This page illustrates the policies for personal data security implemented by INFINITY HOTEL MANAGEMENT S.r.l. for the benefit of users who consult the website and, more generally, for data subjects who interact with our hotel for various reasons.
This privacy policy disclosure is provided pursuant to Article 13 of the General Regulation for the Protection of Personal Data EU 2016/679 (hereinafter referred to as GDPR – the General Data Protection Regulation), in particular for those who interact with the web services of Il Pitti Soggiorno, which in turn belongs to the hotel brand GREGORI HOTELS, which you may review at:
This privacy policy disclosure refers only to the website of Il Pitti Soggiorno and not to other websites that may be accessed by the user through links.
This privacy policy disclosure is also issued following Recommendation No. 2/2001 which the European authorities for the protection of personal data, acting within the Group established by Article 29 of Directive No. 95/46/EC, adopted on 17 May 2001. The purpose of said Group was to identify certain minimum requirements for the online collection of personal data and, in particular, the manner, timing and nature of information disclosures which data controllers must provide to users when they access web pages, regardless of the purpose thereof.
DATA CONTROLLERS AND DATA PROCESSORS
DATA PROCESSING LOCATION
The processing operations associated with the web services of this website take place at the headquarters of the data controller and data processors, and are carried out only by technical personnel assigned to the data processing service.
Using third-party cookies, Google and other companies that install third-party profiling cookies may also process personal data outside the European community. In this regard, please refer to the relevant Cookie Policy.
Personal data submitted by users who request information material are used only to perform the service or provide services requested, whereas certain data acquisition forms provide for the possibility of forwarding the data subject's personal data to service providers to comply with the contract and provide the requested services.
TYPES OF DATA PROCESSED
Browser data
During their normal operation, computer systems and software procedures used to operate this website acquire certain personal data the transmission of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its own very nature, could lead to the identification of users through processing and association with data held by third parties. This category includes IP addresses or domain names of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, digital code indicating the server response status (successful, error etc.) and other parameters pertaining to the user's operating system and IT environment. This data is used only to obtain anonymous statistics about the usage of the website and to check that it is functioning correctly; it is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site; except for this possibility, web contact data is presently retained for no longer than thirty days.
Data submitted voluntarily by users
The optional, explicit and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the messages. The voluntary compilation of data acquisition forms to request specific services, adhere to offers or to purchase services and products, entails the subsequent processing of the personal data submitted to ensure the execution of a contract to which the data subject is a party or the fulfilment of pre-contractual terms requested by the same data subject. The company has taken specific measures to ensure that the processing of data is preceded by the user's voluntary reading of this privacy policy disclosure.
Cookies
Please refer to the Cookie Policy
Minors
The services provided on this website are not intended for minors. We do not knowingly collect data, including personal details, related to minors. Should we become aware that we have collected the personal data of a minor, we will immediately delete such data, unless we are obliged by law to retain the same. Please contact us if you believe that the Hotel has mistakenly or unintentionally collected information related to a minor.
PROCESSING METHODS
Personal data are processed by automated tools for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, the illicit or incorrect use thereof and unauthorised access.
PURPOSE, LEGAL BASIS AND NATURE OF SUBMITTED DATA
Data provided through the Website will be processed by the Data Controller for the following purposes:
The data processed by us may include special categories of personal data as defined by Article 9 of GDPR 2016/679 or personal data concerning health or religion (food allergies, services for the disabled, menus related to religion, etc.) provided voluntarily, with prior consent, in the Notes fields of the booking form.
The data in question will be processed guaranteeing appropriate security measures limited to the data and operations necessary to fulfil the pre-contractual obligations that the hotel undertakes in its sector of activity, in order to provide specific goods or services requested by the data subject.
Pursuant to Article 9 of the GDPR 2016/679, however, we will always ask for an explicit authorisation to process your personal data as we cannot know in advance if data subjects will voluntarily enter information applicable to a given category in the data acquisition forms.
MANAGEMENT OF CVS
This privacy policy disclosure, prepared in accordance with Article 13 of EU Regulation 2016/679, can also be used by the data controller in association with personnel recruitment announcements that may be published on websites or portals not directly managed by the same.
The Company will process the CVs received by email or through third-party recruiting companies (publications on portals, etc.) to evaluate potential candidates within the company or that could be presented in the future.
The processing is carried out electronically, with the exception of CVs received by ordinary post.
CVs considered "interesting" will be retained at the company's headquarters for a period not exceeding one year and will be processed in full compliance with the minimum security measures prescribed by Article 32 of the GDPR 2016/679
CVs deemed irrelevant as well as those whose retention time has exceeded 18 months will be deleted. In any case, the CVs will be retained at the Il Pitti Soggiorno and will not be disclosed to unauthorised third parties excluding hotels and companies belonging to the Brand GREGORI HOTELS (www.gregorihotels.com)
The CVs in question shall be evaluated by employees or collaborators of the hotel officially appointed and instructed in personal data protection matters.
In any case, we ask candidates to observe the following rules when submitting their CVs electronically:
The company reserves the right not to delete CVs not compliant with the above requirements. Processing purposes related to the management of CVs will involve activities strictly related to the evaluation, recruitment or selection of personnel, in contexts of collaboration, fixed-term or permanent employment, internships, or to enable selected student candidates to prepare dissertations at our headquarters.
TRANSFER OF PERSONAL DATA
Except as provided in the Cookie policy, in no case will your personal data be transferred to third countries or international organisations. The company INFINITY HOTEL MANAGEMENT S.r.l. ensures that the processing of Personal Data by the Recipients takes place in compliance with the Applicable Regulations which are legally applicable outside the EU.
Otherwise, transfers are subject to an adequacy judgement or compliance with the Standard Model Clauses approved by the European Commission or, in cases of transfers to the USA, compliance with the Privacy By Shield principles.
More relevant information and explanations can be provided by the data controller.
DATA RETENTION
The data controller will process the personal information of data subjects for the time strictly necessary to achieve the purposes indicated in this privacy policy disclosure.
By way of non-exhaustive example, the hotel will process Personal Data to provide the newsletter service until the interested party decides to unsubscribe from the service itself by simply clicking on the email received.
Without prejudice to the above, the data controller will process your Personal Data for as long as permitted by Italian law to protect its interests (Article 2947(1)(3) of the Italian Civil Code). More information about the Personal Data retention period and the criteria used to determine this period can be requested by writing to ilpitti@gregorihotels.com
RIGHTS OF THE DATA SUBJECTS
At any time, data subjects have the right to obtain confirmation of the existence or non-existence of the data itself, to be informed of its content and origin, to verify its accuracy, and to request that it be supplemented, updated or corrected (Article 15 – 22 GDPR 2016/679). In accordance with the above-mentioned Articles, Data Subjects have the right to request the deletion, anonymization or blocking of data processed in violation of the law, and in any case, to oppose the processing of said data for legitimate reasons.
Pursuant to Chapter III of the GDPR 2016/679, at any time, data subjects have the right to request access to their Personal Data, the correction or cancellation of the same or to oppose their processing as well as restriction of processing or return of the data in a structured, commonly used and machine-readable format.
Data subjects may also oppose profiling and lodge complaints with the Supervisory Authority.
At any time, data subjects also have the right to revoke their consent to processing without prejudice to the lawfulness of the processing based on consent given before the revocation. For the complete and exhaustive list of the rights exercisable by data subjects, see Article 15 et seq. of the GDPR 2016/679. Requests should be sent via email to ilpitti@gregorihotels.com
UPDATES AND REVISIONS
The privacy policy was updated to revision 1 on 18-12-2019 and may be subject to future revisions.