WHAT IS A PRIVACY POLICY
This page describes the website’s management methods as concerns the handling of the personal data of users visiting it.
This information is provided pursuant to art. 13 of Legislative Decree no. 196/2003 – Code regarding the protection of personal data “Privacy Code” – to those who interact with the web services of Esseallaquarta Alberghi SRL (the “Company”), accessible by internet starting from the address: https://sentho.it/.
Pursuant to said article and the Privacy Code as amended by Legislative Decree 101/2018 et seq., the Company, as Data Controller, informs you that the processing of your personal data, and possibly special categories of personal data (art. 9 Regulations), yours and your minor children’s, provided by you will be processed in a relevant and transparent manner and in compliance with the principles of lawfulness and necessity according to the provisions in force.
THE DATA “CONTROLLER”
Pursuant to Article. 28 of Legislative Decree no. 196/2003, Controller of the Data is the Company registered office at Via G.B. Morgagni, 19 Roma Italy.
THE DATA “PROCESSOR”
Pursuant to Article. 29 of Legislative Decree no. 196/2003, Data Processor is the Company.
PURPOSE OF THE DATA PROCESSING.
The personal data provided voluntarily and optionally by users sending requests for information about the hotel facilities (rates, room availability, etc.) are used for the sole purpose of performing the service or provision requested and are not disclosed to third parties unless disclosure is required by law or is strictly relevant and necessary for the fulfillment of the requests.
In particular, personal data provided voluntarily by the parties concerned by the processing shall be collected and processed, including by electronic means directly and/or through delegated third parties (company for the e-mail service, company hosting the website) for the following purposes:
checking the availability of the requested room against information in the booking form;
to make and confirm the reservation by providing personal identification data and credit card data as a guarantee;
activating eventual promotional and commercial activities pursuant to Art. 130 paragraph 4 of the Legislative Decree 196/2003;
to comply with current administrative, accounting and tax obligations, as well as with laws and regulations;
providing resposes concerning our hotel services (room availability, prices, conference rooms, catering, etc.);
registering in the newsletter to receive periodic commercial or promotional communications;
for action by the Controller in court or in the preliminary stages leading to possible legal action against abuses arising from illicit use of the website or related services by the User;
statistical purposes in anonymous form (to assess the number of visits, etc.).
COMMERCIAL COMMUNICATIONS VIA E-MAIL
The Company reserves the option of sending promotional and commercial e-mails in accordance with Art. 130 paragraph 4 of Legislative Decree no. 196/2003:
“if in the context of a sale of goods or of a service the Data Controller uses the customer’s e-mail address, the same address may be used for sending commercial and promotional material without seeking prior consent, provided the customer is duly informed at every mailing of promotional and marketing material and that he is able easily and freely to exercise the right to discontinue this processing.”
In that case, having received the first promotional message the data subject shall be able to cancel his subscription from the hotel newsletter with a simple click.
Sending these messages is entrusted to a third-party provider of email services.
DATA COMMUNICATION AND DISSEMINATION
Personal data collected from the website in question can be treated only by persons officially appointed and trained in the field of personal data privacy and security.
The contexts for communicating data subjects’ personal data may relate to:
Organizations or Public Offices on the basis of legal and/or contractual obligations; external processors as companies or consultants who carry out those activities for the proper functioning of the site and management of the information acquired through the same on the controller’s behalf; the Postal Police for determining whether any activities may be harmful to the company website; to employees or service-providing companies when the communication is necessary for the person concerned to use the hotel services.
Personal data shall not be disclosed.
NAVIGATION DATA
During their normal operation software applications designed to run this website acquire some personal data whose transmission is implicit in the normal IP protocol of Internet communication.
While it is not collected to be associated directly with the data subjects, by its very nature through processing and subsequent correlation with data held by third parties (providers) this information could allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, the date and time of the request, the URI (Uniform Resource Identifier) of requested resources, the size of the files obtained in reply from the server, the digital code indicating the status of the response from the server (ok, error, etc..) and other parameters regarding the operating system and computer environment.
This data is used only to obtain anonymous statistical information about website usage and to check the site is functioning correctly; they are deleted immediately after processing.
