Advisory Notice concerning the processing of guests' personal data
Declaration issued pursuant to art. 13 of EU Regulation 2016/679 enacted by the European Parliament and by the Council on 27 April, 2016 relative to the protection of natural persons as regards the processing of personal data and the free movement of such data, which also supersedes directive 95/46/EC (General Data Protection Regulation).
Pursuant to the EU Regulation for the protection of personal data (Regulation 2016/679 enacted by the European Parliament and by the Council), please be informed as follows:
NAME AND CONTACT DETAILS OF THE DATA CONTROLLER
The controller of the data processing is Gottfried Klement, Residence Klementhof, Schlossergasse 46, 39040 Natz – Italy, tel. +39 0472 415511, e-mail: firstname.lastname@example.org, internet: www.klementhof.it
PERSONAL DATA AND SPECIAL CATEGORIES OF DATA
The following are considered as being your personal data:
data relative to you as an individual (surname, name, address, e-mail, telephone number, telefax number, date of birth), as well as language and vehicle license plate number.
the data contained in your passport or identity card
data relative to the methods of payment or relating to payments (e.g. banking information, details of credit cards).
date of arrival and duration of visit.
data relative to access, utilization and communication.
Special categories of data include data relative to health care and to special personal needs.
PURPOSE OF PROCESSING OF THE PERSONAL DATA AND LEGAL GROUND FOR PROCESSING
The data provided will be processed for the following purposes:
compliance with the requirements of the law;
fulfilment of pre-contractual and contractual obligations relative to the guest's visit (booking, accommodation, departure etc.);
sending of communication and telephone contact with the guest;
storage of data in order to facilitate subsequent bookings and requests;
transmission of information, offers and news regarding the hotel and its partners, by e-mail, letter and other means of communication relative to the hotels, the local area and any local events, etc.;
data regarding access, utilization and communication, which are processed for security reasons and to guarantee correct functioning of the Internet page.
Legal grounds for the processing of your data include:
compliance with the requirements of the law (art. 6, section 1, para. c) of the RGPD);
fulfilment of pre-contractual and contractual obligations (art. 6, section 1, para. b) of the RGPD);
your consent (art. 6, section 1, para. a) of the RGPD);
for legitimate interests (art. 6, section 1, para. f) of the RGPD).
Special categories of personal data are not processed on our internet page.
Your consent is necessary if special categories of personal data are processed during the course of your visit to Residence Klementhof.
It is necessary to enter your personal data on the booking form included in our web site in order to make a booking and to make use of the contractual services. The travel data marked with an asterisk must be entered when booking your stay.
We utilize a payment platform which guarantees the security of any payments made using your credit card.
When you elect to pay the deposit by bank transfer, additional personal data such as the name of the account-holder and bank coordinates, too, will be processed.
Indication of the data relative to the invoice is not obligatory, but is necessary for issuing an invoice.
The legal ground for the processing of personal data is compliance with the law and fulfilment of pre-contractual and contractual obligations.
The period for which the data will be stored is in accordance with the obligations for the storage of data and the requirements of the law; your personal data provided for the purposes of booking will be stored only for the period strictly necessary for processing.
Data processed subject to your consent will be stored until you withdraw such consent.
The indication of your personal data on the relative request form included in our internet page is necessary for your request and to allow you to make use of the pre-contractual and contractual services. The travel data marked with an asterisk must be entered when entering a request.
The legal ground for the processing of personal data is compliance with the law and fulfilment of pre-contractual and contractual obligations.
The period for which the data will be stored is in accordance with the obligations for the storage of data and the requirements of the law; your personal data provided for the purposes of your request will be stored only for the period strictly necessary for processing.
Newsletters and promotional messages
Indication of your personal data for the sending by the hotel of information, special offers and newsletters is not obligatory. If you do not submit your personal data, you will not receive special offers and newsletters.
Personal data provided in order to receive information, special offers and newsletters will be processed only with your consent, and will be stored until you withdraw such consent.
