Data subjects: users of the www.italyfamilyhotels.it website

According to EU Regulation 2016/679 (hereinafter referred to as the “Regulation”), this page describes the methods for processing personal data collected from data subjects who consult the websites accessible via the Internet at the following address: www.italyfamilyhotels.it

This Privacy Policy does not relate to other websites, pages or online services accessible via hyperlinks eventually published on the websites, but referring to resources external to the Data Controller’s domain.

Please note that the Privacy Policy may be amended from time to time depending on the launch of new services or as a result of legal updates; you are therefore encouraged to periodically check for any updates on the subject, visiting the aforementioned website. This page outlines the procedures for managing the website in relation to the processing of personal data collected from the website’s users. This Privacy Policy is further provided pursuant to Article 13 of EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data, to those who interact with the web services offered by the “ITALY FAMILY HOTELS CONSORTIUM”, based in Via Macanno 38/Q 47923 Rimini (RN), Italy, accessible electronically at www.italyfamilyhotels.it. Additional and possible data processing operations are defined in the Privacy Policy and Cookie Policy corresponding to the initial page of the official www.italyfamilyhotels.it website.

This Privacy Policy is provided solely for the www.italyfamilyhotels.it website and not for any other websites consulted by the user using links. The Privacy Policy refers to Whereas clause 30 of the GDPR, as well as being based on Recommendation no. 2/2001 that the European Authorities for the protection of personal data, in the Working Group established by Article 29 of Directive no. 95/46/EC, adopted on 17 May 2001, in order to identify some minimum requirements for collecting personal data online, and, in particular, the methods, timeframes and nature of the information that data controllers must provide users when they visit web pages, regardless of the purposes of such visit.

The Data Controller

Following a visit to this website, personal data relating to identified or identifiable persons may be processed.
The “Data Controller” is the ITALY FAMILY HOTELS CONSORTIUM, with registered office in Via Macanno 38/Q – 47923 Rimini (RN), Italy, VAT no. 03223190400.

The Data Protection Officer (DPO)
Studio Paci&C srl (contact person: Luca Di Leo) based in Via Edelweiss Rodriguez Senior, 13 – 47924 – Rimini, Italy – Tel. +39 0541 1795431, is designated as DPO by the Data Controller, pursuant to Article 37 of the GDPR.

Legal basis for the data processing

Personal data specified on this page is processed by the ITALY FAMILY HOTELS CONSORTIUM in order for the company to carry out its activities. Based on the data processing carried out on the aforementioned website, the legal bases on which consent shall be pursued are performance of a contract, compliance with a legal obligation, as well as the pursuit of a legitimate interest.

Place of data processing

Your data shall be stored by server providers, through agreements with hosting, cloud and connectivity providers (data processors or sub-processors), located both in EU countries, as well as in non-EU countries (United States), through suppliers subscribing to the Privacy Shield agreement. These systems are managed by a system administrator and by authorised and adequately trained persons, with the guarantee of technical and organisational security measures to protect personal data in reference to Articles 29 and 32 of EU Regulation 679/2016, through technical, administrative and commercial personnel.

Types of data processed and purpose of the data processing

Browsing data

Information systems and software procedures operating this website acquire, during normal operations, some personal data whose transmission is implicit when using Internet communication protocols.

This data category includes IP addresses or the domain names of computers and terminals used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of resources requested, time of the request, method used to submit the request to the server, size of file obtained in response, the numerical code indicating response status given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.

Such data, necessary for the use of the web services, is also processed in order to:
– Obtaining statistical information on the usage of the services (most visited pages, hourly or daily visitors, geographical areas of origin, etc.);
– Verifying the correct operation of the services offered.

Data provided by the user

The optional, explicit and voluntary sending of messages to the contact details of the ITALY FAMILY HOTELS CONSORTIUM, as well as the compilation and submission of the forms available on the www.italyfamilyhotels.it website, involve the acquisition of the sender’s contact data, necessary to respond to their request, as well as of all personal data included in the communications.

Specific Privacy Policies shall be published on the pages of the www.italyfamilyhotels.it website, dedicated to the provision of specific services.

