Privacy policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
ex artt. 13 e 14 Reg. EU. n. 679/2016 (GDPR)
Dear Customer,
according to the articles 13 and 14 of the EU Regulation n. 679/2016 (GDPR), we provide you with the following information regarding the processing of your personal data.
a) DATA CONTROLLER
The Data Controller is G.P.M. S.r.l. (VAT number 04411590963), with registered office in viale Corsica 99, 20133 Milan (Mi), tel: 02 97102792, mail: [email protected], website: https://co99.it.
b) PURPOSES OF THE TREATMENT
The personal data collected by the Data Controller will be processed for the following purposes:
1. to acquire and confirm your booking of accommodation and ancillary services, and to provide the requested services;
2. to fulfill the obligation set forth in the "Consolidated Law on Public Security Laws" (Aart. 109 RD 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for purposes of public safety, the details of the clients accommodated in accordance with procedures established by the Ministry of the Home Affairs;
3. to fulfill current administrative, accounting and tax obligations;
4. for the purpose of protecting people, property and company assets through a video surveillance system of some areas of the structure, identifiable by the presence of specific signals;
5. to send you communications regarding satisfaction questionnaires or promotional offers and updates on rates and dedicated offers (marketing and advertising);
c) LEGAL BASIS OF PROCESSING
Legal bases of the data processing are:
1. pre-contractual and contractual obligations;
2. legal obligations;
3. legitimate interests of the Data Controller;
4. consent of the data subject.
c) PROVISION OF DATA
We inform you that the provision of your data for the treatments referred to in points 1, 2, 3 and 4 of point b) is mandatory, and in case of refusal to provide them we will not be able to host you in our RTA. If you want the treatments referred to in point 5 of point b) to be carried out, you must instead provide us with your consent, which can in any case be subsequently revoked by opposing the treatments.
d) PROCESSED DATA
Only common personal data are processed, specifically:
1. personal identification data (name, surname, e-mail, telephone number);
2. credit card and / or bank card details;
3. data relating to the stay;
4. identification documents;
5. handwritten signature;
6. video surveillance images;
7. data relating to the electronic devices used to connect to the structure's network.
e) COLLECTION OF PERSONAL DATA
Personal data is provided directly by the data subject to the Data Controller or collected through other entities such as OTAs (Online Travel Agencies), for example Booking.com.
f) METHOD OF DATA PROCESSING
Your personal data will be processed in paper and by computerized systems, in compliance with the security measures adopted according to the art. 32 GDPR.
g) COMMUNICATION AND DISCLOSURE OF DATA
Your personal data may be disclosed to other subjects, in their capacity as authorized, responsible or independent data controllers, in order to comply with pre-contractual, contractual, legal obligations, or for legitimate interest (by way of example, employees of G.P.M. S.r.l., accountants and lawyers, system administrators, police forces, ISTAT for statistics on tourist flows).
The data will not be subject to public disclosure
h) TRANSFER OF DATA ABROAD
Your personal data are not subject to transfer to non-EU territory.
i) DATA PROFILING
The Data Controller does not carry out any automated profiling of your personal data.
j) DATA STORAGE
The personal data collected will be kept for the time necessary to carry out the activities related to the purposes referred to in point b) and according to the limitation period provided for by the applicable regulatory provisions, including fiscal ones.
When it is no longer necessary to keep personal data, they will be deleted or destroyed in a secure and definitive way.
The data will be stored at the headquarters of the Data Controller.
k) RIGHTS OF THE DATA SUBJECT
According to art. from 15 to 22 of the GDPR, You will be able to exercise the following rights:
a) ask for confirmation of the existence or otherwise of your personal data;
b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
c) obtain the rectification and cancellation of data;
d) obtain the limitation of the processing;
e) (where applicable) obtain data portability, i.e. receive them from a Data Controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
f) oppose the processing at any time and also in the case of processing for direct marketing purposes;
g) oppose an automated decision-making process relating to individuals, including profiling;
h) ask the Data Controller to access personal data and to correct or delete them or limit their processing or to oppose their processing, in addition to the right to data portability.
The same, where exercisable by you, can be asserted by sending:
- a registered letter with return receipt to G.P.M. S.r.l., Viale Corsica 99, 20133 Milan (Mi);
- an email to the address: [email protected]
The data subject also has the right to lodge a complaint with the supervisory authorities, the Italian Data Protection Authority (www.garanteprivacy.it), based in Rome, in the manner provided for by the regulation if he believes that he has suffered a violation of his/her own rights.
