Information pursuant to articles 13 and 14 of the EU European Regulation no. 2016/679 relating to the Protection of Personal Data
Siga S.R.L. located in Via Assisi no. 1 – 73100 – Lecce, VAT no. 00555690759, informs you that your personal data and the information you provide will be processed in compliance with the provisions of EU Regulation no. 2016/679 relating to the Protection of Personal Data, as detailed below. In accordance with articles 13 and 14 of the aforementioned Regulation, the independent Data Controller is Siga S.R.L. located in Via Assisi no. 1 – 73100 – Lecce, VAT no. 00555690759.
Purpose of the processing
In its capacity as Data Controller, Siga s.r.l. declares in a transparent, intelligible and clear manner that your data will be processed, gathered and elaborated exclusively for pre-contractual and contractual purposes with said Company and with its affiliated companies, which may be nominated independent Data Controllers or Data Co-Controllers, to allow the complete execution of the contract. Hence, purposes of use other than the purpose of data collection, and uses not declared herein, are prohibited. We inform you that personal data gathered directly from the interested party or through the compilation of hard-copy or online forms are processed by Siga s.r.l. for pre-contractual purposes and subsequently for the contracts stipulated with the Customer.
Siga s.r.l. may carry out the operations indicated in the notice on the personal data gathered for the pre-contractual and contractual purposes within the sphere of the hotel hospitality service, and hence their registration, organization, structuring, storage, adaptation, modification, communication, and making available. In accordance with article 6 paragraph 1 of the EU Regulation 2016/679, your personal data will be processed in the execution of the tasks received or for the management of the pre-contractual measures requested by the interested parties.
Legal basis and lawfulness of processing
In order to proceed with the contractual relations and the related obligations, the Data Controller needs to gather and process some of the personal data acquired, as required within the individual contractual document (Art. 6 EU Reg. 2016/679). The processing of your personal data will be performed by the Data Controller to comply with legal obligations and will be legally based on the regulations relating to the protection of personal data, merely for pre-contractual and contractual purposes.
Retention period of Personal Data – Data Retention
The retention period of your data gathered by Siga s.r.l. will be always and exclusively connected and referable to the purpose for which the data were acquired and are processed (Considering 39 of EU Reg. 2016/679). The data acquired in the context of the pre-contractual and/or contractual relationship may be retained by the Data Controller for the time strictly necessary to obtain feedback on customer satisfaction with regard to the supply of the service. The data acquired may be stored and communicated to the relevant Authorities for accounting, taxation or other obligations.
The Company may continue to retain said data for a longer period to protect its interests in the event of any disputes. The data used for marketing and/or profiling purposes may be stored for further periods with respect to the contractual purposes in the event that you have provided specific consent to the performance of such activities. Once the relative consent has been revoked, the data can no longer be used, but only stored without being processed.
Siga s.r.l. uses a vast range of security measures to improve the protection, integration and storage of your personal data. Among other security measures, the Data Controller adopts the restriction of access to your personal data, limiting it only to the purposes described in detail in the information notice.
Method of processing of extra-EU data
We further inform you that, in its capacity as Data Controller, Siga s.r.l. may carry out operations to transfer and/or share your personal data with its affiliated companies, hence, as Data Controller, Siga s.r.l. declares that it will take all the precautions necessary for the protection of your personal data and the information gathered, and will make a careful analysis in the event that personal data is transferred to countries outside the EU, preliminarily submitted to suitable verification of their adequacy as regards the protection and storage of personal data (decisions of adequacy, Standard Contractual Clauses approved by the European Commission). The aforementioned Companies may adopt the role of Data Controller, thus independently determining the purposes and the means of the processing of personal data, or of Data Co-Controllers with joint determinations (EU Reg. 2016/679 art. 4).
Communication of personal data
We inform you that the processing of personal information acquired for the full accomplishment of the assignment will be considered a necessary requisite. The impossibility of carrying out the processing will prevent the execution of the contract by Siga s.r.l. which further specifies that the information provided will not be subjected to any automated decision making process, including the profiling thereof. The data gathered by means of the compilation of online forms will be acquired electronically and processed to meet the requests made by the customer, the owner of the data provided. The data gathered may concern the travel itinerary and the tourist/hotel group and may be shared with other companies of the Group or with strategic business partners for travel, car rental, timeshare, etc. The data provided may be used for sending communications relating to the electronic invoicing program.
Processing of special categories of personal data
Siga s.r.l. informs you that in relation to the conclusion of the contractual relationship, it may be necessary to process particular categories of personal data (for example, relating to the state of health), which is why an explicit declaration of consent is required for the provision of specific services.
Scope of communication
We further inform you that the data acquired will be used exclusively by Siga s.r.l. and its affiliated companies for reasons inherent with the execution of the services offered in favour of the Customer, and for the management and the execution of the contractual and pre-contractual purposes. In the event that for operational purposes related to the execution of the contract it becomes necessary to involve external subjects (which will always be authorised by the Data Controller with the simultaneous legal obligation to keep the information confidential), Siga s.r.l. informs you that these subjects will be nominated external personal data processing managers (EU Reg. 2016/679 art. 28).
Siga s.r.l. also declares that the employees or collaborators of said Company or of the other companies affiliated with it (Data Controller or Co-Controller) have been issued specific indications and instructions regarding the activity of processing your personal data, as well as on the correct security measures and storage of the data, hence they are qualified as suitable subjects for being in charge of the data processing for the pre-contractual and contractual purposes described above, with direct reference to the Data Controller.
Siga s.r.l. informs you that, in its capacity as Data Controller of personal data, it may carry out promotional and/or marketing activities involving you to promote products and services supplied by the same company and other companies of the group. The sending could hence concern products and services similar to those for which pre-contractual and contractual relations were established (soft spam). The legal basis of the processing is the Company’s legitimate interest to promote its products and services (ex article 6 paragraph f) of the Regulation). This will be possible in the wake of the evaluations made by the Data Controller regarding any possible prevalence of your fundamental interests, rights and freedoms on your legitimate interest in sending direct marketing communications. We remind you that it will always be possible to terminate the reception of the aforementioned communications by means of explicit request for cancellation of the consent given for these activities.
Rights of the Data Controller
We inform you that it is your right as set forth in art. 15 of the EU Regulation 2016/679 to access and check at any time the personal data provided that concern you, to obtain confirmation of the same in intelligible form, and to request the modification, cancellation or limitation of processing, within the limits envisaged by current regulations relating to “obligations to retain personal data”. Any modification, cancellation or other activity requested by you in relation to the personal data provided will be subjected by the Data Controller to suitable registration of the intervention performed. We further inform you that it is your right at any time to propose a formal complaint to the Guarantor of the Protection of Personal Data – Piazza di Monte Citorio no. 121, Rome, in the event that you decide to indicate the improper or unauthorised use of your personal data.
Siga s.r.l. further informs you that, in accordance with articles 37 and 39 of the European Regulation EU no. 2016/679 relating to the Protection of Personal Data, and considering the Company’s attention to the processing and storage of the personal data acquired, in its capacity as Data Controller of the aforesaid data, it has appointed as the Person in charge of the Protection of Data (Data Protection Officer) the Lawyer Domenico Busco, who may be contacted at firstname.lastname@example.org to whom you may refer in the context of exercising your rights, or in the event of observations and/or disputes relating to the processing of the personal data communicated. This information notice, drawn up in the wake of the application of European Regulation no. 2016/679 regarding the protection of personal data, may be subjected to further revision and updating. The document in any case will always be visible on the website www.vestashotels.it.