PRIVACY-MANAGEMENT EU REG. 679/2016 (GDPR)
1. Identity and contact details of the Controller and Data Officers
The Data Controller is O.S.A.R.A. Srl with registered offices in Corso Vittorio Emanuele 135 – 80121 Naples, Italy, VAT n° 00286910633
The Data Protection Officer (DPO) is Mr SILVIO TORTORA MAIONE, appointed by O.S.A.R.A. SRL with appointment letter and engagement agreement for independent professional experts dated 16/05/2018
An updated list of the officers and workers in charge of data processing is kept at the registered offices of the Data Controller.
2. Purpose of Data Processing
O.S.A.R.A. SRL processes personal and sensitive identifying data (hereinafter referred to as “personal data, sensitive data” or even simply as “data”) disclosed by you upon entering into contracts for services provided by O.S.A.R.A. SRL, namely provision of accommodation or events on the premises of the Grand Hotel Parker’s.
The personal data collected consists in:
• Postal address
• Telephone number
• Email address
• Credit/debit card number or other payment details
• Financial information in certain circumstances
• Preferred language
• Date and place of birth
• Nationality, passport, visas or any other government-issued identifying data
• Data on family members and partners, such as the names and ages of offspring
• Information on health and special requirements (for instance, allergies, intolerances, disabilities or illnesses that call for accommodation in special rooms or special menus)
3. Purposes of the data handling and legitimate interests
Your personal data is processed:
A) without your express consent (art. 6 letter b), e) GDPR) for the following Service purposes: data is processed by O.S.A.R.A. SRL in its capacity as data controller because processing is required to execute a contract to which the data subject is party or to carry out pre-contractual measures upon the request of said Data Subject (personal data about contracts or pre-contractual activities with customers or suppliers; data from employees being hired or recruited)
- to abide by obligations required by the law, a regulation, European legislation or dispositions from Authorities or the Government (such as money-laundering laws);
- to exercise the Data Controller’s rights (for instance, its right to defend itself in court);
B) Only upon your separate explicit consent (art. 7 of the GDPR) as provided to the Data Controller may your sensitive personal data be acquired and processed so as to render the services requested within the constraints and for the purposes established in this privacy statement.
We collect personal data in various different ways.
• Online Services We collect your Personal Data when you make a booking, when you buy goods and services on our website or from other websites we are associated with (e.g.. Booking), when you send us messages, when you get in touch with us, when you publish posts on social media channels, when you register to receive our newsletter or when you take part in surveys, contests or promotional offers.
• Visits to our premises and offline interaction We collect your Personal Data when you visit our premise. We also collect your Personal Data when you take part or we take part in promotional events held on our premises, or whenever you supply your personal Data to promote an event.
• Bookings.. We collect your Personal Data when you make a booking over the phone, when you send us an email or a fax, when you use the online-chat service or contact our customer services. We may record conversations to use them during training sessions to improve our staff standards.
We use your Personal Data to provide you with the Services you have requested, particularly:
• to facilitate the booking process, make payments, send messages of an administrative nature, send confirmation messages or messages prior to your arrival, to help you during meetings and events or to provide you with further information about our facilities and organisation;
• to complete your booking and experience at our hotel, for example to process payment, to make sure your room is available and to provide you with any assistance;
• to handle the contractual relationship between us because it is to our mutual interest or in order to comply with statutory requirements
We use your sensitive Personal Data to provide you with the Services you have requested, particularly:
• to make sure that we have services available that meet your requirements as well as services that are suitable for any needs stemming from health conditions and in keeping with your specific requests
• to handle the contractual relationship between us because it is to our mutual interest or in order to comply with statutory requirements
4. Recipients of the personal data and data disclosure
Your data may be made accessible for the purposes envisaged under art. 2.A) and 2.B) to employees and collaborators of the Data Controllers (including external collaborators) in their capacity as data processors and/or data officers and/or system administrators;
In the case of personal data belonging to an employee of O.S.A.R.A. SRL, data may also be disclosed to the following recipients:
• Tax consultants who must see to the tax side of drawing up pay slips
• Individuals within the hotel organisation in charge of managing your data to provide the service requested (check-in, catering services, invoicing, room service, etc.)
