INFORMATION FOR THE TREATMENT OF PERSONAL DATA

Information for the treatment of personal data in accordance with Article 13 of EU Regulation 679/2016 and the Privacy Code as adapted by Legislative Decree 101/2018.

  1. INTRODUCTION: DEFINITIONS

Personal data: shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Treatment: shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, database comparison or interconnection, restriction, erasure or destruction.

Special categories of personal data: this means personal data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person’s health or sex life or sexual orientation.

Data controller: shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

 

  1. DATA CONTROLLER

The Data Controller is SGA – BYRON S.R.L. Registered office: PIAZZA BRESCIA 5 – THIRD FLOOR

C/O MJH HOSPITALITY GROUP, 30016 JESOLO (VE) P.IVA 04328290277 henceforth also the Data Controller.

 

  1. TYPE OF DATA, PURPOSES AND LEGAL BASIS FOR TREATMENT

 

  1. a) Navigation data

The personal data processed are only those that are provided by users during browsing and whose transmission is implicit in internal communication protocols, such as the IP address, the operating system, the browser used and other information collected through the cookies installed on the Site, whose specific COOKIE POLICY (insert link). This data is used only to obtain anonymous information about the Site. The legal basis of the processing is the legitimate interest of the Data Controller.

  1. b) Data provided by the user for booking purposes

This is identified data (such as name, surname, e-mail address and telephone number) provided by users in order to make a reservation. For this purpose the user may also provide health data (e.g. by way of example, intolerances, allergies, etc.) necessary for the provision of the requested service. The legal basis is the user’s consent.

 

  1. OBLIGATORY DATA CONTRIBUTION

The provision of the data referred to in point 3 letter a) is obligatory in order to allow navigation on the site.

The provision of the data referred to in point 3 letter b) is obligatory in order to make a booking via the site. In this case, the omission or incomplete communication of the data prevents the Data Controller from providing the services requested.

 

  1. METHODS OF DATA PROCESSING AND COMMUNICATION OF DATA TO THIRD PARTIES

Data may be processed by means of the collection, recording, storage, processing and deletion of data using both paper and electronic instruments. The data shall not be subject to dissemination or automated decision-making.

The data may be communicated to data processors, such as employees and collaborators of the Data Controller, third parties (companies and professionals) who provide services on behalf of the Data Controller relating to the functionality of the site, company operations and the fulfilment of contractual, legal and administrative obligations.

Finally, the data may be transmitted to the police and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention of and protection against threats to public safety, as well as to allow the Data Controller to exercise or protect its own rights or those of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others.

 

  1. TRANSFER OF DATA OUTSIDE THE EU

In the event of processing of personal data outside the European Union, such data will only be processed after appropriate safeguards have been adopted, as provided for by the applicable legislation.

 

  1. DATA RETENTION PERIOD

The data provided will be kept for a limited period of time, for the purposes indicated in point 4 above:

  • browsing data will be kept for the time necessary to provide the service and then immediately deleted, except as provided for cookies in the specific COOKIE POLICY;
  • the data provided through the booking form are kept for the time necessary to process the request and provide the service.

 

  1. RIGHTS OF THE DATA SUBJECT

The data subject is entitled to exercise the following rights in relation to the personal data covered by this notice, as provided for and guaranteed by the Regulation:

  • right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, amended or supplemented;

  • right to data deletion (Art. 17 of the Regulation): in the cases provided for by the legislation in force, you may request the deletion of your personal data;

  • right to restriction of processing (Art. 18 of the Regulation): you have the right to request the restriction of the processing of your personal data in the event of unlawful processing or contestation of the accuracy of your personal data by the data subject;

  • right to data portability (Art. 20 of the Regulation): you have the right to request to obtain, from the Data Controller, your personal data in order to transmit them to another Data Controller, in the cases provided for by the aforementioned Article;

  • right to lodge a complaint (Art. 77 of the Regulations and Art. 141 of Legislative Decree 101/2018): you have the right to lodge a complaint before the competent Data Protection Authority if you believe that a violation of your rights has occurred, or is taking place, with regard to the processing of your personal data (more information on this from the website www.garanteprivacy.it);

  • right to revoke the consent given (Art. 13 of the Regulation): for the processing of personal data whose legal basis is consent, you have the right to revoke, at any time, the consent given, by contacting the Data Controller as indicated below.

 

  1. PROCEDURES FOR EXERCISING RIGHTS

At any time, the data subject may exercise his or her rights with regard to the personal data processed by the Data Controller by sending a specific written request to the contact data indicated above.