Informative note according to article 13 of European Regulation no. 679/2016 (GDPR)

As per Law Decree No. 196/2003 (the "Personal Data Privacy Law") and according to Articles 13 and 14 of EUROPEAN REGULATION NO. 679/2016 (hereinafter “EU Regulation”) our hotel, Imperiale Palace Hotel, with registered office in Via Pagana, 19 - 16038 Santa Margherita Ligure (Ge), VAT 01071040990 – fiscal code 05631490017, intends to process the personal data that you have provided exclusively for the fulfillment of the obligations prescribed by contract or law that govern the business relationship between us. For this reason, we will not process confidential data or data of judicial pertinence. As per Art. 13 and 14 of the above-mentioned law, we are obliged to inform you of the following:

Purpose of Processing

On this regard, we hereby inform you that your personal data will be processed for institutional purposes, related or connected to the activities of our company, including:

  1. execution of a hotel services, and the deriving operations, or any other operation contractually agreed;
  2. performance of legislative obligations provided by fiscal and accounting regulations in force;
  3. operational and managerial internal needs of Imperiale and related to the service provided, with particular, but not exclusive, reference to activities performed within the course of ordinary administration and accounting purposes; and, subject to the acquisition of his free consent, specific and distinct;
  4. exercise the rights of the Data Controller, for example the right of defense in court;
  5. process the data of your child/children on which you exercises parental authority in order to be able to make the booking and registration at the hotel.

Types of Personal Information We Collect

The term “personal information” in this Policy refers to information that identifies or is capable of identifying you as an individual. The specific kind of information collected will depend on the context of your interactions with Imperiale, and the services you use. The types of personal information that we process (which may vary by jurisdiction based on applicable law) include:

Processing Methods

The methods used for processing your Personal Data, which are listed in Article 4, Point 2) of the EU Regulation, are as follows: collection, storage, organization, structuring, saving, adaptation or modification, extraction, consulting, use, communication (i.e. transmission, disclosure or any other way of making data available), comparing or linking, limitation, deletion or destruction, blocking. Your Personal Data are processed on paper and by electronic and/or automatic means (in such way as to guarantee data security and confidentiality).

Data Retention

To the extent permissible by applicable law, we will retain your personal information for such period as necessary to satisfy or to fulfill the following:

Where there is no sufficient justification to retain such personal information, such personal information will be safely and securely deleted, disposed of, anonymised and/or blocked.

Legal Requirements

Legal basis: EUROPEAN REGULATION NO. 679/2016
        Law Decree No. 196/2003 (the "Personal Data Privacy Law")

We reserve the right to disclose any personal information we have concerning you if we are compelled to do so by a court of law or lawfully requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws.

We also reserve the right to retain personal information collected and to process such personal information to comply with accounting and tax rules and regulations and any specific record retention laws.

Withdrawal of consent

Reference to the Law Decree No. 196/2003 and according to Article 6 of European Regulation No. 679/2016, the interested can withdrawal of the informed consent at any time.

Right of access by the data subject

As per Article 7 of Law Decree No. 196/2003 and according to Article 15 “Right of access by the data subject”, Article 16 “Right to rectification”, Article 17 “Right to erasure”, Article 18 “Right to restriction of processing”, Article 20 “Right to data portability”, Article 21 “right to object”, you may exercise any of these rights in relation to your personal data by contacting our Processor, on following address: Imperiale Palace Hotel, 19 Pagana Street, Santa Margherita Ligure 16038, Italy, or by e-mail at info@imperialepalacehotel.it; pec: hotelimperialedir@pec.it.

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    6. the right to lodge a complaint with a supervisory authority;
    7. where the personal data are not collected from the data subject, any available information as to their source;
    8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Age Limitations

Imperiale does not knowingly collect personally identifiable information from our websites from any person under the age of 18. Imperiale may collect personally identifiable information from people under the age of 18 as part of the guest registration process, but always with the consent of such person’s parent or guardian.

How secure is your information?

We implement reasonable administrative, organizational and technical safeguards and security measures to protect personal information within our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.

Changes to this Policy

Just as our business changes constantly, this Policy may also change. Where the Policy changes, we will take appropriate steps to bring the amendment to your attention. To assist you, this Policy has an effective date set out at the end of this document.

Cookie Policy

Cookies are small text files sent from the website to the interested terminal (usually the browser), where they are stored before being forwarded on to the web site to the next visit to the same user. A cookie cannot retrieve any other data from your hard drive, cannot transmit computer viruses or capture email addresses. Our site does not use cookies except for third-party cookies for statistical purposes.

Analytic cookies used for the operation of the service ShinyStat are in a mode of OPT-OUT because the technology used provides an anonymization systems, aggregation and storage of data which make already conforms to the configuration of the service rules.

Link to the information provided pursuant to art. 13 of the Code to page: https://www.shinystat.com/en/informativa_privacy_generale.html.

Effective Date: 25 May 2018.

In the event of any inconsistencies between the Italian version of this Policy and any version of this Policy in any other language, the Italian version shall prevail.