Privacy Policy

Privacy Policy Gruppo UNA


Preface
Definitions
User personal data processing policy
Cookies
Rights of the data subject
How to exercise rights and/or request information about data processing
Policies



PREFACE

Dear User,
This Privacy Policy is provided to you pursuant to art. 13 of EU Regulation 2016/679 - concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also the "Regulation" or "GDPR").
This Privacy Policy contains information relating to the processing of your personal data as a result of browsing the internet and using the services made available to you via the website.
You will be given specific and/or supplementary information about the processing of your personal data every time we collect it, when you interact with the website, or by virtue of contractual relationships established with our Company; you can view them all at any time by clicking on the links in the “Policies” section at the bottom of this page.

NB: this Privacy Policy does not apply to web services provided by any third parties you may use or consult via hypertext links. In this regard, we invite you to consult the privacy information and privacy policies provided by these third parties in the appropriate locations.



DEFINITIONS

Privacy Regulations: The GDPR, the Privacy Code, the Italian Data Protection Authority's provisions and in general all laws concerning the protection of individuals with regard to the processing of personal data.

GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation)

Personal data: Any information regarding an identified or identifiable individual.  Besides data provided by the user via any forms in individual web service areas, this also includes browsing data 

Data subject: The identified or identifiable individual that personal data refers to.

Browsing data: In the course of their normal operation, the computer systems and software procedures used to operate web services collect certain data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected in order to be linked to identified data subjects, but that by its very nature could allow users to be identified via processing and association with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (requiring users to log in), the data collected is associated with the user's personal account.

Browsing data includes:

  • IP addresses or domain names of the computers used by users that connect to the website;
  • the addresses of the requested resources in URI (Uniform Resource Identifier) format;
  • the time of the request;
  • the method used to submit the request to the servers;
  • the size of the file obtained in response;
  • the numerical code indicating the status of the response the server gives (successful, error, etc.)
  • other parameters regarding the user's operating system and computer environment.

Data provided by users: This is the data which the user voluntarily and knowingly provides by sending communications (e.g. by email, to the addresses on the web domain) or by filling in specific forms, if present in the areas provided by the services.

The data provided by the user is only strictly necessary for the purposes required by the services on a case by case basis (for precise details regarding the categories of data collected on a case by case basis, please refer to the relevant privacy policy). By way of example, this data may be:

  • personal details;
  • regarding contact details (e.g., email address)
  • related to the user/client's contractual position;
  • geolocation (if the user has consented to the collection of data about their position);
  • regarding the use of individual services available to the user;
  • regarding facts and events disclosed by the user in their messages (as far as this is concerned, and in order to better protect them, users are encouraged not to provide information that is not strictly connected with the request and the nature of the services provided by the Company).

Data controller The person who decides on the purposes and methods of processing personal data.  With reference to web services, Gruppo Unipol is the Company which this website refers to and whose references are at the bottom of each page.

Services or Web Services The services provided through the internet, used via the website and/or any apps.

User: The data subject (individual) who browses, consults, accesses or uses the web services.

DPO: The Data Protection Officer. Users may request clarifications regarding the processing of personal data or exercise their rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information about data processing”.

Italian Data Protection Authority: The Guarantor for the protection of personal data, in other words the Italian national monitoring authority for the protection of personal data. Consult the  Authority's website.

Cookies: Cookies are pieces of information that are stored on your device (e.g., in your browser's memory) when you visit a website or use a web application 

Each cookie may contain various data, such as the name of the server it comes from, a numerical identifier, etc.

See the Cookies Policy for more information.



USER PERSONAL DATA PROCESSING POLICY

Below we have provided some useful information about the processing of personal data carried out via our web services.

In particular, we would like to inform you about:

  • the identification and contact details of the Data Controller;
  • the contact details of the Data Protection Officer (DPO);
  • the categories of personal data processed via the web services;
  • the purposes for which this personal data is processed on a case by case basis;
  • the conditions that legitimise the processing of this data (legal grounds);
  • how long the data will be stored for, always strictly necessary for the pursuit of the stated purposes;
  • the categories of data recipients.

Data controller

Headquarter

Gruppo UNA S.p.A.

