Legal basis for data processing.
Data collected and purposes.
Like all websites, this website also makes use of log files in which information collected is stored in an automated manner is stored during user visits. The information collected may be the following:
-internet protocol address (IP);
-type of browser and device parameters used to connect to the website;
-name of the internet service provider (ISP);
-date and time of visit;
-visitor’s web page of origin (referral) and exit;
-country of origin;
-possibly the number of clicks.
Data and information are collected for the following purposes:
-in an exclusively aggregated and anonymous form in order to verify the correct functioning of the website. None of this information is linked to the physical person-User of the website, and does not allow their identification in any way (from 25 May 2018 this information shall be processed on the basis of the legitimate interests of the data controller);
-for security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the laws in force on the subject, in order to block attempts to damage to the website itself or to cause damage to other users, or in any case activities that are harmful or that constituting a crime. This data is never used for the identification or profiling of the user, nor is it crossed with other data, nor provided to third parties, but it is only used for the purpose of protecting the website and its users (from 25 May 2018 this information shall be processed based on the legitimate interests of the owner);
-to communicate the data to third parties that perform functions necessary or instrumental to the operation of the service. The data collected by the website during its operation is used exclusively for the purposes indicated above and stored for the time strictly necessary for carrying out the specified activities. In any case, the personal data collected by the website will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided for by law. However, the data may be provided to third parties if this is necessary for the provision of a specific service requested by the User or for the execution of security checks or website optimisation. The data used for website security purposes (blocking attempts to damage the website) is stored for 7 days.
Place of processing.
The data collected by the website is processed at the Data Controller’s headquarters and at the Web Hosting data centre. The web hosting (Logovia LTD, 1, College Yard, 56 Winchester Ave, London NW67UA) is located in the European Economic Area and acts in accordance with European standards.
Third party cookies.
Social Network Plugins.
-Facebook-(cookie information link)
-Instagram-(cookie information link).
Transfer of data to non-EU countries.
This website may share some of the data collected with services located outside the European Union area. Particularly with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorised on the basis of specific decisions of the European Union and of the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield-here is the information page of the Italian Guarantor), and therefore no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
This website processes user data in a lawful and proper manner, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or unauthorised destruction of the data. The data processing is carried out using IT and/or telematic tools, with organisational methods and with logic strictly related to the purposes indicated. In particular, the website management software is constantly updated and regularly scanned to check for viruses and dangerous codes. In addition to the data controller, in some cases, categories of employees involved in the organisation of the website (administrative, commercial, marketing, legal personnel, system administrators) or external individuals (like third party technical services providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
Pursuant to European Regulation 679/2016 (GDPR) and to article 7 of Legislative Decree of 30 June, 2003, no. 196 http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1311248, the User can, according to the methods and within the limits established by current legislation, exercise the following rights:
-object wholly or partially, for legitimate reasons, to the processing of personal data that concerns them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
-request confirmation of the existence of personal data that concerns them (right of access); -gain knowledge of its origin;
-receive intelligible communication;
-have information about the logic, methods and purposes of the processing;
-request the updating, amendment, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including that no longer necessary for the pursuit of the purposes for which it was collected;
-in cases of consent-based processing, receive at no other cost than that of possible support, their data provided to the data controller, in a structured and legible form by a data processor and in a format commonly used by an electronic device;
-the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor-link to the Guarantor page);
-as well as, more generally, to exercise all the rights that are recognised by the current legal provisions. In the event that the data is processed on the basis of legitimate interests, the rights of the data subjects are guaranteed (except the right to portability, which is not provided for by the regulations), in particular the right to object to the processing that can be exercised by sending a request to the data controller. Requests should be addressed to the Data Controller.
The data controller, pursuant to the laws in force, is the administrator of Hotel del Levante-VAT number 00204600746 contactable through the CONTACT INFO section or the contact info listed at the bottom of the website pages.