Privacy Policy
Information on the processing of personal data in accordance with Art. 13 of the EU Reg. 2016/679 (“GDPR”)
For all information regarding the processing of data, as required by the European Regulation on the Protection of Personal Data No. 2016/679 (“RGDP” or “GDPR”) and the applicable national legislation on the processing of personal data, D. Lgs. 196/2003 and ss.mm.ii., we invite you to carefully read our Privacy Policy, which applies in case you access this website and decide to navigate within it and/or use its services.
When does this policy apply?
This information is given and is valid only on this site(www.itesoridimodena.it) and not also for other websites that may be consulted by the User through links on the site. I Tesori di Modena suggests that you consult the privacy policies of all parties you come into contact with before disclosing personal information.
DATA CONTROLLER
The Data Controller of the data collected through this site is “AFFITTACAMERE E SERVIZI S.R.L. – SEMPLIFICATA”, with registered office located at Via Vincenzo Bellini 70/A – 41121 – Modena (MO) – ITALY | P.IVA 04134100363 | EMAIL privacy@itesoridimodena.it (hereinafter “The Treasures of Modena”, or also just “Data Controller”).
I Tesori di Modena guarantees that the processing of your personal data will be carried out in compliance with your right to confidentiality. Therefore, the personal data provided by You will be collected, recorded, processed electronically and telematically for the sole purpose of providing the services requested and may possibly be communicated to third parties only for reasons inherent to the provision of the aforementioned services.
TYPES OF DATA PROCESSED, PURPOSE AND LEGAL BASIS FOR PROCESSING, DATA RETENTION
As part of the use of the Site, the Owner will process the following data:
DATA VOLUNTARILY PROVIDED BY THE USER
The User is asked for personal data (e.g. first name, last name, telephone, e-mail address, etc.) only if he/she wishes to come into contact with or make use of the services offered on this site. In such cases, the User is provided with appropriate information in this regard and, in cases where this is necessary, is asked to provide his/her consent. The processing of the data provided by the User will take place in accordance with the purposes and methods indicated in this information notice. Unless otherwise specified, the processing of personal data will take place for as long as the User uses the website and the services provided through it. If consent is withdrawn, personal data will be retained by the Data Controller for the purpose of proving the fulfillment of its obligations, until the intervening prescription of the same.
CONTACT/REQUEST INFORMATION
The explicit and voluntary sending of messages to the contact addresses on the site, or the completion and sending of the contact form, involves the acquisition of the sender’s contact data, as well as all personal data included in the communications. These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.
- Type of data processed: first name, last name, e-mail, message.
- Purpose of processing: Handling of the request sent by the User and the provision of the requested service (e.g. information request, quotes, support and assistance, etc.).
- Legal Basis of Processing: art. 6 co. 1) lett. b) of the GDPR, the execution of pre-contractual measures taken at the request of the data subject. The processing is necessary to respond to requests received from the User.
- Data Retention: The User’s requests and the data contained therein, will be kept only as long as necessary to allow the Data Controller to identify the correct closing of the request and in any case as long as may be necessary to protect the interests of the Data Controller from possible liability. At the end of this period, data that premise the identification, even indirectly, of a natural person (such as name-surname, e-mail) will be anonymized and maintained, in the form of aggregate data for statistical purposes.
LIVE CHAT – INSTANT MESSAGING SYSTEM
Within the website it is possible to use the service rendered by the WhatsApp platform to request information also of a commercial nature; the data is transferred to the service operator for the provision of the service itself, the processing takes place in the manner specified by the privacy policy of the service: Whatsapp privacy policy. The User is informed that, with the use of the instant messaging system on the website, any personal data included in the communications may be subject to transfer outside the EU.
- Type of data processed: personal data transmitted using the live chat system.
- Purpose of processing: handling the request sent by the User and the provision of the requested service (e.g., requesting information, quotes, support and assistance, etc.).
- Legal Basis of Processing: art. 6 co. 1) lett. b) of the GDPR, the execution of pre-contractual measures taken at the request of the data subject. The processing is necessary to respond to requests received from the User. For any data transmitted through the use of the live chat system (answering visitors’ questions or solving their problems, …), it is not necessary to collect visitors’ consent.
REQUEST YOUR QUOTE AND MAKE YOUR RESERVATION
Data conferred directly by the interested party by filling in and sending the form for determination or request for the quote for the identified stay. By accessing the section, it is given the opportunity to request the availability of the facility to the stay. Data are processed for the following purpose and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.
- Type of data processed: first name, last name, telephone.
- Purpose of processing: handling the request sent by the User and providing the requested service (e.g., checking availability, quotes, acquiring, confirming and providing the requested services, as well as booking accommodation and ancillary services).
