Privacy Policy

Information for the processing of personal data.

Boutique – Lodge & Suites with its registered office in Castello Square, n 20, Fiscal Code RZZRND79E10D122N (hereinafter referred to as “the Controller”), as the owner of protection data, inform you that, under article 13 Legislative Decree No 196 of 30 June 2003 (hereinafter referred to as “Privacy Code”) and article 13 of Community Regulation 2016/679 (hereinafter referred to as “GDPR”), your data will be processed with the following purpose and modes:

1. Processing object

The Controller uses personal data, identifying and non-sensitive data (for example, but non-exhaustive, name, surname, address, telephone number, business name, e-mail address – hereinafter referred as “personal data” or “data”) communicated as a result of the registration on www.boutiquelodgeandsuites.it site (hereinafter referred as, “Web Site”), by the participation in surveys, by compiling registration form by means of the Web Site to events organised by the Controller, by the online requests of clarification or support requests and by sending newsletters.

2. Purpose of the processing

Your personal data are processed:

1. Without your express consent in point a) b) c) of article 24 Privacy Code and point b) e) of article 6 GDPR), for the following Service Missions:

• To manage and maintain the Web Site;
• To let you to make us of services requested by you;
• To process a contact request;
• For corporate reasons;
• Address collection for shipping and invoicing;
• Prevent or find fraudulent activities or abuse for the Web Site;
• Exercise the holder’s rights, for example the right to exercise a right in court.

1. Only by specific and clear consensus (article No 23 and 130 – Privacy Code and article No 7 – GDPR) for the following others purpose:

• To send you by e-mail opinion and satisfaction surveys, commercial offers, newsletters and/or invitation for events or to sign up to events where the holder participate or set up by him.

3. Modalities of the processing

The processing of your personal data is realised by means of operations indicated by article No 4 Privacy Code and article 4 No 2) GDPR specifically: collection, registration, organisation, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, communication, cancellation and destruction of data. Your personal data are subjected to paper and electronic processing, using this Web Site housed on a hosting managed by Aruba in Italy. The Controller will process personal data for the time necessary to fulfil the above objectives and, by the way, not exceed 10 years counted from the time when rapport is definitely discontinued for Service Mission and not exceed 2 years from the data collection for Other Purposes.

4. Security

The Controller has taken multiple security measures to protect your data against risk of loss, abuse or alteration. Particularly he had taken measures indicated in articles No 32-34 Privacy Code and article No 32 GDPR; using the data encryption technology established by AES Standards (BCrypt) and protected Protocol of data transmission known as HTTPS; it complies with Standards ISO/IEC 27000, WG3 and WG4.

5. Access to data

Your data may be made available for the purposes in articles No 2.a) and 2.b):

• To controller’s employees and staff, as processors and/or in-house data manager and/or system administrators;

6. Data communication

Without your express consent (in point a) b) c) of article 24 Privacy Code and in point b) e) of article 6 GDPR), the Controller can communicate your data for the purpose referred to in article No 2 a) to Supervisory bodies, Legal authorities and all those who communication is compulsory by law to carry out the purpose above mentioned. Your data will be not widespread.

7. Data transfer

Management and storage of personal data will be in Europe, on Controller’s servers hosted in Italy and/or belonging to employed and nominated companies as data Controllers.

8. Type of data contribution and consequences of the decline to answer.

Data contribution for purposes indicated in article No 2 a) is obligatory. Without this contribution will be not possible to guarantee registration to Web Site or services listed in article 2 a).

Data contribution for purposes indicated in article No 2 b) is optional. So, you can decide to not contribute your data or subsequently deny the possibility to process data already given: in this case, you will not receive by sending e-mail, invitation to events, newsletters, commercial offers and opinion and satisfaction surveys. Shall remain valid services listed in article No 2 a).

9. Rights of the data subject

As data subjects, you have rights established by article No 7 Privacy Code and article No 15 GDPR and specifically:

1. Right to obtain confirmation of the existence or not of your personal data, even if not yet registered, and their communication in clearly way;
2. Right to obtain the indication of: a) origin of personal data; b) purposes and modalities of data processing; c) logic applied in case of data processing implemented with the help of electronic means; d) Controller’s identification details, but also those of responsible and designate representative under article No 5 sub-paragraph 2 No 3 sub-paragraph 1 GDPR; e) subjects or categories to whom can be communicate data or can be aware of as a designated representative or as responsible;

• Obtain: a) the update, the correction or, when you are interested to, data integration; b) the cancellation, transformation anonymously or blocking of data in violation of law, including those conservation is not necessary for the purposes of collecting or processed; c) the proof that all the operations mentioned in a) and b) points are known by those who data where communicate or widespread, except the case when this compliance is impossible or needs an employing of excessive measures compared with protected right;

1. Oppose, in whole or in part: a) for legitimate reasons to processing data, although relevant referred to the collecting purpose; b) to processing of personal data with the purpose of sending advertising material or direct sale or to carry out market research, using automatic systems of calling with e-mail and/or with traditional marketing methods with telephone or with paper-mail. Subject’s right to object, shown to b) point, for direct marketing purposes with automatic systems extends to the traditional one, and in any case remain the possibility to exercise the right to object even partially. Consequently, the interested party can decide to receive communication only with traditional methods, communication with automatic systems or either of those communications.

If applicable, you have also rights indicated in articles No 16-21 GDPR (right of reply, right to be forgotten, right to treatment limiting, right to data portability, right to object), as well as right to complain to the Competition Authority.

10. Procedure for exercise of any right

You can at any time exercise your rights by sending:

• Via registered mail to Boutique – Lodge & Suites, Castello Square, n. 20 – 88900 Crotone (KR), C.F. RZZRND79E10D122N– Legal Representative, Armando Rizzo
• Via e-mail to: info@boutiquelodgeandsuites.it

11. Minor

This Web Site and the services of the Controller are not allowed to anyone under 18 and Controller doesn’t intentionally collect personal information referred to minors. In the event that this personal information was registered by accident, Controller will be delete suddenly, under user request.

12. Controller, Responsible and appointee

The Controller is Boutique – Lodge & Suites, Castello Square, n. 20 – 88900 Crotone (KR), C.F. RZZRND79E10D122N – Legal Representative, Armando Rizzo.  The updated list of responsible and appointee is guarded among Controller headquarter.

13. Changes to the present Information

The present Information may be modified. It is recommended to regularly check this Information and refer to the latest version.

Last Update: 26/05/2018