Privacy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
Customer information
July 2024
Pursuant to art. 13 of EU Regulation 679/2016 (General Data Protection Regulation and, subsequently, “GDPR”), this information aims to describe the processing carried out by Nostrorizzonte S.r.l. in relation to your booking at the Hotel Palace Viareggio.
1. DATA CONTROLLER
1.1. The Data Controller is Nostrorizzone S.r.l., with headquarters in Via Flavio Gioia 4 – 55049 Viareggio (LU), CF/P.IVA: 02303400465.
1.2. Contact details: a) tel.: 058446134; b) e-mail: info@palaceviareggio.com.
2. PURPOSES AND LEGAL BASIS OF THE PROCESSING, NATURE OF THE PROVISION
2.1. Your data will be processed for:
a) finalize the booking and allow you to stay at the hotel;
b) fulfill the legal obligations connected to the provision of the service, such as that provided for by the art. 109 TULPS (communication of people housed to the public security authority), the one relating to communication to ISTAT, the fiscal, administrative and accounting ones;
c) contact you via newsletter to send you promotional communications and information material on news and events organized by the hotel;
d) carry out the customer satisfaction service;
e) at the end of your stay, we will ask you to leave a review relating to your experience at our hotel;
f) allow you to connect to the hotel's WiFi.
2.2. The legal basis of the processing is represented by the art. 6.1 letter b) GDPR, as the processing is necessary to execute the contract of which you are a party, and by art. 6.1 letter c) GDPR, as the processing is necessary to fulfill a legal obligation to which the Data Controller is subject. The nature of the provision of data is necessary to be able to stay at the hotel and, once the data has been provided for this purpose, the same will be processed to fulfill the legal obligations to which the owner is subject.
2.3. In reference to the newsletter service, the legal basis is represented by your consent, pursuant to art. 6.1 letter a) GDPR. Consent can be revoked at any time by sending a specific request to the data controller at the contact points indicated above. The revocation of consent does not affect the lawfulness of the processing based on consent before the revocation. The nature of the provision of data to receive the newsletter is optional and does not affect the other processing purposes.
2.4. In reference to the customer satisfaction service and the review request, the legal basis is represented by the legitimate interest of the data controller (art. 6.1 letter f) GDPR). The provision of your data is optional and does not affect the other processing purposes.
3. DATA RETENTION
3.1. Your personal data will be kept, in relation to accounting purposes, for 10 years (pursuant to art. 2220 of the italian civil code) from the date of the last registration.
3.2. In relation to the other purposes imposed by law, the owner will not retain his personal data once the data has been transmitted as required by law.
3.3. The data relating to the processing carried out on the basis of consent (newsletter) will be retained until your consent is revoked and, in any case, for a maximum of two years after your stay.
4. RECIPIENTS OF THE DATA
4.1. Your personal data will be transmitted to the subjects to whom the communication is required by legal obligations (Public Security Authorities, ISTAT). These subjects will operate as independent data controllers.
4.2. Your personal data may be processed by subjects who collaborate with the Data Controller (for example, company and hotel management, reception, administration and finance staff of the structures managed by the hotel), all bound by the obligation of confidentiality. These subjects may process, depending on the case, your personal data on the basis of a specific assignment pursuant to art. 28 GDPR - therefore following the instructions and directives provided by the Data Controller - or as authorized persons pursuant to art. 29 GDPR and committed to confidentiality.
4.3. The complete list of data controllers is available by sending a request to the Data Controller at one of the contact points indicated in this information .
5. EXTRA-EU DATA TRANSFER
5.1. Your personal data will not be transferred to Extra-EU countries.
6. RIGHTS, COMPLAINT
6.1. You may exercise the following rights: a) the right of access pursuant to art. 15 GDPR; b) the right of rectification, pursuant to art. 16 GDPR; c) the right to be forgotten, pursuant to art. 17 GDPR; d) the right to limit processing when there is one of the hypotheses of the art. 18 GDPR; e) the right to receive certification that the operations carried out pursuant to articles 16, 17 and 18 GDPR have been brought to the attention of those to whom the data have been communicated, unless this proves impossible or involves a disproportionate effort, pursuant to art. 19 GDPR; f) the right to data portability, pursuant to art. 20 GDPR; g) the right to object to the processing of personal data, pursuant to art. 21 GDPR; i) the right to lodge a complaint with a supervisory authority, pursuant to art. 77 GDPR.
6.2. To exercise your rights you can contact the Data Controller at the contact points indicated in this information.
7. FURTHER INFORMATION
7.1. The Data Controller remains available for any need for clarification and, should the processing be modified compared to that described in this document, the Data Controller will provide specific updated information.
7.2. The protection of data concerning you and compliance with the principles established by law, with particular reference to the principle of transparency, are values of primary importance for us, we will be grateful if you would like to help us by reporting any misunderstandings of this document or suggesting improvements at the references of the owner as indicated above.