Pursuant to Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 and Legislative Decree 196/2003 and subsequent amendments and additions
The Data Controller
The Data Controller for Hotel Concordia is HOTEL Concordia S.r.l., with registered office at Calle Larga S. Marco, 367, 30124 Venezia, Italy, VAT no. 00169870276, represented by its Legal Representative. To exercise the above-mentioned rights, you may contact the Data Controller on the telephone number +39 041 5206866 or at the email address firstname.lastname@example.org
The Data Controller has not identified a Data Protection Officer (DPO), as it is not subject to the obligation to appoint one under Article 37 of the Regulation.
Type of data processed and purpose
The computer systems and software procedures used to operate this site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This data category includes IP addresses or domain names of computers and other devices used by Users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, time of the request, method used to send the request to the server, size of the file obtained in response, numeric code showing the status of the response data from the server (successful outcome, error, etc.), and other parameters regarding the user’s operating system and computer environment.
This data, which is necessary for use of the web services, is processed for the purpose of:
- obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
- checking correct operation of the services offered.
Browsing data is not retained for more than seven days (except in the case of criminal investigations by judicial authorities).
Data disclosed by the user
Optional, explicit and voluntary sending of messages to the Data Controller’s contact addresses, private messages sent by users to profiles/pages on social media (where this possibility is provided for), and completion and submission of forms on the Data Controller's Site, entails the acquisition of the sender's contact details, which are necessary in order to respond, and all personal data included in the communications.
Provision of some of the data subject's personal data is mandatory in order to use the services requested, and failure to provide such data may prevent access to these. Mandatory personal data is marked with an asterisk.
If certain data is indicated as not mandatory, the data subject is free to refrain from communicating that data, without this having any consequence on the availability of the service or its operation.
Data subjects who have any doubts as to the data required are encouraged to contact the Data Controller.
In particular, data may be collected through:
The “BOOK NOW” page
When visiting the “BOOK NOW” page, the user will be redirected to the booking engine in order to make the booking. For further information, please refer to the privacy information provided on that site.
Cookies and other tracking systems
Legal basis for the processing
The legal basis for the processing is as follows:
However, the Data Controller may be requested to clarify the concrete legal basis of each processing operation and, in particular, to specify whether the processing is based on the law or on a contractual or pre-contractual relationship.
Data is processed by the appointed company personnel and are not disclosed to unauthorised third parties.
Processing is performed using computer and/or telematic tools and in automated and/or manual mode, in compliance with the provisions of Article 32 of GDPR 2016/679 on security measures, by specially appointed persons and in compliance with the provisions of Article 29 GDPR 2016/ 679.
The Data Controller adopts appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of personal data.
In addition to the Data Controller, in some cases, other subjects involved in the provision of the services offered and in the organisation of this website (hosting providers, IT companies, filing, collection, printing and mailing companies, communication agencies, postal couriers) may have access to the data, in addition to external persons appointed, if necessary, by the Data Controller as Data Processors. The updated list of Data Processors can always be requested from the Data Controller.
Transfer of personal data
Data is processed at the Data Controller’s Operating Headquarters and at any other location of the parties involved in its processing. For further information, please contact the Data Controller.
The data subject’s personal data will not be transferred outside of the European Union.
In compliance with the principles of lawfulness, limitation of purposes and data minimisation, pursuant to Article 5 of GDPR 2016/679, the data subject's personal data will be retained for the time necessary to achieve the purposes for which it is collected and processed or to defend/exercise a right.
Where processing is subject to the data subject's consent, the Data Controller may retain the personal data longer until such consent is revoked. Furthermore, the Data Controller could be required to retain the personal data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the personal data will be deleted. For this reason, on completion of the said period, the right to access, deletion, rectification and portability of the data may no longer be exercised.
Rights of the data subject
Pursuant to Articles 15 to 22 of EU Regulation 2016/679, the Data Subject may, at any time, exercise the right to:
a) request confirmation of the existence or otherwise of the personal data;
b) obtain information on the processing purposes, the categories of personal data, the recipients or categories of recipients to whom the personal data is or will be disclosed and, where possible, the retention period;
c) obtain rectification and deletion of data;
d) obtain processing limitation;
e) obtain portability of data, i.e. receive the data from a data controller, in a structured, commonly used and machine-readable format, and transfer them to another data controller without hindrance;
f) object to the processing at any time; data subjects are reminded that, if their data is processed for direct marketing purposes, they may object to the processing without justification;
Contacting the Data Controller
To contact the Data Controller, please use the contact details below:
- by e-mail: email@example.com
- by telephone: +39 041 5206866
- by regular mail: Calle Larga S. Marco, 367, 30124 Venezia, Italy
LAST UPDATED 09/03/2023