This page describes the methods for managing the website with regard to processing the personal data of the users visiting it. This policy is provided, also pursuant to Art. 13 of EU Regulation 2016/679, General Data Protection Regulation (GDPR), applicable since 25 May 2018, to people who interact with the Hotel Londra Palace’s web services, which can be accessed online at:
This policy is provided for the website www.londrapalace.com only and not for any other websites that the user may visit via links from it and complies with Recommendation No. 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union, adopted by the Article 29 Data Protection Working Party on 17 May 2001.
This policy is also based on Directive 2009/136/EC of 25 November 2009 and on the General Provision of the Data Protection Authority “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies” of 8 May 2014
Pursuant to Art. 4(7) of GDPR 2016/679, the Data Controller is the Company S.P.L.I.A. S.p.A. con Registered Office in Castello 4171, 30122 Venezia and administrative offices in Castello 3713, 30122 Venezia.
The company’s place of business is at Hotel Londra Palace in Riva degli Schiavoni, Castello 4171, 30122 Venezia
Pursuant to Art. 28 of the GDPR 2016/679, the Company officially appointed to manage bookings is Relais & Chateaux Entreprise based in Paris (France) 58-60 Rue de Prony
DATA PROTECTION OFFICER
Pursuant to Art. 37 of GDPR 2016/679, SPLIA SPA has officially appointed a Data Protection Officer (DPO), contact e-mail is : firstname.lastname@example.org
DPO is at disposal for any information regarding the processing of personal data and exercise of the rights.
LOCATION OF DATA PROCESSING
Processing associated with this website’s web services takes place at the offices of the Data Controller and of the Data Processor and is performed only by technical staff appointed to carry out processing.
The servers and databases for bookings are located at the offices of the external Data Processor.
The personal data provided by users who request dispatch of informative material are used for the sole purpose of performing the service or provision requested while some data acquisition forms provide for the possibility of communicating the personal data of the interested party to service providers to comply with to the contract and provide the services requested.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URIs (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the user’s operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on website use and to check its correct functioning and are deleted immediately after processing. Data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website: except for this possibility, at present the data on web contacts do not persist for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of email to the addresses indicated on this website involves the subsequent acquisition of the sender’s email address, which is necessary in order to respond to requests, as well as any other personal data included in the message. Specific summary policies are reported or displayed on the webpages for particular on-demand services.
Personal data are processed using automated tools for the time needed in order to achieve the purposes for which they were collected. Specific security measures are observed to prevent any loss of data, unlawful or improper use and unauthorised access.
PURPOSES, LEGAL BASIS AND NATURE OF CONSENT
The Personal Data your provide through the website will be processed by S.P.L.I.A. S.p.A. for the following purposes:
a) purposes associated with the execution of a contract to which you are a party or the execution of pre-contractual measures adopted as per your request (e.g. request for information via the “Contact Us” section, bookings, participation in special offers, etc.). Consent not necessary;
b) purposes associated with the sending of promotional and marketing materials via email where you are registered as our customer and you have explicitly given your consent to this or on the basis of contacts, registration for the website newsletter, exercise of soft spam. Requires the explicit consent of the data subject or the exercise of a legitimate interest by the Controller (soft spam);
c) purposes of research and strategic analysis of anonymous aggregate data aimed at measuring the website’s operation, measuring traffic and assessing its usability and interest in order to make it more functional and better performing; Consent not necessary because it does not constitute processing of personal data;
d) purposes related to compliance with laws and regulations; Consent not required;
e) purposes that are necessary in order to ascertain, exercise or defend a right before the courts or when the courts act in their judicial capacity. Consent not required
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
Some of your personal data may be transferred to Recipients who may be located outside the European Union. In this case SPLIA SPA ensures that the electronic or paper processing your personal data by the recipiens is carried ourt in compliance with the applicable Regulation, whoses scope extends the EU.otherwise transers are alternatively based on a decision regarding the adequacy or on the Standard Model Clauses approved by the European Commission as well as on observance of the Privacy by Shield principles in the case of transfers to the USA..
Further information could be provided by Hotel DPO, e-mail address : email@example.com.
STORAGE OF DATA
Hotel Londra Palace will process your Personal Data for the time strictly necessary to achieve the purposes indicated in this policy.
By way of illustration only, Hotel Londra Palace will process Personal Data for the newsletter service until you decide to cancel the service simply by clicking on a link in the email received.
Without prejudice to the above, Hotel Londra Palace will process your Personal Data for the time permitted by Italian law in order to protect its own interests (Art. 2947(1)(3) of the Civil Code).
