This Application collects some Personal Data from its Users.
Personal Data: Trackers; Usage Data
Personal Data: Cookies; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); Usage Data
Personal Data: Cookies; Usage Data
Personal Data: Cookies; Usage Data
Personal Data: Usage Data; various types of Data as specified in the privacy policy of the service
Personal Data: Cookies; Usage Data
Personal Data: Usage Data
Personal Data: Cookies; Usage Data
Personal Data: Cookies; Usage Data
Personal Data: Cookies; email address
Personal Data: Cookies; Usage Data
Personal Data: Usage Data
In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.
The European Regulation on the protection of personal data (GDPR) in Articles 13 and 14, paragraphs 1, sets the obligation to inform the interested party, in case of direct and indirect collection of his data, on the fundamental elements of the data processing.
The undersigned company fully fulfills it by informing you that:
THE DATA CONTROLLER is the company EREMITO S.R.L., VAT number 10569171001, with registered office in Rome, Via Maria Adelaide, 8, and operational headquarters in Parrano (TR), Località Tarina, 2.
PEC: tarina@legalmail.it
PHONE NUMBER: 0763/891010
EMAIL: info@eremito.com
PURPOSE OF DATA PROCESSING
The personal data collected by the Data Controller will be processed for the following purposes:
to acquire and confirm your reservation of accommodation services and ancillary services and to provide the requested services;
to fulfill the obligation provided by the "Consolidated Law on Public Security Laws" (art. 109 RD 18.6.1931 n. 773) which requires us to communicate to the Police Headquarters, for public security purposes, the particulars of customers lodged according to the procedures established by the Ministry of the Interior (Decree 7 January 2013).
to fulfill current administrative, accounting and tax obligations
to speed up the registration procedures in case of subsequent stays at our facility
to carry out the function of receiving messages and phone calls addressed to you during your stay;
for marketing purposes (sending promotional messages and updates on rates and offers, newsletters)
LEGAL BASIS OF THE DATA PROCESSING
The data will be processed in strict compliance with the law, according to the principles of lawfulness and correctness and in compliance with the right to privacy. The data will be processed on the basis of:
pre-contractual and contractual obligations: purposes n.1. Since these are necessary for the definition of the contractual agreement and for its subsequent implementation, its consent is generally not required. In case of refusal to provide personal data, we will not be able to confirm the booking or provide the requested services
legal obligations: purposes n.2 and 3. Data processing is carried out without the need to acquire your consent. In case of refusal to provide the data necessary for the indicated obligations we will not be able to provide the requested services.
manifestation of consent: purpose No. 4, 5 and 6.
DATA CATEGORY
The categories of processed personal data are:
identification and personal data (eg name, surname, fiscal code, company name)
contact information (eg address, telephone, e-mail)
bank details (credit and debit card details provided as guarantee and / or balance)
data concerning the stay
data concerning health conditions (handicaps, food intolerances, tissue allergies)
data concerning phone calls
METHOD OF DATA PROCESSING
The processing will be carried out in automated and manual way, in compliance with the provisions of art. 32 of the GDPR 2016/679 and in particular:
through operations that will allow the collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, use, communication, cancellation and destruction of data .
Through the use of electronic or in any case automated instruments that allow the storage, management and transmission of data, but always configured in order to guarantee maximum confidentiality and the necessary protection.
Through the use of documents on paper support with the preparation of suitable custody measures that preclude knowledge of subjects without authorization.
Personal data is provided directly by the data subject to the data controller or collected through other subjects such as:
OTA (Online Travel Agency) such as, for example, Booking.com, Expedia.com, Design Hotel etc.
For online bookings through the institutional website, the owner company uses the booking engine of third parties appointed as managers pursuant to art. 28 GDPR.
DATA COMMUNICATION
Personal data may be transferred and processed by other subjects, as authorized, responsible or data processing owners, in order to comply with pre-contractual, contractual, legal obligations.
Categories of recipients could therefore be, purely indicatively:
Appointees
System administrators
Accounting consultants
Legal consultants
Banks and credit institutions
Insurance institutions
Service company for hotel infrastructure maintenance
Company providing internet services and electronic mail
Companies that own the booking engine
Police Headquarters
Commercial partners of Eremito s.r.l. to whom it communicates the data exclusively to process online reservations, including Design Hotels AG through the Synxis system
DATA STORAGE
Your personal data will be kept by the Data Controller for the time strictly necessary for the execution of the activities related to the purposes referred to in this information notice. In this case, the storage times will be:
10 years (as required by civil law obligations)
3 months from the date of check-out for credit card data
3 years from the last check-out for personal, particular data related to the stay, for marketing, unless otherwise indicated by the interested party.