Data relative to access, utilization and communication
Cookies are small text files which are stored by the user's browser when the user visits a web site. When a page is visited again using the same device, the cookie is sent to the web site or transmitted to another related site. In this way the web site recognizes that the page has already been visited using this browser, thus improving the user's browsing experience when the same page is accessed again. Cookies store the user's preferences and adapt the offers displayed to the preferences and interests of that specific user. Cookies fall into different categories according to their operation and their purpose:
These cookies are stored on the user's device only during the session itself and are used to ensure that the web site functions correctly. Analytical cookies, which are utilized for processing statistical access data, are classified as technical cookies. These collect general information without any identification of the client.
Profiling cookies are used to identify the way in which the user navigates the site, including their preferences, etc., in order to send promotional messages relative to products previously viewed or similar products.
Third-party cookies are those featured by other web sites. By closing the information banner or clicking on any section of the site, the user consents to the use of these cookies.
Which cookies are used on this web site?
This site uses technical and third-party cookies.
How to disable cookies
Server Log Archives
When the web page is accessed, data are automatically identified and stored in the archives of the server log. In this case, these data include: IP address, browser and browser version, operating system, time of access and quantity of data transferred.
Our web page also utilizes the functions provided by the web analysis service of Google Analytics developed by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA in order to optimise our online service. To this end, the data may be transferred to third countries. The Privacy Shield framework, which has certified Google, ensures that the protection of personal data is in compliance with European laws.
We utilize the maps provided by Google's mapping service "Google Maps". The data processed may include the user's IP address and position, though these will not be identified without your consent (check the settings on your mobile device).
SSL protocol and legal ground
SSL protocol (Secure Sockets Layer): In order to guarantee the security of your data during transmission, we use state-of-the-art coding procedures via https.
Data regarding access, utilization and communication are stored and processed for reasons of security and to ensure the correct operation of the internet page. The legal ground is the pursuit of the legitimate interests in accordance with art. 6, section 1, para. f) of the RGPD.
We are present on the social networks with the purpose of providing information to and communicating with clients and potential clients. As a result, the user's data may also be processed outside the European Union. However, a European Union adequacy decision is in place as set forth in art. 45 of the RGPD which provides adequate guarantees relative to the transfer of data in accordance with art. 46 of the RGPD.
The legal ground for the processing of the data relative to your visit to our social media platforms is the pursuit of legitimate interests in accordance with art. 6, section 1, para. f) of the RGPD.
To this end, we maintain sites on facebook.
recipients of personal data
In principle, your personal data will not be transferred to other subjects. However, the data may in special cases be:
transferred to other departments of the hotel, though subject to the limits of legitimate use;
transferred to the following data processors or to third subjects, in those cases where it is necessary to meet your requests or to provide special services:
HGV – Association of Hoteliers and Caterers
IT specialist for the remote maintenance of the hotel programme.
Your personal data may also be collected from booking portals.
rights of the data subject
Right of access: as set forth in art. 15 of the RGPD, you shall have the right to be informed of the personal data processed, the source and nature of the data, the transfer of the data (if any) and the recipient, and the manner in which the data are utilized.
Right of rectification and erasure: as set forth in art. 16 of the RGPD, you may at any time request the rectification or completion of your personal data. Similarly, as set forth in art. 17 of the RGPD, you may request the erasure of your personal data. In the case of published data, you shall also enjoy the "right to be forgotten", in other words request the enactment of the measures necessary to delete all the links, copies, replications etc.
Right to object: you may at any time exercise the right to object as set forth in art. 21 of the RGPD and modify or entirely withdraw your consent to any future processing.
Right to restriction (or cessation) of the processing: as set forth in art. 18 of the RGPD, you may also require that the processing of your personal data be restricted. In this case, the data may be processed only subject to specific consent, therefore the processing of the data will be effectively restricted.
