PRIVACY POLICY – ONLINE PAYMENT FORM

Information document pursuant to article 13 of EU Reg. 2016/679 (GDPR) - Information on the processing of personal data collected from the interested party.

In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide the necessary information regarding the processing of personal data provided.

Definitions: the art. 4 of EU Reg. 2016/679 defines "personal data" any information concerning an identified or identifiable natural person ("concerned"); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social.

  1. HOLDER OF THE TREATMENT

    pursuant to art. 4 of EU Reg. 2016/679, is Hotel Castiglione - Gevitur snc di Nadalini Luca e Carlo with offices in Lungomare Trieste n. 126, Zip Code 33054 City Lignano Sabbiadoro (UD), info@castiglionehotel.it with exclusive reference to the role of owner of the business called “Hotel Castiglione”.

  2. PURPOSE OF TREATMENT

    The personal data provided will be processed for the following purposes:

    • Filling out forms with personal data for online payments for purchased services. Payment management services are provided by an external company: a credit institution or other company that processes payments via credit card, bank transfer, or other payment methods. The data used for payment is transferred directly to the payment service provider without being processed in any way by our website. Some of these services may also allow the sending of scheduled messages to the user, such as emails containing invoices or payment notifications.

  3. LEGAL BASIS FOR THE PROCESSING

    The legal basis applicable to the processing of your personal data for the purposes indicated is:

    • the execution of the contract (art. 6 paragraph 1 letter b)) of EU Regulation 2016/679 in order to conclude the service purchase contract.

  4. RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS

    The personal data provided will be disclosed to recipients who will process the data as data processors (Article 28 of EU Regulation 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Data Processor and who operate as employees or collaborators with specific appointments as data processors (Article 29 of EU Regulation 2016/679), for the purposes listed above in point 2.

    By way of example and not limited to, the data will be communicated to:

    • entities that provide services for the management of the information system used by the Data Controller and the related telecommunications networks, including email and website management.
    • professionals and consultants in the field of assistance and consultancy relationships.
    • competent authorities to fulfill legal obligations and/or provisions of public bodies, upon request.
    • companies or credit institutions that offer online payment services.

    The entities belonging to the aforementioned categories act as Data Processors, or operate completely independently as separate Data Controllers.

    The list of Data Processors is constantly updated and available at the Data Controller's registered office.

    Any further communication will only take place with your explicit consent, in compliance with and within the limits of the GDPR.

    Your data, subject to processing, will not be disclosed.

  5. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND GUARANTEES

    Personal data is stored on servers located within the European Union.

    In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU.

    In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in compliance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission, and the user will be informed.

  6. DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD

    The processing will be carried out both automatically and manually, using methods and tools designed to ensure maximum security and confidentiality, by the Data Controller and/or specifically authorized persons.

    In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Reg. 2016/679, the personal data provided for contact requests will be retained for the period necessary for the execution of the contract and legal provisions ( 10 years and even longer in the event of tax audits).

  7. RIGHTS OF INTERESTED PARTIES

    The interested party may assert his/her rights as expressed in EU Regulation 2016/679 by contacting the Data Controller, sending an email to info@castiglionehotel.it or writing to the Data Controller's office indicated above.

    The interested party has the right, at any time, to ask the Data Controller:

    1. access to your personal data (art. 15);
    2. the rectification (art. 16);
    3. the cancellation (art. 17) of the same;
    4. the limitation of processing (art. 18);
    5. the transfer of your data to another owner (art. 20);
    6. the interested party also has the right, if it is not possible to request the deletion of the data, to oppose the processing when this is justified by reasons relating to his particular situation (art. 21).

  8. POSSIBILITY OF COMPLAINTS TO THE GUARANTOR

    Without prejudice to any other administrative or judicial remedy, if the data subject believes that the processing of his or her data violates the provisions of EU Regulation 2016/679, he or she has the right to lodge a complaint with the supervisory authority (Italian Data Protection Authority) pursuant to Article 15, letter f) of EU Regulation 2016/679.

  9. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO PROVIDE THE DATA

    Providing personal data is not mandatory, as you are free to provide it in the dedicated areas of the website, but it is necessary to fulfill the purposes of the processing. Failure to provide the necessary data will result in:

    • The inability to transmit your data to credit institutions or other companies that process payments, which therefore prevents you from paying for the services purchased, resulting in the cancellation of the requested service.

  10. AUTOMATED DECISION-MAKING PROCESSES

    There is no automated decision-making process.