INFORMATION pursuant to article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
Dear Client,
According to the article 13 of the UE Regulation 2016/679, Roscioli Hotels S.c.a.r.l. inform you that, with reference to the established contractual relationships, the collected personal data will be respected according to the above mentioned regulation with the following informations:
Personal Data Collection
Personal data collected / communicated, with your free and express permission, are exclusively related to:
- identification data (for example: name, surname, address, telephone, fax, e-mail, etc ...)
- tax/ invoice data (if required by law - for example, tax code, VAT number etc ...)
The processing of the above data may include prior authorization, even the data related to your health (eg physical disability, for which a particular type of room is requested during the booking).
In these cases, the processing will be limited to the data and operations necessary to fulfill the obligations, including pre-contractual ones, related to the provision of Hotel Services, within the limits of the services requested by you during the booking or during your stay at our hotel.
Holder of the Processing of Personal Data (paragraph 1 letters a, b)
Independent data controllers of personal data processing are the following:
- BW Plus Hotel Universo- Roscioli & Pallavicini S.r.l. with address elected in Via M. D'Azeglio, 21 - 00184 Rome
- BW Premier Hotel Royal Santina - Santina S.p.A. with address elected in Via Marsala 22 - 00185 Rome
- BW Hotel President - Rodan S.r.l. with an address for service in Via Emanuele Filiberto 175 - 00185 Roma
- Hilton Garden Inn Rome Claridge - Hungary Soc. Hotel in r.l. with address in Viale Liegi 62 - 00198 Rome
- Hotel Raffaello - GT Beta Srl with address elected in Via Urbana 3/4 - 00184 Rome
- The Corner Duomo - Sfizio al Massimo S.r.l. with an address for service in Via Massimo D'Azeglio, 21 - 00184 Rome
The Data Protection Officer (DPO - Data Privacy Officer) has been assigned to Mr. Fabrizio Roscioli (dpo@rhr.it); for Società Sfizio al Massimo s.r.l. to Mrs Olga Roscioli (dpo@rhr.it)
- Best Western International Inc. as separately available on https://www.bestwestern.com/en_US.html
- Hilton Worldwide as separate information available on the website https://hiltongardeninn3.hilton.com/en/hotels/italy/hilton-garden-inn-rome-claridge-ROMRCGI/index.html
Purposes and methods of Data processing (paragraph 1 letter c)
The purposes of processing personal data are the following:
1. Acquire and confirm your booking of the accommodation services and extra services and to provide them;
2. Fulfill the obligation envisaged by the "Consolidated Law on Public Security Laws" (Article 109 of the Royal Decree 18.06.1931, No. 773);
3. Fulfill the administrative, accounting and fiscal obligations related to contracted services and their organizational management;
4. Exercise the rights of the owner, for example the right of defense in court.
5. For purposes of protection of individuals, properties and company assets through a video surveillance system of certain public areas of the structure, identified by appropriate signs.
Only with your specific and distinct permission, the Data Controller may process your data for the further purposes described below:
• perform the function of receiving messages and telephone calls addressed to him/her during the stay;
• preservation of the client's personal details in order to speed up the registration procedures in case of future stays
• sending proposals and commercial communications by e-mail or SMS or fax, by the Data Controller
• carry out market surveys and statistics, marketing and references on advertising (press, radio, TV, internet, etc.), product preferences;
The Personal data will be processed on paper form and computerized, and included in the relevant databases that will be accessible only by the owner of the property and his representatives. In regards to the data processed via electronic form, it is emphasized that all appropriate security measures have been adopted to protect the rights and legitimate interests of the interested individual.
Possible Receivers of the Data (paragraph 1 letters e, f)
In relation to the purposes indicated in the previous paragraph, the data may be communicated to the following subjects or to the categories of subjects indicated below:
• Studies of recognized accountants related to the profession of assistance to companies when the communication is requested by law, or is in the interest of the subject (natural or legal person);
• Studies of recognized lawyers related to the profession of assistance to companies when the communication is requested by law, regularly in charge of this form of treatment in full compliance with the minimum measures in force, or when the communication is in the interest of the subject (natural or legal person) );
• Police forces to fulfill public security obligations.
Furthermore, in the management of your data, the following categories of authorized and / or external persons identified with a written approval and to whom they received specific written instructions regarding the processing of data as per below:
- employees of the company in quality of "authorized person"
- system administrators;
- individuals manage the Company's IT system and telecommunications networks;
- consultants of the Company or other individuals that provide services connected to the Hotel Service, including Best Western Italia S.C.p.A. and Hilton Worldwide
The complete list of data processors is available upon request, which can be forwarded to the data controller.
Data Transmission
In regards to the management of the reservations, your data will be transferred to Best Western International and or Hilton Wordlwide whose servers may be allocated outside the EU. Best Western International and Hilton Worldwide adopted measures to guarantee the conformity to GDPR.
All the other personal data our conserved on servers that are located in the EU.
In any case the owner, where necessary, has the authority to move the servers also outside EU. In this case, the owner reassures from now that the transfer of the data extra UE will occur in line with the applicable legal dispositions, upon the stipulation of the contractual clauses that are established by the European Commission.
Location of the treatment
The collected Data are processed in the headquarters of the owner of the treatment and in the other locations of the company group.
Data Retention Period (paragraph 2 letter a)
At the end of the service, the personal data will be stored exclusively for historical or statistical purposes, in compliance with the law, regulations, community legislation and codes of deontology and good conduct signed in accordance with Article 40 of the EU Reg. 2016/679, for a period as per current legislation (10 years), or, in case they are not subject to any law, for a period not exceeding five years. Beyond this period, the personal data will be stored anonymously or destroyed. In case of approval to the processing of data for marketing purposes, the data will be processed for a period not exceeding 5 years from the data collection. The data of those individuals who never used our services, even if they have had a previous contact with the company’s representatives, will be immediately cancelled or processed anonymously, where their conservation is not otherwise justified, unless the permission has been validly acquired and the interested parties informed regarding a subsequent commercial promotion or a market research activity.
Rights of the interested parties (paragraph 2 letter b)
In relation to the previously mentioned statements, the interested party has the right to request access to his / her personal data and to rectify or cancel them or limit their treatment or to oppose their treatment, as well as having the right to approve the data collection.
Right of Withdrawal of Consent (paragraph 2 letter c)
If the processing is based on approval, the holder informs the interested party that he has the right to cancel it at any time without prejudice to the lawfulness of the treatment based on the permission given before the revocation.
Right to initiate a Complaint (paragraph 2 letter d)
The owner informs the interested party that he has the right to initiate a complaint to a supervisory authority.
Mandatory or Optional Nature of the Provision of Data (paragraph 2 letter e)
The provision of data and the related processing are mandatory in relation to the above mentioned purposes in regards to the provision of Hotel Services and to fulfill the purposes of the public security; it follows that, any refusal to provide data for such purposes may determine the impossibility of providing the Hotel Services requested and, therefore, the impossibility of hosting you in our property.
The provision of data for other purposes which require specific approval that may be revoked at any time
and the relative treatment, is to be considered optional, any refusal will not have any consequence in the provision of the requested service.
Date
Roma lì, 28 maggio 2018