Privatsphäre

WHAT’S PRIVACY POLICY
This page describes the website’s management methods as concerns the handling of the personal data of users visiting it.
This notice is provided pursuant to Art. 13 of Legislative Decree. N. 196/2003 – Personal Data Protection Code to those who interact with web services of the company Provengest SRL electronically accessible from the address: https://www.santeodoropalace.com

The information is provided only to the website https://www.santeodoropalace.com of the Controller company and not to other websites the user may visit via links.

This statement conforms to European Community standards and more precisely to Recommendation No. 2/2001 that the European authorities for the protection of personal data, united in the Group established by Art. 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data on-line and, in particular, the manners, times, and nature of the information that data controllers must provide to users when the latter connect to web pages, regardless of the purpose of their connection.

THE DATA “CONTROLLER”
Pursuant to Article. 28 of Legislative Decree no. 196/2003, Controller of the Data is the Company Provengest S.R.L. – S. Polo 2237 – 30125 Venezia

THE DATA “PROCESSOR”
Pursuant to Article. 29 of Legislative Decree no. 196/2003, Data Processor is Provengest S.R.L.
Pursuant to Article. 29 of Legislative Decree no. 196/2003, the external data Controller for the site management and personal data acquisition during booking is the Company FASTBOOKING > Tour SEQUANA > 82 Rue Henry Farman CS 20077 > 92445 Issy Les Moulineaux Paris, France, owner of the hotel booking engine (www. fastbooking.com) incorporated into this website.

DATA PROCESSING LOCATION
The site is hosted on machines operated by an external company; however, the reports are forwarded to the data controller for the purpose of replying to users’ requests and guaranteeing the reservation.
The processing connected to this site’s web services therefore takes place on the premises of the controller and external processors in the relevant areas.
No data from the web service is communicated by the two companies to third parties unless strictly relevant to the purpose of the processing or imposed by law or regulation.

PURPOSE OF THE DATA PROCESSING.
The personal data provided voluntarily and optionally by users sending requests for information about the hotel facilities (rates, room availability, etc.), or simply requests for recruitment by sending CVs in electronic format, are used for the sole purpose of performing the service or provision requested and are not disclosed to third parties unless disclosure is required by law or is strictly relevant and necessary for the fulfillment of the requests.
In particular, personal data provided voluntarily by the parties concerned by the processing shall be collected and processed, including by electronic means directly and/or through delegated third parties (company for the e-mail service, company hosting the website) for the following purposes:
checking the availability of the requested room against information in the booking form;
to make and confirm the reservation by providing personal identification data and credit card data as a guarantee;
activating eventual promotional and commercial activities pursuant to Art. 130 paragraph 4 of the Legislative Decree 196/2003;
to comply with current administrative, accounting and tax obligations, as well as with laws and regulations;
providing resposes concerning our hotel services (room availability, prices, conference rooms, catering, etc.);
registering in the newsletter to receive periodic commercial or promotional communications;
assessing CVs that may be received for compatibility with any internal requirements;
for action by the Controller in court or in the preliminary stages leading to possible legal action against abuses arising from illicit use of the website or related services by the User;
statistical purposes in anonymous form (to assess the number of visits, etc.).

BOOKINGS
Personal data for the reservations shall be processed in electronic and paper format for the sole purpose of guaranteeing the rooms are booked in the conditions agreed.
The booking platform is owned by FastBooking, the external processor, which will communicate the data of the party concerned to the hotel for the normal activities related to managing the accommodation
The data shall be recorded in our electronic databases accessible to staff properly instructed and trained in personal data security and confidentiality.
To confirm the booking a credit card given as firm guarantee must be provided, it being understood that the customer can choose to pay in cash at the end of the stay.

CURRICULA MANAGEMENT
This Statement prepared in accordance with Art. 13 of Legislative Decree no. 196/2003 can be used by the company Provengest S.R.L. including for eventual advertisements on sites or portals not directly managed by the company Provengest S.R.L. to recruit staff.
The Company shall process the curricula received by e-mail or through third-party recruiting companies (publications on portals, etc.) to evaluate the potential applications inside the company or that might be made in the near future.
The processing occurs electronically excepting curricula received by post.
The curricula considered “interesting” shall be stored at the company headquarters for a period not exceeding one year and shall be processed while fully complying with the minimum security measures referred to in Art. 33, 34 and 35 of Legislative Decree no. 196/2003.
The curricula deemed irrelevant as well as those retained over 12 months shall be trashed.
The curricula shall be retained at the headquarters of the company and not disclosed to unauthorized third parties.
The same may be assessed by the company’s employees or collaborators appointed to be responsible for the processing (Art. 30 of Legislative Decree no. 196/2003).
However, the applicants are still invited to respect the following rules in transmitting the curricula in electronic format:
Fill in your own CV in European format; transmit the curriculum in pdf format; avoid putting sensitive data (relating, in particular, to state of health, religious, philosophical, or political beliefs) not relevant to the job offer in the curriculum; give consent to the processing.
The company reserves the right to trash the curricula that do not meet the above requirements.
The Company shall provide appropriate information pursuant to Art. 13 of Legislative Decree no. 196/2003 during any interviews with the applicants.
The purpose of the processing relating to managing the curricula shall concern activities closely relating to the appraisal, recruitment, or selection of personnel, for the purposes of collaboration, hiring on a temporary or permanent basis, internships, or rather to enable the successful applicant to prepare his degree thesis at our headquarters.