Further information on the period for storing Personal Data and the criteria used to determine this period can be obtained by writing to the Data Controller.
This policy is provided pursuant to Art. 13 of GDPR 2016/679 and can also be used by the company S.P.L.I.A. S.p.A. for job advertisements placed for personnel recruitment on websites or portals not managed by the company directly.
The Company will process CVs arriving via email or through third party personnel recruitment companies (job ads placed on portals, etc.) to assess potential candidates in the company or future candidates.
Processing is carried out using electronic means except for CVs received by post.
Any CVs considered “interesting” will be kept at the company’s offices for 18 months and will be processed in full compliance with the security measures laid down by Article 32 of the GDPR 2016/679.
Any CVs that are not relevant and CVs that have been kept for more than 18 months will be deleted/thrown away.
CVs will be kept at the company’s HR office and may be assessed by officially appointed heads of service and will not be communicated to unauthorised third parties.
They may be assessed by the Hotel’s department heads who have been appointed to carry out processing (pursuant to Art. 29 and 32(4) of the GDPR 2016/679).
When preparing your CV, we ask that candidates follow these rules:
• prepare your CV using the European template;
• send your CV in pdf format;
• do not include special categories of personal data in your CV as defined in Art. 9 of the GDPR 2016/679 (related, in particular, to health, religious beliefs or philosophical or political opinions) that are not relevant to the job opportunity;
• consent to the processing of special categories of personal data concerning health as defined in Art. 9 of the GDPR that are relevant to the establishment of an employment relationship (e.g. belonging to a protected group).
The company reserves the right to delete/throw away CVs that do not comply with the above requirements.
The purpose of processing associated with managing CVs covers activities that are strictly related to the assessment, recruitment or selection of personnel, with the goal of collaboration, temporary or permanent employment, internship or in order for the chosen candidate to prepare their degree thesis at our offices.
BOOKING SYSTEM SECURITY
SABRE GLBL INC. is certified as complying with the Payment Card Industry Data Security Standard (PCI DSS). All information sent to this website, under an SSL session, are encrypted and protected against disclosure to third parties.
CONFIDENTIALITY FOR MINORS AND PARENTAL CONSENT
The Hotel specifically requires that minors do not use this website and do not send or post information on it. It should be made clear that, if the Hotel inadvertently acquires personal information or any other data belonging to a minor, any disclosure of such information or data to third parties will depend solely on the fact that the minor has used the website and provided personal information without having requested or received the Hotel’s permission.
The company does not carry out any processing based on automated decision-making, including profiling, which produce legal effects or could significantly affect you.
RIGHTS OF DATA SUBJECTS
People to whom the personal data refer have the right at any moment to obtain confirmation as to whether or not personal data concerning them are being processed, to know their content and origin, check their accuracy or request their completion, update or rectification (Chapter III, GDPR 2016/679). Pursuant to the same article, you have the right to request the erasure, anonymisation or block of data processed in breach of the law as well as the right to object, on legitimate grounds, to such processing.
In compliance with Chapter III of GDPR 2016/679, you have the right, at any time, to request access to your Personal Data, their rectification or erasure, to object to such processing, to restrict processing and to obtain data concerning you in a structured, commonly used and machine-readable format and you also have the right to object to profiling and to lodge a complaint with the Supervisory Authority.
You also have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. For a full and comprehensive list of the rights you can exercise as data subject, reference is made to Articles 15-23 of the GDPR 2016/679.
All requests should be sent by email to: firstname.lastname@example.org or you can contact the Data Processor using the following contact details:
Hotel Londra Palace in Riva Degli Schiavoni 4171, 30122 Venezia, Tel: +39 041 520 0533, Fax: +39 041 5225032, certified email: email@example.com
These cookies are technical in nature and enable the website to function properly. This category includes cookies that are essential for the proper functioning of the website and functional cookies that enable the user to improve their browsing experience through the choices they make (e.g. the choice of language, etc.)
We also use technical cookies to track, in compliance with the legislation in force, the consents provided by users to receiving profiling cookies and third party analytics.
The use of permanent technical cookies or session cookies (ones that are not stored permanently on the user’s computer and are deleted when the browser is closed) is strictly limited to the technical provision of the service requested by the user and to the transmission of session IDs (random numbers generated by the server) that are necessary for secure and efficient navigation of the website and its applications.
The technical cookies used by this website do not use other IT technologies that could potentially jeopardise users’ browsing privacy.
These cookies help us to understand, through data collected in anonymous and aggregate form, how users interact with our website by providing us with information on the pages visited, the time spent on the website, the type of platform used, the number of clicks on a particular page, any malfunctions, etc.
