PRIVACY POLICY AS REQUIRED BY REGULATION EU 2016/679

(GENERAL DATA PROTECTION REGULATION)

To the Data Subjects

In accordance with Article 13 of Regulation (EU) 2016/679, and in relation to the personal data to be obtained by the data controller, I.TER S.p.A., as a result of the mandate granted to us, please note as follows:

  1. Data controller.

The Data Controller is I.TER S.p.A.; VAT no. 01204160350,

Piazza del Monte 2, 42121-Reggio Emilia (RE),

email: info@hotelposta.re.it,

certified email: iterspa@legalmail.it,

tel. 0522 432944, fax: 0522 452602.

  1. Data Protection Officer.

The data protection officer is Elisa Rossi,

c/o I.TER S.p.A., Piazza del Monte 2, 42121-Reggio Emilia (Province of Reggio Emilia), email: amministrazione@hotelposta.re.it,

tel. 0522 432944.

  1. Purpose of the data processing.

The purpose of the data processing is:

  • use of the website services;
  • compliance with the company’s obligations as required by laws in force (including but not limited to:
anti-money laundering, insurance, health and safety at work);
  • defence of rights in legal proceedings or before jurisdictional authorities with jurisdictional functions; remarketing and behavioral targeting;
  • to contact the user;
  • statistics;
  • display of content by external platforms;
  • – address management and mailing;
  • – marketing and newslettering.

4. Type of data processed.

The Personal Data is collected for the above purposes, using the following services:

Contact the user

  • Contact form

By completing the contact form with their data, the User allows the data to be used to reply to requests for information, quotes, or for any other reason indicated in the heading on the form.

Personal data collected: name and surname; email; telephone number; details contained in the message.

Address management and mailing

This type of service enables the management of a database of email addresses, telephone numbers or other contact details which are used to communicate with the User.

These services also enable the collection of data about the date and time at which messages are read by the User, interactions with the User and the message, and information about clicks on the links contained in the messages.

  • Mailchimp (The Rocket Science Group, LLC.)
Mailchimp is an address management and emailing service provided by The Rocket Science Group, LLC. Personal data gathered: email address. Place of processing: USA – Privacy Policy. Member of the Privacy Shield.

Remarketing and behavioral targeting

This service allows this Application and its partners to communicate, optimise and serve ads based on past use of this Application by the User. This is done by tracking the User Data and through the use of Cookies. This information is transferred to the partners to whom the remarketing and behavioral targeting activities are linked. Users can opt out of the services listed below. Users can also opt out of receiving cookies about third-party services by visiting the opt-out page of out Network Advertising Initiative.
  • Remarketing Google Ads (Google Inc.)
Remarketing Google Ads is a remarketing and behavioral targeting service provided by Google Inc., which links the activity on this Application to the Google Ads advertising network and Cookie DoubleClick. Users can choose not to use Google cookies to customise ads, by visiting Google Ad settings. Personal data collected: Cookies and usage data. Place of processing: USA – Privacy PolicyOpt Out. Member of the Privacy Shield.
  • Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc., which links the activity on this Application to the Facebook advertising network. Personal data collected: Cookies and usage data. Place of processing: USA – Privacy PolicyOpt Out.

Statistics

The services on the list below enable the Data Controller to monitor and analyse traffic. These services keep track of the user’s behaviour.
  • Monitoring of Facebook Ads conversions (Facebook pixel) (Facebook, Inc.)

The monitoring of Facebook Ads conversions (Facebook pixel) is a statistics service supplied by Facebook, Inc., which links data from the Facebook advertising network to actions carried out on this Application. The Facebook pixel monitors the conversions that can be attributed to Facebook, Instagram and Audience Network ads.

Personal data collected: Cookies and usage data. Place of processing: USA – Privacy Policy. Member of the Privacy Shield.
  • Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the collected data to track and monitor the use of this Application, to compile reports and share them with other services developed by Google.

Google may use personal data to contextualize and customise advertisements on its advertising network. Personal data collected: Cookies and usage data. Place of processing: USA – Privacy PolicyOpt Out.
  • Mouseflow (Mouseflow ApS)
Mouseflow is a statistics and heat mapping service provided by Mouseflow ApS. Mouseflow tracks clicks and mouse movement on a page to identify the parts that attract most interest. Personal data collected: Cookies and usage data. Place of processing: Denmark – Privacy PolicyOpt Out.

Display of content by external platforms

This service displays content hosted on external platforms directly by the pages of this Application, and allows interaction with such content. If this type of service is installed, it is possible that even if the Users are not using the service, it can collect traffic data on the pages it is installed on.
  • Widget Google Maps (Google Inc.)
Google Maps is a service that displays fonts and is managed by Google Inc. It allows this Application to incorporate the content into its pages. Personal data collected: Cookies and usage data. Place of processing: USA – Privacy Policy.

