- However, this information does not concern other sites, pages or online services that can be reached via hypertext links published on our site (see paragraph IV) and referring to resources external to the hotelportaromanamilan.com domain, with reference to which the user can manage the your settings and withdraw consent by visiting the related links directly and using the tools described in the individual privacy policies of third parties or by contacting them.
- The purpose of this document is to provide information on the methods, timing and nature of the information that the data controller must provide to users when connecting to the web pages of our site www.hotelportaromanamilan.com, regardless of the purpose of the connection itself. according to the Italian and European legislation in force.
- The information may undergo changes due to the introduction of new rules; in this regard, we therefore invite the user to periodically check this page.
- If the user is under the age of 14, also in accordance with the provisions of Legislative Decree 101/2018 and art. 8, c. 1 EU regulation 2016/679, will have to legitimize your consent through the authorization of the parents or of those who have responsibility or protection. Our websites and applications are not directed to children under the age of 14 and we do not knowingly collect personal information directly from children under the age of 14. If the user believes that we are treating personal information relating to a minor in an inappropriate manner, we ask him to promptly report it by contacting us.
- Under current legislation, the data controller is the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data. It also deals with safety profiles. Following consultation of the website www.hotelportaromanamilan.com, data relating to identified or identifiable natural and legal persons may be processed.
- With regard to this website, the data controller is
GET ME OUT srl
Via Romagna, 1
20090 Buccinasco (MI)
The data controller is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
Pursuant to Article 28 of EU Regulation no. 2016/679, the data controller is also responsible for this site.
If necessary, the data collected can be processed by the data controller or by subjects appointed and / or authorized by him.
The site deals with: tourism.
TYPES OF DATA COLLECTED
The website www.hotelportaromanamilan.com collects the following general categories of data:
Information provided directly by the user
When the user uses the www.hotelportaromanamilan.com site, he provides a series of information, which is necessary for the adequate analysis of requests and consequent provision of services, and allows him to act in accordance with legal obligations. Without these data, the data controller, the manager and the persons in charge may not be able to provide all the services requested.
It should be borne in mind that mainly the above data coincide with the data requested in the contact form or comments on the posts. By way of example, this may include:
- Profile data (name, surname, date and place of birth, social security number, address, telephone number and profile picture …).
- Authentication information (eg. A photo of the identity document, passport or driving license …) or other authentication information.
- Payment information (e.g. bank account details or credit card data …) to facilitate payment processing.
Communications with the staff in charge of data collection and processing, with whom the data provided by the User in communications is collected.
The user, in communicating with the data controller, the manager and the persons in charge, can choose to provide additional personal data to improve the experience and services. Such additional data will be processed on the consent of the interested party, where applicable.
By way of example, this may include:
- Additional profile data.
- Address book contact data.
- Other information (e.g. responses to surveys, participation in forums, communication with service personnel, comments).
- Location information.
- Information on the use and satisfaction of the site and services.
- Log data and information on the devices used.
Information relating to Payment Services
Place of storage
The Data is processed on the server and at the owner’s operating offices and in any other place where the parties involved in the processing are located, except for data collected with cookies set by third parties / marketing / monitoring / profiling cookies, for to which reference is made to the next paragraph. This site uses an Aruba hosting provider service that allows us to make the website accessible. Therefore, the user’s data will also be hosted on the hosting provider’s data center, which will operate as a third party.
The Data are processed and stored for as long as necessary for the purposes for which they were collected and in any case for a period not less than the duration connected to the navigation times of the site or contact with the site, and to the statistical surveys connected to it. The consent to the processing can be revoked at any time, as explained in paragraph VII.
COOKIES- PLUGIN- SOCIAL NETWORK
The following are the types of cookies mostly used in the web site:
Strictly necessary cookies: for example authentication cookies, used to know if the user has logged in to the site or not.
Preference cookies: stores the preferences set by users such as account name, language, location and if the user has chosen to view the mobile version of a site.
Statistical cookies: collects information on how users interact with the website, including the pages that are visited the most, as well as other analytical data. These details are used to improve the performance of the website functions.
A plugin, by way of example, is a non-autonomous program, which interacts with another program to expand or extend its original functionality. This site also incorporates plugins and / or buttons from sites and social networks, in order to allow easy sharing of content on said sites and on the user’s favorite social networks.
The collection and use of information obtained through the plugin are governed by the respective privacy policies of the programs and social networks, to which please refer. By way of example, some of the plugins used on our site are reported: Akismet, Worfence, WP Super Cache, Contact Form 7.
Google Inc. Services
Third party services are also used on this site and in particular services of Google Inc .. These include Analytics, Search Console, Tag Manager, Google reCAPTCHA.
