DATA CONTROLLER
The Data Controller is HNH Hospitality Spa, with registered office at Via Saragat n°1, Mestre.
In order to exercise the rights recognised by REGULATION (EU) 2016/679 (hereinafter ‘GDPR’ or ‘Regulation’) or to ask for any clarification regarding the processing of personal data, you may contact the Data Controller at the following: telephone: +39.041.5321630, e-mail privacy@hnh.it.
SECURITY
The Data Controller has taken technical and organisational measures to ensure a level of security appropriate to the risk and compliance with the legislation on the processing of personal data.
When browsing the Site, a series of personal data is processed; these include the IP addresses or domain names of the computers used by users, source and exit web pages, URI/URL addresses of the resources requested, date and time of the visit, information relating to the operating system and browser of the data subject, as well as further technical data relating to browsing.
The processing of such data – in automated and aggregate form – is carried out exclusively for purposes related to the management and administration of the Site, as well as for statistical purposes. The data could also be used to ascertain liability in the event of cybercrime to the detriment of the Site and/or of other unlawful acts.
The legal basis is the legitimate interest of the Controller (Art. 6 (1) (f) GDPR).
Scope of communication (GDPR Art. 13 (1) (e), (f)
Data are processed exclusively by duly authorised and trained personnel, as well as by the IT service providers involved in the management of the Site, identified as data processors.
Data are not disseminated and/or transferred outside the European Economic Area.
Data retention period (GDPR Art. 13 (2) (a)
Subject to necessity in the case of investigations following unlawful acts or malfunctions, data generally do not persist for more than 7 days.
Conferment (GDPR Art. 13 (2) (e)
Data are not provided by the data subject, but are automatically acquired by the technological systems of the Site.
The sending of messages to the addresses on the Site and/or the use of contact forms entails the acquisition and processing by the Controller of the sender’s contact data, necessary to reply, as well as any personal data included in the text.
Purpose and legal basis of processing (GDPR Art. 13 (1) (c)
Contact data are requested and processed to provide a reply and/or contact the person concerned. The legal basis for the processing is the execution of pre-contractual measures taken at the request of the data subject (Art. 6 (1) (b) GDPR).
Scope of communication (GDPR Art. 13 (1) (e), (f)
Data are only processed by persons duly authorised and instructed to process same.
Data are not disseminated and/or transferred outside the European Economic Area.
Data retention period (GDPR Art. 13 (2) (a)
As a rule, data are kept for the time necessary to respond to the data subject. More generally, the data will be kept for a period identified according to criteria of strict necessity in view of the different purposes pursued and, in any case, in compliance with current legislation for the protection of personal data and in accordance with the logic of safeguarding the Data Controller’s rights (limitation periods as set out in the Civil Code).
Conferment (GDPR Art. 13 (2) (e)
Failure to provide data will result in the impossibility to receive replies to your requests.
Voluntary and optional subscription to the newsletter entails the processing of the data subject’s contact details for the purpose of sending periodic electronic communications concerning the Controller’s activities, services and offers.
Purpose and legal basis of processing (GDPR Art. 13 (1) (c)
The purpose is to complete the subscription to the newsletter in order to receive periodic electronic communications concerning the Controller’s activities, services and offers. The legal basis for the processing is the consent of the data subject (Art. 6 (1) (a) GDPR).
Scope of communication (GDPR Art. 13 (1) (e), (f)
Data are processed exclusively by persons duly authorised and instructed to process same, and by external providers identified as Data Processors.
The Data Controller guarantees that, in the course of providing the service, data will not be transferred outside the European Economic Area (not even with regard to operations carried out by any sub-processors). Should it become necessary to transfer data outside the EEA, including in connection with operations carried out by any sub-processors, this will be done in full compliance with the provisions laid down in Chapter V of the GDPR, guaranteeing an adequate level of protection for the data transferred.
Should it become necessary to transfer data outside the EEA, including in connection with operations carried out by any sub-processors, this will be done in full compliance with the provisions laid down in Chapter V of the GDPR, guaranteeing an adequate level of protection for the data transferred.
Data retention period (GDPR Art. 13 (2) (a)
Data will be stored until the data subject requests its deletion.
Conferment (GDPR Art. 13 (2) (e)
Failure to provide compulsory data will result in the interested party being unable to subscribe to the newsletter.
Pursuant to Art. 15 et seq. GDPR, with regard to personal data concerning them, the Data Subject has the right to:
The aforementioned rights may be exercised by contacting the Data Controller at the addresses indicated.
If a Data Subject considers that their personal data is being processed in breach of the GDPR, they have the right to lodge a complaint with the competent supervisory authority.