Política de privacidad
Privacy Notice
This Privacy Notice aims to inform you - pursuant to art. 13 and 14 of the European Regulation 2016/679 regarding the protection of personal data ("Regulation" or "GDPR") - and is addressed:
- To Visitors/users of the website www.venetiana.it (“website or site”), acquired - independently or through third parties - through the site itself;
- to Customers who use the services provided by the Data controller;
- to Candidates for job positions through applications collected on this website or through other channels;
- to Data Controller's Suppliers in the context of existing contractual relationships.
This Privacy Notice is intended to inform the user about the methods of processing personal data concerning him. All data is processed in a lawful, correct and transparent manner in relation to the interested party, in compliance with the general principles established by EU Reg. n. 2016/679 and by the current legislation on the protection of personal data.
1. DATA CONTROLLER
The data controller is SENATO 22 S.r.l. a socio unico VAT number no. 03023280153, with registered office in Milano, Via Marco Fabio Quintiliano n. 18, email info@senatohotelmilano.it. The Data Controller has designated a Data Protection Officer (DPO) who can be contacted at the e-mail address privacy@autoguidovie.it.
2. PROCESSING OF PERSONAL DATA OF USERS OF THE WEBSITE
DATA COLLECTED
The website offers informative and sometimes interactive content. While browsing e, it will therefore be able to acquire information about the visitor, in the following ways:
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are canceled immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data Provided Voluntarily by the User
We do not collect or use personal information relating to visitors to the website. The only exception concerns the information for personal identification necessary to process the user's contact requests and to comply with the contractual obligations for the provision of services towards the user.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender's e-mail address, as well as any other personal data entered, necessary to respond to requests.
The forms on the site collect identification and contact data, voluntarily provided by the user. Failure to provide such data may make it impossible to obtain what has been requested. The Owner will use this information only to respond to user requests and to provide the requested services
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
The processing of Users' personal data is carried out for the following purposes:
- guarantee access to the Site, navigation, use of online services made available in connection with the Site itself;
- subject to the User's consent, for purposes of information and commercial promotion of services supplied by the Data Controller and/or other subjects such as companies belonging to the Group of which the Data Controller is a part;
- Ascertainment of responsibility in the event of hypothetical computer crimes against the site.
The legal basis of the treatment is constituted:
- for the purposes referred to in points a), from the processing of requests from the interested party or from the execution of pre-contractual measures;
- for the purpose referred to in point b), from the consent freely expressed by the interested party;
- for the purpose referred to in point c), from the legitimate interest of the Data Controller.
METHOD, PLACE AND DURATION OF DATA PROCESSING
Personal data is processed with IT and/or telematic tools. The treatment is carried out through organizational methods and with logic strictly related to the purposes indicated.
The Data Controller has implemented technical and organizational measures to provide an adequate level of security and confidentiality to personal data. These measures take into consideration the state of the art of the technology, the costs of its implementation, the nature of the data and the risks associated with their treatment. The purpose is to protect data from accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access, and from other forms of unlawful processing.
The data is processed at the operating offices according to which the Company is organised, and at companies appointed and duly appointed as Data Processors.
Data processing is carried out for the time strictly necessary for the pursuit of the aforementioned purposes, without prejudice to any conservation terms established by laws or regulations.
DATA COMMUNICATION
The data collected by the Data Controller will be shared only for the aforementioned purposes; we will not share or transfer your personal data to third parties other than those indicated in this Policy. In the course of our activities and exclusively for the same purposes as those listed in this Policy, your personal data may be transferred to the following categories of recipients:
- hosting providers, IT companies, communication agencies, third party technical services;
- people, companies or professional firms that provide assistance and advice to the Data Controller, in accounting, administrative, legal, tax and financial matters;
- subjects whose right to access the data is recognized by provisions of the law or by orders from the authorities.
These subjects are also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.
3. PROCESSING OF PERSONAL DATA OF CUSTOMERS WHO USE THE SERVICES PROVIDED BY THE DATA CONTROLLER
PROCESSING OF DATA COMMUNICATED BY CUSTOMERS FOR THE PURCHASE AND USE OF SERVICES
The Data Controller collects and processes a series of personal data from customers, for the purpose of booking, purchasing and using the services provided and related to hospitality at its hotel facility "Senato Hotel Milano" (hereinafter "Services"). The personal data processed are identification data (such as name, surname, gender, date and place of birth and residence, citizenship and tax code), contact data (such as address, telephone numbers and email), those relating to the chosen payment method (such as the credit card number, owner, expiration date and security code), stay (such as arrival and departure dates) and any data relating to other special requests which may also contain sensitive data ( such as indications of allergies, food intolerances, disabilities, pathologies or personal habits), which the interested party communicates to the Data Controller in relation to the requested Services.