Statistical cookies help the website’s owners to understand how visitors interact with the site by collecting and sending information in anonymous form.
We use Google Analytics to collect and analyse information in anonymous form on website use behaviour for statistical purposes without acquiring personal information that identifies the user. How we use these cookies is similar, for all intents and purposes, to technical cookies and therefore your explicit consent is not required.
Profiling cookies generate reports on the user’s actions on the website in order to measure the effectiveness of an advert and display advertising targeted towards the user.
The intent is to display adverts that are relevant and interesting for the individual user in line with previous browsing experience in a way that “follows” the user even after they leave the website.
We reserve to do remarketing in order to post ads to promote our services addressed only to persons who visited our website before.
The intent is to display adverts that are relevant and interesting for the individual user in line with previous browsing experience in a way that “follows” the user even after they leave the booking platform integrated in our website.
3. List of cookies used on this website
FIRST PARTY TECHNICAL COOKIES
First party technical cookies are instrumental and essential for the proper functioning of the website.
In line with European legislation on cookies, we use a technical cookie to track the user’s consent to the use of third party and profiling cookies.
Expiration : At the end of the browsing session
THIRD PARTY ANALYTICAL COOKIES.
Google Analytics helps website owners to understand how visitors interact with their website content (pages visited, browsing time, etc.) by providing useful statistics in order to optimise and improve website browsing without identifying the person browsing.
These cookies are used in order to collect information in anonymous and aggregate form about the number of users and how they browse the website.
We use these cookies in anonymous form, anonymising the user’s IP address, and such data are not cross-referenced with third parties.
_utma - 2 years
_utmt - 10 minutes
_utmb - 30 minutes
_utmc - until the session is ended
_utmz - 6 months
_utmv - 2 years
GOOGLE ADWORDS THIRD PARTY PROFILING COOKIES
Google stores a cookie on the user's terminal that records the visit made to show the user advertisements for related products through the search engine and the network of third-party publishers affiliated with Google
ads/ga : at the end of the session
collect : at the end of the session
Link : https://www.google.it7adwords/
BING ADS THID PARTY PROFILING COOKIES
cookie used by Microsoft to track user behavior and preferences while browsing
Expiration : 365 days
Link : https://ads.microsoft.com
Google Tag Manager
THIRD PARTY COOKIES
Tags are small parts of website code which enable us to analyse visitor traffic and behaviour, check the effectiveness of online advertising and social channels, use remarketing and targeting to the public and to test or optimise the website.
_dc_gtm_UA - At the end of the session
Doubleclick is an advertising platform that connects advertisers, media centers, creative agencies with publishers around the world to create, manage and develop digital advertising campaigns.
Used by Google, DoubleClick to record and produce reports on user actions on the site in order to measure the effectiveness of an advertisement and allow us to do remarketing by presenting targeted advertising to the user.
iDE - 2 YEARS
How Google uses cookie . https://support.google.vom/dfp_premium/answer/2839090?hl=en
4. How can I disable cookies?
For more information about cookies and to manage your preferences with regard to third party profiling cookies, please visit http://www.youronlinechoices.com
The cookies we use enable us to improve our website and provide a more personalised service to our users.
If you do not want to enable cookies, you can change your browser’s settings. Your browser’s Help feature will explain how to do this. You can also visit www.aboutcookies.org, which contains all the information you need on how to manage cookies across a wide range of browsers.
Most browsers accept cookies automatically but you can also choose not to accept or to limit their use.
Disabling cookies can cause problems when browsing the website or could limit your use of all the website services (e.g. bookings, etc.). To remove cookies, you can follow the instructions on the specific pages of the various browsers:
• If you use Internet Explorer
In Internet Explorer, click on “Tools” and then “Internet Options”. Under the Privacy tab, move the slider to the top to block all cookies or to the bottom to allow all cookies, then click on OK.
• If you use Firefox
In the browser’s “Tools” menu, click on “Options”, then select the “Privacy” tab. De-select “Accept cookies” and click on OK.
• If you use Safari
In the Safari browser, select the “Edit” menu and choose “Preferences”. Click on “Privacy”. Select the “Always block” out of the “Cookies and website data” options and click on OK.
• If you use Google Chrome
Click on the Chrome menu in the browser’s toolbar. Select “Settings”. Click on “Show Advanced Settings”. In the “Privacy” section, click on the “Content Settings” button. In the “Cookies” section, select “Do not allow sites to memorise data” and “Block third-party cookies and site data” and then click on OK.
If you use any other browser, look for the cookie management procedure in Settings.
UPDATE AND REVISION