menu
On Como
Lake
In
Out
CHECK
AVAILABILITY
Privacy

Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”)

Information to be provided where personal data are collected from the data subject

DATA CONTROLLER

DATA CONTROLLER, pursuant to art. 4 and 24 of the Regulation (EU) 2016/679, is è HOTEL MENAGGIO SRL (Grand Hotel Menaggio), having its head office in Via Ariberto 22, Cantù 22063 (CO), as represented by the pro-tempore legal representative. The contact details of the controller: privacy@grandhotelmenaggio.it; telephone: +39 034430640.

PERSONAL DATA PROCESSED

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (art. 9 GDPR).

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user.

Data provided voluntarily by the user

The optional and voluntary sending of personal data (e.g. sending email messages to the addresses indicated on this site or filling in data collection forms on this site) involves the acquisition and processing by the Owner of the data voluntarily provided by users (e.g. email address of the sender, necessary to respond to requests), as well as any other personal data included in the communication (such as name, surname, address, telephone number, email address, etc.).

Cookies

For more information on the cookies used by this website please see our cookies policy.

PURPOSES OF THE PROCESSING, LAWFULNESS OF THE PROCESSING, DATA RETENTION PERIOD, NATURE OF DATA PROVISION AND REFUSAL.

 

Purposes Of The Processing. Browsing on this website.

Lawfulness Of The Processing. Legitimate interest of the Data Controller, which consists of activities strictly necessary for the operation of the site and the provision of navigation service on the platform (art. 6 letter f) GDPR).

Data Retention Period. Only for the related session, after which the data are deleted.

Nature Of Data Provision And Refusal. Data subjects must provide their personal data to allow browsing on the website and their failure to provide data involves the impossibility of browsing the web site.

Purposes Of The Processing. Request of contacts or information

Lawfulness Of The Processing. Legitimate interest of data controller: reply to users’ requests (art. 6 letter f) GDPR).

Data Retention Period. 1 year.

Nature Of Data Provision And Refusal. Data subjects must provide their personal data in order to obtain a response to their requests and their failure to provide data involves the impossibility to receive feedback from the data controller regarding his request for information.

Purposes Of The Processing. Administrative-accounting activities related to the booking of the stay and/or further services offered by the Hotel; protection of credit positions arising, management of insurance policies for civil liability and third parties. Within the scope of this purpose, the Data controller may process special categories of personal data provided voluntarily by the data subject (e.g. state of health related to disability or celiac disease).

Lawfulness Of The Processing. Execution of pre-contractual measures taken at the request of the data subject or execution of a contract (Art. 6 b GDPR). Consent for any special categories of personal data processed (art. 6 letter a) GDPR and art. 9 par. 2 letter a) GDPR).

Data Retention Period. 10 years.

Nature Of Data Provision And Refusal. Data subjects must provide their personal data in order to book at our structure.  Failure to provide this information will make it impossible to make a reservation.

RECIPIENTS OR CATEGORIES OF RECIPIENTS

The personal data provided will be communicated to subjects who will process personal data as data processor (art. 28 GDPR), as persons acting under the authority of the Joint controllers (art. 29 GDPR), or as data controllers,
in order to follow up on the purposes of the processing indicated above.
Specifically, personal data may be communicated to recipients belonging to the following categories:

  • subjects that provide services for the management of the information system used by Data Controller and of the telecommunications networks (including e-mail and the website);
  • studies or companies in the context of assistance and consultancy relationships;
  • insurance companies in the case of civil liability and third party liability;
  • competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request.

The list of data processors is constantly updated and available at the headquarters of the Controller.

DATA TRANSFER TO A THIRD COUNTRY AND/OR TO INTERNATIONAL ORGANISATIONS
Personal data will be not transferred to countries outside the EU.

 

DATA SUBJECTS' RIGHTS

The data subject will be able to exercise their rights as expressed in Articles 15 et seq. of EU Regulation 2016/679, addressing themselves to Data controller at the following email: privacy@grandhotelmenaggio.it. The data subjects have the right to obtain access to personal data and the rectification or erasure personal data, or the restriction of processing that concerns them. Furthermore, data subjects have the right to object, at any time, to the processing of their data (including automated processing, e.g. profiling) and, with reference to art. 6 paragraph 1, letter a) and art. 9 paragraph 2, letter a), they have the right to withdraw the consent given at any time. In the cases provided for, data subjects have the right to the portability of their data and in this case the Data Controller will provide them with their personal data in a structured, commonly used and machine-readable format. Without prejudice to any other administrative and judicial appeal, if data subjects believe that the processing of their personal data violates the provisions of Regulation EU 2016/679, pursuant to art. 15 letter f) of the aforementioned Regulation EU 2016/679, they have the right to lodge a complaint with the Data Protection Authority (Garante per la protezione dei dati personali - www.garanteprivacy.it)

PRIVACY INFORMATION MODIFICATION

Data controller has the right to change, update, add or remove portions of this privacy policy at its sole discretion and at any time. In order to facilitate such verification, this policy will contain an indication of the date of update

 

Updating date: 12th march 2020