A titolo descrittivo trattasi di:
GOOGLE SEARCH CONSOLE
GOOGLE TAG MANAGER
This site uses the Google reCAPTCHA service, aimed at preventing or discouraging the sending of comments or spam messages by users or spambots.
PURPOSE OF THE TREATMENT
- Provide the requested services and manage customer relations. The provision of personal data is mandatory and refusal to provide them makes it impossible to carry out what is requested;
- Fulfill the requirements dictated by national and community regulations;
- For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime.
The aforementioned information is treated on the basis of the legitimate interests of the owner.
The personal data collected for the aforementioned purposes could also be processed to carry out activities functional to the promotion and sale of products through the site, to carry out market and customer satisfaction surveys: the provision of data for these purposes is optional and for processing consent is required for such data.
By granting consent to the processing for marketing purposes, the interested party specifically takes note of these promotional, commercial and marketing purposes in the broad sense of the processing (including the consequent management and administrative activities) and expressly authorizes them, once consent has been given on the basis of the procedures envisaged, pursuant to the EU Regulation.
We inform you specifically and separately, as required by art. 21 of the EU Regulation, that if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes and that if the data subject objects to the processing for direct marketing purposes, personal data can no longer be processed for these purposes.
TRANSFER OF DATA TO NON-EU COUNTRIES
This site, as already clarified above, may share some of the data collected with services located outside the European Union area (example with Google, Facebook, through social plugins and the Google Analytics service). The transfer is authorized on the basis of specific decisions of the European Union for which no further consent is required.
Pursuant to the European Regulation 679/2016 (GDPR) and in compliance with the provisions of Legislative Decree Privacy n. 101/2018, the user can, according to the methods and within the limits established by current legislation, exercise the following rights:
request confirmation of the existence of personal data concerning him (right of access);
have information about the logic, methods and purposes of the processing;
request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
in cases of consent-based processing, receive only the cost of any support, its data provided to the owner and held by it, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
the right to lodge a complaint with the Privacy Guarantor or the judicial authority;
pursuant to art. 2- terdecies of the Privacy Decree n. 101/2018, all rights (Article 15 to 22 of the EU Regulation) referring to personal data concerning deceased persons, can be exercised by those who have an interest of their own or act to protect the interested party, as their agent, or for reasons of family members worthy of protection
as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the data controller.
In the event that the data are processed on the basis of legitimate interests, the rights of the data subjects are guaranteed (except the right to portability which is not provided for by the regulations), in particular the right to object to the processing that can be exercised by sending a request to the data controller. It is possible to object to the processing of your personal data:
- for legitimate reasons;
- (without the need to justify the opposition) when the data are processed for commercial or marketing purposes.
All without prejudice to the limitations on the rights of the interested parties referred to in art. 2- undecies and 2-duodecies of Legislative Decree n. 101/2018.
If the user believes that his or her rights regarding the protection of personal data have been violated, he can lodge a complaint with the Privacy Guarantor pursuant to art. 77 of the Regulation and art. 141 of the code regarding the protection of personal data or to appeal to the Judicial Authority pursuant to art. 78 and 79 of the EU Regulation and pursuant to art. 152 et seq. code regarding the protection of personal data.
In the event of PERSONAL DATA BREACH (DATA BREACH), i.e. a security breach that involves – accidentally or illegally – the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed, the data controller without undue delay and, where possible, within 72 hours from the moment in which he became aware of it, will notify the violation to the Guarantor for the protection of personal data unless it is unlikely that the data violation personal data poses a risk to the rights and freedoms of individuals.
The data controller who becomes aware of a possible violation is required to promptly inform the owner so that he can take action.
If the violation involves a high risk for people’s rights, the owner will communicate the violation to all interested parties, using the most suitable channels, unless it has already taken measures to reduce its impact. The data controller, regardless of the notification to the Guarantor, will document all violations of personal data, for example by preparing a specific register. This documentation will allow the Authority to carry out any checks on compliance with the legislation.
Only personal data breaches that can have significant adverse effects on individuals, resulting in physical, material or immaterial harm, should be reported.
The notification will contain the information provided for in art. 33, par. 3 of Regulation (EU) 2016/679 and indicated in the annex to the Provision of the Guarantor of 30 July 2019 on the notification of personal data violations (web doc. No. 9126951).
SECURITY OF THE DATA PROVIDED
In any case, it should be noted that this site processes user data in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of the data. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
In addition to the owner, as already specified above, in some cases, categories of employees involved in the organization of the site (administrative, marketing, commercial, legal, system administrators) or external subjects such as (as service providers) will have access to the data. third party technicians, postal couriers, hosting providers, IT companies, communication agencies).
Last updated: 21/09/2022