Privacy Policy
Privacy Policy pursuant to Articles 13 and 14 of Regulation (EU) 2016/679
WEBSITE WWW.PRIORISECRETGARDEN.IT
In accordance with current legislation on the protection of personal data, PSG SRL, as the owner of this digital platform and the Data Controller, informs you that this Privacy Policy aims to describe the purposes and methods of processing your personal data carried out by the website www.priorisecretgarden.it, hereinafter referred to as the “Website,” and also provides you with all the information regarding the rights that are recognised by Regulation (EU) 2016/679, hereinafter referred to as “GDPR.”
PSG SRL also specifies that the software and IT applications used for the operation of the Website may acquire some of your personal data, the processing and transmission of which are implicit in the use of internet communication protocols.
-
DATA CONTROLLER
PSG SRL
Via Vermiglioli, 3, 06123 Perugia (PG) VAT No: 02074820545 PEC: [email protected] PEO: [email protected] Telephone: +39 075 5723378
-
TYPES OF DATA PROCESSED
As a result of browsing this Website, the processing activities carried out by the aforementioned company will be aimed at acquiring the following personal data:
| Category | Type |
| Common Data | Personal details |
| Common Data | Navigation logs |
| Common Data | Technical Cookies |
| Common Data | Profiling Cookies (see Cookie Policy) |
| Economic Data | Tax data |
-
CATEGORIES OF DATA SUBJECTS
The processing activities are aimed at the following categories of data subjects: Website Users/Visitors and Clients of Priori Secret Garden Hotel.
-
SUBJECT AND METHODS OF PROCESSING
- For the purposes of this Privacy Policy, the term “Processing of Personal Data” refers to any operation performed, even though automated processes, such as viewing, using, collecting, recording, storing, modifying, extracting, consulting, communicating, disseminating, or any other form of making available, including the deletion or destruction of data.
- The processing of personal data will be carried out in such a way as to ensure their security and confidentiality and will be performed through manual, electronic, and digital tools.
- Following the navigation of the Website by the user/visitor, PSG SRL will process the data communicated or legitimately collected. In particular the following Personal Data may be processed:
-
Navigation Data
The software and IT systems used for the operation of the Website, during their normal operation, acquire certain personal data that are implicitly transmitted in the use of internet communication protocols. This information, which by its nature could allow the identification of users/visitors (e.g., IP address), is used exclusively for statistical purposes and to check the correct functioning of the Website. No navigation data will be communicated or disseminated to third parties.
-
Personal and Tax Data provided voluntarily by the users/visitors
By connecting to the website www.priorisecretgarden.it, users/visitors voluntarily communicate their personal data to access certain services, such as: a. Requesting information through instant messaging services; b. Submitting a request through the contact form; c. Using the online booking service through the “Slope” Booking Engine software, integrated directly into the official website of the Priori Secret Garden Hotel.
Regarding point a), on multi-platform IP messaging systems belonging to Facebook and the cloud-based instant messaging service provided by Telegram LLC, users/visitors are advised to review the respective data processing policies at the following links:
-
-
-
https://www.whatsapp.com/legal/
-
https://telegram.org/privacy
-
https://www.messenger.com/privacy
-
-
Regarding point c) on the online booking method, users/visitors are reminded that the acquisition of personal and tax data by the Data Controller will only take place with the explicit consent of the data subject; this functionality is optional, therefore its non-use does not preclude the possibility of navigating the Website and accessing other services that may be offered by the hotel.
In addition to the Data Controller, in some cases, external parties authorised under the direct control of the External Data Controller may have access to the data.
For further details and to review the “Privacy and Data Processing Policy” and the “Cookie Policy” provided, prepared, and implemented by Slope S.r.l. for the online booking panel, users are advised to view the dedicated booking engine section accessible from the “Book Now” button on the Website’s Home page. In the footer of the booking panel, clearly visible links to the mentioned documents are positioned.
-
Cookies
In addition to the data explicitly provided to the Data Controller, other data deriving from the navigation of the Website may be recorded when the user accesses it. The Website www.priorisecretgarden.it, like any other digital platform, can automatically send the user “cookies” during the viewing of the Website pages, which are small text files used to make navigation more convenient and to obtain information about the actions of the individual user, allowing the functioning of certain services that require the identification of the user’s path through the different sections of the Website. For more information on the use of cookies and how to manage, select, and/or delete them, please refer to the Cookie Policy of this Website.
