San Lorenzo SPA with registered office in Corso Magenta, 65 - 20123 Milano (MI), Italy (hereinafter "San Lorenzo") as Data Controller, informs you that pursuant to art. 13 of EU 2016/679 Regulation (hereinafter "GDPR"), that it will process the user’s (hereinafter "the User" and / or "Users") personal data collected through the website www.atellaniapartments.com
(of followed, also the "Website") in the following manner and for the following purposes.
1. Type of data processed by San Lorenzo through the Website.
San Lorenzo processes the following types of personal data (hereinafter, the "Data") provided by Users of the Site during the website navigation and / or the optional registration to the newsletter:
b. Personal data provided by Users. Most of the pages and contents of the Website are accessible by the unregistered User (hereinafter "the Unregistered User") without its identification being necessary for consultation purposes. Therefore, access and consultation of the Website does not require any registration, except in relation to the booking of rooms and in relation to the so-called "reserved areas". In this case, the User is registered and provides San Lorenzo with the following identification data: name, surname, country, e-mail, phone number, arrival date and credit card number. On such occasion, the User acquires the status of "Registered User".
c. Personal data provided by registered users. The Registered User who makes an online reservation is attributed a booking code and a pin code that allow him to access the Reserved Area of the Website to check the status of his reservation.
2. Purpose of the processing
The data provided by the Registered User will be processed, subject to consent pursuant to art. 6 lett. a) GDPR, for the following purposes:
a. to allow the Registered User to send commercial communications by e-mail of products, initiatives and/or services offered by San Lorenzo and/or newsletters containing information on offers relating to temporary accommodation. It should be noted that if the Users have already registered on the Website, providing their consent, San Lorenzo may send commercial communications relating to services similar to those for which the Users have already used, in compliance with all the provisions of the law and applicable guidelines, except for their disagreement that can be expressed at any time by clicking on the appropriate link at the bottom of the aforementioned commercial communications and/or newsletter.
3. Nature of Collected data.
The User’s Collected data is mandatory for the purposes of the services referred to in paragraph 2.a.
The provision of data by the Registered User is optional for the purposes referred to in paragraph 2.b (and in any case the consent can be revoked without formalities at any time. The User’s refusal to provide such data may make it impossible to receive communications regarding San Lorenzo’s commercial offers.
4. Methods of Treatment and Conservation.
a. The processing of Users' data is carried out through the operations reported in art. 4 n. 2) GDPR and in particular: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, access, use, interconnection, blocking, communication, deletion and destruction of data.
b. The Users' personal data are processed using automated and non-automated tools, only for the time strictly necessary to achieve the purposes for which they were collected and, in any case, for no more than 10 years from their collection for the purposes of the Service referred to in par. 2.a, no more than 5 years from their collection for the commercial purposes referred to in point 2.b.
c. Users' data will be processed by persons authorized to perform the tasks referred to in point 2.a, who are constantly identified, appropriately instructed and made aware of the security obligations set forth by the GDPR and implemented by San Lorenzo.
5. Access to data.
a. Personal Data may be made accessible only for the purposes mentioned above to the following subjects:
• employees and collaborators of San Lorenzo in their capacity as persons authorized to process;
• third-party companies or other subjects (by way of example, associations or professional firms that provide assistance and consulting services and activities, with particular reference to (i) Nexteam srl, with registered office in Via San Francesco d'Assisi, 33 - 66100 Chieti ( CH) a company responsible for the development of the site and booking platform, also responsible for data security, in the quality of the person authorized to process and (ii) KosmoSol Srl Strada delle Castelline, 42 / D - 43019 Soragna (Parma) - Italy CF and RI of Parma 02300720345 - PI 02300720345 company that offers the PMS management service in the cloud.
6. Data communication
Without the User’s express consent (pursuant to Article 6 letters b) and c) GDPR), San Lorenzo may communicate the User's data for the purposes of the Service referred to in art. 2.a and 2.b to Supervisory and Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of the said purposes, as autonomous data controllers. User data will not be disclosed.
