NOTICE REGARDING THE PROCESSING OF PERSONAL DATA THROUGH THIS WEBSITE
Here below we provide information on the processing of personal data collected upon interaction with the website based on URL http://thehotelcouture.com/.
Should you leave the http://thehotelcouture.com/ domain to visit other websites, links to which may be included in the web pages published on http://thehotelcouture.com/, you should refer to the personal data protection information on those other websites.
The Data Controller is the THE HOTEL COUTURE SRL., registered office Milano (MI) Viale Pasubio 16, certified email address email@example.com.
Types of data collected
PERSONAL DATA GENERATED WHILE BROWSING ON THE WEBSITE
The computer systems and software employed for the functioning of the website are able to acquire personal data.
This data category includes: IP addresses; domain names of computers used by users connecting with the site; URI (Uniform Resource Identifier) addresses of requested resources; time of the request; method used to submit the request to the server; size of the file obtained in response; numerical code indicating the status of the server response (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
Cookies are computer files or partial data comprising text strings that can be saved on your computer (or on other devices enabled to browse the Internet) when you visit a website.
A cookie usually contains the name of the website that it originates from, its duration (how long it will remain on your device) and a value, which is usually a randomly generated unique number.
Some cookies are strictly necessary for the website to function, others optimize its performance and offer a better user experience, and yet others are used to collect data relating to the user’s website browsing behaviour.
Cookies have a precise duration, and on this basis are categorised into:
– persistent: when the browser is closed they are not destroyed but remain up to a pre-set expiry date;
– session: they are destroyed each time the browser is closed.
Technical cookies are needed for the correct operation of some areas of the site or to improve the user browsing experience.
In the absence of these cookies, the site or some parts of it might not function as envisaged.
Analytical cookies are used to collect information on use of the site and gather aggregated data on the number and browsing behaviour of users who have visited the site.
Third-party cookies are used to integrate software products and functions from third-parties, such as third-party domains, and from partner sites offering functionality within the pages of the site.
The various web browsers can be set to not accept third-party cookies; to do this please read your browser’s instructions, for example by clicking on “Guide” or “Help” in the relevant menu.
The majority of Internet browsers are initially set to automatically accept cookies.
It is possible to change these settings to block cookies or to receive notifications about cookies sent to your device.
Further information on cookies and how to manage them can be found by going to www.aboutcookies.org.
A list of cookies installed by the http://thehotelcouture.com/ website is shown below.
wc_cart_hash_#, technical cookie whose personal data are processed for the duration of the browsing session;
wc_fragments_#, technical cookie whose personal data are processed for the duration of the browsing session;
_ga, analytical cookies whose personal data are processed for two years:
_gat, analytical cookies whose personal data are processed for 24 hours;
_gid, analytical cookies whose personal data are processed for 24 hours;
collect, technical cookie whose personal data are processed for the duration of the browsing session;
r/collect, technical cookie whose personal data are processed for the duration of the browsing session.
How to disable cookies by configuring the browser
The main browsers enable users to change the management of cookies.
For more information about cookies or their management and deletion, visit the website https://www.aboutcookies.org for a detailed guide.
PERSONAL DATA PROVIDED DIRECTLY BY THE DATA SUBJECT
Visitors to the website have the right to provide their personal data directly: email, first name, surname and nationality.
Users accept responsibility for the Personal Data of third parties published or shared via email or contact form and guarantee that they have the right to communicate or disseminate these, freeing the Owner of any liability to third parties.
Data processing for the purposes of access to, registration on and purchasing from the website.
The processing of personal data must be legitimised by one of the legal bases of the legislation in force regarding the protection of personal data as described below.
a) The establishment and execution of contractual relationships and consequent obligations, including communications regarding to services (for example to proceed with after-sales services)
The Company may process your contact details to pursue the possible setting up and execution of contractual relationships, to provide the services requested and to respond to notifications and complaints.
The Company may also use your contact details, and your email address in particular, to provide information regarding the service.
Basis for processing: the fulfilment of contractual obligations.
b) Compliance with legally-binding requests to fulfil legal obligations, regulations or provisions of the judicial authorities, as well as to defend rights by judicial means.
The Company collects your contact details to fulfil legal obligations and/or to defend its rights by judicial means.
Basis for processing: legal obligations that the Company is obliged to comply with.
c) Marketing to respond to your needs and to provide you with promotional offers in-line with your preferences (ed.: we have also included possible profiled marketing).
The Company may process your contact data for the purposes of marketing and advertising to inform you about promotional sales initiatives, performed using automated contact methods (emails, text messages and other mass-messaging tools, etc.) and traditional contact methods (for example phone calls by an operator), or for market research and statistical surveys, should you give us your consent.
The Company may likewise process your contact details, interests and other personal data to send you commercial communications in-line with your preferences, based on a specific customer profile, should you grant us specific further consent.