- Legal Basis: art. 6 co. 1) lett. b) of the GDPR, the execution of pre-contractual measures taken at the request of the data subject. The processing is necessary to respond to requests received from the User. A proprietary platform is used to manage the booking service therefore the data will not be disclosed to third parties.
Once the reservation is confirmed, on the day the stay begins, the personal data collected will be used for further purposes, such as:
- Public safety purposes as stipulated in current regulations, as well as administrative, accounting and tax purposes;
- Allow self check-in, the opening of room doors, by remote modes.
- Legal Basis: art. 6 co. 1) lett. c) of the GDPR, the processing is necessary to fulfill a legal obligation to which the Data Controller is subject; art. 6 co. 1) lett. b) of the GDPR, the performance of a contract to which the data subject is a party.
PAYMENT MANAGEMENT AND BILLING
Payment processing services allow this Web Site to process payments by credit card, wire transfer, or other means. The data used for payment is acquired directly from the operator of the requested payment service without being processed in any way by this Web Site. Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.
- Nexi Easy Pay is a payment service provided by Nexi Payments Spa, which allows the User to make payments online. Nexi Payments S.p.A. is subject to direct supervision and oversight in Italy. Company subject to the direction and coordination of Nexi S.p.A.
- Type of data processed: various types of Data as specified by the privacy policy of the service.
- Place of processing: the User may consult the Nexi Easy Pay – Privacy Policy.
- FattureInCloud is an invoicing service provided by FattureInCloud (a product of MadBit Entertainment S.r.l. a single member company. MadBit Entertainment S.r.l. single member is a TeamSystem S.p.A. company).
- Personal Data processed: various types of Data as specified by the privacy policy of the service. FattureInCloud is intended to enable the processing of Personal Data strictly necessary for the purpose of managing accounting and administrative requirements related to electronic invoices. Such processing requires that FattureInCloud be used in accordance with the principles of minimization, integrity and confidentiality provided for in the applicable data protection legislation, for example by limiting the description of the professional service performed to what is strictly necessary for tax purposes to avoid, for example, including data of minors or related to health services, criminal convictions and crimes.
- Place of processing: the User may consult the InvoicesInCloud – Privacy Policy.
ENTER YOUR VOTE AND LEAVE YOUR REVIEW
Data provided directly by the User through the completion and submission of the form. The optional, explicit and voluntary completion and sending of a comment and/or review to the stay and services offered, involves the acquisition of the sender’s name, as well as any personal data that may be included in the comment. By completing the review area, the User is informed that the content will be published on the site. Users are therefore responsible for the content of their comments. Data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding that necessary for the purposes for which they were collected and processed.
- Type of data processed: name and content of the comment.
- Purpose of processing: Responding to the User’s submitted requests via comments, i.e. publishing the submitted comment.
- Legal Basis: art. 6 co.1) lett. b) of the GDPR, the execution of pre-contractual measures taken at the request of the data subject. Processing is necessary to respond to requests received from the User; art. 6 co.1) lett. f) of the GDPR, legitimate interest of the Data Controller.
ADDITIONAL PURPOSES
In addition, data may be processed for additional purposes, such as:
- Contractual purposes, related and instrumental to the establishment and management of customer relationships, such as the acquisition of information prior to the possible conclusion of a contract; in this case, the data will be retained by the Data Controller for the time strictly functional to the performance of the requested service and the proper execution of the contractual relationship with the User. In any case, as these personal data are processed to provide the Services and allow the execution of the contractual relationship, the Owner may retain them for a longer period, particularly as may be necessary to protect the interests of the Owner itself from possible liability. At the end of this period, the data will be deleted.
- Fulfilling the obligations provided for by state laws, regulations and EU regulations, or provisions issued by authorities empowered to do so by law and by control or supervisory bodies (e.g., tax, accounting, administrative, etc.); in this case, the data will be retained by the Data Controller for the period provided for by specific legal obligations or applicable regulations.
- The exercise of the Holder’s rights in court and the management of any litigation.
- Statistics: Collection of data and information in aggregate and anonymous form only in order to verify the proper functioning of the site, with a view to continuous improvement. None of this information is related to the physical person-User of the site, and does not allow its identification in any way.
- Security: Collection of data and information in order to protect the security of the website and users (spam filters, firewalls, virus detection) and to prevent or expose fraud or abuse against the website. The data, including the domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment, are recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with the relevant laws in force, in order to block attempts to damage the site itself or to cause damage to other users, or otherwise harmful or criminal activities. Such data are never used for User identification or profiling and are deleted periodically.
