INFORMATION PURSUANT TO ART. 13 AND 14 - EU REGULATION 2016/679

​

Stakeholders

Website users

​

Treatment of personal data

The methods of managing the service are described below  www.lagrottahotelsanmarino.com whose owner is Hotel La Grotta. The information is provided pursuant to article 13 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data. The information is provided only for the Hotel La Grotta website and not for other websites that may be consulted by the user via links.

​

Holder of the treatment

Following consultation of this site, data relating to identified or identifiable persons may be processed.
Owner of their treatment: Hotel La Grotta - Contrada Santa Croce, 17 - 47890 - San Marino - email:  marcella.michelotti@gmail.com , with registered office in Contrada Santa Croce, 17 47890 San Marino (SM).

​

Place of data processing and recipients

The treatments connected to the web services of Hotel La Grotta take place in the Republic of San Marino at Hotel La Grotta with registered office in Contrada Santa Croce 17 San Marino which carries out the maintenance and management of the website.

​

Type of data processed

Navigation data
The software applications used to operate the Hotel La Grotta website acquire some personal data transmitted using secure protocols. This information is not collected to be associated with identified interested parties, but could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, browser identifier (user agent), URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the code numeric indicating the status of the response given by the server (for example successful, error) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

​

Data provided voluntarily by the user
To access some services provided through the Hotel La Grotta website - the optional and voluntary insertion of some identification data (email, name, contact details, and information necessary to provide the requested service) may be required.

​

Purpose and legal basis

Service delivery 
Personal data provided by users who use the services provided by Hotel La Grotta  (eg: by browsing the site, filling in forms for various requests) are used for the sole purpose of performing the service or provision requested.  The legal basis of the processing is the execution of pre-contractual measures in order to respond to your requests.

Further communications following a stay
After the purchase of a stay, Hotel La Grotta may forward to the user further communications, including commercial ones, regarding its services. The legal basis of the aforementioned processing is the legitimate interest of the data controller (cons. 47 GDPR).

​

Direct marketing
In case of specific consent (by registering for the newsletter) Hotel La Grotta can send information on new products, promotions and special offers by e-mail. The user has the right to disable the service at any time through the appropriate procedure and / or the methods indicated below for the exercise of his rights. The legal basis of the processing described above is the consent of the interested party. Specific summary information, if necessary, if necessary, will be reported or displayed on the pages of the site prepared for particular additional services on request.

​

Data retention period

The data retention period is that necessary for the purposes deriving from the requested services and for a further period of 36 months. If the information requested is the subject of an online transaction, such data may be stored for economic and fiscal reporting purposes, for a period of 10 years. As regards the technical data managed by the site, such as cookies, the retention period is defined by the technical characteristics of the cookies themselves and specified in the "Site cookies" table. The data retention period is understood to be renewed for  a further period of 36 months each time a new consent is given to data processing and / or to each access to the services offered through one's own credentials (eg Personal area login).

​

Optional supply of data

Apart from that specified for navigation data, the user is free to provide Hotel La Grotta with the personal data requested to use the services provided through the site. Failure to provide data relating to the fields marked with an asterisk (mandatory) will make it impossible to use the service offered.

​

Methods and security of processing

The processing of personal data takes place through IT tools suitable to guarantee the security and confidentiality of the data and in any case in compliance with the appropriate security measures as required by art. 32 GDPR, using secure communication protocols with SSL encryption algorithms. Your personal data will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations set forth therein. Prov. of the Italian Privacy Guarantor "Guidelines on promotional activities and the fight against spam of - 4 July 2013 (Published in the Official Gazette no. 174 of 26 July 2013), the Guidelines on the processing of personal data for online profiling - 19 March 2015, and the Guidelines on automated decision-making and profiling processes - WP251, defined on the basis of the provisions of Regulation (EU) 2016/679.

