INFORMATION ON THE PROCESSING OF PERSONAL DATA
of the users visiting the websites of Pellicano Hotels Pursuant to Article 13 of the EU Regulation 2016/679
This page contains a description of the websites managing policies in regard to processing the personal data of the users who visit this website and their privacy. This information is provided pursuant to article 13 of GDPR 679/2016 – General European Regulation concerning the Protection of Personal Data and the individuals who interact with the web services of Pellicano Hotels, which are accessible by telematics means through the following web addresses:
to the home pages of the official websites of “Il Pellicano” and “La Posta Vecchia” Hotels.
This informative note is provided only for the aforementioned website and not for other websites eventually accessed by the user through links.
THE “DATA CONTROLLER”
Following access to this website, data pertaining to persons that are identified or identifiable may be processed. The “Data Controller” of the personal data collected following a visit to our website or any other data used for providing our services is IL PELLICANO S.p.A., Monte Argentario (GR), fr. Porto Ercole, Loc. Sbarcatello.
PLACE WHERE DATA IS PROCESSED
Data processing pertaining to the web services of this website [physically hosted by SiteGround Spain S.L. "https://it.siteground.com" in a Intra EU server located in Amsterdam (NL), sub-processor of RELACTIONS S.R.L. (https://www.relactions.com) appointed as Data Processor] is carried out at ours headquarters and said data is processed only by the technical personnel in charge of processing of the data processing office, or by eventual persons in charge of processing who are entrusted to process occasional maintenance operations.
The personal data obtained from the users who submit hotel Booking requests or through informative material (informative notes, newsletters, registration, etc.) is used only to carry out the services or assistance requested and is not transmitted to third parties, except in the following possible:
- Business partners of Pellicano Hotel or Leading Hotels of the World Ltd (www.lhw.com) through its service provider Sabre GLBL Inc (www.sabrehospitality.com) - USA to whom the Data Controller transmits data exclusively in order to process on-line Bookings via SynXis web platform (be.synxis.com);
- Software suppliers: web check-in and PMS - Serenissima Informatica SpA (https://www.serinf.it) and CRM - e.Ratio Srl (https://www.eratio.it/);
- Persons, companies or professional offices who lend assistance and consulting services to Il Pellicano S.p.A. concerning accounting, administrative, legal, financial and tax matters;
- Subjects who are authorized to have access to the data by law or through requests by the authorities.
Data may be shared with the hotels of the "Pellicano" Group within the EU area.
TYPES OF DATA PROCESSED
The informatics systems and the software procedures used for the functioning of this website, during their normal functioning, acquire some personal data for which the transmission of said data is implicit in the use of Internet communication protocols. This concerns information that is not collected in order to be associated with identifiable interests but due to its nature, through elaboration and association with data obtained by third parties, could allow identification of the user. The data which fall within this category are: the IP address or the name and domain of the computer used by the user who accesses the website, the address which is revealed in the URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used in submitting the request to the server, the dimensions of the file obtained as a response, the numerical code indicating the server response status (successful, error, etc.) and other parameters pertaining to the operating system and the informatics used by the user. This data is used only to gather anonymous statistical information regarding the use of the website and to control its correct functioning and is cancelled immediately after elaboration. The data may be used for ascertaining responsibility in the case of hypothetical informatics crimes damaging to the website: except in this last case, the data of the web contacts cease to exist after seven days.
Data voluntarily provided by the user
The optional, explicit and voluntary sending of E-mail to the addresses indicated in the website results in the successive obtainment of the address of the sender which is necessary in order to respond to the request, as well as the eventual ulterior personal data inserted into the message(s).
Data will be retained only for registration request to send the newsletters or special offers and will not be disclosed to anyone. The personal information regarding the individual who visited the website is not collected or used. The visitors remain anonymous. The only exception to this rule concerns the information for personal identification needed to fulfill the contractual obligations of Bookings on behalf of the user.
In case of different Bookings to the hotel services through this website, the user must provide his name, address, telephone number and, when required, information regarding the payment arrangements and credit card used. Pellicano Hotels will use said information only for processing of the Bookings and to send specific information, which is relevant to the confirmation of said, such as a receipt, the Booking code and the conditions. The information provided will not be used for marketing purposes and will not be sold, transmitted, given by contract or sent to third parties an any way, with the exception of our provider of on-line Booking services, The Leading Hotels of the World Ltd and Sabre GLBL Inc, only for online Bookings purposes. In the event of hotel Bookings, the provider of on-line Booking services guarantees the use of scrupulous procedures in order to protect the navigational data and the use of particular precautions to protect the data pertaining to the credit card, which is provided during on-line Bookings.
Site visitors can register for our newsletter service. By registering, the user's e-mail address will automatically be included in a list of contacts to which e-mail messages will be sent. The newsletter will be containing periodic updates with commercial and promotional information relating to initiatives, events or promotions of the data controller.