Cookie
Cookies are small text strings that the sites visited by the User send to his/her terminal (usually to the browser), where they are stored and then retransmitted to the same sites on the same User’s next visit. In the course of browsing a site, the User may also receive on his/her terminal equipment cookies that are sent by different sites or web servers (so-called “third parties”), on which some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the site that the same User is visiting may reside. Cookies, usually present in users’ browsers in very large numbers and sometimes also with characteristics of wide temporal persistence, are used for different purposes: performing computer authentication, monitoring sessions, storing information about specific configurations regarding users accessing the server, etc. For more details, please refer to the site’s Cookie policy.
MANDATORY OR OPTIONAL NATURE OF PROVIDING DATA
The User is free to decide whether or not to provide his/her personal data through this website and/or services related to it. Failure to provide data, as indicated on a case-by-case basis in the information provided to the User, may result in the impossibility of providing the requested service. The compulsory nature of the information, if required, is indicated in advance to the User and marked with the symbol (*). Any refusal to communicate certain data marked as compulsory makes it impossible to pursue the main purpose of the specific collection: such a refusal may, for example, result in the impossibility for I Tesori di Modena to provide answers to the User, or other services that may be available on this website. On the other hand, the provision to I Tesori di Modena of further data, other than those marked as essential, is optional and does not entail any consequence with regard to the pursuit of the main purpose of the collection.
MODE OF TREATMENT
The processing of personal data will always be governed by the principles of fairness, lawfulness, transparency and protection of confidentiality through technical and organizational security measures to ensure an adequate level of protection and by security procedures to ensure the confidentiality, integrity and availability of data.
RECIPIENTS AND TRANSFER OF DATA
Personal data may be processed by the personnel in charge of the development and management of the website who are authorized to process them in order to achieve the previously stated purposes and who have committed themselves to confidentiality or received an appropriate legal obligation of confidentiality.
Personal data will be processed by parties appointed as data processors as they process data on behalf of the Data Controller (e.g., parties with whom it is necessary to interact for the provision of the Services such as hosting providers or, again, parties delegated to perform technical maintenance activities including maintenance of network equipment and electronic communication networks, etc.).
Personal data may be shared with third parties with whom the Data Controller has ongoing contractual relationships having as their object services functional to the performance of the activity (such as, for example, companies or professional firms that provide accounting, administrative, legal, tax, financial and debt collection assistance and consulting in relation to the provision of the Services, providers for the management of payments, the issuance of electronic invoices and to allow Self check-in and the opening of remote electromechanical locks , etc.).
The data may be communicated, even without consent, to all inspection bodies in charge of audits and controls, such as the Internal Revenue Agency, ministerial bodies and competent authorities, local authorities, and Tax Commissions of every order and degree, upon their express request, which will process them as autonomous data controllers for institutional purposes and/or under the law in the course of investigations and controls.
Personal data are not intended for publication or dissemination. The full list of appointed external data processors is available from the Data Controller.
The data will be processed by the Data Controller in Italy and within the territory of the European Union and the European Economic Area. If, for technical, organizational and/or operational reasons, it becomes necessary to use subjects (among those indicated in the previous list) located outside the European Union or the European Economic Area, we inform you that the Controller will ensure that the processing of data by these subjects takes place in compliance with applicable regulations. Therefore, transfers will be made through appropriate safeguards, such as adequacy decisions, model Standard Contractual Clauses approved by the European Commission, or other safeguards deemed appropriate. The data subject may request more information by writing to the data controller’s contacts listed at the beginning of this notice.
RIGHTS OF INTERESTED PARTIES
Articles 15 et seq. of the GDPR give data subjects specific rights. In particular, the right to obtain confirmation of the existence or non-existence of personal data, access to personal data and the rectification or erasure of personal data or the restriction of processing concerning him or her or to object to its processing, as well as the right to data portability, the communication of such data and the purposes on which the processing is based. In addition, data subjects have the right to obtain the revocation of consent at any time without prejudice to the lawfulness of the processing based on the consent given before revocation, the transformation into anonymous form or the blocking of data processed in violation of the law, as well as the updating or, if there is an interest therein, the integration of data. Data subjects have the right to object, for legitimate reasons, to the processing itself.
The exercise of these rights is not subject to any time constraints and can be done free of charge by contacting the Holder the references given at the beginning of this notice by regular mail and/or e-mail.
Data subjects who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the GDPR have the right to lodge a complaint with a supervisory authority (for Italy: Garante per la protezione dei dati personali www.garanteprivacy.it), as provided for in art. 77 of the GDPR, or to take appropriate legal action (art. 79 of the GDPR).