For more information on the right to lodge a complaint, you can visit the following web page: https://goo.gl/GLbTN9.
ex artt. 13 e 14 Reg. EU. n. 679/2016 (GDPR)
Dear Customer,
according to the articles 13 and 14 of the EU Regulation n. 679/2016 (GDPR), we provide you with the following information regarding the processing of your personal data.
a) DATA CONTROLLER
The Data Controller is G.P.M. S.r.l. (VAT number 04411590963), with registered office in viale Corsica 99, 20133 Milan (Mi), tel: 02 97102792, mail: [email protected], website: https://co99.it.
b) PURPOSES OF THE TREATMENT
The personal data collected by the Data Controller will be processed for the following purposes:
1. to acquire and confirm your booking of accommodation and ancillary services, and to provide the requested services;
2. to fulfill the obligation set forth in the "Consolidated Law on Public Security Laws" (Aart. 109 RD 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for purposes of public safety, the details of the clients accommodated in accordance with procedures established by the Ministry of the Home Affairs;
3. to fulfill current administrative, accounting and tax obligations;
4. for the purpose of protecting people, property and company assets through a video surveillance system of some areas of the structure, identifiable by the presence of specific signals;
5. to send you communications regarding satisfaction questionnaires or promotional offers and updates on rates and dedicated offers (marketing and advertising);
c) LEGAL BASIS OF PROCESSING
Legal bases of the data processing are:
1. pre-contractual and contractual obligations;
2. legal obligations;
3. legitimate interests of the Data Controller;
4. consent of the data subject.
c) PROVISION OF DATA
We inform you that the provision of your data for the treatments referred to in points 1, 2, 3 and 4 of point b) is mandatory, and in case of refusal to provide them we will not be able to host you in our RTA. If you want the treatments referred to in point 5 of point b) to be carried out, you must instead provide us with your consent, which can in any case be subsequently revoked by opposing the treatments.
d) PROCESSED DATA
Only common personal data are processed, specifically:
1. personal identification data (name, surname, e-mail, telephone number);
2. credit card and / or bank card details;
3. data relating to the stay;
4. identification documents;
5. handwritten signature;
6. video surveillance images;
7. data relating to the electronic devices used to connect to the structure's network.
e) COLLECTION OF PERSONAL DATA
Personal data is provided directly by the data subject to the Data Controller or collected through other entities such as OTAs (Online Travel Agencies), for example Booking.com.
f) METHOD OF DATA PROCESSING
Your personal data will be processed in paper and by computerized systems, in compliance with the security measures adopted according to the art. 32 GDPR.
g) COMMUNICATION AND DISCLOSURE OF DATA
Your personal data may be disclosed to other subjects, in their capacity as authorized, responsible or independent data controllers, in order to comply with pre-contractual, contractual, legal obligations, or for legitimate interest (by way of example, employees of G.P.M. S.r.l., accountants and lawyers, system administrators, police forces, ISTAT for statistics on tourist flows).
The data will not be subject to public disclosure
h) TRANSFER OF DATA ABROAD
Your personal data are not subject to transfer to non-EU territory.
i) DATA PROFILING
The Data Controller does not carry out any automated profiling of your personal data.
j) DATA STORAGE
The personal data collected will be kept for the time necessary to carry out the activities related to the purposes referred to in point b) and according to the limitation period provided for by the applicable regulatory provisions, including fiscal ones.
When it is no longer necessary to keep personal data, they will be deleted or destroyed in a secure and definitive way.
The data will be stored at the headquarters of the Data Controller.
k) RIGHTS OF THE DATA SUBJECT
According to art. from 15 to 22 of the GDPR, You will be able to exercise the following rights:
a) ask for confirmation of the existence or otherwise of your personal data;
b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
c) obtain the rectification and cancellation of data;
d) obtain the limitation of the processing;
e) (where applicable) obtain data portability, i.e. receive them from a Data Controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
f) oppose the processing at any time and also in the case of processing for direct marketing purposes;
g) oppose an automated decision-making process relating to individuals, including profiling;
h) ask the Data Controller to access personal data and to correct or delete them or limit their processing or to oppose their processing, in addition to the right to data portability.
The same, where exercisable by you, can be asserted by sending:
- a registered letter with return receipt to G.P.M. S.r.l., Viale Corsica 99, 20133 Milan (Mi);
- an email to the address: [email protected]
The data subject also has the right to lodge a complaint with the supervisory authorities, the Italian Data Protection Authority (www.garanteprivacy.it), based in Rome, in the manner provided for by the regulation if he believes that he has suffered a violation of his/her own rights.
For more information on the right to lodge a complaint, you can visit the following web page: https://goo.gl/GLbTN9.