The processing of such personal data has the purpose of providing the Services requested by the customer and is, therefore, necessary for access to the Services provided by the Data Controller. In the absence of such data, the requested Services cannot be provided.
The legal basis of the processing itself is, therefore, the need to satisfy the customer's request for Services, the fulfilment of the relevant contract stipulated with the same, as well as the fulfilment of the related legal obligations.
PROCESSING OF PERSONAL DATA FOR MARKETING ACTIVITIES
Only if the customer expressly consents, personal data can be processed by the Data Controller for purposes of information or commercial promotion of products by the Data Controller and/or other subjects such as companies belonging to the Group of which the Data Controller is a part. The legal basis of the processing is the consent freely expressed by the interested party.
The Data Controller may also process the data indicated above for direct marketing purposes aimed at its customers, who are in any case guaranteed the right to object to such processing, at any time and free of charge. In the event of opposition, the customer's personal data will no longer be processed for these purposes.
The legal basis of the processing itself is constituted by the legitimate interest of the data controller in carrying out direct marketing initiatives towards its customers, in consideration of the relationship established with them and the protection of their fundamental rights and freedoms also guaranteed through the right of opposition mentioned above.
PROCESSING OF DATA COMMUNICATED IN THE EVENT OF ANY REPORTS, COMPLAINTS OR REQUESTS FOR COMPENSATION / REFUND / COMPENSATION
In case of complaints or requests for indemnity / reimbursement / compensation, the Data Controller processes the personal data communicated in this way only if specifically permitted by the applicable rules and only for management purposes of the complaint / claim.
The categories of interested parties and data subject to the described processing are determined by the author of the report, complaint or request, under his own responsibility. The subsequent processing of personal data by the Data Controller will take place exclusively in compliance with the applicable rules.
The legal basis of this treatment is, therefore, the need to satisfy the request for management of the report, complaint or request.
METHOD, PLACE AND DURATION OF DATA PROCESSING
The personal data are processed, both on paper and electronically, and with the adoption of appropriate measures to ensure their protection. Personal data may be shared, in compliance with the applicable rules and only for the purposes and under the conditions indicated in this information, with public subjects for legal obligations, or with data processors or co-controllers with whom specific agreements have been signed.
Personal data processed for legal and contractual obligations will be kept for 10 years; the personal data processed for the legitimate interest of the Data Controller for direct marketing purposes will be carried out for a period not exceeding two years from the last contractual or pre-contractual relationship; the treatments carried out with the consent of the Customer will be carried out until the consent is revoked.
In the event of a dispute with an interested party or a specific request from the competent Authorities, personal data may be kept for as long as necessary to protect the interests of the Data Controller or to comply with the request of the Authority.
DATA COMMUNICATION
The data collected and processed may be communicated, exclusively for the purposes specified above, to subjects belonging to the following categories:
- professionals or service companies used by the Data Controller for the provision of services;
- competent authorities, where the Data Controller believes he is legally authorized to do so or if it becomes necessary;
- with user's consent, to companies belonging to the Group of which the Data Controller is a part.
4. PROCESSING OF IMAGES ACQUIRED BY VIDEO SURVEILLANCE SYSTEMS
The Data Controller operates a Video surveillance system in the hotel premises, for the purpose of protecting the Data Controller’s assets the safety and the property of the people present. The appropriate abridged policy provided on the signs displayed near video cameras informs customers of the use of video surveillance.
Through these systems, the Data Controller acquires and processes personal data consisting of images of customers of the Services thus taken, which are retained for no more than 72 hours.
The legal basis of the processing in question is the need and the connected legitimate interest to protect security and prevent and combat any illicit activities.
5. PROCESSING OF PERSONAL DATA OF CANDIDATES FOR THE ESTABLISHMENT OF EMPLOYMENT RELATIONSHIPS
PURPOSE AND DESCRIPTION OF DATA PROCESSING
The personal data being processed are identification and contact data, as well as any other information contained in the Curriculum Vitae or which in any case the candidate communicates to the Data Controller for the aforementioned purposes.
Furthermore, in the context of any subsequent interviews with the candidate, the Data Controller may collect further information on the candidate himself, pertinent to the selection process and to the job covered by the same, including, where required by the applicable rules, judicial data (data relating to the criminal record and certificate of pending charges), for the control of physical and aptitude suitability. The purpose of this processing of such personal data is to evaluate the candidate himself in view of the possible establishment of an employment relationship with the Data Controller.
The provision of data is necessary for the evaluation of the candidate in view of the possible establishment of an employment relationship with the Data Controller; therefore, any refusal to supply them in whole or in part may make it impossible for the Data Controller to establish the employment contract.