This site may disclose personal data which, if required in accordance with law, may be communicated to the judicial authorities for the purposes of defending the State or the prevention, detection or suppression of crime, serve to ensure the protection of the personal data of data subjects’ enjoying on-line services of the site, for eventual defensive investigations as per Law no. 397 of 7 December 2000, or in any event to assert or defend a legitimate right and interest of the Controller in court while still complying with the principles of relevance and proportionality with respect to the processing’s purpose.
NON-OBLIGATORY NATURE OF THE DATA PROVISION
Unless otherwise specified as concerns navigation data, the user is free to provide personal data to make an on-line reservation.
The advancement of the on-line booking procedure implies the data subject’s consent to the processing of his personal data following the privacy policy of this website.
The possible acquisition of other personal data via dedicated forms (e.g. recording in the newsletter) shall require the data subject’s explicit awareness of the information as authorization for processing his personal data.
Failure to provide the personal information provided by the website may make it impossible to fulfill the request.
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
PROCESSING METHODS
The personal data are processed in paper format and/or by automated tools for the time strictly necessary for the purpose for which they have been collected.
In order to prevent data loss, abuse, incorrect use, and unauthorized access specific security measures are observed.
DATA VOLUNTARILY PROVIDED BY THE USER
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
COOKIES
Cookies are small files stored on your hard drive. This allows easier navigation and makes the site easier to use.
Cookies usually allow access to information already stored on the computer of the person concerned for purposes which may be of a commercial nature (e.g. profiling) or technique (to ensure proper operation of the site visited).
According to Directive 2009/136 / EC no explicit consent shall be required for the use of cookies because only session cookies will be used, or cookies for the proper functioning of the website.
Cookies for transmitting personal information shall not be used, nor the so-called persistent cookies of any kind, that is user tracking systems.
The use of the so-called session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site.
The so-called session cookies used in this website avoid using other computer techniques that potentially impair the confidentiality of user browsing data and which do not allow the user’s personal identification data to be acquired.
DATA SUBJECT RIGHTS
The data subjects have the right, at any time, to obtain confirmation of the existence or non-existence of the data concerned and to be informed of its content and origin, verify its accuracy or request it to be integrated, updated, or corrected (Art. 7 of Legislative Decree no. 196/2003).
Pursuant to the same article, the data subjects have the right to request the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, and in any event, to refuse its processing on legitimate grounds.
Requests should be addressed to the Company Controller of the personal data.
Below are the data subject’s rights in full.
Art. 7 – Right to access personal data and other rights
The data subject has the right to obtain confirmation of the existence or not of any personal data concerning him, even though not yet recorded, and to have them communicated in an intelligible form.
2. The data subject has the right to obtain the following information:
a) the source of the personal details;
b) the purposes and procedures of the processing;
c) the logic applied in case of processing with electronic instruments;
d) the identity details of the controller, processors, and designated representative in the meaning of Article 5, paragraph 2;
e) of the parties or categories of parties to whom the personal data may be communicated, or who can come to know them as appointed representatives in the territory of the State or as managers or employees.
3. The data subject has the right to obtain:
a) the updating, editing or, when he has an interest, the integration of the data;
b) the deletion, anonymisation, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it has been collected or subsequently processed
c) certification that the operations under letters a) and b) have been notified, including as concerns their content, to the persons to whom the data have been communicated or disseminated, except where such performance proves to be impossible or entails an employment of resources obviously out of all proportion to the right protected.
The data subject has the right to object, in whole or in part:
a) on legitimate grounds to the processing of personal data concerning him, even if pertinent for the purposes for which they have been collected ;
b) to the processing of personal data concerning him for the purposes of sending advertising material, direct sales, for carrying out market research or commercial communications.
DATA RETENTION
In observance of the proportionality and necessity principles, the data shall not be retained for longer than is strictly necessary for the purposes stated above, thus for the service offered or compliance with specific laws
RIGHTS REGARDING DECEASED PERSONS
In the hypotheses provided for in Articles 15 to 22 of the Regulation referring to personal data of deceased persons, the rights may be exercised by those who have a direct interest or are acting to protect the data subject in their capacity as authorized representative, or for family reasons deserving protection. The requests shall be directed to the Data Controller.