As required pursuant to GDPR EU Reg. 2016/679 (European Regulation on the Protection of Personal Data), we provide the information required for the processing of the personal data provided. The information should not be considered appropriate for other websites that may be consulted by means of the links presented on websites owned by the controller, who should not in any way be deemed responsible for third-party websites.
Personal data that can be processed: “personal data”: any information regarding an identified or identifiable natural person (“interested party”); a natural person is considered identifiable if such person can be identified, whether directly or indirectly, with particular reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more of the elements characteristics of their physical, physiological, genetic, psychological, economic, cultural or social identity (C26, C27, C30 EU Reg. 2016/679).
Data Controller: Hotel Cristallo
Owner of email address to which requests are sent: firstname.lastname@example.org
At this site, we acquire personal data by means of the behavioral entry data forms during normal content consultations. The data is processed for the following purposes and using the following services at the corresponding storage and handling sites:
Mailing List or Newsletter Personal data acquired: name, surname, email, language. Processing site: Italy, Europe
Contact Form Personal data acquired: name, surname, email, address, certified email, country, province, telephone, processing site: Italy, Europe
Share social buttons, add-this plugin, other plugins Personal data acquired: anonymous, cookies and use data. Processing site: USA, Europe
Direct registration Personal data acquired: name, surname, email, address, certified email, nation, province, telephone and various types of also in multiple forms (billing, shipping, gift option), Processing site: Italy, Europe
AdWords Remarketing, Facebook Remarketing e Remarketing con Google Analytics per la pubblicità display Personal data acquired: Cookies and anonymous Use Data Processing site: USA
Google Analytics and Google Analytics with anonymized IP Personal data acquired: Cookies and anonymous Use Data. Processing site: USA.
Newsletter Stats. Personal data acquired: Behavioral use data, also non-anonymous. Processing site: Italy.
Widget and Embed conents such as: Vimeo, Youtube, TripAdvisor, Trust You, Google Map, Personal data acquired: Cookie and Use Data. Processing site: USA
Web Services content automatically imported from external data sources Personal data acquired: none
Users may exercise certain rights with respect to the Data processed by the Data Controller.
Specifically, the User has the right to:
When Personal Data is processed in the public interest, in order to exercise public authority with which the Data Controller has been vested or in order to pursue a legitimate interest of the Data Controller, Users have the right to object to processing for reasons related to their particular situation.
Users are reminded that, in the event that their Data is processed for direct marketing purposes, they may object to the processing without providing any reasons. In order to determine whether the Data Controller is processing data for direct marketing purposes, Users may refer to the respective sections of this document.
In order to exercise the User’s rights, Users may direct requests to the contact details of the Data Controller indicated in this document. Requests are deposited free of charge and processed by the Data Controller as soon as possible, in any case, within one month. Some editing functions may be exercised independently by the user, as reported in the following section.
We never sell personal information to third parties. We do not exchange, share or transfer your personal data to third parties, except in the following limited circumstances.
Personal data provided may be disclosed to recipients who will process the data as managers and/or as natural persons who act under the authority of the Data Controller and the Data Manager in order to comply with contracts or for related purposes.
Specifically, your personal information may be disclosed to recipients in the following categories:
We may also share and/or transfer your personal data if we are involved in a merger, acquisition, bankruptcy or any form of corporate transformation.
We may share your personal information with third parties (outside the above categories) if we have your explicit consent to do so.
We may also share aggregate or anonymized data with third parties for other purposes. This data does not identify the user individually, but may include data on the use, display and behavior of users.
We use a number of technologies and security procedures to protect personal data from unauthorize access, use or disclosure. We protect the personal data provided on the cloud and local servers in controlle and secure environments, protected from unauthorized access, use or disclosure. When the personal data is confidential (like credit card numbers and/or geographic data), it is collected on our App and/or transmitted to another website, is protected through the use of cryptography, such as the Secure Socket Layer (SSL) protocol.
This site is equipped with an https certificate which makes it more secure, especially for the personal information entry processes.
For Users for whom we store Personal Data acquired in the past, we offer an opt-out opportunity according to which the User may be removed from the lists and withdraw consent to our use of the Data. If you decide to withdraw, we are no longer able to provide certain functions or fulfill your requests.
On the contrary, for new users, an opt-in certification and, specifically, a double opt-in certifying the date provided in a first insertion and expression of consent to processing of the Data is mandatory. The user is always able to manage his or her profile and is also able to withdraw consent.
If you no longer wish to receive our newsletter and promotional communications, you may opt not to receive them by following the instructions included in those communications or offers. Please note, however, that customers may not choose to not receive transactional emails relating to their account.
Newsletter: each newsletter includes access to the personal area where you may change or correct inaccurate data or delete such data.
Areas reserved following registration: you may access, review, correct, update, change your data at any time. Independently. If you have forgotten your credentials, you may recover them. To do so, please contact the email provided for the Data Controller with your name and the data required for access, correction or removal, or log onto your account, go to your profile and make the desired changes. We may refuse to process requests that are unreasonably repetitive or systematic.
We store the Personal Data collected using the deadlines indicated below and as long as we believe they may be used to contact you regarding the service requested, commercial information, subscription services and, if necessary, regarding our legal obligations, to resolve disputes and to enforce our agreements: to eliminate them.
Data storage time varies according to the type of data, as follows:
Once the storage period has concluded, the Personal Data will be deleted. Therefore, right of access, the right to deletion, the right to correction and the right to data portability can no longer be enforced after conclusion of the storage period.