Privacy Newsletter

INFORMATION PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679

Data Subjects: Users browsing the website, service users, and newsletter subscribers

“MAXIMILIAN’S HOTELS S.R.L.”, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter “GDPR,” hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data, and that such processing shall be carried out in accordance with the principles of correctness, lawfulness, transparency, and protection of your privacy and rights. To pursue its purposes related to the management of the relationship, the Data Controller needs to collect personal data such as, by way of example, your first and last name, telephone or mobile number, email address, and tax code.
Your personal data will be processed in accordance with the provisions of the legislation referred to above and with the confidentiality obligations therein established.

Purpose of processing: Service provision: Your data will be processed in order to respond to any requests submitted via the forms available on the website or via requests received by email.

Legal basis: The legal basis for the processing is contractual in nature insofar as data processing is required in connection with a request for information followed by the corresponding response.

Optional purposes:
Marketing - newsletter subscription service: specifically, your data will be processed, subject to your freely given consent, for the purpose of receiving newsletters, by entering your email address in the relevant text field indicating newsletter subscription, or by selecting/checking the appropriate box marked “newsletter subscription” in a form.

Legal basis: The legal basis for this processing is the data subject’s consent.

Consequences of refusal regarding optional purposes: Providing your data for the above optional purposes is voluntary; any refusal to provide such data will not affect the continuation of the relationship or the appropriateness of the processing itself.

Consequences of failure to provide data: The processing of data necessary for fulfilling such obligations is required for the correct management of the relationship, and providing such data is mandatory in order to achieve the purposes indicated above. The Data Controller also informs you that failure to provide, or the provision of incorrect, mandatory information may make it impossible for the Data Controller to ensure the proper performance of the processing activities.

Processing methods: Processing is carried out using manual and/or electronic and telematic tools in such a way as to ensure the security, integrity, and confidentiality of the data, in compliance with the organizational, physical, and logical measures required by current regulations, aimed at reducing the risks of destruction or loss, unauthorized access, modification, or disclosure, in accordance with Articles 5 and 32 of the GDPR.

Recipients: For the performance of certain activities or to provide support for the functioning and organization of the business, some data may be disclosed or made available to recipients. These entities fall into the following categories:

Third parties: (disclosure to: natural or legal persons, public authorities, services, or any other body that is not the data subject, the data controller, the data processor, or persons authorized to process the data), including:
• Companies providing traditional or electronic postal services
• Any other entities to whom data must be disclosed for the achievement of the purposes indicated above

Data Processors: (a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller)
• Providers of IT, web, or other services necessary to achieve the purposes required for managing the relationship

Within the company’s organizational structure, your data will be processed exclusively by personnel expressly authorized by the Data Controller, who are bound by confidentiality agreements, and in particular by the following categories of staff:
• Administration
• Other personnel whose processing activities are necessary for the proper performance of the relationship

Disclosure:
Your personal data will not be disseminated in any way.

Data transfer to third countries: The Data Controller does not transfer personal data to non-EU countries. Should such a need arise, data subjects will be informed in advance, and appropriate safeguards will be implemented for transfers to recipients. Depending on the circumstances, these may include: verification of the existence of adequacy decisions for the recipient country issued by the European Commission, adoption of Standard Contractual Clauses, or verification of any additional measures in accordance with EDPB Recommendation 01/2020.
By way of derogation from such safeguards, for data processing operations pursuant to Article 49 of the GDPR, where applicable, the existence of a contract or pre-contractual measures in favor of the data subject, or their consent to the transfer, will be verified.

Retention period: We inform you that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is established for no longer than is necessary to achieve the purposes for which the data are collected and processed. In the event a contract is entered into, such retention period may end upon termination or withdrawal from the contract.
The data may also be retained, where applicable, for an additional period for the management of any legal disputes; the legal basis for such retention is the legitimate interest of the Data Controller.
The retention period for data processed for marketing purposes is aligned with the purposes pursued by the Data Controller and shall in any case not exceed 3 years from the last contact or interaction received.

Data Controller: The Data Controller, pursuant to current legislation, is “MAXIMILIAN’S HOTELS S.R.L.”, with registered office at Viale Amerigo Vespucci 20 - 47921 Rimini (RN), VAT No. 01915240400, represented by its legal representative pro tempore.
By sending an email to the following address: info@maximilianshotels.it, you may request further information regarding the data provided.

Data Protection Officer (DPO): The Data Protection Officer is Studio Paci & C. Srl (Contact person: Dr. Gloriamaria Paci), who may be contacted at the following email address: dpo@studiopaciecsrl.it and telephone number: +39 0541 1795431.

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 – Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and to have such data communicated in an intelligible form.
2. The data subject has the right to obtain information about:
a. the origin of the personal data;
b. the purposes and methods of the processing;
c. the logic applied in the case of processing carried out with the aid of electronic tools;
d. the identification details of the controller, processors, and the representative designated pursuant to Article 5, paragraph 2;
e. the entities or categories of entities to whom personal data may be communicated or who may become aware of them in their capacity as designated representative within the State, processors, or persons authorized to process the data.
3. The data subject has the right to obtain:
a. the updating, rectification, or, where interested, the integration of the data;
b. the erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c. certification that the operations referred to in letters a) and b) have been notified, including with regard to their content, to the entities to whom the data were communicated or disseminated, except where this requirement proves impossible or involves a use of resources manifestly disproportionate to the right being protected;
d. data portability.
4. The data subject has the right to object, in whole or in part:
a. on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
b. to the processing of personal data concerning them for the purpose of sending advertising materials or direct sales, or for carrying out market research or commercial communication.

Complaint: Data subjects, where applicable, also have the right to lodge a complaint with the Supervisory Authority (the Italian Data Protection Authority - “Garante”), in accordance with the procedures established. For any further information, and to exercise the rights granted to you under the European Regulation, you may contact the Data Controller using the contact details provided above.

 

Consent
Consent acquisition statement

Your consent for receiving the newsletter will be recorded (IP address, email, date, and time) by ticking the checkbox located below the email entry field, or by selecting/clicking the appropriate box, and simultaneously pressing the “submit” / “ok” button.
Such consent will be stored to document its provision and to allow you to unsubscribe at any time, as well as to exercise all the other rights described above.

site.richiedi un preventivo alle struture site.visualizza le offerte delle strutture