COMMERCIAL COMMUNICATIONS VIA E-MAIL
The society Provengest S.R.L. reserves the option of sending promotional and commercial e-mails in accordance with Art. 130 paragraph 4 of Legislative Decree no. 196/2003:
“if in the context of a sale of goods or of a service the Data Controller uses the customer’s e-mail address, the same address may be used for sending commercial and promotional material without seeking prior consent, provided the customer is duly informed at every mailing of promotional and marketing material and that he is able easily and freely to exercise the right to discontinue this processing.”
In that case, having received the first promotional message the data subject shall be able to cancel his subscription from the hotel newsletter with a simple click.
Sending these messages is entrusted to a third-party provider of email services.

DATA COMMUNICATION AND DISSEMINATION
Personal data collected from the website in question can be treated only by persons officially appointed and trained in the field of personal data privacy and security.
The contexts for communicating data subjects’ personal data may relate to:
Organizations or Public Offices on the basis of legal and / or contractual obligations; FastBooking companies; external processors as companies or consultants who carry out activities for the proper functioning of the site and management of the information acquired through the same on the controller’s behalf;
the Postal Police for determining whether any activities may be harmful to the company website;
to employees or service-providing companies when the communication is necessary for the person concerned to use the hotel services.
Personal data shall not be disclosed.

NAVIGATION DATA
During their normal operation software applications designed to run this website acquire some personal data whose transmission is implicit in the normal IP protocol of Internet communication.
While it is not collected to be associated directly with the data subjects, by its very nature through processing and subsequent correlation with data held by third parties (providers) this information could allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, the date and time of the request, the URI (Uniform Resource Identifier) of requested resources, the size of the files obtained in reply from the server, the digital code indicating the status of the response from the server (ok, error, etc..) and other parameters regarding the operating system and computer environment.
This data is used only to obtain anonymous statistical information about website usage and to check the site is functioning correctly; they are deleted immediately after processing.
This site may disclose personal data which, if required in accordance with law, may be communicated to the judicial authorities for the purposes of defending the State or the prevention, detection or suppression of crime, serve to ensure the protection of the personal data of data subjets’ enjoying on-line services of the site, for eventual defensive investigations as per Law no. 397 of 7 December 2000, or in any event to assert or defend a legitimate right and interest of the Controller in court while still complying with the principles of relevance and proportionality with respect to the processing’s purpose.

NON-OBLIGATORY NATURE OF THE DATA PROVISION
Unless otherwise specified as concerns navigation data, the user is free to provide personal data to make an on-line reservation.
The advancement of the on-line booking procedure implies the data subject’s consent to the processing of his personal data following the privacy policy of this website.
The possible acquisition of other personal data via dedicated forms (e.g. recording in the newsletter) shall require the data subject’s explicit awareness of the information as authorization for processing his personal data.
Failure to provide the personal information provided by the website may make it impossible to fulfill the request.
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.

PROCESSING METHODS
The perrsonal data are processed in paper format and/or by automated tools for the time strictly necessary for the purpose for which they have been collected.
In order to prevent data loss, abuse, incorrect use, and unauthorized access specific security measures are observed.

DATA VOLUNTARILY PROVIDED BY THE USER
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.

COOKIES
Cookies are small files stored on your hard drive. This allows easier navigation and makes the site easier to use.
Cookies usually allow access to information already stored on the computer of the person concerned for purposes which may be of a commercial nature (e.g. profiling) or technique (to ensure proper operation of the site visited).
According to Directive 2009/136 / EC no explicit consent shall be required for the use of cookies because only session cookies will be used, or cookies for the proper functioning of the website.
Cookies for transmitting personal information shall not be used, nor the so-called persistent cookies of any kind, that is user tracking systems.
The use of the so-called session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site.
The so-called session cookies used in this website avoid using other computer techniques that potentially impair the confidentiality of user browsing data and which do not allow the user’s personal identification data to be acquired.

DATA SUBJECT RIGHTS
The data subjects have the right, at any time, to obtain confirmation of the existence or non-existence of the data concerned and to be informed of its content and origin, verify its accuracy or request it to be integrated, updated, or corrected (Art. 7 of Legislative Decree no. 196/2003).
Pursuant to the same article, the data subjects have the right to request the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, and in any event, to refuse its processing on legitimate grounds.
Requests should be addressed to the Company Provengest S.R.L. Controller of the personal data.
Below are the data subject’s rights in full.
Art. 7 – Right to access personal data and other rights
The data subject has the right to obtain confirmation of the existence or not of any personal data concerning him, even though not yet recorded, and to have them communicated in an intelligible form.
2. The data subject has the right to obtain the following information:
a) the source of the personal details;
b) the purposes and procedures of the processing;
c) the logic applied in case of processing with electronic instruments;
d) the identity details of the controller, processors, and designated representative in the meaning of Article 5, paragraph 2;
e) of the parties or categories of parties to whom the personal data may be communicated, or who can come to know them as appointed representatives in the territory of the State or as managers or employees.
3. The data subject has the right to obtain:
a) the updating, editing or, when he has an interest, the integration of the data;
b) the deletion, anonymisation, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it has been collected or subsequently processed;
c) certification that the operations under letters a) and b) have been notified, including as concerns their content, to the persons to whom the data have been communicated or disseminated, except where such performance proves to be impossible or entails an employment of resources obviously out of all proportion to the right protected.
The data subject has the right to object, in whole or in part:
a) on legitimate grounds to the processing of personal data concerning him, even if pertinent for the purposes for which they have been collected ;
b) to the processing of personal data concerning him for the purposes of sending advertising material, direct sales, for carrying out market research or commercial communications.