, and in any case no longer than 3 years from the last contact, or response received.
Data Controller: the Data Controller, pursuant to the law, is “MAXIMILIAN’S HOTELS AND RESIDENCES – S.R.L. – HOTEL CONTINENTAL”, with legal and operational headquarters in Viale Pindemonte, 4 – 47838 Riccione (RN) and operational offices in Viale Amerigo Vespucci, 40 – 47921 Rimini (RN) and Lungomare Murri, 4/B – 47921 Rimini (RN), VAT number: 01915240400 in the person of its pro tempore legal representative. By sending an email to the following email address firstname.lastname@example.org or a fax to 0541 23790 may request further information regarding the data provided.
The Data Protection Officer (“DPO”) is Studio Paci & C. Srl (Contact Dr. Gloriamaria Paci) who can be contacted at the following address: email@example.com and telephone: 0541 – 1795431.
EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 – Rights of the interested party
1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
2. The interested party has the right to obtain the indication:
to. of the origin of the personal data;
b. of the purposes and methods of the treatment;
c. of the logic applied in case of treatment carried out with the aid of electronic instruments;
d. of the identification details of the owner, of the managers and of the designated representative pursuant to article 5,
And. of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representative in the territory of the State, managers or agents.
3. The interested party has the right to obtain:
to. updating, rectification or, when interested, integration of data;
b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including
those whose conservation is not necessary in relation to the purposes for which the data were collected or
c. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which such
performance proves impossible or involves the use of means manifestly disproportionate to the
d. data portability.
4. The interested party has the right to object, in whole or in part:
to. for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the
b. to the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.
Complaint: The interested parties, if the conditions are met, also have the right to lodge a complaint with the Guarantor as supervisory authority according to the established procedures. For any further information, and to assert the rights granted to you by the European Regulation, you can contact the data controller at the above references.