PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users who consult the website of S.I.S.U. S.r.l. pursuant to Article 13 of Regulation (EU) 2016/679

 Pursuant to Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of processing personal data of users who consult the website of S.I.S.U. S.r.l., accessible online at the following address: hotel-ulisse.com

This information notice is also provided in accordance with Recommendation No. 2/2001 adopted on 17 May 2001 by the Article 29 Data Protection Working Party, which identified certain minimum requirements for the collection of personal data online, particularly regarding the methods, timing, and nature of the information that controllers must provide to users when they connect to web pages, regardless of the purposes of the connection.

This information does not concern other websites, pages, or online services that may be accessed through hyperlinks published on the site.

 

DATA CONTROLLER

Following consultation of the above-mentioned website, data relating to identified or identifiable natural persons may be processed.

The Data Controller is: S.I.S.U. S.r.l.

Registered office: Via Bora 12, 48012, Bagnacavallo, RA, VAT No. 02796010391 Operating office: Viale Italia 58, Marina Romea – RA

LEGAL BASIS OF PROCESSING

The personal data indicated on this page are processed as necessary for the pursuit of the Data Controller’s legitimate interest in ensuring the proper functioning of the web services offered, obtaining statistical information on bookings and the use of services, and responding to requests submitted to us (Art. 6(1)(f) of the Regulation).

Contacts

The voluntary, explicit, and optional sending of messages to the contact addresses indicated on the site, as well as the completion and submission of forms in the relevant section, entails the acquisition of the sender’s contact details (name, surname, email), which are necessary to reply, along with all personal data included in the communication.

This processing does not require consent since it is necessary for the legitimate interest of the Controller to respond to incoming requests. Therefore, the provision of such data must be considered mandatory for the fulfilment of the request: failure to provide such data would make it impossible to respond.

Users are free to choose whether to subscribe to mailing lists for promotional or commercial purposes.

The data collected are stored only for the time strictly necessary to respond to messages. Should a commercial relationship be established, the data will be stored for at least the duration of that relationship.

 

TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), some geolocation information of the request, and other parameters related to the user’s operating system and IT environment (fingerprint).

These data are not collected for the purpose of being associated with identified data subjects, but, by their very nature, could allow users to be identified.

Such data, necessary for the use of web services, are also processed for the purpose of: obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.); monitoring the proper functioning of the services provided. The data (log files, traffic data) may also be used to ascertain liability in the event of hypothetical computer crimes against the site and, for the same reason, are retained by the ISP (Internet Service Provider) and the web host.

 

Data provided by the user Contacts

The voluntary, explicit, and optional sending of messages to the contact addresses indicated on the site, as well as the completion and submission of forms in the relevant section, entails the acquisition of the sender’s contact details (name, surname, province, email, area of interest), which are necessary to reply, along with all personal data included in the communication.This processing does not require consent since it is necessary for the performance of a contract or pre- contractual measures requested by the data subject. Therefore, the provision of such data must be considered mandatory for the fulfilment of the request: failure to provide such data would make it impossible to respond. Users are free to choose whether to subscribe to mailing lists for promotional or commercial purposes.The data collected are stored only for the time strictly necessary to respond to messages. Should a commercial relationship be established, the data will be stored for at least the duration of that relationship.

RECIPIENTS OF THE DATA

Browsing data are retained by the ISP (Internet Service Provider) and the web host (the entity hosting the web server on its own physical machines), which store them for the time required by law. Personal data collected through messages and contact forms (“Contacts” and “Work with us”) are also processed by internal staff authorized by the Data Controller, acting on the basis of specific instructions regarding the purposes and methods of the processing. No profiling is carried out and the collected data are not subject to automated decision-making processes.

RIGHTS OF DATA SUBJECTS AND RIGHT TO LODGE A COMPLAINT

Data subjects have the right to obtain from the Controller, in the cases provided for, access to their personal data and the rectification or erasure of such data, or the restriction of processing concerning them, or to object to the processing (Arts. 15–22 of the Regulation).

Data subjects who consider that the processing of personal data concerning them, carried out through this site, infringes the Regulation, have the right to lodge a complaint with a supervisory authority (e.g., the Italian Data Protection Authority), as provided for by Art. 77 of the Regulation, or to bring proceedings before the competent judicial authorities (Art. 79 of the Regulation).

Requests relating to the aforementioned articles must be submitted to the Data Controller using the contact details indicated at the beginning of this information notice.