Privacy Policy Booking Confirm

Privacy Policy Booking Confirm

PERSONAL DATA PROCESSING POLICY

(hereinafter referred to as the “Privacy Policy”)

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 – General Data Protection Regulation (hereinafter the “Regulation”), we hereby inform you that Gruppo UNA S.p.A. (hereinafter, also, “Gruppo UNA” or the “Company”), as the Data Controller will process certain personal data relating to you or to third parties, for the purposes set out below.

Who will process the personal data?

The Data Controller of your personal data is Gruppo UNA S.p.A. (www.gruppouna.it), with headquarters in Milan, Via Gioacchino Murat, 23.

What personal data will we process?

The following categories of personal data will be processed (hereinafter referred to as the “Data” or “your Data”):

  1. your first name and surname and contact details (email address);
  2. data regarding payment methods and tools.

The Data may also relate to third parties, such as other hotel guests to whom you have asked us to provide our hotel services.

If you use booking services provided by third parties (such as, for example, online reservation/booking service providers), we inform you that, in accordance with article 14 of the Regulation, Data will be collected by these third parties, who operate, within their competence, as independent data controllers.

Why do we process the Data?

The Data will be processed for the purposes and on the basis of the following legal grounds:

  • (F1) – Booking of the hotel services requested, as well as any other additional services provided for from time to time (hereinafter the “Booking of Services” or “Booking”): processing takes place in order to allow the Booking of Services that you have requested. The contact details you provide may be used to confirm your booking and to send you information about the Services available at the hotel you have chosen or other notifications required by the law, regulations or other regulatory provisions.
  • (F2) - Fulfilment of administrative and accounting requirements: processing takes place for the purpose of fulfilling administrative and accounting requirements, where applicable;
  • (F3) – Compliance with sectoral regulatory obligations: processing takes place for the purpose of complying with sectoral regulatory obligations, applicable from time to time, and related to the provision of the Services;
  • (F4) - Protection of rights: processing takes place in order to protect the rights of the Company, including in a defensive way, both in court and out of court;

 

 

Categories of Data

Legal basis

Providing the Data

F1

a); b);

The legal basis for processing is the need to implement a pre-contractual measure you have requested or to perform a contract to which you are a party

The provision of your Data is necessary to achieve the stated purpose; if you do not provide it, we will not be able to continue with your booking request.

F2

a);

The legal basis for processing is the need to comply with applicable legal requirements from time to time

The provision of your Data is necessary to achieve the stated purpose; if you do not provide it, we will not be able to comply with any legal obligations applicable from time to time and we will not be able to continue with your booking request.

F3

a);

F4

a); b);

The legal basis for the processing is the legitimate interest of the Company, represented by the need to protect its rights

The provision of your Data is necessary to achieve the stated purpose; if you do not provide it, we will not be able to continue with your booking request.

 

How will we process your Data?

Your Data will be processed using procedures and methods, including computerised methods, strictly relevant to the aforementioned purposes, subject to the adoption of security measures deemed appropriate to the risks, and only authorised and trained personnel will have access to the Data, only to the extent strictly necessary to perform the activities that they have been assigned.

Who will we disclose the Data to?

The Data will not be distributed but may be disclosed to third parties solely for the purposes set out above. In particular, the Data may be disclosed to:

  • external parties to which the Company entrusts the performance of activities on its behalf (by way of example, but not limited to, computerised and telematic service providers, debt collection companies, etc.) and with which the Company enters into agreements aimed at regulating personal data processing;
  • external parties with which the Company enters into commercial and partnership agreements aimed at providing customers with additional hotel-related services (such as for booking agency services, where provided for by the hotel; for catering services bookings or the purchase of food remotely; etc.), which operate as independent Data controllers.
  • to the competent judicial authorities (hereinafter referred to as the “Judicial Authority”), public bodies (hereinafter referred to as the “Public Administration”), supervisory or public security authorities, both for the purpose of protecting a right of the Company, and if this is necessary for the purposes of complying with a legal provision, regulation or European legislation, or on the basis of an order and/or provision of the aforementioned competent authorities;
  • persons entitled to access certain Data necessary for the performance of activities ancillary to the contractual relationship in question (such as, but not limited to, banks and credit institutions, postal service or other companies providing similar services, supervisory institutions, or roadside assistance companies).

For the purposes mentioned above, your Data may be transferred to countries outside the European Union or the European Economic Area; in such cases, we will transfer the data on the basis of the safeguards provided for in the Regulation, such as, for example, a European Commission adequacy decision, or the signing of standard contractual clauses with the Data importer.

How long will we process the Data for?

Your Data will be processed for the duration of the existing contractual relationship and subsequently retained, for administrative and accounting reasons, as well as to meet the applicable legal requirements from time to time, for ten (10) years from the last entry.

In detail:

Purpose

Retention time

F1

For the duration of the Booking

F2

For ten (10) years from the last accounting entry

F3

For the time strictly necessary to comply with the regulatory obligations that are applicable from time to time

F4

For the prescription periods specified in sectoral legislation, as well as for the duration of any litigation and/or for any additional periods deemed useful for the purpose in question

 

Your rights

Privacy legislation (Articles 15 to 22 of the Regulation) guarantees you the right to access your Data at all times, to have it corrected and/or supplemented, if inaccurate or incomplete, deleted if it is processed unlawfully, and the portability of the data that you have provided to us, if processed automatically on the basis of your consent or for the contractual services you have requested, within the limits of the provisions of the Regulation (Article 20).

Privacy legislation also gives you the right to request the restriction of the processing of data, if the conditions are met, and to object to the processing on grounds relating to your particular situation.

The Data Protection Officer is available if you require any clarification about the processing of your Data and if you wish to exercise your rights: you can contact them at privacy@gruppouna.it.

This does not affect your right to contact the Data Protection Authority, including by lodging a complaint, where deemed necessary, to protect your Data and rights.