Your personal data will be stored on a server located within the European Union. In any case, it should be understood that the Data Controller is entitled to move the servers outside the confines of the European Union, if necessary. In such circumstances, the Controller henceforth vouches that any transferral of data outside the European Union will take place in compliance with applicable legislation and that the standard contractual clauses envisaged by the European Commission will be drawn up.
Without any need for express consent, as per art. 6 letters b) and c) of the GDPR), the Data Controller may disclose your data for the purposes envisaged under article 2.A) to supervisory committees (like IVASS - the Italian Institute for the Supervision of Insurance), Judicial Authorities, insurance firms to obtain insurance services as well as to all those entities to whom disclosure is compulsory by law for fulfilling the aforementioned purposes. These entities will process data in their capacity as independent data controllers.
5. Processing methods and retention period
Your personal data will be handled using the methods envisaged under article 4 n. 2 of the GDPR, and namely: collection, recording, organisation, storage, consultation, processing, use, combination, restriction, dissemination, erasure or destruction of the data.
Your personal data will undergo paper-based, electronic and partially automated processing.
The Controller will process the personal data for the time required to meet the aforementioned purposes, but in any case for no longer than 10 years after cessation of relations for the Purposes of the requested Service.
6. Rights of the data subject
In your capacity as Data Subject, you are entitled to the rights established under article 15 of the GDPR, and namely the right to:
1. obtain from confirmation as to whether or not personal data concerning you actually exists, even if it has not yet been registered, and to have such data communicated to you in an intelligible form;
2. obtain an indication of: a) the source of the personal data; b) of the purposes and manner of processing; c) of the underlying rationale should the processing be carried out with the aid of electronic systems; d) of the identity of the controller, officers and representative appointed pursuant to article 3, paragraph 1 of the GDPR; e) of the subjects or categories of subjects to whom personal data may be disclosed, or may have access to in their capacity as designated representative on Italian soil, or as data supervisors or processors;
3. obtain: a) updating, amendment or, if you so wish, supplementing of the data; b) have it deleted, transformed into anonymous form or blocked whenever the data was processed unlawfully, including any which needs not be retained for the purposes for which the data was collected and subsequently processed; c) proof that the activities outlined under letters a) and b) have been brought to the attention (in terms of content too) of those to whom the data was disclosed or disseminated, unless this proves to be impossible or involves a manifestly disproportionate effort compared with the right due to be protected;
4. object, wholly or in part, a) on legitimate grounds to the processing of your personal data even if relevant to the purposes of collection; b) to the processing of your personal data as regards advertising materials or direct sales or materials to conduct marketing surveys or business communications via automated calling systems without human intervention, via email and/or via traditional marketing methods, telephone or the postal service. It should be noted that the data subject’s right to object as outlined under previous point b) for direct marketing purposes via automated procedures also extends to traditional methods and that, in any case, the data subject is entitled to exercise his/her right to object even only in part. Therefore, the data subject may decide to only receive traditional communications or only automated communications, or neither of the two.
5. The right to rectification of your personal data should it have undergone changes or should it no longer correspond to that previously acquired or communicated (article 16).
6. Right to erasure (“the right to be forgotten” article 17). O.S.A.R.A. SRL shall erase the data from all its databases, archives and files it is contained in, if one of the following grounds exists:
a) if personal data is no longer necessary for the purpose it was initially collected for or otherwise processed;
b) the data subject withdraws his/her consent and if there are no other legal grounds for the processing;
c) the data subject objects to processing pursuant to article 21, paragraph 1, and there is no overriding legitimate reason to process the data, or object to data processing pursuant to article 21, paragraph 2;
d) the personal data has been processed unlawfully;
e) the personal data must be erased to comply with a legal requirement established under the laws of the European Union or the Member State to which the data controller belongs;
f) the personal data has been collected in relation to the offering of information-society services as per article 8, paragraph 1.
7. Right to restriction of processing (article 18). The data subject is entitled to obtain from the data controller restriction of processing when one of the following circumstances comes about:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
b) processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
c) even though the data controller no longer needs the data for processing purposes, the data subject requires the personal data for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to article 21 paragraph 1, pending the verification whether the legitimate grounds of the controller override those of the data subject.