LEGAL BASIS OF DATA PROCESSING
The processing is carried out to satisfy the request for examination of the application that the interested party manifests, even implicitly by simply sending his/her curriculum vitae and/or cover letter or other communication of similar content, for the purposes of the possible establishment of an employment relationship. The legal basis of the processing is therefore the execution of pre-contractual measures adopted at the request of the candidate himself.
METHOD, PLACE AND DURATION OF DATA PROCESSING
The processing of data for the aforementioned purposes takes place, also through Managers appointed in compliance with the applicable rules, with both automated methods, on electronic support, and non-automated methods, on paper support, in compliance with the applicable rules and internal provisions capable of guaranteeing confidentiality and protection.
The data is processed and archived at the registered office and the operational offices according to which the Company is organised. The data will not be transferred outside the European Union.
The personal data provided will be kept for three years, in order to meet the needs of the Data Controller related to the selection process. Without prejudice to the possibility of defending the rights of the Data Controller in all offices, in particular in the event of any pending legal proceedings.
CATEGORIES OF SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED
The data collected and processed may be communicated, exclusively for the purposes specified above, to subjects belonging to the following categories:
- Professionals or service companies used by the Data Controller for the provision of services related to the management of human resources and IT systems;
- Where applicable, medical or medico-legal studies in fulfilment of the obligations regarding the control of physical and aptitude suitability;
- Competent authorities, where the Data Controller deems he is legally authorized to do so or if it becomes necessary.
6. PROCESSING OF PERSONAL DATA OF SUPPLIERS
PURPOSE AND DSCRIPTION OF DATA PROCESSING
The Data Controller may process some personal data concerning the supplier, if a natural person, and/or the workers of the supplier himself (in this second case even if the supplier is a legal entity) for the purpose of stipulating and executing contracts with the suppliers themselves.
The Data Controller makes every effort to make this information known to each interested person indicated above, firstly through the publication of this document on its website. However, it should be noted that the communication of the information in question to all interested parties and, in particular, to each worker and collaborator of each of its suppliers in relation to whom it receives or collects personal data, would imply a disproportionate effort for the Data Controller or, in some cases, it may even be impossible. In view of the above, the supplier of the Data Controller communicates and disseminates this information to any interested parties involved in the processing described above, i.e. to their Workers and Collaborators (however named, including in the definition also all natural persons whose data may in any case be communicated to the Data Controller or known by this for the stipulation and execution of the supply contract) with all the appropriate tools.
The personal data processed are the identification and contact data (such as address, telephone numbers, e-mail) concerning the supplier and/or its Workers and Collaborators and which they can communicate to the Data Controller as part of the normal activities that characterize the supply relationships that have been or are intended to be established.
The processing of such personal data has for purposes the stipulation or execution of supply contracts and is functional to the achievement of the same. In the absence of such data, it may not be possible to establish or correctly execute the contracts themselves.
LEGAL BASIS OF DATA PROCESSING
The legal basis of the processing is the conduct of pre-contractual negotiations with the supplier or the fulfilment of the supply contract or legal obligations.
METHOD, PLACE AND DURATION OF DATA PROCESSING
The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. The processing is carried out using IT, telematic and paper tools, with organizational methods and with logics strictly related to the purposes indicated.
The data is processed at the operating offices according to which the Company is organised, and at companies appointed and duly appointed as Data Processors. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to non-EU countries. In this case, the Data Controller ensures from now on that the data transfer will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.
Data processing is carried out for the time strictly necessary for the pursuit of the aforementioned purposes, and in any case not exceeding ten years.
CATEGORIES OF SUBJECTS TO WHOM THE DATA MAY BE COMMUNICATED
The personal data of suppliers collected may be communicated to companies that provide services related to the purposes of the processing. Personal data may also be shared when required by law and/or government authorities. With the exception of cases explicitly permitted by law, or provided for in this Statement, personal data will not be communicated or shared without the consent of the user concerned.
7. RIGHTS OF THE DATA SUBJECT
The data subjects have the right to ask the Data Controller for access to their personal data, the rectification or cancellation of the same, as well as to request the limitation or oppose their processing. The interested party is also the holder of the right to data portability. To exercise these rights, you can refer to the contacts indicated in this statement.
All requests received will be processed and verified in accordance with the specific provisions of the applicable regulations, also with reference to the effective existence of the conditions for their acceptance. In the absence of such existence, the Data Controller may not follow up on the requests. The Data Controller makes every effort to respond to legitimate and well-founded requests within one month of receiving them. Depending on the complexity and number of requests, as well as the above, this deadline may be extended by two months. At the final outcome of the management of the request and against the same, the interested party has the possibility to lodge a complaint with the supervisory authority www.garanteprivacy.it and to lodge a judicial appeal.
This Notice was last updated on 30/09/2023