Right to data portability: as set forth in art. 20 of the RGPD, you shall enjoy the right to receive the data provided by you in a structured, commonly-used and machine-readable format, and may also require the transmission of said data to a different Data Processor.
As set forth in art. 77 of the RGPD, you shall enjoy the right to lodge a complaint with a supervisory authority.
Information about Data Protection
for Touristmanager Operations
1. The Company and the Touristmanager
1.1. The company KLEMENT Gottfried (Residence KLEMENTHOF), address: Natz, Schlossergasse 46 – I – 39040 Natz-Schabs (BZ), phone: +39 0475 41 55 11 – E-Mail: email@example.com is responsible for the protection of data with regard to the processing of personal data in the Touristmanager software, which is used to manage guests.
1.2. The Company respects and protects the rights for the protection of data and privacy. They will take every measure legally required to protect the guests’ personal data.
1.3. The following information will provide you with a quick, simple overview of that personal that will be processed for you as an interested party and/or guest, for which purposes and on which legal basis. Furthermore, it will also inform you about your rights related to data protection, the so-called rights of the affected party.
2. Data Processing in Touristmanager
2.1. In particular, Touristmanager manages and processes the data of the Company’s (potential) guests, specifically names, addresses, services used, documents and correspondence associated with such services, gender, nationality, country of origin, document data, bookkeeping and payment figures, indicated interests and indicated intolerances, handicaps and other health-related information and information related to registration and stay at accommodations. Using this information, the Company can complete the services for local taxes, registration of the guests with their accommodations (such as reports to police) and the necessary statistics. To the extent that the corresponding data is not provided, the Company will not be able to provide the services as a rule.
2.2. The legal basis for processing this data is, on the one hand, the necessity for the fulfillment of the Company’s contract with the guest or the execution of the pre-contractual measures that can be revoked by the guest at any time upon request (Art. 6, Paragraph 1, lit. b of the GDPR) or, in particular with regard to any potential health information, the respective (express) agreement (Art. 6, Paragraph 1, lit. a of the GDPR and Art. 9, Paragraph 2, lit. a of the GDPR). The revocation may be declared by email sent to LTS at gdpr@LTS.it, whereby LTS will immediately transfer the revocation to the Company. The contractual data will be processed until the contractual purpose has been completed and for legal obligations of storage, in particular in accordance with tax and/or commercial law or with regard to the legal basis of the agreement until the point of revocation.
2.3. The Company operates as the IT service provider for the technical operation of Touristmanager on behalf of LTS, the Landesverband der Tourismusorganisationen Südtirols (National Association of Tourism Organizations in Southern Tyrol), via Conciapelli 60, 39100 Bolzano, Italy, Tel +39 0471 978060, Fax +39 0471 977661, e-Mail: info@LTS.it, Web: www.LTS.it, (hereafter LTS), which will receive the data indicated above under some circumstances. The Company has concluded the agreements necessary for data protection with LTS so that the data indicated above will only be processed in a legal and secure manner.
3. Information about the Rights of Affected Parties with regard to Data Protection
3.1 Right of Revocation To the extent that processing is based on (express) agreement, the person affected by the data processing has the right to revoke the agreement at any time without affecting the legality of the processing performed based on the agreement up to the point of revocation. Regarding the process, refer to Item 2.2 above.
3.2 Right of Information Each person affected by processing the data has the right to demand confirmation from the responsible party regarding whether the responsible party is processing personal data. If that is the case, the affected person has a right to be informed about said personal data (copy of the personal data, that is the object of processing) and about the following information: (a) the purpose of the processing, (b) the categories of personal data that will be processed, (c) the recipients or categories of recipients who will or may receive the personal data, especially recipients in foreign countries or international organizations, (d) the planned period during which the personal data will be stored if possible, or the criteria for determining the period, if not possible, (e) the existence of a right of correction or deletion of the personal data or limitation of processing by the responsible party or a right of complaint against processing, (f) the existence of a right of complaint to an overseeing committee, (g) all information about the source of the data if it is not collected from the affected person, (h) the (non-)existence of automated decision-making, including profiling. The responsible party will make a copy of the personal data that is the object of processing available. The responsible party may demand appropriate compensation on the basis of the administrative expenses for all additional copies requested by the affected person. If the affected person submits the request electronically, the information must be made available in a standard electronic format, if not otherwise specified.