-
Data acquired in the “Work with Us” section
Personal Data voluntarily provided to PSG SRL to submit a job application, only if the user/visitor has consented to their acquisition and has previously read this Information Notice.
-
PURPOSES AND LEGAL BASIS OF PROCESSING
-
- Personal data collected during navigation are processed to allow the user to use and learn about the services offered by the Website priorisecretgarden.it, as well as for maintenance and technical assistance to ensure the proper functioning and improve the quality and structure of the Website itself. All data processing is carried out within the limits and conditions provided by law, using direct and/or automated tools, including electronic, digital, and telematic means. PSG SRL will process the Personal Data of the user/visitor to achieve specific purposes, which will be communicated to you from time to time, and will process your Personal Data only when one or more of the following legal bases apply:
-
-
The user/visitor has given their free, specific, informed, and unequivocal consent to the processing; b. The processing is necessary to execute a contract to which the user/visitor is a party or to carry out pre-contractual measures taken at their request, c. There is a legitimate interest of PSG SRL, always respecting the rights and fundamental freedoms of the data subject that require the protection of personal data, d. There is a legal obligation.
-
-
PSG SRL may also carry out the following activities, only with the explicit consent of the data subject, for purposes related to the operation of the hotel business: a. Sending commercial communications about products and services similar to those purchased; b. Sending commercial/promotional communications about Priori Secret Garden Hotel services via phone call, SMS, email, messaging services (e.g., WhatsApp, Messenger, Telegram), postal mail, social networks, digital channels, and newsletters. c. Conducting statistics and market research, analysing interests, habits, and consumption choices, including with the help of electronic tools, to improve service offerings and present personalised promotional information and activities.
-
RECIPIENTS AND TRANSFER OF PERSONAL DATA
-
Role Recipient or Category of Recipient Data Processor Hosting Service Providers Data Processor ICT Systems Maintenance Services Data Processor Slope Booking Engine Software Provider Data Processor Consultancy Service Provider Economic Data Employees of the Data Controller
-
- For the purposes mentioned in point 5, PSG SRL may need to communicate users’ Personal Data to third parties to execute the contract, comply with legal obligations, or carry out activities instrumental to the provision of the requested services. The data may therefore be disclosed to employees, consultants, collaborators, and any other person performing activities based on instructions received from PSG SRL as Authorised Persons to Process Data. Additionally, data may be disclosed to entities belonging to the following categories: a. Public and private authorities, entities, and organisations connected to the hotel business, the provision of products, and/or the services of PSG SRL, or as required by specific legal provisions; b. Subjects performing technical or organisational tasks, data storage and processing, control, assistance, and consultancy, including legal consultancy, for PSG SRL.The entities belonging to the categories mentioned above will process the data as external Data Processors or as autonomous Data Controllers, or as Authorised Persons to Process Data, designated by PSG SRL; they will be given appropriate instructions to ensure confidentiality, security, and integrity of the data and the adoption of adequate security measures.
Users’ Personal Data will be processed within the European Union and stored on servers located within the European Union
- For the purposes mentioned in point 5, PSG SRL may need to communicate users’ Personal Data to third parties to execute the contract, comply with legal obligations, or carry out activities instrumental to the provision of the requested services. The data may therefore be disclosed to employees, consultants, collaborators, and any other person performing activities based on instructions received from PSG SRL as Authorised Persons to Process Data. Additionally, data may be disclosed to entities belonging to the following categories: a. Public and private authorities, entities, and organisations connected to the hotel business, the provision of products, and/or the services of PSG SRL, or as required by specific legal provisions; b. Subjects performing technical or organisational tasks, data storage and processing, control, assistance, and consultancy, including legal consultancy, for PSG SRL.The entities belonging to the categories mentioned above will process the data as external Data Processors or as autonomous Data Controllers, or as Authorised Persons to Process Data, designated by PSG SRL; they will be given appropriate instructions to ensure confidentiality, security, and integrity of the data and the adoption of adequate security measures.
-
DATA RETENTION PERIOD
The Personal Data processed for the purposes described above will be retained in compliance with the principles of proportionality and necessity, subject to further retention where necessary to fulfil specific legal obligations or orders from authorities, manage disputes and claims, collect debts, and pursue possible legal actions.