Basis for processing: consent; failure to provide this does not have consequences for contractual relationships.
Consent may be revoked at any time by contacting The Company.
d) Contacts from mailing lists or newsletters: by registering with the mailing list or newsletter, the User’s email address is automatically included in a list of contacts to whom email messages containing information relating to our activities – including commercial and promotional – may be sent. The User’s email address might also be added to this list as a result of a contact by post or through a previous job or working relationship.
Personal Data collected with a form through the website or telephone contact: email, first name, surname, nationality.
Basis for processing: the consent of the data subject who subscribes to the newsletter and the legitimate interest of the data controller to proceed with the service, given evidence that the recipient of the newsletter interacts with the content of the message.
HOW WE KEEP PERSONAL DATA SECURE
The Company uses a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of your personal data.
All your personal data is stored on our secure servers (or on secure printed copies) or on those of our suppliers or commercial partners, and is accessible and usable based on our standards and security policies (or equivalent standards of our suppliers or commercial partners).
Among others, we adopt measures such as:
– rigorous restriction of access to your personal data, according to need and solely for the purposes communicated;
– perimeter security systems to prevent unauthorized access from externally;
– permanent monitoring of access to IT systems to identify and halt the abuse of personal data;
– transactions on our websites requiring your personal data to be entered are encrypted using Secure Socket Layer (SSL) technology
HOW LONG WE STORE YOUR INFORMATION
We store your personal data only for the time needed to achieve the purposes for which it was collected or for any other related, legitimate purpose. If personal data is processed for two different purposes, therefore, we will store this data until the purpose with the longest term ceases, but we will no longer process personal data for the purpose for which the storage period has already ceased.
We limit access to your personal data solely to those parties needing to use it for relevant purposes.
When your personal data is no longer needed, or when there is no longer a legal requirement for its storage, it is irreversibly anonymized (and can be stored in this way) or securely destroyed.
Here below are the periods of storage relating to the different purposes listed above:
a) and b) Fulfilment of contractual and legal obligations: data processed to fulfil any contractual obligation may be stored for the entire duration of the contract and in any event no longer than the following 10 years, in order to verify any outstanding accounts including accounting documents (for example invoices) . In the event of disputes: in the event that we defend ourselves or act or make claims against you or third parties, we may store personal data that we regard as reasonably necessary to process for such purposes, for the period in which this claim can be pursued.
c) For marketing purposes: data processed for marketing purposes may be stored for 24 months from the date on which we received your most recent consent for this purpose (unless objection is expressed to receiving further communications);
d) Contacts from mailing lists or newsletters: these may be stored for 24 months from the date of subscription to the service or from the last date on which we obtained evidence of usership of the content of the service.
Method of processing
The Data Controller processes Users’ Personal Data while employing the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the Personal Data.
The processing is carried out using IT and/or telematic tools, and using organizational methods and a logic that are strictly correlated to the purposes indicated. As well as the Data Controller, access to the Data may in some cases be given to categories of appointees involved in the organisation of the website (administrative, commercial, marketing or legal personnel, system administrators) or external persons (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, advertising agencies) that are also, if necessary, appointed as Data Processors by the Data Controller (Article 28 of Regulation (EU) 2016/679). The up-to-date list of Data Processors can always be requested from the Data Controller.
Data is processed at the operational premises of the Data Controller and in any other place in which the parties involved in the processing are located.
The User’s Personal Data may be used by the Data Controller by judicial means or in the stages preparatory to their possible use in defence against the abuse of this website or its related services by the User.
The User declares that he/she is aware that the Data Controller may be required to disclose Data by the public authorities.
Exercising of rights by Users
THE HOTEL COUTURE SRL guarantees that it can exercise the rights pursuant to article 12 of the GDPR at any moment. In particular you have the right:
– to know whether the Data Controller holds and/or processes your personal data and to access it in full while also obtaining a copy (Article 15, Right of access);
– to correct any incorrect personal data or to supplement incomplete personal data (Article 16, Right to rectification);
– to erase personal data held by the data controller if one of the grounds provided for by the GDPR applies (Right to erasure, Article 17);
– to ask the data controller to restrict processing only to certain personal data, if one of the reasons provided for by the Regulation applies (Article 18, Right to restriction of processing);
– to request and receive all your personal data processed by the data controller in a structured, commonly used and machine-readable format or to request transmission to another data controller without hindrance (Article 20, Right to portability);
– to object, wholly or in part, to the processing of data for the purpose of sending advertising material and for market research (combined provisions with Consent) (Article 21, Right to object)
– to object, wholly or in part, to the automated or semi-automated processing of data for purposes of profiling (combined provisions with Consent).
These rights may be exercised by contacting the data controller using the contact details shown in the appropriate section of this notice.
You also always have the right to lodge a complaint with the Personal Data Protection Authority, which can be contacted at firstname.lastname@example.org or through the website http://www.gpdp.it.