Privacy Notice Data ProcessingInformation document article 13 EU Reg. 2016/679 - GDPRSubject: Information for processing of personal data collected from the data subject through the website
In compliance with the provisions of EU Regulation 2016/679 (European Regulation for the protection of personal data), we provide you with the necessary information regarding the processing of personal data provided. This notice pertains to the website www.rabay.it and should not be considered valid for other websites that may be accessed through links on the owner's domain websites, for which the owner cannot be held responsible in any way for third-party websites. This notice is provided in accordance with Article 13 of EU Regulation 2016/679 (European Regulation for the protection of personal data) and also complies with the provisions of Directive 2002/58/EC, as amended by Directive 2009/136/EC, regarding Cookies, as well as the provisions of the Decision of the Guarantor Authority for the protection of personal data of 08.05.2014 concerning cookies.
1 - DATA PROCESSING ENTITIES
DATA CONTROLLER, pursuant to Articles 4 and 24 of EU Regulation 2016/679, is HOTEL RABAY with registered office at Via A. Vespucci, 89 - 37010 Brenzone (VR) hereinafter referred to as the "Controller".
2 - PURPOSES AND LAWFULNESS OF PROCESSING
The personal data provided will be processed in compliance with the lawfulness conditions pursuant to Article 6 of EU Regulation 2016/679 for the following purposes: Management of data processing related to (Article 6 letter b):- browsing on this website;- possible completion of data collection forms for sending an information request to the data controller;- compliance with current administrative, accounting, and tax obligations, as well as to comply with laws and regulations. For the purpose of applying the provisions on personal data protection, the processing carried out for administrative-accounting purposes are those connected to the performance of organizational, administrative, financial, and accounting activities, regardless of the nature of the data processed.
The personal data voluntarily and optionally provided by users who submit requests to receive information about the hotel services (prices, availability, rooms, etc.), subscribe to the newsletter, make online reservations, or simply submit job applications by sending resumes in electronic format, are used solely to perform the requested service or task and are not disclosed to third parties unless such disclosure is required by law or is strictly relevant and necessary to fulfill the requests.
3 - BROWSING DATA
Like all websites, this website also uses log files in which information collected automatically during user visits is stored. The collected information may include the following:- Internet Protocol (IP) address;- type of browser and device parameters used to connect to the website;- name of the Internet Service Provider (ISP);- date and time of visit;- referring webpage of the visitor (referral) and exit page;- possibly the number of clicks.
These are pieces of information that are not collected to be associated with identified individuals, but which, by their very nature, could, through processing and association with data held by third parties, allow for the identification of users.
4 - USER-PROVIDED DATA
The optional, explicit, and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender's email address, which is necessary to respond to the requests, as well as any other personal data entered in the message.
5 - RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
The personal data provided via email contacts or through any voluntarily submitted resume to the controller may be disclosed to recipients who will process the data as data processors and/or as individuals acting under the authority of the Controller, in order to fulfill contracts or related purposes.
Specifically, the data may be disclosed to recipients belonging to the following categories:- Entities providing services for the management of the information system and communication networks of HOTEL RABAY (including email);- Studies or Companies within the scope of assistance and consultancy relationships;- Competent authorities for compliance with legal obligations and/or orders from public authorities, upon request;- In case of administrative-accounting purposes, the data may be transmitted to commercial information companies for the assessment of solvency and payment habits and/or to entities for debt collection purposes.- In the case of a spontaneous application, your data will be stored at our headquarters and will be communicated exclusively to the competent parties for the provision of necessary services, ensuring the protection of the data subject's rights. Your data will be processed solely by personnel expressly authorized by the Controller, particularly by the following categories of appointed individuals: Management and Administration of HOTEL RABAY with functions of System Administrator and Personnel Management and Administration.
The individuals belonging to the aforementioned categories either act as Data Processors or operate independently as separate Data Controllers.
6 - DATA CONTROLLER
The data collected from the website is processed at the Data Controller's headquarters and at the web hosting data center. The web hosting service, which is responsible for data processing and processes data on behalf of the controller, is located in the European Economic Area and operates in compliance with European regulations. The list of appointed Data Processors is regularly updated and available at the headquarters of ATESSA SRL.
7 - TRANSFER OF DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION
The personal data provided will not be transferred abroad within or outside the European Union.
8 - STORAGE PERIOD AND CRITERIA
The processing will be carried out in an automated and/or manual manner, using methods and tools aimed at ensuring maximum security and confidentiality, by specifically authorized individuals. In compliance with Article 5(1)(e) of EU Regulation 2016/679, the personal data collected will be stored in a form that allows the identification of data subjects for a period not exceeding the achievement of the purposes for which the personal data is processed. To learn about the criteria underlying the data retention period, please email
9 - NATURE OF THE PROVISION AND REFUSAL
In addition to what is specified for browsing data, the user is free to provide personal data in dedicated areas on the website. The provision of personal data for the purposes outlined in this information document is necessary to complete specific functionalities and avail oneself of the services offered to the Data Controller, for example, to receive a response to an information request submitted. Failure to provide personal data may result in the inability to obtain the requested service or to avail oneself of the services offered by the website.
10 - RIGHTS OF THE DATA SUBJECTS
You may assert your rights as expressed in Articles 15 – right of access, 16 - right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 right to object to automated decision-making under GDPR 679/16 of EU Regulation 2016/679, by contacting the Data Controller, writing to the address
You have the right, at any time, to request from the Data Controller access to your personal data, rectification, erasure, and restriction of processing.
Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g., profiling) as well as to the portability of your data.
Without prejudice to any other administrative and judicial remedy, if you believe that the processing of data concerning you violates the provisions of EU Regulation 2016/679, pursuant to Article 15 letter f) of the aforementioned EU Regulation 2016/679,
You have the right to lodge a complaint with the Data Protection Authority and, with reference to Article 6(1)(a) and Article 9(2)(a), you have the right to withdraw your consent at any time. Link to the Privacy
Authority's website:http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
In the event of a request for data portability, the Data Controller will provide you with the personal data concerning you in a structured, commonly used, and machine-readable format, subject to paragraphs 3 and 4 of Article 20 of EU Regulation 2016/679.