7. Data transfer
Personal data provided by the Registered User to allow the sending of commercial communications through automated services including e-mail regarding products, initiatives and/or services offered by San Lorenzo and/or newsletters containing commercial offers of Atellani Apartments, are processed electronically through the use of the Mail Chimp provider; the related information on Privacy can be consulted on the website www. https://mailchimp.com/legal/privacy
. In this context the data will be processed and stored within the European Union or in the United States. Mail Chimp offers a service in conformity with the Privacy Shield.
8. Third Party websites
It should be noted that if the Website contains links to third party websites, San Lorenzo does not exercise any control over the content of such websites nor does it have access to the personal data of visitors of the same.
The owners of the aforementioned websites will therefore remain the sole and exclusive owners and managers of the personal data processing of their users, remaining, San Lorenzo unrelated to this activity as well as any liability, prejudice, cost, which may derive from its failure or incorrect completion.
9. Revocation of consent and opposition
If the User has provided his consent for the treatment aimed at pursuing the purposes mentioned in the previous par. 2.a and 2.b, he will remain free at any time to revoke it, sending without formalities a clear communication to that effect to the e-mail: email@example.com
. Following receipt of this opt-out request, San Lorenzo will promptly process the removal and deletion of data and inform for the same purposes of cancellation any third parties to whom the data have been communicated. Simply receiving the cancellation request will automatically be validated as confirmation of cancellation.
We inform you specifically and separately, as required by art. 21 of the GDPR that the User has the right to oppose at any time the processing of personal data concerning him for such purposes and that if the person opposes the treatment for purposes of direct marketing, personal data can no longer be object of treatment for these purposes.
10. Rights of Users
The User will have the right to exercise the rights referred to in art. 15 GDPR.
In particular, the User has the right at any time to obtain from San Lorenzo confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in intelligible form.
The User also has the right to obtain confirmation:
a. the origin of personal data;
b. of the purposes and methods of processing;
c. of the logic applied in case of treatment carried out with the aid of automated tools;
d. of the identification details of the holder, of the managers and of the designated representative;
e. the persons or the categories of persons to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
f. of the conservation period.
The User also has the right to obtain:
a. updating, rectification or, when interested, integration of data;
b. the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involve a use of means manifestly disproportionate to the protected right.
The User has the right to object, in whole or in part: 1) for legitimate reasons, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; 2) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication (for example relating to newsletter services).
The User also has the right to
a. obtain the limitation of the treatment or oppose the treatment;
b. obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without impediments;
c. revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
d. file a complaint to the Supervisory Authority.
Any corrections or cancellations or limitations on processing carried out at the request of the interested party - unless this proves impossible or involves a disproportionate effort - will be communicated to each of the recipients to whom the personal data have been transmitted. The User requesting it can receive the list of such recipients.
The exercise of the rights is not subject to any form constraint and is free and can be exercised by sending a registered letter to San Lorenzo S.p.A. Corso Magenta 65 - 20100 Milan or by sending an e-mail to firstname.lastname@example.org
11. Existence of an automated decision-making process, including profiling
The Data Controller does not adopt any automated decision-making process, including profiling, referred to in Article 22 (1) and (4) of the GDPR.
12. Holder and Responsible of the Treatment
a. Data controller is:
b. Responsible for the treatment are:
• The Rocket Science Group LLC as a mail service provider offered through Mail Chimp.
• Nexteam s.r.l., with registered office in Via San Francesco d'Assisi, 33 - 66100 Chieti (CH) agency responsible for the development of the site and the reservation platform, also responsible for data security, in the quality of the person authorized to process it;
• KosmoSol S.r.l. Strada delle Castelline, 42 / D - 43019 Soragna (Parma) - Italy a company that offers the PMS management cloud service.
The complete and updated list of persons in charge of processing is kept at the San Lorenzo office and can be requested in the manner set out in the previous par. 10.
13. Information updates.
This information will be subject to periodic updates which will be highlighted on the Site.
14. Date of last modification.
This information was updated on June 12, 2018.
THE DATA CONTROLLER
San Lorenzo SPA
Corso Magenta, 65 - 20123 Milano (MI)
VAT Code: 03409680158
Tax Code: 03409680158
Share capital: € 2.097.349,00
Telephone: +39 340 9519126