PRIVACY NOTICE PURSUANT TO ART. 13 OF EU REGULATION 679/2016

1. Introduction

For CAPORALE HOTELS S.R.L., your privacy and the security of your personal data are particularly important. For this reason, we collect and process your data with the utmost care and attention, adopting specific and adequate technical and organizational measures to ensure full security of the data processing.

We hereby inform you, pursuant to Article 13 of the European Regulation 2016/679 (“GDPR” or “Regulation”) and the Privacy Code (“Privacy Code”), as amended by Legislative Decree 101/2018 (together, the “Regulations”), that your personal data is processed in ways that guarantee security and confidentiality and is carried out using paper, computer, and electronic means, as detailed in this privacy notice.

2. Data Controller

The processing of your personal data is carried out by CAPORALE HOTELS S.R.L. (hereinafter also referred to as "CAPORALE HOTELS S.R.L." or "Data Controller"), with registered office at Via Lucca 52 - 50142 Florence, as the Data Controller pursuant to and for the purposes of the Regulation.

For any questions or requests regarding the processing of your personal data, you may contact the Company at any time by sending a request to the following contact details:

Data Controller

Company Name: CAPORALE HOTELS S.R.L.
Registered Office Address: Via della Scala, 59 - 50123 Florence
Phone: +39 055 282776
Email: info@boccacciohotel.com

3. Types of Data Processed, Purposes, and Legal Basis of Processing

The personal data processed by the Company are those you provide while browsing or using the online services offered by the Company through the website https://www.hoteldavanzati.it/.

The Company may collect data about you, such as personal information like your name, surname, email, phone number, requests, and browsing data.

No special categories of data under Article 9 GDPR or data related to criminal convictions and offenses under Article 10 GDPR are processed.

Once collected, your personal data is processed for the following purposes:

To assess your experience using our websites and services and to ensure the proper functioning of our web pages and their content. These processes are based on the legitimate interest of the Data Controller and do not require specific consent from the data subject.
To comply with obligations under laws, regulations, or European legislation. These processes are necessary for the fulfillment of legal obligations and to provide the requested service and do not require specific consent from the data subject.
Subscription to our Newsletter service. These processes are carried out with the specific and freely given consent of the user.
To carry out direct promotional activities, including the periodic sending of newsletters and other promotional tools to the email address you provided when registering on the Website. These processes are carried out with the user’s specific consent, except for commercial communications related to products and/or services similar to those already purchased and/or subscribed to by the user, which are based on the legitimate interest of the Data Controller.
Your personal data is processed exclusively by the Company’s personnel, specifically authorized and designated under Article 4, paragraph 10 of the Regulation, and Article 2-quaterdecies of the Privacy Code, who have been adequately trained on regulatory privacy requirements and process data based on precise instructions from the Data Controller.

4. Processors (Art. 28) and Data Recipients

Your personal data will also be transmitted to third parties we rely on. These parties have been selected by us and provide adequate guarantees of compliance with personal data processing regulations. If they process data on behalf of CAPORALE HOTELS S.R.L., they have been appointed as Data Processors under Article 28 of the Regulation and are required to perform their activities according to the specific instructions given by the Company and under its supervision.

These third parties may belong to the following categories: financial operators, internet providers, IT service companies, consultancy firms, cloud service providers. Furthermore, your data may be disclosed to third-party companies operating in the publishing sector and companies in the following sectors with which CAPORALE HOTELS S.R.L. may enter into partnership agreements related to digital marketing activities for hotels. A specific and up-to-date list of these subjects is available at the Data Controller’s headquarters and can be requested by the data subject.

For administrative purposes, we inform you that your data may be communicated by the Data Controller to other companies within the Group.

It is understood that your personal data will not be communicated to third parties for their promotional purposes and will not be disclosed in any way.

Your data may also be transmitted to public authorities to comply with legal requirements, or to law enforcement and judicial or administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, as well as to enable the Company to exercise or protect its own or third-party rights before the competent authorities, or for other reasons related to the protection of the rights and freedoms of others.

