IN ACCORDANCE WITH ARTICLES 13 AND 14 OF THE GENERAL DATA PROTECTION REGULATIONS (EU) OF 2016/679 AND LEGISLATIVE DECREE 196/2003 AS AMENDED
While consulting this website, it is possible that personal information and data will be collected as indicated in this disclosure. The disclosure refers exclusively to this website.
The data controller is LDC Italian Hotels S.r.l., with headquarters at Via Giorgio Zoega 59 – 00164 Rome, VAT number 03319150540, in the person of its company representative.
The Data Controller has not identified a Data Protection Officer (DPO), as it is not subject to the obligation to make this designation under Art. 37 of the Regulations.
Types of data processed and purposes of processing
During normal operations, the information systems and software responsible for the functioning of this site obtain certain personal data, the transmission of which is implicit in the use of internet communication protocols. This category includes the IP addresses or domain names of the computers and terminals utilized by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.) and other parameters relative to the user’s operating system and computer environment.
These data, which are necessary to use the web services, are also processed in order to:
– obtain statistical information on use of the services (pages visited most often, number of visitors by time or day, geographical areas of origin, etc.);
– check proper functioning of the services offered.
Browsing data do not persist for more than seven days (unless needed by judicial authorities to determine whether a crime has been committed).
Data communicated by the user
Messages sent to the Data Controller’s contact addresses on an optional, explicit and voluntary basis, private messages users send to profiles/pages on social media (where this is possible), and completion and sending of forms found on the Data Controller’s site, will result in acquisition of the sender’s contact data necessary in order to respond, as well as all personal data included in the communications.
It is mandatory for the data subject to send certain personal data in order to use the requested services, and failure to do so could prevent them from accessing these services. Mandatory personal data are marked by an asterisk.
If certain data are indicated as not mandatory, the data subject may refuse to communicate these data, without prejudice to the availability of the service or its operativity.
Data subjects who are not sure which data are mandatory are encouraged to contact the Data Controller.
In particular, data may be collected as follows:
Personal data may be communicated to the Data Controller through the “CONTACTS” page.
Users are asked not to provide personal data that are not pertinent; in any case, non-pertinent data will be eliminated, or in any event will not be considered.
Data transmitted through this page are processed only for purposes of responding to the user’s requests, based on the pre-contractual relationship between the parties.
“BOOK NOW” page
By visiting the “BOOK NOW” page, the user will be redirected to the booking engine to make the reservation. For additional information, refer to the privacy disclosure on that site. Please note that at the time of booking you will be asked for your e-mail address, on which you will receive confirmation of the booking you have made and a welcome questionnaire before your arrival at the hotel to speed up check-in.
Using the appropriate page, it is possible to submit a job application by completing the form on the site. Data marked by an asterisk (first and last name, email, telephone number) are mandatory to allow the Data Controller to re-contact the user. The data transmitted are processed solely to re-contact the user, based on the authorization contained in the attached résumé.
Cookies and other tracking systems
For details, see the disclosure on cookies presented on this website.
Legal basis for processing
The legal basis for processing is as follows:
• processing is necessary to meet a legal obligation of the Data Controller under Art. 6, paragraph 1, lett. c) of EU Regulation 2016/679;
• processing is necessary to pursue a legal interest of the Data Controller or third parties under Art. 6, paragraph 1, lett. f) of EU Regulation 2016/679;
• processing is necessary to execute a contract to which the data subject is a party or to execute pre-contractual measures adopted at their request under Art. 6, paragraph 1, lett. b) of EU Regulation 2016/679;
• processing is based on the data subject’s expression of consent, under Art. 6 paragraph 1 letter a) of EU Regulation 2016/679.
You may ask the Data Controller to clarify the actual legal basis for each processing, and in particular to specify whether the processing is based on the law or whether there is a contractual or pre-contractual relationship.
Data are processed by the assigned company personnel and are not communicated to unauthorized third parties.
Processing is performed by specially assigned persons under Art. 29 GDPR 2016/ 679, using computerized and/or electronic instruments, and may be either automatic and/or manual, as provided by Art. 32 GDPR 2016/679 on security measures.
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.
In some cases, in addition to the Data Controller, other parties involved in providing the services offered and organizing this website (hosting providers, information companies, parties involved in archiving, collecting, printing, sending and managing email, communication agencies, mail couriers), as well as outside parties and Data Processors appointed by the Data Controller, if necessary, may have access to the data. The updated list of Data Processors may always be requested from the Data Controller.
Transfer of personal data
The data are processed at the Data Processor’s operating headquarters and in any other place where the parties involved in the processing are located. For additional information, contact the Data Controller.
The data subject’s personal data are also transferred outside the European Union to a third party country or recognized organization considered adequate through a decision of the European Commission (Art. 45 of EU Regulation 2016/679).
In accordance with the principles of lawfulness, limitation of purposes and minimization of data, under Art. 5 GDPR 2016/679, the data subject’s personal data will be retained for the period of time necessary to achieve the purposes for which they were collected and processed or to protect/exercise a right.
If processing is based on the data subject’s consent, the Data Controller may retain the personal data longer, until said consent is revoked. In addition, the Data Controller could be required to retain the personal data for a longer period in order to meet a legal obligation or to comply with an order from an authority.
At the end of the retention period, the personal data will be deleted. Therefore, after this period, the right of access, deletion, rectification, and data portability may no longer be exercised.
Rights of the data subject
At any time, under Articles 15 to 22 of EU Regulation no. 2016/679, the data subject may exercise the right to:
a) request confirmation of whether or not personal data regarding them exists;
b) obtain information on the purposes of the processing, the personal data categories, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
c) rectify or delete data;
d) limit processing;
e) obtain data portability, that is receive them from a data controller, in a structured, commonly used and machine-readable form, and transmit them to another data controller without impediments;
f) oppose processing at any time; data subjects are reminded that if their data are processed for purposes of direct marketing, they may oppose processing without providing any reasons.
g) ask the data controller for access to the personal data and rectify or delete them, limit their processing, or oppose their processing, as well as the right of data portability;
h) revoke consent at any time, without prejudice to the lawfulness of processing based on consent prior to the revocation;
i) file a complaint with a supervisory authority. The data subject has the right to file a complaint with the Personal Data Protection Authority, located at Via di Monte Citorio 121, Rome (tel. +39 06696771), following the procedures and instructions published on the Authority’s website at www.garanteprivacy.it
Data Controller’s contact information
The Data Controller may be contacted in the following ways:
– by email at firstname.lastname@example.org
– by telephone at +39 06 8781 2893
– by ordinary mail at Via Giorgio Zoega 59 – 00164 Rome
DATE OF LAST UPDATE OCTOBER 12, 2022