This Notice clearly and completely describes the policies adopted by the Data Controller. This page describes how to manage the site with reference to the processing of personal data of users who consult it. The processing is always based on principles of lawfulness and correctness in compliance with all current regulations and suitable security measures are adopted to protect data.
1) Personal information we collect
The personal information we collect includes
our name and surname, e-mail address, telephone number and home address; Credit card details (type and number of card, name on the card, expiration date and CVC code); Information about your stays, including arrival and departure dates, special requests and your preferences on services (preference on rooms, services or other); Information you provide about your marketing preferences or promotional offers;
Collection at the property
we collect additional personal information during registration / check-in at our hotel, including the information required by local laws (purposes related to the fulfillment of legal obligations).
Organization of events at our hotel
If you plan to host an event with us, we will record the specifics of the event or meeting, the date, number of guests, guest room details and, for corporate events, your organization information (name, budget annual, number of sponsored events each year). We also collect information about guests who are part of your group or event. If you visit us within a group, we can request your personal information from the group and we can send you marketing information if you express consent following your stay with a group or participation in an event. If you visit us as part of an event, we can share your personal information with the event organizers. If you are an event organizer, we may also share information about your event with third party service providers who may send you commercial information about event services.
Information we collect from third parties
We may also collect information about you from third parties, including information from our partners (travel agencies, airlines, payment cards) and other partners; from social media services, consistent with your settings on those services.
Information that we collect automatically
When you use our site, we automatically collect information, some of which may be personal data. For example: language settings, IP address, location, device settings, device operating system, log-in information, usage time, requested URL, status report, user agent (such as browser version information), browsing history, type of information viewed. We may also collect data automatically via cookies. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
2) Purpose of processing, legal basis and lawfulness of treatment
The data processing has the following purposes:
a) management of relations with customers (management of reservations, issuing of invoices, quotes), to perform any contractual obligations; b) fulfill regulatory obligations, in particular accounting and tax obligations; c) c) management of disputes;
Collection at the property
we collect additional personal information during registration / check-in at our hotel, including information required by local laws (purposes related to the fulfillment of legal obligations).
2a) Related to the service
- sending (with your written consent) promotional offers on our services and updates on rates and offers as well as greetings by ordinary mail or by fax or email;
- Regarding the purposes indicated in point 2 lett. a) we rely on the execution of a contract: the use of your data may be necessary in order to implement the contract you have with us. For example, if you use our services to make an online booking, we will use your information to perform our obligation to complete and manage the booking under the contract between us.
- Regarding the purposes in point 2 lett. b) and c), we rely on legitimate interests: we use your information for our legitimate interests, use your information for administrative, legal or fraud detection purposes. When we use personal data for our legitimate interests, we will always balance your rights and interests regarding the protection of your personal data with our rights and interests.
- Regarding the purpose in point 2 lett. c), we also rely, where possible, on our obligation to comply with current legislation.
- Regarding the purposes indicated in point 2a) based on current legislation, we will ask for your consent for the purposes indicated therein before processing your personal information which you can remove at any time by contacting us at the addresses mentioned at the end of this statement.
3) Identity and contact data
4) Place of treatment
5) Nature of data conference
6) Refusal to provide data
7) Recipients of the data
They may therefore be disclosed to third parties belonging to the following categories who will process the data as external data processors:
- subjects that provide services for the management of the information system;
- firms or companies in the context of assistance and consultancy relationships;
- Administrations, public bodies and competent authorities, for the fulfillment of legal obligations and / or provisions of public bodies;
- Group companies and / or the network of companies or private entities directly involved in the performance of the service or entitled to know the data under the law. In any case, only the data necessary and relevant to the purposes of the processing for which they are responsible will be communicated to the aforementioned subjects.
8) Optional provision
9) Data sharing
- Other service providers: We use service companies to manage your data on our behalf. This management serves the purposes described in this statement, for example the management of booking payments and the sending of marketing material for analytical support purposes. These service providers are bound by confidentiality agreements and do not have the authorization to use your personal data for other purposes.
- Competent authorities: We share personal data with law enforcement and other government authorities when required by law or if absolutely necessary for the identification, prevention or conduct of legal proceedings against fraud or crime.
11) Data storage
12) Data transfer
13) Withdrawal of consent
14) Rights of the interested parties
- you can ask us for a copy of your personal data in our possession;
- you can notify us of any changes to your personal data or you can ask us to correct any of your information in our possession;
- in specific situations, you can ask us to delete, block or limit the processing of your personal data in our possession, or oppose particular ways in which we are using your personal information; in specific situations, you can also ask us to send your personal information in our possession to a third party. Where we use your personal information with your consent, you can ask us to withdraw this consent at any time and in the manner prescribed by current legislation. Furthermore, where we process your personal data on the basis of legitimate interests public interest, you have the right to object at any time to the use of your personal information, in the manner prescribed by law. We rely on you to make sure that your personal data is complete, accurate and up to date. Promptly inform us of any changes inaccuracies in your personal information by contacting: firstname.lastname@example.org. We will handle your request according to current legislation.
- The interested party exercises his rights described above in reference to the GDPR 679/2016 art. 15 “right of access”, art. 16 “right of rectification”, art. 17 “right to cancellation”, art. 18 “right to limitation of treatment”, art. 20 “right to portability”, Article 21 “right to object to the automated decision-making process of the GDPR 679/2016, by writing to the Data Controller at the following address: Società Agricola Susafa S.R.L. – Via Generale Giuseppe Arimondi, 2 – 90143 Palermo: email@example.com
15) Proposition of the complaint
16) Information not contained in this policy
19) The privacy of minors
20) Defense in court
The User declares to be aware that the Data Controller may be asked to disclose the data at the request of the public authorities.