This information is provided pursuant to Article 13 of the GDPR 679/2016 (General Data Protection Regulation), which covers personal data processing provisions (679/2016) and describes how to manage Recagest s.r.l. website in terms of processing website users’ personal data. It can be accessed electronically at the following address: www.residence-san-vincenzo.com.
This information concerns only Recagest s.r.l. website and no other websites that the user may consult via external links.
1. Data Controller
The Data Controller Recagest s.r.l. is a sole shareholder company with registered office in Viale Monza 12 – 20122, Milano, acting through its pro tempore legal representative. The Data Controller may be contacted by post at the above address or by email at the address: firstname.lastname@example.org, as well as by phone on 0331/843573.
2. Data processed
Personal data includes any information or data by which a natural person can be identified, either directly or indirectly.
a. Browsing data
During the ordinary course of operations, some personal data is acquired by the IT systems and software procedures used to run this website, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the reply given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
Such data is necessary to use the web service. This data is also used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check that it is functioning properly.
b. Personal data we may collect at our property and/or through online pre-registration/check-in:
When contacting or interacting with users, we may collect personal data that may include: personal and contact information; nationality, gender, passport or ID card number, including the date and place of issuance; information relating to a reservation and stay in one of our facilities; information relating to the purchase of a service; payment information, such as credit card numbers and other card information; marketing preferences; and information about packages booked. We may also collect information on family members and partners, as well as data on children staying at the facility.
At our property, in addition to the above information, we may also use closed-circuit television cameras to view or record images of guests and visitors in common areas to ensure the safety of guests, our staff and property.
With your consent, we may process images where you appear “in close-up”, as well as “panoramic” images of you during your stay without your consent.
c. Data collected at events, cocktail parties, meetings:
When organising an event, information such as the date, number of guests, guest room details, and information on the Organisation will be recorded (the guest details under point b. may only be collected when guests are staying at the event). Should it be necessary for third parties offering specific services to be involved in the event, information on the Organisation may also be communicated to these third-party service providers exclusively to provide the requested service.
d. Links to third-party websites and services:
e. Personal data we collect from customer service/email/phone bookings and third parties:
We collect personal data when you make a telephone booking, when you send us an email or fax, or when you contact the booking service.
3. Purpose of processing
We use your information in several ways, as specified below:
I. To comply with legal, administrative, accounting and tax obligations incumbent on the Data Controller;
II. To manage online bookings, by telephone and email, in order to meet the Customer’s requests;
III. To manage reception and accommodation services: managing check-in and check-out; processing payments; providing personalised on-site services; managing access to WI-FI, TV and other connectivity and entertainment services (WebApp, App or other means of information and entertainment); facilitating room service; taking into account guests’ limitations, food intolerances and disabilities; and managing any Customer complaints;
IV. To manage conventions, conferences and events;
V. To acquire accommodation information and carry out statistical processing of data in aggregate form;
VI. With your consent, to identify and assess aspects of your preferences, tastes, consumption choices and habits, in order to offer you products and services that are increasingly tailored to your needs;
VII. With your consent, to broadcast live, publicise and/or disseminate in any form your images/video on the websites of the Data Controller and affiliated companies, on social media, in printed matter and/or on any other media, for advertising and promotional purposes.
VIII. With your consent, to send advertising, direct sales, market research and commercial communication material by traditional means (paper mail, telephone calls with operator) or by automated means (SMS, MMS, automated phone calls, newsletters) – direct marketing;
IX. Based on current legislation, the Data Controller may use the email details provided in connection with the purchase of one of our services to offer you similar services to those purchased by you. However, if you do not wish to receive such communications, you may notify the Data Controller at any time by writing to the address email@example.com, in which case the Data Controller shall interrupt such activity without delay.
4. Communication and transfer of personal data
Your personal data may be communicated:
– to affiliated facilities that need to process the data to correctly provide the services chosen and exclusively for the purposes described above;
– to third parties that provide outsourced services to the Data Controller and act as Data Processors based on a contract or assignment (you can request an updated list of Data Processors at any time);
– to third-party companies or other parties acting as autonomous Data Controllers;
– to the public administration, to the judicial authorities, and to parties to whom communication is compulsory by law. These parties will process the data in their capacity as autonomous Data Controllers.
Your data will not be disseminated, except for images processed for the purposes described in Article 3 point VII.
5. Legal basis of processing
Each instance of processing of your personal data is justified by one of the following legal bases:
• Pre-contractual/Contractual: processing is necessary to execute a contract between the parties.
• Legal obligation: processing is necessary to fulfil a legal obligation.
• Legitimate interest: processing is necessary for the purposes of legitimate interests pursued by the Controller, provided that the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data, are not overridden.
• Consent: processing is only possible if you have given your consent for certain purposes, notably for those set out in Article 3, points VI, VII and VIII. In this case, you may withdraw your previous consent at any time by contacting the Data Controller in accordance with Article 1, without this affecting further processing of the same data on other legal bases, such as contractual or legal obligations.
6. Methods of data processing and storage
The processing of your data will be carried out both electronically and in analogue form, using methods and tools designed to guarantee maximum security and confidentiality, by qualified and specifically authorised persons in accordance with the GDPR.
Your data is stored on servers in the EU. In any case, it is understood that the Data Controller, if necessary, will have the right to move the data outside the EU. In this case, the Data Controller hereby ensures that the data will be transferred outside the EU in accordance with the applicable legal provisions (Articles 45,46,47,49 GDPR).
Your personal data will only be kept for as long as necessary to fulfil the purposes for which we collected it, and to fulfil any legal, accounting or reporting requirements.
In determining the conservation period for personal data, we consider the amount, nature and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we are processing the personal data and whether we can pursue those purposes by other means, and applicable legal requirements.
• Data collected for accounting or tax purposes will be kept for a period not exceeding 10 years from the Customer’s last contact, in compliance with the requirements on the minimum conservation period for accounting/tax data imposed by Italian law.
• Data provided for the further purposes indicated in Article 3, points II, III, IV, V, shall be kept for a maximum of 5 years from the Customer’s last contact.
• Data provided for the purposes referred to in Article 3, points VI, VII and VIII, shall be stored until consent is withdrawn.
• Data provided for the purpose of dispatching communications regarding products or services similar to those purchased by you, as per Article 3, point IX, shall be retained until you object.
7. Rights of data subjects
With regard to the processing referred to in points 2 and 3, you may at any time ask for confirmation as to whether or not your personal data is being processed, and in this regard you have the right to:
• request access to data in order to obtain information on the purpose of processing, the recipients to whom the data may be communicated, the duration of the processing (where possible), and the possible consequences of processing based on profiling;
• withdraw consent at any time, without prejudice to the lawfulness of processing based on consent given before consent is withdrawn;
• request the rectification of personal data if it is inaccurate or incomplete;
• request the deletion of data if it is no longer needed by the Data Controller for the envisaged purposes of processing, if it is inadequate for the purposes of processing, if the user has withdrawn his/her consent, or if the data has been processed unlawfully;
• request the restriction of data processing, in cases provided for by law;
• request the transfer of data to another Data Controller, in a commonly used, machine-readable format, without being hindered by the current controller;
• object to the processing of your data and, specifically, you have the right to challenge decisions concerning you if they are based solely on computerised processing of your data, including profiling;
• contact the competent authority if you believe that the processing of your data violates current data protection legislation: go to https://www.garanteprivacy.it/
This privacy statement was updated on 06/06/2022.