8. Right to object (articles 21-22): Pursuant to article 6, paragraph 1, letter e) or f), the data subject is entitled to object to the processing of his/her personal data at any given time for reasons ensuing from his/her own particular circumstances. This includes profiling as envisaged under the aforementioned provisions. O.S.A.R.A. SRL does not subject data to decisions based solely on automated processing.
O.S.A.R.A. SRL informs each data subject about any amendments, limitations or erasure of data.
O.S.A.R.A. SRL refrains for further data processing unless there are legitimate compelling reasons to do so that override the interests, rights and freedom of the data subject or for the establishment, exercise or defence of legal claims.
For the data that O.S.A.R.A. SRL processes for marketing purposes, the rights of the data subject are outlined in the specific privacy statement about data processing for marketing purposes and the data processing privacy statement for profiling and aggregation purposes.
7. How to exercise your rights
You may exercise your rights at any given time by sending:
- an email addressed to firstname.lastname@example.org
8. Provision of information and consequences of refusal
Provision of your data for the purposes outlined under article 2 is compulsory. Without your data, we cannot supply you with the Services envisaged under article 3.A and 3B.
On the other hand, provision of your data for purposes that differ from those described in this privacy statement (e.g. Promotions, publications, advertising etc.) is optional and is managed in accordance with the contents of the privacy statement on data processing for marketing purposes.
cookie are used on our website to give users a better browsing service and experience.
What are cookie?
cookie are small text files sent from the website to the terminal of the party concerned (usually the browser), where they are stored before being referred back to the website upon the same user's next visit. A cookie cannot retrieve any other data from your hard drive, pass on computer viruses or capture email addresses. Each cookie is unique to the user's web browser. What cookie do we use?
Technical session cookie
The cookie used on the websites http://www.grandhotelparkers.it/, https://blastnessbooking.com/ are used for computer technology authentication or to monitor sessions, and to store specific technical information regarding the users that access the server of Blastness, the website maintenance and hotel booking service provider.
Pursuant to Article 122, paragraph 1, of the Privacy Code (in the formulation in force after the entry into force of legislative decree 69 / 2012), "technical" cookie can be used even in the absence of consent.
For maximum transparency, below we provide a number of technical cookie and specific cases of activity on the website:
• cookie implanted in the user/contracting party's terminal directly (that will not be used for other purposes) such as session cookie used for on-line booking on the website, authentication or customisation cookie (for example, the choice of the browsing language); these cookie remain active only for the duration of the session.
• cookie used to statistically analyse accesses/site visits (the so-called "analytic" cookie) that are exclusively used for statistical purposes (not for profiling or marketing) and to collect aggregate information without the possibility of tracing back to the identification of the individual user. In these cases, since current legislation requires that, when using analytic cookie, the user is given clear and adequate instructions to easily oppose implementation of such (including any mechanisms to make the cookie anonymous), we give instructions on how to disabled installed cookie below. The duration of analytic technical cookie is 30 minutes.
How to modify settings on the cookie
Most browsers allow to clear cookie from your computer hard drive, block acceptance of cookie or receive a warning before a cookie is stored.
Therefore, to remove cookie we encourage you to follow the instructions on the pages of the various browsers:
What happens if the cookie are disabled?
Nevertheless, if you block or erase cookie, it may not be possible to reset previously specified preferences or customised settings, and our capacity to customize the user experience will be limited.
Grand Hotel Parker’s
C.so Vittorio Emanuele 135, 80121 Napoli (Italy)
Tel.: (+39) 081.7612474
Fax: (+39) 081. 663527
40.836804 (Latitude), 14.22971 (Longitude)
General Manager: Giampaolo Padula
Hotel Manager: Antonio Maiorino
Booking Office: email@example.com
Sales&Marketing Office: firstname.lastname@example.org
Meeting Office: email@example.com
George Restaurant: firstname.lastname@example.org
|Grand Hotel Parker’s - C.so Vittorio Emanuele 135, 80121 Napoli (Italy) - P.IVA 00286910633
Tel. (+39) 081.7612474 - Fax. +39 081 663527 - email@example.com
GDS CODES: Amadeus LX NAPGAP - Sabre LX0027126 - Galileo LX 75922 - Worldspan LX41228