Privacy disclaimer
INFORMATION
PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679
Data Subjects: Website visitors and service users.
“MAXIMILIAN’S HOTELS S.R.L.”, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter “GDPR,” hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data, and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and protection of your privacy and rights. To pursue its purposes related to the management of the relationship, the Data Controller needs to acquire personal data such as, by way of example, your first and last name, telephone or mobile number, email address, and tax code. Your personal data will be processed in accordance with the legislative provisions referred to above and the confidentiality obligations therein established.
Purpose of the processing: Service provision: Your data will be processed to respond to any requests submitted through the forms available on the website or through requests received via email.
Legal basis: The legal basis of the processing is contractual in nature, insofar as the processing of data is required in connection with a request for information and the subsequent response.
Consequences of failure to provide data: The processing of data necessary to fulfil such obligations is required for the proper management of the relationship, and providing such data is mandatory for the purposes indicated above. The Data Controller also informs you that failure to provide, or the provision of incorrect, mandatory information may make it impossible for the Data Controller to ensure the proper performance of the processing activities.
Processing methods: Processing is carried out using manual and/or electronic and telematic tools, in such a way as to ensure the security, integrity, and confidentiality of the data, in compliance with the organizational, physical, and logical measures required by current regulations, aimed at minimizing the risks of destruction or loss, unauthorized access, modification, or disclosure, in accordance with Articles 6 and 32 of the GDPR.
Recipients:
For the performance of certain activities, or to provide support for the functioning and organization of the business, some data may be disclosed or made available to recipients. These entities fall into the following categories:
Third parties: (disclosure to natural or legal persons, public authorities, services, or any other body other than the data subject, the data controller, the data processor, and individuals authorized to process data), including:
• Companies providing traditional or electronic postal services
• Any other entities to whom data must be communicated for the achievement of the purposes indicated above
Data Processors: (natural or legal persons, public authorities, agencies, or other bodies that process personal data on behalf of the Data Controller)
• Providers of IT services, web services, or other services necessary to achieve the purposes required for the management of the relationship
Within the company’s organizational structure, your data will be processed exclusively by personnel expressly authorized by the Data Controller, bound by confidentiality agreements, and in particular by the following categories of staff:
• Administration
• Other personnel whose processing is necessary for the proper performance of the relationship
Disclosure: Your personal data will not be disseminated in any way.
Transfer of data to third countries: The Data Controller does not transfer personal data to non-EU countries. Should such a need arise, data subjects will be informed in advance, and appropriate safeguards will be implemented for the transfer to recipients, including, depending on the situation: verification of the existence of an adequacy decision for the recipient country issued by the European Commission, adoption of Standard Contractual Clauses, and verification of any additional measures in accordance with EDPB Recommendation 01/2020. By way of derogation from such safeguards, for data processing operations pursuant to Article 49 of the GDPR, where applicable, the existence of a contract or pre-contractual measures in favor of the data subject, or the data subject’s consent to the transfer, will be verified.
Retention period: We inform you that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is set for no longer than necessary to achieve the purposes for which the data are collected and processed. If a contract is entered into, the retention period may end upon the termination or withdrawal from the contract. The data may also be retained, where applicable, for an additional period for the management of any legal disputes; the legal basis for such retention is the Data Controller’s legitimate interest. The retention period for data processed for marketing purposes is aligned with the purposes pursued by the Data Controller and shall in any case not exceed 3 years from the last contact or interaction received.
Data Controller: The Data Controller, pursuant to current legislation, is “MAXIMILIAN’S HOTELS S.R.L.”, with registered office at Viale Amerigo Vespucci 20 – 47921 Rimini (RN), VAT No. 01915240400, represented by its legal representative pro tempore.
By sending an email to the following address: info@maximilianshotels.it you may request further information regarding the data provided.
Data Protection Officer (DPO): The Data Protection Officer is Studio Paci & C. Srl (Contact person: Dr. Gloriamaria Paci), who may be contacted at the following address:
EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 – Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and to have such data communicated in an intelligible form.
2. The data subject has the right to obtain information on:
a. the origin of the personal data;
b. the purposes and methods of the processing;
c. the logic applied in the case of processing carried out with the aid of electronic tools;
d. the identification details of the controller, processors, and the representative designated pursuant to Article 5, paragraph 2;
e. the entities or categories of entities to whom personal data may be communicated or who may become aware of them in their capacity as designated representative within the State, processors, or persons in charge of the processing.
3. The data subject has the right to obtain:
a. the updating, rectification, or, where interested, integration of the data;
b. the erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c. certification that the operations referred to in letters a) and b) have been notified, including with regard to their content, to the entities to whom the data were communicated or disseminated, except where such notification proves impossible or entails the use of resources manifestly disproportionate to the right being protected;
d. data portability.
4. The data subject has the right to object, in whole or in part:
a. on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
b. to the processing of personal data concerning them for the purpose of sending advertising material or direct sales, or for carrying out market research or commercial communication.
Complaint: Data subjects, where the conditions are met, also have the right to lodge a complaint with the Supervisory Authority (the Italian Data Protection Authority - “Garante”), in accordance with the procedures provided. For any further information, and to exercise the rights granted to you under the European Regulation, you may contact the Data Controller using the contact details provided above.