5. Mandatory or Optional Nature of Data Provision

While the provision of personal data is at your discretion, please note that:

Providing data for purposes A) and B) of paragraph 4 is mandatory. Failure to provide such data will make it impossible for the Company to establish any relationship with you and to allow you to use the website.
Providing data for purposes C) and D) of paragraph 3 is optional. Failure to provide such data will prevent you from subscribing to the newsletter service and benefiting from the promotional services offered by the Company.

6. Transfer of Data Outside the EU

Some of the third parties to whom your data is transferred may be located in non-EU countries, including in connection with cloud services used by the Company. Such transfers are made to countries that offer an adequate level of data protection, as determined by specific decisions of the European Commission.

The transfer of your personal data to third parties residing or located in non-EU countries that do not guarantee adequate levels of protection will only be carried out with your consent or following the conclusion of specific agreements between the Company and those third parties, including "standard contractual clauses," approved by the European Commission, or when the transfer is necessary for the conclusion and execution of a contract between you and the Company or for managing your requests.

7. Data Retention

We inform you that your data will be retained for a limited period, varying depending on the type of processing activity and its specific purposes, as detailed below:

Data collected for the use of services offered by the Company: this data is retained for the duration of the service until its termination or the user’s cancellation of the service, or the revocation of consent;
Data collected for sending newsletters or conducting promotional activities (purposes C) and D) of paragraph 3): until the user requests to stop the activity and, in any case, within 2 years of the user’s last interaction with the Company.
At the end of these periods, your data will be permanently deleted or, in any case, irreversibly anonymized by the Company.

8. Your Rights

We inform you that you have the following rights concerning your personal data, as provided by the Regulation:

Right of access and rectification (Articles 15 and 16 of the Regulation): You have the right to access your personal data and request that it be corrected, modified, or integrated. If you wish, we will provide you with a copy of your data in our possession.
Right to erasure (Art. 17 of the Regulation): In the cases provided by current legislation, you may request the deletion of your personal data. Upon receipt and review of your request, we will cease processing and delete your personal data where legitimate.
Right to restrict processing (Art. 18 of the Regulation): You have the right to request the restriction of the processing of your personal data in cases of unlawful processing or disputes over the accuracy of personal data.
Right to data portability (Art. 20 of the Regulation): You have the right to request your personal data from the Data Controller to transmit it to another controller, as specified by the Regulation.
Right to object (Art. 21 of the Regulation): You have the right to object to the processing of your personal data based on our legitimate interest at any time, providing reasons for your request. The Company will evaluate your request.
Right to lodge a complaint (Art. 77 of the Regulation): You have the right to lodge a complaint with the competent Data Protection Authority if you believe there has been or is an ongoing violation of your rights regarding your personal data processing.
You may exercise your rights concerning specific data processing activities by the Company at any time. The rights mentioned above may also be exercised by anyone with their own legitimate interest, or acting on your behalf, as your representative or for justifiable family protection reasons, as provided by Art. 2-terdecies of Legislative Decree 101/2018.

These rights may be exercised by sending an email to info@boccacciohotel.com or regular mail to: CAPORALE HOTELS S.R.L., Via della Scala, 59 - 50123 Florence.

Further information about the data subject’s rights can be obtained by requesting the full extract of the articles mentioned above from the Data Controller.

9. Security Measures

The Company adopts adequate security measures to safeguard the confidentiality, integrity, completeness, and availability of the data subject’s personal data. Technical, logistical, and organizational measures are in place to prevent damage, loss (including accidental loss), alteration, misuse, and unauthorized access to the processed data.

Additionally, the Data Controllers cannot be held responsible for false information provided directly by the user (e.g., incorrect email address or postal address) or for any information concerning the user provided by a third party, even fraudulently.

10. Changes to this Privacy Notice

The continuous evolution of our services may result in changes to the way your personal data is processed, as described above. This privacy notice may undergo changes and additions over time, as necessary due to new regulatory developments in the field of personal data protection or due to the evolution/modification of our services.

We therefore encourage you to periodically review the contents of our privacy notice. Where possible, we will endeavor to inform you promptly of any changes and their consequences.

The updated version of the privacy notice will, in any case, be published on the Company's webpage, with the date of the last update indicated.

11. Date of Last Update

Florence, 04/10/2021