-
SOCIAL MEDIA PAGES – FACEBOOK AND INSTAGRAM
When a user makes use of the Page administered by the Data Controller, the social media Facebook and the associated Instagram profile collect information such as the types of content viewed or interacted with, the actions performed, and information about the devices used (IP addresses, operating system, browser type, language settings, cookie data). The Page administrator may also view aggregated and anonymised statistical data regarding visits and interactions with the Page, without accessing any individual visitor’s personal data. To learn more about the processing of personal data performed by Facebook and Instagram, users are advised to consult the following documents:
https://www.facebook.com/privacy/explanation
https://www.facebook.com/legal/terms/information_about_page_insights_data
https://www.facebook.com/policies/cookies/
9. RIGHTS OF THE DATA SUBJECT
Users/visitors have the right to exercise the rights provided by Articles 15-22 of the GDPR, including, specifically, the following right to:
- Access their personal data; Art. 15GDPR. The right to obtain a confirmation that their personal data are being handled and obtain the access to it-
- Rectify their personal data; -Art 16 GDPR. The right to obtain with no delay, unless motivated, inaccurate personal data that concern them or the implementation of missing personal data.
- Erase their personal data; Art. 17 GDPR. Right to obtain, without undue delay, the deletion of personal data concerning them. The right to erasure does not apply to the extent that the processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise, or defense of legal claims.
- Restrict processing of their personal data; -Art 18 GDPR.Right to obtain the restriction of processing when: a) the data subject contests the accuracy of the personal data, b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, c) the personal data are required by the data subject for the establishment, exercise, or defense of legal claims, d) the data subject has objected to the processing pending the verification of whether the legitimate grounds of the controller override those of the data subject.
- Data portability. Right to Data Portability – Article 20 GDPR. Right to receive, in a structured, commonly used, and machine-readable format, the personal data concerning you that you have provided to the Controller, and the right to transmit those data to another controller without hindrance, where the processing is based on consent and is carried out by automated means. Additionally, the right to have your personal data transmitted directly from one controller to another, where technically feasible.
- Object to processing of their personal data; Article 21 GDPR Right to object, at any time, to the processing of personal data concerning you based on legitimate interests, including profiling, unless there are compelling legitimate grounds for the Controller to continue the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
- Right Not to Be Subject to Automated Decision-Making – Article 22 GDPR. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless this is necessary for entering into, or the performance of, a contract or you have been given their explicit consent. In any case, automated decision-making process, will not involve your personal data, and you can at any time obtain human intervention from the controller, express your opinion, and contest the decision.
- Right to Lodge a Complaint with the Data Protection Authority: http://www.garanteprivacy.it
- Right to Withdraw Consent: You may withdraw your consent at any time and with the same ease with which it was given, without affecting the lawfulness of processing based on consent before its withdrawal.
The above rights may be exercised against the Controller by contacting the PEC reference as indicated in the first section of this notice: [email protected]
The Exercise of Data Subject Rights is Free of Charge
The exercise of data subject rights is free of charge pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, including those of a repetitive nature, the Controller may charge a reasonable fee based on the administrative costs incurred to handle or refuse the request.
We also inform you that the Controller may request additional information necessary to confirm the identity of the data subject.
This notice was last updated on 24-08-2022.
- CHANGES TO THIS PRIVACY POLICY
PSG SRL reserves the right to modify this Privacy Policy at any time. Any changes will be posted on this page and, where appropriate, notified to users/visitors via email. Users/visitors are advised to periodically review this page to stay informed about the protection of their personal data.
COOKIES POLICY
This Cookie Policy is intended to explain the use of cookies by this Website, www.priorisecretgarden.it.
What are Cookies?
Cookies are small text files that websites send to users’ devices when they visit a page. These text files can be stored on the device and transmitted back to the website on subsequent visits, allowing for recognition of the user and recording of preferences and navigation data.
Types of Cookies Used
- Technical Cookies: These cookies are essential for the proper functioning of the Website and do not require user consent.
- Analytical Cookies: These cookies collect information about how visitors use the Website and are used to improve the Website’s performance.
- Profiling Cookies: These cookies track users’ online activities to provide them with targeted advertising. User consent is required for the use of these cookies.
Managing Cookies
Users can manage cookie preferences through their browser settings, including accepting, blocking, or deleting cookies. Please refer to the help section of your browser for more information on how to do this.
By using the Website, users consent to the use of cookies in accordance with this Cookie Policy.
For more detailed information on the use of cookies and how to manage them, users are advised to consult the detailed cookie policy provided by the Website.