GDPR (General Data Protection Regulation) - Regulation (EU) 2016/679 of the European parliament
The purpose of this notice is to clarify the provisions of the regulation dealing with personal data protection, more specifically regarding your rights and the ways to protect them. For this purpose we inform you that:
1 your personal data will be processed by us for the following purposes:
- to carry out the commercial activity and/or fulfill our contractual obligations with you
- to comply with administrative and accounting objectives and obey to all legal obligations deriving from our relationship
- to send documents concerning products, offers, promotional material and keep you informed, even by using electronic communication tools, about the company’s activities.
2 it is mandatory to provide the personal data; in case of a refusal to give your own personal data, it could make it impossible for us to establish or continue the business relationship.
3 the personal data will be stored in both electronic format and paper format, and can be accessed by the staff of our company in charge of their processing. If necessary, the data can be disclosed to: suppliers, commercial and production partners, intermediaries, technical consultants and similar parties who collaborate with our organization, in order to fulfill the contractual obligations with you (paragraph 1.1). To parties like banks, forwarders, shipping companies, insurance companies, consultants and other similar entities, which work with our organization for administrative, accounting or financial purposes (paragraph 1.2).
4 the data controller (Albergo Milano srl) has appointed a Data Protection Officer (DPO) who can be contacted for all kinds of information by calling the telephone number +39 0341830298 or by writing to the fax number +39 0341 830 061 or e-mail address email@example.com
5 the data controller is Albergo Milano srl Via XX Settembre 35, 23829 Varenna (LC).
Right of access to personal data and other rights. How and when can a data subject object to the processing of their own personal data (Art. 21 GDPR) and which are the rights of the data subject (Art.15 – 20 GDPR)
1 The data subject has the right to obtain confirmation of the existence, or not, of personal data concerning him or her, even if not registered yet, and their communication in a comprehensible manner.
2 The data subject has the right to obtain information about:
- the source of the personal data
- the purpose and methods of the data processing
- the logic applied in case the processing is done with the help of electronic instruments
- the name and contact details of the data controller, the data processors and the appointed representative, in accordance with article 5, section 2
- the subjects or categories of subjects to whom the personal data may be communicated or who could have access to the personal data, as a representative designated in the territory of the state, as data processors or as people commissioned to process the data.
3 The data subject has the right to obtain:
- the updating, the rectification or if interested, the completion of the data;
- the erasure, the anonymisation, or the blocking of data processed illegally, including the data which does not need to be stored for the purposes for which the data was collected or subsequently processed;
- the certification that the operations referred to in points a) and b) have been reported, including their contents, to all of those the data has been disclosed or distributed to, except in case the fulfillment of this task proves itself to be impossible or would require the use of a disproportioned effort compared to the right being protected.
4 The data subject has the right to object completely or partially:
- for legitimate reasons to the processing of personal data concerning him or her, even if pertinent to the purpose of its collection
- to the processing of personal data concerning him or her, for the purposes of sending advertising material or direct sales, or for conducting market research or commercial communications.