To subscribe to the newsletter, you can use the registration forms on the site by entering your first name, last name, phone number and e-mail address. The information supplied with the registration form will be only used to sending our newsletter via e-mail and will not be disclosed to third parties. The newsletters will be processed via CRM platform provided by e.RATIO s.r.l. (www.eratio.it) with servers located at OVH (Strasbourg - SBG3) - FRANCE, acting as data processors.
PERSONAL DATA PROCESSING COLLECTED FROM CURRICULUM VITAE
Pellicano Spa accept Personal Curriculum Vitae of possible candidates both on paper and in an electronic format. Sending spontaneous and voluntary of the Curriculum Vitae data will be considered as implicitly informed consent by the data subjects for personal data processing contained, only following the purposes related to the selection of potential candidates.
The data processed for the purpose of selection of candidates are personal useful to search for the particular profile. In general, the nature of the data is normal, except in some cases where you may indicate any sensitive data necessary to identify the specific requirements of the regulations, such as specifying a particular protected classes, the suitability for certain jobs and / or start-ups required, within the limits set by the General Provision of June 5, 2019 which modified the General Authorisation of the Garante (Italian Supervisor Authority) no. 1 of December 15, 2016 on the processing of sensitive data in work relationships;
The provision of data relating to the selection of candidates is required. Any refusal to provide such data makes it impossible to perform an orderly selection and the possible recruitment. The data in question will not be disclosed to anyone.
General Rules for sending the CV
Any CV received spontaneously, replying to a job advertisement, will be stored directly by person in charge of the processing in accordance with the safety guidelines of personal data adopted in compliance with the security measures according to Chapter IV Section 2 of GDPR 679/2016. These will be printed only on the occasion of a meeting and a conversation with the data subject. After the interview, if the candidate is not selected, the CV will be stored for 24 months and after will be deleted and / or destroyed. In all other cases, after the talks, CVs will be stored for a year and after will be deleted from the PC and, if printed, they will be destroyed.
To send Curriculum Vitae use only the following addresses: Human Resources Dpt, Il Pellicano Spa, Località Sbarcatello 58019 Porto Ercole (Grosseto) ITALY or send it via e-mail at the address firstname.lastname@example.org.
PERIOD FOR DATA RETENTION - CRITERIA USED
According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation (EU) 2016/679, collected personal data shall be kept in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed.
Data retention periods depend on the purposes of the processing:
- purposes related to technical navigation data for the correct functioning of the website: retention only for the related session, after which the data are deleted;
- purpose of reply to info request/services supply request (up to 12 months for contact requests; 10 years for administrative / accounting / financial documentation relating to the provision of a service);
- data collection for staff recruitment (up to 24 months);
- newsletter, marketing or promotional communications in general (up to 24 months - until withdrawal of consent);
- purpose of administrative / accounting / financial management: 10 years as as required by law for the conservation of administrative / accounting / financial documentation.
In this website we are applied cookies technologies for different purposes, including computer technology authentication or to monitor sessions, and to store specific technical information regarding the users that access the server of RELACTIONS, the website maintenance provider and LHW/SABRE, the hotel booking service provider.
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
Personal data is not transferred to non-EU third countries, except for any cases described above where, in any case, the adoption of appropriate safeguards is ensured, in compliance with Chapter V of the GDPR.
For transfers to the USA or others extra EU countries, in the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, it takes place on the basis of:
- Booking Data LHW: the transfer is necessary for the performance of a contract between the data subject and the controller, or the implementation of pre-contractual measures taken at the data subject's request, pursuant to art. 6 a) and 49 paragraph 1, b) of the GDPR.
OPTION OF CONFERING DATA
Except for that which is specified for the navigational data, the user is free to provide the personal data listed in the request forms of Pellicano Hotels or referred to in contacting the hotel in order to provide CV, to make on-line bookings or to request delivery of information materials and other communications. Failure to provide such data may entail the failure to be provided with the items requested.
Personal data is processed with automatic instruments for the length of time strictly needed to carry out the purposes for which the data was collected. Specific safety measures are observed to avoid the loss, illicit or incorrect use and unauthorized access of data. There is no provision for an automated decision-making process for the processing of personal data.
DATA SUBJECTS RIGHTS
The data Controller is Il Pellicano Spa, Località Sbarcatello Porto Ercole 58019 (Grosseto) ITALY. The Data Protection Officer is Mr. Massimo Bruno. You may contact them at any time to exercise your rights as provided for in Chapter III GDPR 679/2016, in particular, the right to obtain confirmation as to whether or not personal data concerning you exist and the logic applied to the processing, the right to ask for their integration, the right to object to their processing on legitimate ground, and the right to request rectification, updating, erasure (right to be forgotten) or blocking of data that have been processed unlawfully, the right to obtain a copy of the personal data being processed as well as the right to data portability, also by sending a written request to the following e-mail address: email@example.com. At the same e-mail address, it is possible to contact the Data Protection Officer.
RIGHT TO LODGE A COMPLAINT
If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the EU Data Protection Regulation, he or she has the right to lodge a complaint with the Garante pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Garante pursuant to Article 79 of the Regulation.