3.3 Right of Correction and Deletion The affected person has the right to demand the immediate correction of incorrect personal data affecting them. In consideration of the purposes for processing the data, the affected person has the right to demand the completion of incomplete personal data, even by means of a supplement declaration. Furthermore, the affected person has the right to demand that the responsible party immediately delete personal data affecting them. The responsible party shall be obligated to delete the personal data immediately, if the following reasons do not affect such deletion. (a) The personal data will no longer be used for the purposes for which it was collected or process in any other manner. (b) The affected person has revoked their agreement that is the basis for processing and there are no other legal reasons for processing the data. (c) The affected person has complained against the processing (see the next item below). (d) The personal data has been processed illegally. (e) Deletion of the personal data is required for fulfillment of a legal obligation with which the responsible party must comply. (f) The personal data was acquired as part of a service offer from an information company (agreement by a child). In particular, the right of deletion does not exist if the processing is required for the fulfillment of the responsible party’s legal obligations or for the exercise of a duty that is in the public interest or the exercise of public power that has been transferred to the responsible party and/or for the enforcement, exercise or defense of legal claims.
3.4 Right of Limitation of Processing The affected person has the right to demand the limitation of processing from the responsible party, if one of the following prerequisites exists. (a) the correctness of the personal data is disputed by the person affected for a period that allows the responsible party to examine the correctness of the personal data, (b) the processing is illegal and the affected person rejects the deletion of the personal data and instead demands the limitation of the usage of the personal data, (c) the responsible party no longer need the personal data for the purpose of processing, however the affected person requires it for the enforcement, exercise or defense of legal claims or (d) the affected person has submitted a complaint against the processing as long as it has not been determined if the justified grounds of the responsible party supersede those of the affected person. If processing has been limited, such personal data (regardless of its retention) may only be processed with the agreement of the affected person, for the enforcement, exercise or defense of legal claims, for the protection of the rights another natural or legal entity or for reasons of important public interest of the Union or a member state. The responsible party will inform an affected person who has obtained a limitation of processing, before the limitation is released.
3.5 Right to Transfer Data If processing is based on an agreement or contract and it will employ automated procedure, the affected person has the right to receive the personal data that they have provided to the responsible party in a structured, popular, electronic format. For the exercise of their right to transfer the data, the affected person must obtain the right that the personal data will be transferred directly from a responsible party to another responsible party, if such is feasible at the technical level.
3.6 Right of Complaint The affected person has the right to submit a complaint for reasons that result from their special situation at any time against the processing of the personal data that is required for the exercise of a duty, that is in the public interest or in the exercise of public power, which has been transferred to the responsible party or the exercise of the responsible party’s justified interests or is required by a third party. The responsible party will then cease processing the personal data, unless they can prove absolute reasons worthy of protection for processing it, which supersede the interests, rights and freedoms of the affected person or the processing serves the enforcement, exercise or defense of legal claims. If personal data will be processed to operate direct marketing, the affected person has the right to submit complaints at any time against the processing of the personal data for purposes of such advertisement. If the affected person complains about the processing for purposes of direct marketing, the personal data may not be used for this purpose.
3.7 Right to Complain to an Overseeing Authority Each affected person has the right to complain to an overseeing authority regardless of any other legal aid for management or courts, in particular in the member country where they reside, where they work or the city of the suspected breach, if the affected person believes that the processing of their personal data is contrary to the legal guidelines. The contact data for the Italian Data Protection Authority is Garante per la protezione dei dati personali, Piazza di Monte Citorio 121, 00186 Rome, Italy, firstname.lastname@example.org.