Privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

This information describes how the site is managed with reference to the processing of personal data of visitors and customers who consult it. This is an information that is provided pursuant to art. 13 EU Reg. No. 679/2016 – from now on GDPR – to those who interact with the web services of the company Paluco SRL, owner and owner of the site “parkhotelkursaal.it”, accessible electronically from the address: http: // www .parkhotelkursaal.it, corresponding to the home page of the official parkhotelkursaal.it website. The information is provided only for the website www.parkhotelkursaal.it and not for any other websites that may be consulted by the user via links.

THE “OWNER” OF THE TREATMENT

Following consultation of this site, data relating to identified or identifiable persons may be processed. The “owner” of their treatment is Paluco SRL, current in Via Litoranea sud 36, 47843 Misano Adriatico (RN), registered in the Business Register of Rimini with VAT number. n. 03189040409.

PLACE OF DATA PROCESSING

The processing and collection of personal data connected to the web services of this site takes place at the headquarters of the company Paluco SRL using automated tools.

PURPOSE OF DATA PROCESSING

NGThe user’s personal data are collected and processed for the time strictly necessary to achieve the purposes for which they were acquired and in particular:

• for reasons directly connected and instrumental to the provision and management of the room booking services offered by Park Hotel Kursaal di Paluco SRL;

• to obtain statistical information on the use of the software and to check its correct functioning;

• for the possible sending of informative, commercial and promotional material on the services of Park Hotel Kursaal di Paluco SRL, in case of specific authorization by the interested party;

• for surveys of the quality of the Services and the degree of customer satisfaction (surveys carried out, with the consent of the User) both directly and possibly with the collaboration of specialized operators; Personal data are collected and processed by

Data Controller also in the pursuit of its legitimate interests, including:

• fulfillment of legal obligations (for example the electronic transmission of data to the State Police in compliance with the obligations provided for in Article 109 of the Consolidated Law on Finance – Notification of customers staying at the Police Headquarters);

• protection against fraud;
• security measure;
• for the communication of crimes to the judicial authority.

METHOD OF TREATMENT

In the processing of personal data collected through the parkhotelkursaal.it site, its legal basis is in the consent of the interested party, which can always be revoked by request for cancellation by the latter. The processing will be carried out in an automated and / or manual form, in compliance with the provisions of art. 32 of the GDPR 2016/679 on security measures, by the owner of the aforementioned treatment and in compliance with the provisions of art. 29 GDPR 2016/679. In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, subject to the free and explicit consent expressed by electronic means on the website www.parkhotelkursaal.it, personal data will be kept for the period of time necessary to achieve the purposes for which they are collected and processed. In particular, once collected, the data will subsequently be entered and cataloged in a specific personal archive, both paper and computerized, managed and kept by the Data Controller. Specific security measures are observed by the Data Controller to prevent data loss, illicit or incorrect use and unauthorized access.

TYPES OF DATA PROCESSED

User Personal Data (Registration Data) The User, in order to use the Booking Services of the website www.parkhotelkursaal.it, must complete the registration form and provide specific information. The data considered necessary for the Service are highlighted with an asterisk. Failure to provide the data marked with the aforementioned asterisk will prevent the execution of the Services requested by the User. Other data, not necessary for the execution of the Service, may be requested, but their provision will be absolutely free, with the consequence that the refusal to provide such information will not affect the execution of the Service requested by the User. Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that are not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. Data provided voluntarily by the user The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

TRANSFER OF PERSONAL DATA

The data of the interested parties collected on the parkhotelkursaal.it website will not be transferred either to member states of the European Union or to third countries outside the European Union.

EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING

Park Hotel Kursaal di Paluco SRL does not adopt any automated decision-making process, including profiling, referred to in Article 22, paragraphs 1 and 4, of EU Regulation no. 679/2016.

SCOPE OF COMMUNICATION AND DIFFUSION

The data collected will never be disclosed and will not be communicated without the explicit consent of the interested party, except for the communications necessary for the fulfillment of legal obligations.

COOKIES

Park Hotel Kursaal di Paluco SRL uses cookies on its website parkhotelkursaal.it, i.e. alphanumeric identification elements created by the browser and stored on the User’s computer suitable for recognizing the User’s device and useful for optimizing the use of the website and the Services. connected to it. Specifically, the following cookies may be present on the site:

Strictly necessary cookies:
to provide the services required and essential to allow the user to browse the site and use its features without which some services (eg room booking) cannot be provided.