Cookies and other tracking systems

The website may make use of cookies for user profiling.

Session cookies (non-persistent) are used, in a manner strictly limited to what is necessary for the secure and efficient navigation of the websites. The storage of session cookies in terminals or browsers is under the control of the user, where on the servers, at the end of the HTTP sessions, information about cookies remains recorded in the service logs, with storage times set by each individual third-party service provider. The data eventually collected through cookies and the management thereof, are fully described in the “Cookie Policy” document.

Optional provision of data

Apart from what has been specified with respect to navigation data, the user is free to provide the personal data contained in the information request forms sent to www.italyfamilyhotels.it. Whenever such data is requested, a specific Privacy Policy shall be provided and, where necessary the user’s consent shall be requested.

Data processing method

Personal data is processed using automatic tools for the length of time strictly necessary to achieve the purpose for which it was obtained. Specific security measures are observed in order to prevent data loss, unlawful or improper use of and unauthorised access to the data. We inform you that, in order to provide a complete service, links to other websites operated by other owners are present. We decline all responsibility for any errors, content, cookies, publications of unlawful immoral content, advertising, banners or files that do not comply with current regulations and with the Privacy law, on the part of websites that we do not manage to which reference is made.

Recipients of the data

Third parties
Communication to: natural or legal persons, public authority, service or any other body that is not the data subject, the data controller, the data processor and the persons authorised as data processors, including:
– private entities or public service managers to whom it is necessary to disclose the data for the purposes identified above.

Data Processors
The natural or legal person, public authority, service or other body which processes the personal data on behalf of the data controller:
– Web agency: Hospitality Factory srl – based in Via Fieramosca, 1 47138 Riccione (RN), Italy;
– Any other providers of IT services, web services, or other services necessary for the achievement of the purposes required to manage the relationship.

Within the company structure
Your data shall be processed only by personnel expressly authorised by the Data Controller, with the guarantee of the adoption of a relative confidentiality agreement and, in particular, by the following categories of employees:
– Administration

Transfer of data outside the EU

Third Countries: The data shall not be disclosed outside the EU. Any such transfer shall be indicated in the cookie policy or in the specific Privacy Policies associated with the forms. Whenever there is a need to transfer data to countries outside the EU, specific Privacy Policies shall be provided, with an indication of the appropriate measures, clauses and legal basis for the data transfer.

Rights of the data subjects

You have the right to obtain, from the Data Controller, the deletion (so-called “right to be forgotten”), limitation, updating, correction, portability, opposition to the processing of your personal data, as well as in general, you may exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR, where applicable with respect to the purpose of the data processing.

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22
1. The data subject shall be entitled to obtain conformation regarding the existence or otherwise of personal data concerning the party itself, even if not yet registered, and its communication in intelligible form.
2. The data subject shall have the right to obtain information concerning:
a. the source of the personal data;
b. the purposes and processing methods;
c. the logic applied in the event of data processing carried out with the aid of electronic or automated tools;
d. the identity of the data controller, the data processors and the representative appointed under Article 5, paragraph 2;
e. the entities or categories of entity to whom or which the personal data may be communicated and who or which may become familiar with said data in their capacity as designated representative in the State’s territory, as data controllers or processors.
3. The data subject shall have the right to obtain:
a. the updating, the correction or, where interested, the integration of the data;
b. the deletion, the transformation into anonymous form or the blocking of data processed in violation of law, including any data whose retention is not required in relation to the purposes for which the same has been collected or subsequently processed;
c. the certification that the operations referred to under letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or distributed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
d. the portability of the personal data.
4. The data subject shall have the right to oppose, in whole or in part:
a. for legitimate reasons, the processing of personal data, even though pertinent to the purpose of collection;
b. the processing of personal data for sending advertising material or for direct selling or for carrying out market research or commercial communications.

Right of complaint

Data Subjects who believe that the processing of their personal data, carried out through this website, is in violation of the provisions of the Regulation, shall have the right to file a complaint with the Authority for the Protection of Personal Data, as provided for by Article 77 of the same Regulation, or to take action before the appropriate courts (Article 79 of the Regulation).