5. Legal basis for the data processing.

The data processing is legitimate, as it is:
  • necessary to fulfil a contract that you are party to, or to execute pre-contractual measures requested by you;
  • necessary to fulfil a legal obligation of the data controller (for example, the keeping and recording of accounting records required by tax regulations and requirements regarding anti-money laundering, insurance, health and safety at work);
  • necessary to pursue the legitimate interest of the data controller such as protection of company assets, to defend rights in legal proceedings or before jurisdictional authorities;
  • based on consent (Art. 6 paragraph 1a of Regulation EU 2016/679), with reference to:

a.marketing and newslettering.

  1. Method of the data processing.

Your personal data is processed only using the means necessary for the above purposes, using some of the operations indicated in Art. 4 para. 2) of Regulation (EU) 2016/679, namely: collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of the data. The operations can be performed with or without the use of electronic, online or automated instruments.
  1. Provision of data.

Provision of personal data is not a legal obligation but it is a necessary requirement for the formation of the contract.
  1. Conservation of data

Your personal data will be processed and kept for the entire period necessary to fulfil the contract to which you are party, and for the proper fulfilment of data conservation obligations for statutory or fiscal purposes, or for other mandatory legal or regulatory purposes as indicated in paragraph 3. It will also be kept for the period necessary to pursue the legitimate interest of the data controller, to defend rights in legal proceedings or before jurisdictional authorities and in any case until the end of the limitation period arising from the contract.

9. Communication of your data.

The personal data may be disclosed to or come to the knowledge of the following persons, for the purposes indicated in paragraph 3, and to provide, improve, protect and promote their services:
  • persons authorised to process the data;
  • data processors and any other authorised processors or persons, including but not limited to: accountants, consultants, IT service providers, cloud computing providers and the related support services and technicians, contractors and occasional maintenance providers who have all been appropriately trained on how to protect confidentiality;
  • the courts or administrative authorities for the performance of legal obligations or for the execution of instructions received; – banks and insurance companies;
  • persons processing the data in execution of specific legal obligations.

10. Profiling.

The data provided may be subject to fully-automated decision-making processes, including profiling.

11. Transfer of data abroad.

Your personal data may be transferred to third countries that are not in the European Union, as the Data Controller uses the following Cookies: “Remarketing Google Ads”, “Remarketing Facebook”, “Google Analytics”, “Mouseflow ApS”; “Widget Google Maps”, which are provided by data processors and any other authorised processors or persons who may be located outside the European Union, and to whom please refer to view their privacy and data protection policies, without affecting compliance with Chapter V (Articles 44-50) of Regulation (EU) 2016/679 regarding the rules on the EU-USA Privacy Shield, where applicable, and in accordance with the standard contractual clauses in the Annex to the European Commission Decision of 5 February 2010, no. 2010/87/EU, and on the basis of the requirements indicated in that decision (Article 6 of the European Commission Decision of 5 February 2010, no. 2010/87/EU). The list of certifications relating to the EU-USA Privacy Shield is available at https://www.privacyshield.gov/list.
  1. Rights of the data subject.

Under Articles 15-18 and 20-21 of Regulation (EU) 2016/679, you have the right to obtain confirmation as to whether or not personal data concerning you exists, regardless of it being already recorded, and communication of such data in intelligible form. You have the right to obtain an indication: a) of the source of the personal data; b) of the processing purposes and methods; c) of the logic applied in the event of processing by electronic means; d) of the identification details of the controller or any data processors; e) of the persons or categories of person to whom the data may be disclosed or who may receive it in their capacity as data processor or authorised person. You also have the right to obtain: a) the updating, rectification or, when of interest, integration of the data; b) the erasure, the transformation into anonymous form, the blocking of data processed illegally, including data for which storage is not necessary in relation to the aims for which it was collected or subsequently processed; c) certification that the operations in points (a) and (b) and the content of such operations were brought to the attention of the persons to whom the data was communicated or disclosed, except where such action is impossible or implies the use of means that are clearly disproportionate with respect to the protected right. You have the right to oppose – wholly or partially – a) the processing of your personal data for legitimate reasons, even where such reasons are pertinent to the purposes for which the data was collected; b) processing of your data for the purposes of sending advertising or direct sales materials, or for the execution of market research or sales communications. You have the right to data portability, in other words to receive the data you have provided, in a structured, commonly used and machine-readable format and you have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided. You may also make a complaint to the Italian Data Protection Authority (www.garanteprivacy.it). You may exercise your rights in writing, by sending a request to the data controller at the postal and email addresses indicated in paragraph 1.
  1. Data processors.

A regularly-updated list of the data processors for limited sectors and operations is available on request from the data controller. You may use the contact details indicated in paragraph 1, for this purpose.