Functional cookies:
that allow you to remember the choices made (eg name, language, region, font and size of the text) e

provide optimized and customized features to improve the online experience.

Technical / analytical cookies:
that collect anonymous information on the pages visited used for statistical purposes.

Persistent cookies: for tracking Users used to customize and improve the use of the site.

Session cookies:
(which are not stored permanently on the user’s computer and disappear when the browser is closed) strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site and which avoid the use of other IT techniques that are potentially prejudicial to the privacy of users’ browsing. Cookies can be deleted by the navigator using the functions of one’s own navigation program. However, failure to express acceptance may in some cases result in the inability to use the Service or correctly execute the User’s requests.

Social media and third party cookies and widgets:
While using the site, you may notice information not belonging to Park Hotel Kursaal di Paluco SRL but to third-party companies that may send their own cookies. The following third-party cookies are present on the website www.parkhotelkursaal.it.it: Google, Tripadvisor, Facebook. Park Hotel Kursaal di Paluco SRL has no access to or control over these cookies, for which reference should be made to the information adopted by the respective companies.

RIGHTS OF THE INTERESTED PARTIES

– Right of Access and Rectification:
The interested parties, in relation to their personal data processed by the owner, ex. Art. 13, par. 2, GDPR have the right:

• access to such data;
• the correction or cancellation of the same; • the limitation of their treatment;
• opposition to their treatment.

– Right to erasure:
Interested parties also have the right to request the cancellation of their personal data without delay, exercising the right to be forgotten pursuant to art. 17 GDPR, if one of the following reasons exists:

• the personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed;

• the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a) GDPR and if there is no other legal basis for the processing;

• the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2 of the GDPR;

• the personal data have been unlawfully processed;

• personal data must be deleted to fulfill a legal obligation under Union law or the law of the Member State to which the data controller is subject;

• the personal data were collected in relation to the offer of information society services aimed at minors.

If the data controller has made personal data public and is obliged to delete them, taking into account the available technology and the implementation costs, it adopts reasonable measures, including technical ones, to inform the data controllers who are processing personal data of the request of the ‘interested in deleting any link, copy or reproduction of his personal data. The right to be forgotten cannot be exercised by the interested party to the extent that the processing is necessary:

to. to exercise the right to freedom of expression and information;

b. for the fulfillment of a legal obligation that requires the processing provided for by the law of the Union or of the Member State to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of public authority referred to the data controller is invested;

c. for reasons of public interest in the public health sector in accordance with Article 9, paragraph 2, letters h) and i), and Article 9, paragraph 3 GDPR;

d. for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right to be forgotten risks making it impossible or seriously jeopardizing the achievement of the objectives of such processing ;

is. for the assessment, exercise or defense of a right in court.

– Right to limitation of processing:
The interested party has the right to obtain from the data controller the limitation of the processing ex. art. 18 GDPR

when he disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited; although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the interested party opposed the processing pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

– Right to data portability:

The interested party also has the right to data portability pursuant to art. 20 GDPR and therefore to receive in a structured format, commonly used and readable by automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments by the the data controller to whom you provided them if the processing is based on consent to the processing of your personal data for one or more specific purposes and if the processing is carried out by automated means.

– Right to object:

Finally, the interested party has the right to object ex. art. 21 GDPR at any time, for reasons connected to his particular situation, to the processing of personal data concerning him and which have been provided by the same to the data controller for one or more specific purposes.

REQUESTS FOR THE EXERCISE OF THE DATA SUBJECT’S RIGHTS

Requests for the exercise of one’s rights must be addressed by the interested party to the e-mail address: info@parkhotelkursaal.it. or by registered letter a / r to Park Hotel Kursaal, current in Via Littoral South 36 47843 Misano Adriatico (RN) or again at the address p.e.c. pec@pec.parkhotelkursaal.it.

COMPLAINT TO THE SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial appeal, the interested party who considers that the processing concerning him or her violates the rules of the GDPR has the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he habitually resides, works or of the place where the alleged violation occurred, pursuant to art. 77 GDPR. For the purposes of this 23) GDPR, the processing of personal data carried out on this site by Park Hotel Kursaal di Paluco SRL takes place within the activities of a single establishment within the European Union and affects or may substantially affect data subjects.