Via Gioacchino Murat, 23 - Milano

Categories of personal data, purposes and legal grounds for processing and length of data storage

 

Categories of Personal Data

Purposes of processing

Legal grounds

Length of data storage

Browsing data

To allow web browsing and the provision of services

The need to perform a contract to which the data subject is a party or to provide a service at their request

For the duration of browsing within the services

To obtain anonymous statistical information on the use of the web services, for the sole purpose of checking their correct functioning

Legitimate interest of the Company

The data is collected in aggregate form and can no longer be traced to the individual user who browsed the website

Data provided by the user: provision of web services

Booking overnight stays (data may also be collected by third parties, if the booking is made via external booking services providers)

The need to respond to requests made by the data subject (pre-contractual phase) or perform a contract to which the data subject is a party

For the duration of the booking (if hotel services are used, after checking in, for the duration of the stay and subsequently for the times set by administrative/accounting requirements in force from time to time

Providing your personal information is free and optional; We remind you, however, that it is indispensable to pursue certain purposes (to provide you with appropriate feedback to requests, to register in the Reserved Area or to provide individual services); if is not provided, it may not be possible to pursue these purposes.

If data (and relative consent) is not provided for any marketing or profiling purposes, this will not affect other services requested.

We invite you to consult the relevant data processing policies for more details.

 

Processing methods and data storage period

The abovementioned data will not be distributed and may be disclosed to members of staff in our Company who have specific authorisation to process it.  It may also be acquired and/or processed by other Gruppo Unipol companies and/or companies. Processing operations may be carried out by external parties who perform certain activities on our behalf and with whom we have special agreements governing the processing of personal information.

Finally, data may be disclosed at the express request of public authorities or law enforcement agencies.

The processing of personal data is always subject to the application of appropriate security measures to ensure the confidentiality, availability and integrity of the data.




COOKIES

The Web Services may use both first and third-party technical, analytical and profiling cookies.
Cookies are essential to improve the services and to provide products that are always in line with user preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.

To find out more, click here.



RIGHTS OF THE USER (AS DATA SUBJECT)
Privacy laws (articles 15-22 of the Regulation) guarantee the user, as data subject, the right to access data about them, as well as to obtain the rectification and/or integration, erasure or portability of the data.  Privacy laws also give the user the right to request the restriction of data processing and to object to processing, as well as the possibility to withdraw any consent given (withdrawal does not affect the lawfulness of the processing carried out up to that moment).

Rights

What are they?

Conditions for exercising rights

Access to data

Users may ask the data controller:

  • for confirmation that data about them is being processed;
  • a copy of the data about them;
  • information about the processing of data (e.g. legal grounds, storage time periods, data recipient categories, etc.)

Users may always make these requests

Rectifying or integrating data

Users may ask the data controller to:

  • rectify
  • update
  • alter

personal data that is processed

If the processed data is inaccurate or incomplete

Erasing data

Users may ask the data controller to erase personal data being processed

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • the user withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  • the user opposes processing pursuant to art.  21 and there are no overriding legitimate grounds for the processing;
  • the personal data has been unlawfully processed;
  • the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

Restricting personal data processing

Users may ask the controller not to carry out, with the sole exception of storage, any processing operation on their personal data, except with users' consent or to protect their rights

  • the accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
  • the user has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Opposition to personal data processing

Users may oppose processing on the basis of legitimate interest (including having promotional messages sent) or on the basis of public interest

The reasons must relate to the particular situation of the user, unless the user opposes processing for direct marketing purposes

Opposition to automated decision-making

Users may oppose automated decision-making. If this decision-making is necessary to enter into a contract, based on explicit consent, whether authorised by the law or regulation of the state or of the European Union, users have the right to obtain human intervention on the part of the controller, to express their point of view and to challenge the decision.

There is a decision based exclusively on automated processing, including profiling, that has legal consequences regarding them or that similarly affects them to a significant extent.

Portability of Personal Data

Users have the right to receive personal data concerning them in a commonly used, structured format that can be read by an automatic device.

Provided that the following conditions are met:

  • the data is provided by the user;
  • processing is based on their consent or on a contract;
  • the processing is carried out by automated means

Withdrawal of consent

Users may withdraw their consent.  Withdrawal of consent does not affect the lawfulness of processing carried out before consent is withdrawn.

Always




HOW TO EXERCISE RIGHTS AND/OR REQUEST INFORMATION ABOUT DATA PROCESSING

The "Data Protection Officer" is available if there are any doubts or queries, to exercise the rights of data subjects, and to provide an updated list of data recipient categories.

Data protection officer or DPO

privacy@gruppouna.it

Furthermore, your right to contact the Italian Data Protection Authority, including to lodge a complaint, remains unaffected, if it is considered necessary in order to protect your personal information and your rights in this matter.



PRIVACY POLICIES
Below is a list of our privacy policies:

Privacy policy for online reservations at hotels – inluding via third parties (GUN_InfoPreW_01)

 

Back to contents