Data subjects: users of the www.allinclusivehotels.it website
According to EU Regulation 2016/679 (hereinafter referred to as the “Regulation”), this page describes the methods for processing personal data collected from data subjects who consult the websites accessible via the Internet at the following address: www.allinclusivehotels.it
The Data Controller
Following a visit to this website, personal data relating to identified or identifiable persons may be processed.
The “Data Controller” is the ALL INCLUSIVE HOTELS CONSORTIUM, with registered office in Via Macanno 38/Q – 47923 Rimini (RN), Italy, VAT no. 03678700406.
The Data Protection Officer (DPO)
Studio Paci&C srl (contact person: Luca Di Leo) based in Via Edelweiss Rodriguez Senior, 13 – 47924 – Rimini, Italy – Tel. +39 0541 1795431 – firstname.lastname@example.org, is designated as DPO by the Data Controller, pursuant to Article 37 of the GDPR.
Legal basis for the data processing
Personal data specified on this page is processed by the ALL INCLUSIVE HOTELS CONSORTIUM in order for the company to carry out its activities. Based on the data processing carried out on the aforementioned website, the legal bases on which consent shall be pursued are performance of a contract, compliance with a legal obligation, as well as the pursuit of a legitimate interest.
Place of data processing
Your data shall be stored by server providers, through agreements with hosting, cloud and connectivity providers (data processors or sub-processors), located both in EU countries, as well as in non-EU countries (United States), through suppliers subscribing to the Privacy Shield agreement. These systems are managed by a system administrator and by authorised and adequately trained persons, with the guarantee of technical and organisational security measures to protect personal data in reference to Articles 29 and 32 of EU Regulation 679/2016, through technical, administrative and commercial personnel.
Types of data processed and purpose of the data processing
Information systems and software procedures operating this website acquire, during normal operations, some personal data whose transmission is implicit when using Internet communication protocols.
This data category includes IP addresses or the domain names of computers and terminals used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of resources requested, time of the request, method used to submit the request to the server, size of file obtained in response, the numerical code indicating response status given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
Such data, necessary for the use of the web services, is also processed in order to:
– Obtaining statistical information on the usage of the services (most visited pages, hourly or daily visitors, geographical areas of origin, etc.);
– Verifying the correct operation of the services offered.
Data provided by the user
The optional, explicit and voluntary sending of messages to the contact details of the ALL INCLUSIVE HOTELS CONSORTIUM, as well as the compilation and submission of the forms available on the www.allinclusivehotels.it website, involve the acquisition of the sender’s contact data, necessary to respond to their request, as well as of all personal data included in the communications.
Specific Privacy Policies shall be published on the pages of the www.allinclusivehotels.it website, dedicated to the provision of specific services.
Cookies and other tracking systems
Optional provision of data
Data processing method
Personal data is processed using automatic tools for the length of time strictly necessary to achieve the purpose for which it was obtained. Specific security measures are observed in order to prevent data loss, unlawful or improper use of and unauthorised access to the data. We inform you that, in order to provide a complete service, links to other websites operated by other owners are present. We decline all responsibility for any errors, content, cookies, publications of unlawful immoral content, advertising, banners or files that do not comply with current regulations and with the Privacy law, on the part of websites that we do not manage to which reference is made.
Recipients of the data
Communication to: natural or legal persons, public authority, service or any other body that is not the data subject, the data controller, the data processor and the persons authorised as data processors, including:
– private entities or public service managers to whom it is necessary to disclose the data for the purposes identified above.
The natural or legal person, public authority, service or other body which processes the personal data on behalf of the data controller:
– Web agency: Hospitality Factory srl – based in Via Fieramosca, 1 47138 Riccione (RN), Italy;
– Any other providers of IT services, web services, or other services necessary for the achievement of the purposes required to manage the relationship.
Within the company structure
Your data shall be processed only by personnel expressly authorised by the Data Controller, with the guarantee of the adoption of a relative confidentiality agreement and, in particular, by the following categories of employees:
Transfer of data outside the EU
Rights of the data subjects
You have the right to obtain, from the Data Controller, the deletion (so-called “right to be forgotten”), limitation, updating, correction, portability, opposition to the processing of your personal data, as well as in general, you may exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR, where applicable with respect to the purpose of the data processing.
EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22
1. The data subject shall be entitled to obtain conformation regarding the existence or otherwise of personal data concerning the party itself, even if not yet registered, and its communication in intelligible form.
2. The data subject shall have the right to obtain information concerning:
a. the source of the personal data;
b. the purposes and processing methods;
c. the logic applied in the event of data processing carried out with the aid of electronic or automated tools;
d. the identity of the data controller, the data processors and the representative appointed under Article 5, paragraph 2;
e. the entities or categories of entity to whom or which the personal data may be communicated and who or which may become familiar with said data in their capacity as designated representative in the State’s territory, as data controllers or processors.
3. The data subject shall have the right to obtain:
a. the updating, the correction or, where interested, the integration of the data;
b. the deletion, the transformation into anonymous form or the blocking of data processed in violation of law, including any data whose retention is not required in relation to the purposes for which the same has been collected or subsequently processed;
c. the certification that the operations referred to under letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or distributed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
d. the portability of the personal data.
4. The data subject shall have the right to oppose, in whole or in part:
a. for legitimate reasons, the processing of personal data, even though pertinent to the purpose of collection;
b. the processing of personal data for sending advertising material or for direct selling or for carrying out market research or commercial communications.
Right of complaint
Data Subjects who believe that the processing of their personal data, carried out through this website, is in violation of the provisions of the Regulation, shall have the right to file a complaint with the Authority for the Protection of Personal Data, as provided for by Article 77 of the same Regulation, or to take action before the appropriate courts (Article 79 of the Regulation).