Privacy Policy
Hotel al Castello di Monterado – Ospitalità nelle Marche

Index

Preface

1. Identity and contact details of the Data Controller
2. Type of data processed and purposes
3. Recipients of personal data
4. Transfer of data to third countries
5. Methods of processing and data retention period
6. Rights of the Data Subject
7. Communication and transfer of data
8. Updating and modifying the Privacy Policy

Preface

This Privacy Policy is intended to describe how the website currently available at www.castellodimonterado.it is managed with regard to the processing of personal data of users/visitors who consult it.

This information is also provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also referred to as the “General Data Protection Regulation” or “GDPR”) to those who access the aforementioned website.

The above website is owned by M.I.Sas di Rodano Orlando & C.

The privacy policy of M.I.Sas di Rodano Orlando & C. applies exclusively to the above-mentioned website.

Users/visitors are invited to carefully read this Privacy Policy.

1. Identity and contact details of the Data Controller
   The Data Controller for personal data relating to the websites
   www.castellodimonterado.it
   is M.I.Sas di Rodano Orlando & C., with registered office in Via Piazza Roma, 18 – 60012 Monterado di Trecastelli (AN), email: info@castellodimonterado.it, (hereinafter “Castello di Monterado”), pursuant to Articles 4, no. 7) and 24 of EU Regulation 2016/679 of April 27, 2016.
   
2. Type of data processed and purposes
   During normal operation, the IT systems and software procedures used to operate this website acquire some personal data that are then implicitly transmitted in the use of Internet communication protocols. This information, by its nature, could, through association and processing with data held by third parties, allow users/visitors to be identified (e.g., IP address, domain names of computers used by users/visitors connecting to the site, etc.). This data is used for the sole purpose of obtaining statistical information (and is therefore anonymous) and to check the correct functioning of the site.
   
3. Type of data processed and purposes
   During normal operation, the IT systems and software procedures used to operate this website acquire some personal data that is implicitly transmitted when using Internet communication protocols. This information, due to its nature, could allow users/visitors to be identified by linking and processing it with data held by third parties (e.g., IP address, domain names of computers used by users/visitors connecting to the website, etc.). This data is used exclusively for the purpose of obtaining statistical information (and is therefore anonymous) and to check the correct functioning of the website.
   
4. Transfer of data to third countries
   Within the scope of the purposes indicated in point 2 of this Policy, your personal data will not be disclosed/transferred to third parties established in countries outside the European Union, except as provided for the use of Cookies, for which reference should be made to the relevant section “Cookie Policy.” If necessary, for technical and/or operational reasons, the Data Controller reserves the right to transfer your Personal Data to countries outside the European Union or to international organizations for which there are “adequacy” decisions by the European Commission, or on the basis of adequate safeguards provided by the country to which the data is to be transferred, or on the basis of specific derogations provided for by the Regulation, in accordance with the procedures set out in the binding rules pursuant to Article 47 of the GDPR. The updated list of recipients of data transfers established in countries outside the European Union may be requested by recipients by contacting the data controller through the channels indicated in point 1 of this policy.
   
5. Methods of processing and data retention period
   Personal data will be processed using IT tools and/or manual processing for the time necessary to achieve the purposes for which it was collected. Furthermore, it should be noted that your personal data will not be subject to profiling or any fully automated decision-making process. Personal data will be retained for the period of time strictly necessary to achieve the specific purposes of the processing and, in particular for the data indicated in point 2, for the time necessary to carry out the specified activities, except for any investigations of computer crimes against the site.
   
6. Rights of the Data Subject
   The user may, (pursuant to Articles 15, 16, 17, 18, 19, 20, 21, and 22 of EU Regulation 2016/679), at any time, exercise the following rights: a. Withdrawal of consent: The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
   b. Access to personal data: obtain confirmation as to whether or not data concerning you are being processed and, if so, access to the following information: the purposes, categories of data, recipients, storage period, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or restriction of processing or to object to the processing itself, as well as the existence of automated decision-making;
   c. Request for rectification or erasure of the same or restriction of processing concerning him or her; “restriction” means the marking of stored data with the aim of limiting their processing in the future;
   d. Objection to processing: object, on grounds relating to your particular situation, to the processing of data for the performance of a task carried out in the public interest or for the pursuit of a legitimate interest of the Controller;
   e. Data portability: in the case of automated processing carried out on the basis of consent or in execution of a contract, to receive the data concerning him/her in a structured, commonly used, and machine-readable format;
   f. Lodge a complaint pursuant to Article 77 of the GDPR with the supervisory authority competent for your habitual residence, place of work, or place where your rights have been infringed; for Italy, the competent authority is the Garante per la protezione dei dati personali (Italian Data Protection Authority), which can be contacted using the contact details provided on the website http://www.garanteprivacy.it. The above rights may be exercised by sending a specific request through the contact channels indicated in point 1 of this policy.
   
7. Communication and provision of data
   The provision of data by the user is solely for the correct and complete execution of the purposes referred to in point 2 (navigation data, the failure to provide which coincides with the failure to navigate the website).
   
8. Updating and modifying the Privacy Policy
   This Privacy Policy may be modified over time, including in connection with the entry into force of new sector regulations, the updating or provision of new purposes, or technological innovations. Users/visitors are therefore invited to consult this page periodically.