The data sent to the police station are canceled after being sent. The digital sending receipts are kept for 5 years.
Without prejudice, in any case, to longer storage periods if required by specific sector regulations.
Rights of the interested party
As interested party and in relation to the data processing described in this Notice, the customer has the rights referred to in articles 7, 15 to 21 and 77 of the GDPR and, in particular, the:
right of access - article 15 GDPR: right to obtain confirmation that a processing of personal data concerning the Customer is in progress and, in this case, to gain access to such personal data, including a copy of the same;
right of amendment - article 16 GDPR: the right to obtain, without unjustified delay, the amendment of inaccurate personal data concerning the Customer and / or the integration of incomplete personal data;
right to cancellation (right to oblivion) - article 17 GDPR: the right to obtain, without unjustified delay, the deletion of personal data concerning the Customer;
right to limitation of data processing - article 18 GDPR: the right to obtain the limitation of the processing, when: the interested party disputes the accuracy of the personal data, for the period necessary for the Owner to verify the accuracy of such data; the processing is unlawful and the interested party objects to the deletion of personal data and instead requests that its use be limited; personal data are necessary for the interested party to ascertain, exercise or defend a right in court; the Data Subject has opposed the processing pursuant to art. 21 GDPR, in the waiting period of the verification regarding the possible prevalence of legitimate reasons of the Data Controller with respect to those of the Interested Party;
right to data portability - article 20 GDPR: the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning the Customer provided to the Owner and the right to transmit them to another Owner without impediments, if the data processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that the personal data of the Customer are transmitted directly to another Owner if this is technically feasible;
right to object - Article 21 GDPR: the right to object, at any time for reasons connected to his particular situation, to the processing of personal data concerning the User based on the condition of lawfulness of the legitimate interest or execution of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue processing that prevails over the interests, rights and freedoms of the Data Subject or for the assessment, exercise or defense of a right in court. In addition, the right to object to the processing at any time if personal data is processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing;
right of revocation - article 7 GDPR: the Customer has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to revocation;
right to complain - article 77 GDPR: the Customer has the right to complain to the Guarantor Authority for the protection of personal data, sending a registered letter with return receipt to the address: Piazza Venezia n. 11, 00187 ROME; or a certified e-mail message addressed toatrogetto@pec.gpdp.it.
The Customer may at any time exercise his rights by sending a registered letter with return receipt. to: EREMITO S.R.L., with registered office in Rome, Via Maria Adelaide, 8, or a pec to: tarina@legalmail.it
Nature of the provision
The communication of your data is a necessary requirement for the conclusion of the contract, therefore your refusal to communicate the data will make it impossible to fulfill the contract.
With regard to the purposes of the processing for which your consent is required, the refusal will not affect the obligations assumed.
Transfer of data to a third country or international organization
Some of our external service providers (eg the company that owns the Synsix booking engine) are based outside the European Economic Area (EEA), so their processing of personal data will result in data transfer outside the EEA. Whenever we transfer personal data outside the EEA, the company owner secures a similar level of protection by ensuring that at least one of the following guarantees is implemented:
where we use service providers, we may use specific contracts approved by the European Commission or the United Kingdom Information Commissioner which provide personal data with the same protection as in Europe;
where we use suppliers based in the United States, we can transfer their data if they are part of the privacy shield that requires them to provide similar protection to personal data shared between Europe and the United States.
Online bookings are made through the institutional website, the company owner uses Sabre's Synsix platform GLBL Inc, which acts as data controller and adheres to the Privacy Shield agreement that regulates the transfer of personal data between the European Union and the US .
A non-EU data transfer is therefore configured, covered by adequate guarantees.
Data dissemination and profiling
Your personal data are not subject to dissemination, nor to any automated decision-making process, including profiling.
In the case of indirect data collection pursuant to art. 14 GDPR:
The controller provides the information referred to in paragraphs 1 and 2:
within a reasonable time from obtaining personal data, but at the latest within a month, in consideration of the specific circumstances in which personal data are processed;
in the event that the personal data are intended for communication with the interested party, at the latest at the time of the first communication to the interested party; or
in case of communication to another recipient, not later than the first communication of personal data.
This information is accompanied by a special "form" which you will find on arrival at the facility. You will also find consent to the processing of your data in the online registration via our website on accommodation availability request.
Località Tarina 2 – 05010 Parrano (Terni) – P.IVA 10569141004
Owner contact email: info@eremito.com