In this section we describe how the website is managed with regard to the processing of personal data of users who browse it.
This notice is provided in accordance with EU Regulation 2016/679 (GDPR) – Personal Data Protection Code – to those who interact with the web services of EasyConsulting S.r.l., provider of hospitality services for San Francesco Heritage Hotel.
This privacy notice applies only to the San Francesco Heritage Hotel website and not to any other websites that may be accessed by the user through links.
This policy is inspired by EU Regulation 2016/679 (GDPR), which establishes minimum requirements for the online collection of personal data and, in particular, the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.
DATA CONTROLLER
According to EU Regulation 2016/679 (GDPR), the Data Controller is Roma Hotels Srl, with registered office in Viale Bruno Buozzi 32, 00197 Rome, through its legal representative.
DATA PROCESSOR
According to EU Regulation 2016/679 (GDPR), the Data Processor is the General Manager of San Francesco Heritage Hotel, located at Via Ambrogio Machin 2, 07041 Alghero, Tel. +39 079980330, Fax +39 00 00000000, email info@sanfrancescohotel.com.
According to EU Regulation 2016/679 (GDPR), the external data processor and owner of the booking platform HOTELEASYRESERVATIONS is EasyConsulting S.r.l., with registered office in Via Nicolò III n. 4, 00165 Rome (http://www.easyconsulting.com). The company does not directly process customer personal data except for IT management activities (website hosting and IT security measures).
PLACE OF DATA PROCESSING
The data processing related to the web services of this site takes place at the offices of the Data Controller.
No data derived from the web service will be communicated to third parties unless it is strictly relevant to the purpose of the processing or required by laws or regulations.
EasyConsulting S.r.l., which provides the website management service for San Francesco Heritage Hotel, makes the data collected through the website available to Roma Hotels Srl, the Data Controller.
PURPOSE OF DATA PROCESSING
The personal data voluntarily and optionally provided by users who submit requests to receive information about hotel services (prices, room availability, conference rooms, etc.), subscribe to the newsletter, make online bookings, or submit job applications by sending electronic résumés, are used solely to perform the requested service and are not disclosed to third parties unless required by law or strictly necessary to fulfill the request.
In particular, personal data voluntarily provided by users will be collected electronically and processed, also with the help of electronic tools, directly and/or through authorized third parties (such as email service providers or website hosting companies) for the following purposes:
- to allow users to make and confirm bookings by providing credit card details as a guarantee;
- to provide the specific services requested during the booking process;
- to use the credit card provided as a guarantee for possible penalty charges in the event of cancellation beyond the permitted cancellation period or in case of no-show;
- to evaluate submitted résumés based on the internal needs of the company;
- for anonymous statistical purposes (such as monitoring the number of website visits);
- to comply with administrative, accounting, and tax obligations, as well as with applicable laws and regulations.
The data we process may include sensitive data as defined by EU Regulation 2016/679 (GDPR), such as personal data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, membership in parties, trade unions or associations, as well as data concerning health or sexual life voluntarily provided by users in the booking form notes (for example food allergies, disabilities, or health-related information necessary to provide services).
Such data will be processed in compliance with the authorization issued by the Italian Data Protection Authority and only for the operations strictly necessary to fulfill contractual or pre-contractual obligations in order to provide the requested services.
Any sensitive data will be processed with the utmost confidentiality and will not be disclosed.
CURRICULUM MANAGEMENT
Roma Hotels Srl reserves the right to evaluate the résumés received for current or potential job opportunities within the hotel.
Résumés considered of interest will be stored for a maximum period of one year and processed in compliance with the minimum security measures established by EU Regulation 2016/679 (GDPR).
Candidates are kindly requested to follow these guidelines when submitting their résumés electronically:
- use the European CV format;
- send the résumé in PDF format;
- avoid including sensitive data (such as health information or religious or political beliefs) that are not relevant to the job application;
- provide consent for the processing of sensitive data that may be relevant to the establishment of an employment relationship (for example membership in protected categories).
Appropriate privacy information will be provided to candidates during any interview process.
The processing related to curriculum management is strictly aimed at activities related to recruitment, evaluation, or personnel selection for potential collaboration, fixed-term or permanent employment, internships, or academic thesis preparation.
DATA COMMUNICATION AND DISCLOSURE
Within Roma Hotels Srl, personal data collected through this website may only be processed by personnel who have been officially authorized and trained regarding confidentiality and data security.
When necessary, personal data may be communicated to:
- EasyConsulting S.r.l., acting as external Data Processor;
- public authorities or institutions when required by law or contractual obligations;
- debt collection agencies and banking institutions for the management of payments related to hotel services;
- external consultants or companies providing tax or accounting consultancy services;
- collaborators or service providers when necessary to deliver hotel services requested by the user.
TYPES OF DATA PROCESSED Browsing Data
The software systems used to operate this website acquire certain personal data during normal operation, whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be directly associated with identified users, but by its nature could allow users to be identified through processing and association with data held by third parties.
This category includes IP addresses, domain names of the computers used by users connecting to the site, the date and time of requests, URI addresses of requested resources, the size of the file obtained in response, the numerical code indicating the response status from the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
These data are used solely to obtain anonymous statistical information on the use of the site and to ensure its proper functioning, and they are deleted immediately after processing.
The data may also be used by judicial authorities to determine responsibility in case of hypothetical cybercrimes against the website. Except in such cases, web contact data are not retained for more than seven days.
Data Provided Voluntarily by the User
The optional, explicit, and voluntary sending of emails to the addresses listed on this site involves the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data included in the message.
CONTACTING THE USER – EMAIL MANAGEMENT Mailing List or Newsletter
This type of service allows the management of a database of email contacts, phone contacts, or other types of contacts used to communicate with users.
These services may also collect data regarding the date and time when messages are viewed by users and how users interact with them, such as information on clicks on links contained in the messages.
MailChimp (The Rocket Science Group, LLC.)
MailChimp is an email address management and email sending service provided by The Rocket Science Group, LLC.
Personal Data collected: email address.
Place of processing: USA – Privacy Policy.
INTERACTION WITH THE HOTEL VIA LIVE-COBOOKING PLATFORM
This platform, if enabled, allows the hotel to communicate with visitors through a chat on the website, enabling interaction via pop-ups and co-browsing sessions to assist users during navigation.
This platform does not collect or display sensitive data, and the browsing data collected are limited to the official San Francesco Heritage Hotel website and the HOTELEASYRESERVATIONS booking platform. Other data such as IP addresses are detected anonymously and are neither recorded nor communicated to the hotel.
INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
These services allow interactions with social networks or external platforms directly from the pages of this website.
The interactions and information acquired by this website are always subject to the user’s privacy settings for each social network.
If social interaction services are installed, they may collect traffic data related to the pages where they are installed, even if users do not actively use them.
Facebook Like Button and Social Widgets (Facebook, Inc.)
The Facebook “Like” button and social widgets are services that allow interaction with the Facebook social network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Google+ +1 Button and Social Widgets (Google Inc.)
The +1 button and Google+ social widgets are services that allow interaction with the Google+ social network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Twitter Tweet Button and Social Widgets (Twitter Inc.)
The Tweet button and Twitter social widgets allow interaction with the Twitter social network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
