This policy fully describes the practices we have adopted.
This page describes the methods for managing the referred website with reference to the processing of personal data of users consulting it.
The processing is always based on the principles of lawfulness and correctness, in compliance with all the laws in force, and appropriate data protection and data security measures are adopted.
The policy is also issued pursuant to Recommendation No 2/2001 adopted by the Working Group established pursuant to Art. 29 of Directive No 95/46/CE to anyone interacting with the web services of this website, for the purpose of the protection of personal data, accessible on-line at the address: www.ipi-spa.com
This policy fully describes the practices we have adopted.
WHAT PERSONAL INFORMATION WE COLLECT
As the IPI group, the personal information we collect includes:
- Your name and surname, your e-mail address, telephone number and home address;
- The data concerning your credit card (card number, name on the card, expiry date and CVC code);
- Information on your travels, including the departure or arrival dates, special requests and preferences in relation to the services offered (preferences for rooms, services and other);
- Information you provide in relation to your marketing preferences and promotional offers
- Collected at your property:
we also collect personal information during your registration/check-in at our hotel, including any information required by local laws.
- Events profiles:
if you plan to organise an event with us, we will record the specific information on the event or meeting, the date, number of guests, details of the rooms for the guests and, for business events, information on your organisation (name, annual budget, number of events sponsored every year). We also collect information on the guests in your group or participating in your event. If you visit us as part of a group, we may request your personal information from the group and we may send you commercial information with your express consent after your stay with the group or your participation in an event. If you visit us during an event, we may share your personal information with the event organisers. If you are an event organiser, we may also share the information on your event with third party service providers who may send you commercial information on services for events.
- Social media: if you choose to participate in offers or activities on social media sponsored by the companies of the IPI group, we may collect some information from your social media profiles, consistently with your social media settings, for example your position, check-in, activities, interests, photos, status updates and friends.
We may also allow you to participate in competitions, submitting photos, such as those taken during your stay with us, which you may share with your contacts on social media to receive votes, shared offers and other promotions.
- Information we collect from third parties
We may also collect information about you from third parties, including information from our partners (travel agencies, airlines, payment cards) and from other partners, or social media services, consistently with your settings on these services; and from third party sources.
- Information we collect automatically:
When you use our website, we automatically collect information, some of which may be personal data. For example: language settings, IP address, position, device settings, device operating system, log-in information, usage times, the URL requested, status reports, user agents (such as information on the browser version), browsing history, the result (visit or booking), the user’s booking code, the type of information viewed. We may also collect data automatically via cookies.
Data may also be used to ascertain responsibility in the case of hypothetical data processing crimes to the detriment of the website.
PURPOSE, LEGAL BASIS AND LAWFULNESS OF THE PROCESSING
The data processing has the following purposes:
- to manage customer relations (bookings management, issue of invoices, quotations), for any contractual obligations. The personal data may be disclosed to subsidiaries and/or associated companies and/or companies belonging to the same group as the Company, as well as to any persons, companies or professional firms providing services and assistance or consulting services to the Company for the purposes indicated on a case-by-case basis in the specific privacy policies, and will not be used by the company for other purposes;
- to meet any legal obligations, particularly accounting and fiscal obligations;
- to manage disputes;
Relating to the service:
- to send promotional offers on our services and updates on prices and offers available as well as to send wishes by ordinary post, fax or e-mail;
- to implement the hotel services, including the external communication of data relating to your stay, exclusively for the receipt of objects, messages and phone calls for you.
- with your written consent, to process any so-called sensitive data provided voluntarily by you, to offer a better level of hospitality at our hotel.
With your express consent herein, we may use your e-mail address to send you our newsletters and our best wishes for the festivities.
- As regards the purposes indicated in point 2 a), we base our actions on the implementation of a contract; the use of your data may be necessary for the performance of the contract between us. For example, if you use our services to make a booking online, we will use your data to fulfil our obligation to complete and manage the booking, by virtue of the contract in place between us.
- As regards the purposes indicated in point 2 b) and c), we base our actions on legitimate interests: we use your information for our legitimate interests, and for administrative and legal purposes and to identify fraud. When we use the personal data for our legitimate interests, we will always balance your rights and interests in relation to the protection of your personal data with our own rights and interests.
- Depending on the purpose our processing is based on, where possible we will also comply with our obligation to comply with the laws in force.
IDENTITY AND CONTACT DATA
This website is managed by the Controller, identified in the owner and legal representative pro-tempore of the company IPI S.p.A, Via Nizza 262/59, Turin postcode 10126 e-mail email@example.com
The Controller guarantees the security, confidentiality and protection of the data in his possession, in all phases of the data processing.
The Processor, whom you may contact to exercise the rights laid down in Art. 12 and/or for any clarifications regarding the protection of personal data, may be contacted at the address: firstname.lastname@example.org
The data collected are used in compliance with the privacy laws in force (GDPR 679/2016).
PLACE OF PROCESSING
The data processing linked to the web services offered on this website takes place at the headquarters of the Controller, and are handled only by staff appointed specifically for their processing and by the providers of Internet services and hosting/housing services of this website. Furthermore, the processing is managed exclusively by technical staff of the Office in charge of processing, or by any other persons appointed to occasional maintenance services, under the strict control of the Controller.
NATURE OF THE PROVISION OF DATA
For the purposes referred to in point 2), for booking a hotel stay, the provision of data is mandatory and failure to provide such information may lead to the impossibility to meet any requests. For the purposes referred to in point 2a) the provision of data is optional and will not prevent the provision of the requested service (hotel stay).
REFUSAL TO PROVIDE DATA
The data subject may refuse to provide their navigation data to the Controller. To do this, they must disable them by following the instructions given by the browser being used.
RECIPIENTS OF THE DATA
The data processed shall not be disclosed, sold or exchanged with third parties without the express consent of the data subject. The scope of the communication of data is limited exclusively to persons responsible for the performance of contractual operations and the compliance with legal obligations. The data may therefore be disclosed to third parties in the following categories:
- persons providing services for the management of the IT system;
- companies or firms providing assistance and consulting services;
- administrations, competent local and public authorities, for the fulfilment of legal obligations and/or orders issued by public bodies;
- companies in the Group and/or the network of businesses or private individuals directly involved in the performance of the services or who have a legal right to know the data.
In any event, only such data as are necessary and relevant to the purposes of the processing for which they are intended are disclosed to the above parties.
OPTIONAL DATA PROVISION
Apart from what is specified for navigation data, users are free to provide their personal data in the forms present on the website (web forms) or to request the sending of newsletters, information material, commercial offers or other communications. Failure to provide such information may lead to the impossibility to meet any requests.
(Add other search engines for booking sales used with legal data, e.g. TRIVAGO etc.)
- Competent authorities: we disclose your personal data to the police forces and other government authorities when required by law, or when absolutely necessary to identify, prevent and take legal action against fraud or other offences.
The IPI Group adopts specific procedures to prevent unauthorised access and improper use of data. We use specific sector systems and procedures to safeguard the personal data you provide us. We also adopt security procedures and technical and physical restrictions to prevent access to and use of the personal data stored on our servers. Only authorised staff may access the personal data in the performance of their work.
The Controller does not transfer any personal data to third countries or international organisations.
WITHDRAWAL OF CONSENT
With reference to Art.23 of Italian Legislative Decree (D.Lgs.) 196/2003 and Art. 6 of the GDPR 679/16, data subjects may withdraw their consent at any time.
RIGHTS OF THE DATA SUBJECTS
We want you to have control over how we use your personal data. You can do this in any of the following ways:
- you can ask us for a copy of your personal data in our possession;
- you can tell us of any changes to your personal data or can ask us to correct any of your information in our possession;
- in specific situations, you can ask us to delete, block or restrict the processing of your personal data in our possession, or object to particular ways in which we are using your personal information;
- in specific situations, you can also ask us to send your personal information in our possession to a third party. Where we use your personal information with your consent, you can ask us to withdraw such consent at any time, in the methods laid down by the legislation in force. Furthermore, where we process your personal data on the basis of legitimate interests or public interests, you have the right at any time to object to the use of your personal information, in the methods laid down by law. We rely on you to ensure that your personal data is complete, accurate and updated. Please promptly inform us of any changes or inaccuracies in your personal information by contacting: email@example.com
We will manage your request in accordance with the legislation in force. Data subjects may exercise their above-described rights with reference to the GDPR 679/2016, Art. 15 “right of access”, Art. 16 “right to rectification”, Art. 17 “right to erasure”, Art. 18 “right to restriction of processing”, Art. 20 “right to portability”, Art. 21 “right to object to the automated decision-making process of the GDPR 679/2016, by writing to the Controller at the following address: …….. Registered office address (street name, town, postcode), e-mail: ………
LODGING A COMPLAINT
Data subjects have the right to lodge a complaint with a supervisory authority in their country of residence.
PRIVACY OF MINORS
DEFENCE IN COURT
The Users’ Personal Data may be used for defence in court by the Controller or during the preparatory phases for legal action against unlawful use of such information or the related services by the User. Following a court summons, court order or other legal proceedings; in order to establish or exercise our rights laid down by law; in our defence in any legal proceedings taken against us or for other purposes required by law. The Users declare that they are aware that the Controller may be required to reveal their Data at the request of the public authorities.
24 May 2018