​

Data transfer to non-EU countries and guarantees of adequacy

The service provider that manages the Hotel La Grotta website is Hotel La Grotta - Contrada Santa Croce, 17 - 47890 - San Marino which guarantees compliance with the GDPR located in San Marino, a non-EU country that has implemented the legislation. European Commission on the processing of personal data, through the adoption of Law 21 December 2018 n. 171 with the same guarantees provided by the GDPR itself. Pending the initiation of the procedures for an adequacy decision by the European Commission, data processing is permitted where the data subject is party to a contract or pre-contractual measures, or has given consent, informed about the possible risks of said data transfer. . (Article 49 of the GDPR - exceptions in specific situations)
Further transfer of data to non-EU countries is possible due to the use of the services of Facebook, Google and any other social media or external processing providers, located in the USA. This data processing is guaranteed by the "Privacy Shield" agreements signed by the individual companies.
 

Recipients

In order to carry out and to provide support for the functioning and organization of the activity, some data may be brought to the attention or communicated to recipients. These subjects are divided into: Third parties, Managers and sub-processors, and authorized personnel under the authority of the owner or manager.
 

Third parties
they are defined as natural or legal persons, public authorities, service or other body other than the data subject, the data controller, the data controller and the authorized persons responsible for the processing.
For data processing related to administrative, accounting, legal obligations, customer management, contracts, the data can be communicated to:
- Companies that manage traditional or computerized postal services.
- Companies registering domain names
- Any other subjects whose data communication is necessary for the achievement of the aforementioned purposes, or for a legal obligation;

Managers and sub-managers of the treatment
are defined as natural or legal persons, public authority, service or other body that processes personal data on behalf of the data controller
- Hotel La Grotta as the primary data processor
- Any other IT service providers necessary for the provision of the service possibly located in the USA and Israel with the guarantee of the "Privacy Shield" adequacy agreement.

Within our corporate structure
Your data will be processed only by personnel expressly authorized by the Data Controller, with the assurance of the adoption of suitable instructions, training, confidentiality agreement and, in particular, by the following categories of employees:
- Administration staff.
 

Diffusion

Your personal data will not be disclosed in any way.
 

Rights of interested parties

The interested parties (subjects to whom the personal data refer) may at any time exercise the rights provided for by the Regulation, through a dedicated personal area. It is possible to access this area by requesting the link through the appropriate procedure at the bottom of this information. A further method for exercising the rights of the Regulation, if the user has made use of the newsletter service, can be used through the appropriate link at the bottom of the email received. In particular, the subjects can legitimately ask for the rights from art. 15 to art. 23, and specifically:

1.The deletion of all data.

2.The rectification / modification.

3. The limitation.

4. Portability.

5. The right to object to the automated decision-making process (profiling).

If necessary, report further requests in the notes field.
The interested parties, if the conditions are met, also have the right to lodge a complaint with the Guarantor as supervisory authority according to the established procedures. For any further information, and to assert the rights recognized to you by the European Regulation, you can contact the data controller at the above references.

The exercise of the rights of the interested parties The requests can also be addressed using the following contacts:
Data controller: Hotel La Grotta - Contrada Santa Croce, 17 - 47890 - San Marino - email:  marcella.michelotti@gmail.com

​

Having read the information and formula for acquiring the consent of the interested party

The undersigned interested, having acquired the information provided by the data controller pursuant to article 13-14 and the GDPR, confirms that he has read this information on the processing of data, for the purposes essential to providing the service, and to allow Hotel The cave  correct management and appropriate processing of the data, this information is also referred to in consideration of the fact that the person in charge of the treatment used by Hotel La Grotta for the management of the website is Wix, located in 40 Namal Tel Aviv St., Tel Aviv , Israel

​

Consent

As evidence of your explicit and unambiguous consent, we will record the time, date, IP address, your email. We remind you that at any time you can exercise your rights (listed above) through the link at the bottom of the communications received, or through the contact channels.