Privacy Policy
Privacy Policy Gruppo UNA
Preface
Definitions
User personal data processing policy
Cookies
Rights of the data subject
How to exercise rights and/or request information about data processing
Policies
Dear User,
This Privacy Policy is provided to you pursuant to art. 13 of EU Regulation 2016/679 - concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also the "Regulation" or "GDPR").
This Privacy Policy contains information relating to the processing of your personal data as a result of browsing the internet and using the services made available to you via the website.
You will be given specific and/or supplementary information about the processing of your personal data every time we collect it, when you interact with the website, or by virtue of contractual relationships established with our Company; you can view them all at any time by clicking on the links in the “Policies” section at the bottom of this page.
NB: this Privacy Policy does not apply to web services provided by any third parties you may use or consult via hypertext links. In this regard, we invite you to consult the privacy information and privacy policies provided by these third parties in the appropriate locations.
DEFINITIONS
Privacy Regulations: The GDPR, the Privacy Code, the Italian Data Protection Authority's provisions and in general all laws concerning the protection of individuals with regard to the processing of personal data.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation)
Personal data: Any information regarding an identified or identifiable individual. Besides data provided by the user via any forms in individual web service areas, this also includes browsing data
Data subject: The identified or identifiable individual that personal data refers to.
Browsing data: In the course of their normal operation, the computer systems and software procedures used to operate web services collect certain data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected in order to be linked to identified data subjects, but that by its very nature could allow users to be identified via processing and association with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (requiring users to log in), the data collected is associated with the user's personal account.
Browsing data includes:
- IP addresses or domain names of the computers used by users that connect to the website;
- the addresses of the requested resources in URI (Uniform Resource Identifier) format;
- the time of the request;
- the method used to submit the request to the servers;
- the size of the file obtained in response;
- the numerical code indicating the status of the response the server gives (successful, error, etc.)
- other parameters regarding the user's operating system and computer environment.
Data provided by users: This is the data which the user voluntarily and knowingly provides by sending communications (e.g. by email, to the addresses on the web domain) or by filling in specific forms, if present in the areas provided by the services.
The data provided by the user is only strictly necessary for the purposes required by the services on a case by case basis (for precise details regarding the categories of data collected on a case by case basis, please refer to the relevant privacy policy). By way of example, this data may be:
- personal details;
- regarding contact details (e.g., email address)
- related to the user/client's contractual position;
- geolocation (if the user has consented to the collection of data about their position);
- regarding the use of individual services available to the user;
- regarding facts and events disclosed by the user in their messages (as far as this is concerned, and in order to better protect them, users are encouraged not to provide information that is not strictly connected with the request and the nature of the services provided by the Company).
Data controller The person who decides on the purposes and methods of processing personal data. With reference to web services, Gruppo Unipol is the Company which this website refers to and whose references are at the bottom of each page.
Services or Web Services The services provided through the internet, used via the website and/or any apps.
User: The data subject (individual) who browses, consults, accesses or uses the web services.
DPO: The Data Protection Officer. Users may request clarifications regarding the processing of personal data or exercise their rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information about data processing”.
Italian Data Protection Authority: The Guarantor for the protection of personal data, in other words the Italian national monitoring authority for the protection of personal data. Consult the Authority's website.
Cookies: Cookies are pieces of information that are stored on your device (e.g., in your browser's memory) when you visit a website or use a web application
Each cookie may contain various data, such as the name of the server it comes from, a numerical identifier, etc.
See the Cookies Policy for more information.
USER PERSONAL DATA PROCESSING POLICY
Below we have provided some useful information about the processing of personal data carried out via our web services.
In particular, we would like to inform you about:
- the identification and contact details of the Data Controller;
- the contact details of the Data Protection Officer (DPO);
- the categories of personal data processed via the web services;
- the purposes for which this personal data is processed on a case by case basis;
- the conditions that legitimise the processing of this data (legal grounds);
- how long the data will be stored for, always strictly necessary for the pursuit of the stated purposes;
- the categories of data recipients.
