WHY PROVIDE THIS INFORMATION?
Within the meaning of EU Regulation 2016/679 (hereinafter "the Regulation"), this page describes the processing of personal data of users who consult hotelbaglioni.it.
This information does not relate to other sites, pages or online services accessible via hypertext links published on the website but related to resources outside the domain hotelbaglioni.it.
DATA CONTROLLER
After visiting the websites listed above, data relating to identified or identifiable physical persons may be processed.
The Data Controller is Compagnia Italiana Alberghi C.I.A. S.p.a. with registered office in Piazza dell’Unità Italiana 6, Florence.
Data Controller’s Contact Email: privacy@hotelbaglioni.it.
DATA PROTECTION MANAGER
Compagnia Italiana Alberghi C.I.A. S.p.a. does not require the Data Protection Manager within the meaning of Article 37 of EU Regulation 679/2016.
PURPOSE, LEGAL BASIS AND COMPULSORY OR OPTIONAL NATURE OF THE PROCESSING
- Purposes related to the execution of a contract to which the data subject is party (e.g. purchase of services), or to the implementation of pre-contractual measures adopted at the request of the data subject (e.g.: Contact Request via messages sent to the contact addresses referred to on this website, etc.);
- purpose of statistical analyses on anonymous data, therefore with no possibility of identifying the user, aimed at measuring the functioning of the Website, to measure traffic and evaluate usability and interest;
- purposes relating to the fulfilment of a legal obligation to which the Compagnia Italiana Alberghi C.I.A. S.p.a. is subject;
- purposes necessary to ascertain, exercise or defend a right in judicial proceedings or whenever the judicial authorities exercise their judicial functions;
- subscription to the newsletter service;
- sending of commercial communications.
The legal basis of the processing of personal data for the purposes referred to in point a) is the service supply contract or the execution of pre-contractual measures. The processing of personal data by the data controller for the purposes referred to in point a) does not require the consent of the data subject within the meaning of the applicable legislation.
The purpose referred to in point b) does not involve the processing of personal data.
The data processing aimed at the achievement of the purposes referred to in points c) and d) represent a legitimate activity insofar as is necessary to fulfil the legal obligations to which the data controller is subject or to exercise the right of defence in court.
To achieve the purposes referred to in point e) the data controller bases the data processing on the consent of the data subject.
To achieve the purposes referred to in point f) the data controller bases the data processing on the consent of the data subject.
With the exception of the browsing data necessary for carrying out IT and electronic protocols, the provision of personal data by the users through the various methods made available is free and optional.
In particular with regard to the purposes referred to in point a) the provision of personal data is optional, but failure to do so could make it impossible to supply the service and/or to respond to the requests received.
With regard to the purposes referred to in point e) the provision of personal data is optional, however, in the absence of the requested data and/or of the consent of the interested party, the same may not receive our newsletter.
With regard to the purposes referred to in point f) the provision of personal data is optional, however, failure by the data subject to provide the requested data and/or their consent may result in not receiving our newsletter.
TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING
Web browsing data
In normal operation, the computer systems and software procedures involved in the operation of this website acquire some personal data which is implicitly transmitted when using Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (completed, error, etc.) and other parameters related to the user’s operating system and computer environment.
This data is necessary for the use of the web services, they are also processed to:
- obtain statistical information on the use of the services (most visited pages, number of visitors by time or by day, geographical areas of origin, etc.);
- check the correct operation of the services offered.
Browsing data is not kept for more than seven days and is immediately deleted after aggregation (subject to any requirement to investigate offences by the judicial authority).
The data communicated by the user
The optional, explicit and voluntary sending of messages to contact addresses of Compagnia Italiana Alberghi C.I.A. S.p.a., as well as filling out and submitting the forms on the website hotelbaglioni.it, involve the acquisition of personal data of the data subject (required to deliver the service of selling products, responding to the requests of the data subjects, etc.) as well as all the personal data included in the communications.
Specific information will be published on the website hotelbaglioni.it prepared for the provision of certain services.
Cookies and other tracking systems
Compagnia Italiana Alberghi C.I.A. S.p.a. collects personal data through cookies. More information about the use of cookies and related technologies is available via the link at the bottom of this website ("Cookie Policy").
PERSONAL DATA PROCESSING PROCEDURES
The data collected is processed with IT tools and only residually on paper.
The Data Controller uses servers located within Europe and IT systems located at the Data Controller’s headquarters to process the data related to the services of the website. The transfer of data abroad is not envisaged.
Appropriate technical and organisational measures have been adopted to guarantee an appropriate level of security and to prevent the loss of data, illicit or incorrect use and unauthorised access.
The data provided directly by the data subject is kept for the time strictly necessary to process the data subject's requests and then deleted, except in the cases of the purchase of products (for which the data will be kept for the duration of the relationship and according to the requirements of the law), subscribing to the newsletter service (for which the data will be kept until consent is withdrawn) and for defensive needs (which could make further preservation necessary).
Browsing data is not kept for more than seven days and is immediately deleted after aggregation (subject to any requirement to investigate offences by the judicial authority).
DATA RECIPIENTS
The data subject’s data may be communicated or may become known to the employees or collaborators of our company, expressly designated by us as “authorised to process data" and/or appointed "external processing manager". The provider of web platform development and maintenance services appointed by Compagnia Italiana Alberghi C.I.A. S.p.a. is, by way of non-limiting example, the recipient of the data collected following consultation of the website hotelbaglioni.it within the meaning of Article 28 of the Regulation, as external processing manager.
DATA SUBJECT'S RIGHTS
Data subjects have the right to obtain from Compagnia Italiana Alberghi C.I.A. S.p.a., in the cases provided for, access to personal data and the correction or cancellation of such data or restrict any processing that concerns them or oppose the processing and the portability of data (Articles 15 et seq. of the Regulation).
Requests should be sent to privacy@hotelbaglioni.it.
RIGHT OF COMPLAINT
Data subjects who believe that the processing of the personal data related to them carried out via this website takes place in breach of the requirements of the Regulation have the right to submit a complaint to the Data Protection Authority, as laid down in Article 77 of the same Regulation, or to complain to the appropriate courts (Article 79 of Regulation).