Data controller |
Headquarter |
Gruppo UNA S.p.A. |
Via Gioacchino Murat, 23 - Milano |
Categories of personal data, purposes and legal grounds for processing and length of data storage
Categories of Personal Data |
Purposes of processing |
Legal grounds |
Length of data storage |
Browsing data |
To allow web browsing and the provision of services |
The need to perform a contract to which the data subject is a party or to provide a service at their request |
For the duration of browsing within the services |
To obtain anonymous statistical information on the use of the web services, for the sole purpose of checking their correct functioning |
Legitimate interest of the Company |
The data is collected in aggregate form and can no longer be traced to the individual user who browsed the website |
|
To guarantee that web services are secure and function correctly, as well as to assess liability in the event of hypothetical crimes, and in order to consequently protect our rights | Legitimate interest of the Company | 90 days from the date that the technical issue arises, for functionality analysis and improvement (“Troubleshooting”), unless a longer period is required in the event of disputes or investigations or if it becomes necessary to defend rights | |
Data provided by the user: provision of web services |
Information request |
The need to respond to requests made by the data subject (pre-contractual phase) or legitimate interest |
The time necessary to provide the information |
Booking overnight stays (data may also be collected by third parties, if the booking is made via external booking services providers) |
The need to respond to requests made by the data subject (pre-contractual phase) or perform a contract to which the data subject is a party |
For the duration of the booking (if hotel services are used, after checking in, for the duration of the stay and subsequently for the times set by administrative/accounting requirements in force from time to time |
|
Quote for booking rooms |
The need to respond to requests made by the data subject (pre-contractual phase) |
The time the quote is valid for |
|
Newsletter |
Consent |
2 years from the subscription date or until consent is withdrawn |
|
Newsletter Leisure Team |
Consent |
2 years from the subscription date or until consent is withdrawn |
|
Newsletter Mice Team |
Consent |
2 years from the subscription date or until consent is withdrawn |
|
Newsletter Corporate Team |
Consent |
2 years from the subscription date or until consent is withdrawn |
|
Discount and agreement request |
The need to respond to requests made by the data subject (pre-contractual phase) or perform a contract to which the data subject is a party |
For as long as the discount, agreement or service is valid (generally speaking, 1 year from the time the data is collected) |
|
Request for information about franchising agreements |
The need to respond to requests made by the data subject (pre-contractual phase) |
For the time strictly necessary for negotiations |
|
Booking catering services |
The need to perform a contract to which the data subject is a party
|
The time strictly necessary to process the request and subsequently it will be stored for administrative/accounting purposes in compliance with the regulatory terms that are established from time to time (generally speaking, for 10 years) |
|
Commercial and promotional messages (marketing purposes) |
Consent |
2 years or until consent is withdrawn |
Providing your personal information is free and optional; We remind you, however, that it is indispensable to pursue certain purposes (to provide you with appropriate feedback to requests, to register in the Reserved Area or to provide individual services); if is not provided, it may not be possible to pursue these purposes.
If data (and relative consent) is not provided for any marketing or profiling purposes, this will not affect other services requested.
We invite you to consult the relevant data processing policies for more details.
Processing methods and data storage period
The abovementioned data will not be distributed and may be disclosed to members of staff in our Company who have specific authorisation to process it. It may also be acquired and/or processed by other Gruppo Unipol companies and/or companies. Processing operations may be carried out by external parties who perform certain activities on our behalf and with whom we have special agreements governing the processing of personal information.
Finally, data may be disclosed at the express request of public authorities or law enforcement agencies.
The processing of personal data is always subject to the application of appropriate security measures to ensure the confidentiality, availability and integrity of the data.
The Web Services may use both first and third-party technical, analytical and profiling cookies.
Cookies are essential to improve the services and to provide products that are always in line with user preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.
To find out more, click here.
RIGHTS OF THE USER (AS DATA SUBJECT)
Privacy laws (articles 15-22 of the Regulation) guarantee the user, as data subject, the right to access data about them, as well as to obtain the rectification and/or integration, erasure or portability of the data. Privacy laws also give the user the right to request the restriction of data processing and to object to processing, as well as the possibility to withdraw any consent given (withdrawal does not affect the lawfulness of the processing carried out up to that moment).
Rights |
What are they? |
Conditions for exercising rights |
Access to data |
Users may ask the data controller:
|
Users may always make these requests |
Rectifying or integrating data |
Users may ask the data controller to:
personal data that is processed |
If the processed data is inaccurate or incomplete |
Erasing data |
Users may ask the data controller to erase personal data being processed |
|
Restricting personal data processing |
Users may ask the controller not to carry out, with the sole exception of storage, any processing operation on their personal data, except with users' consent or to protect their rights |
|
Opposition to personal data processing |
Users may oppose processing on the basis of legitimate interest (including having promotional messages sent) or on the basis of public interest |
The reasons must relate to the particular situation of the user, unless the user opposes processing for direct marketing purposes |
Opposition to automated decision-making |
Users may oppose automated decision-making. If this decision-making is necessary to enter into a contract, based on explicit consent, whether authorised by the law or regulation of the state or of the European Union, users have the right to obtain human intervention on the part of the controller, to express their point of view and to challenge the decision. |
There is a decision based exclusively on automated processing, including profiling, that has legal consequences regarding them or that similarly affects them to a significant extent. |
Portability of Personal Data |
Users have the right to receive personal data concerning them in a commonly used, structured format that can be read by an automatic device. |
Provided that the following conditions are met:
|
Withdrawal of consent |
Users may withdraw their consent. Withdrawal of consent does not affect the lawfulness of processing carried out before consent is withdrawn. |
Always |
HOW TO EXERCISE RIGHTS AND/OR REQUEST INFORMATION ABOUT DATA PROCESSING
The "Data Protection Officer" is available if there are any doubts or queries, to exercise the rights of data subjects, and to provide an updated list of data recipient categories.
Data protection officer or DPO |
Furthermore, your right to contact the Italian Data Protection Authority, including to lodge a complaint, remains unaffected, if it is considered necessary in order to protect your personal information and your rights in this matter.
PRIVACY POLICIES
Below is a list of our privacy policies: