INFORMATION NOTICE PURSUANT TO EU REGULATION 2016/679
Aries Group S.r.l corso Giacomo Matteotti, 1 20121 Milano (MI)
Data Controller's email address: firstname.lastname@example.org
TYPES OF DATA COLLECTED AND PURPOSE OF PROCESSING
The data (name, surname, residence, telephone number, email address, tax code) are collected to allow the stay at our facility. The communication of one's own data, by the data subject, is a key requirement for the completion of the reservation and to stay at our premises:
- to acquire and confirm your reservation for accommodation and ancillary services, and to provide services you have requested;
- in order to fulfil the obligation provided for by the "Consolidated Law on Public Safety (Testo unico delle leggi di pubblica sicurezza)" (art.109 R.D 18.16.1931 no.773) which requires us to communicate guests’ personal details to the Police Headquarters for public security purposes.
- to comply with applicable administrative, accounting and fiscal obligations
METHODS OF PROCESSING
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, amendment or destruction of Personal Data. The processing is carried out by means of computer and/or telematic systems, with organizational methods and logics strictly related to the indicated purposes
PLACE AND TIME OF STORAGE
The data collected are stored (in paper and/or electronic format) at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located or at in-cloud services of third party companies. For more information, please contact the Data Controller.
Data for the purpose of fulfilling a contract is stored as required by law.
At the end of the period of their storage, or following a request for withdrawal, the data is erased.
RIGHTS OF THE DATA SUBJECT
This information notice lists the data subject's rights:
- access , i.e., to access one's own data at any time upon request to obtain information regarding the purposes and methods of processing;
- rectification , i.e., to be able to obtain, at any time, changes to their data "without undue delay";
- right to be forgotten, i.e., to be able to request and obtain, at any time, the erasure of one's own data;
- restriction of processing, i.e., to restrict the Controller’s use of one's own data (only for certain purposes, and not for others, or to prohibit any use and therefore the Controller only carries out storage);
- data portability, i.e. the right to receive all personal data concerning him or her; or the direct transmission of such data to another data controller;
- object to the processing, i.e. to be able to object, at any time, to the processing if there is no legal basis (where consent is not required), or to the processing for the purpose of direct marketing without giving any explanation, to the processing for scientific, historical, statistical purposes, and finally to the automated decision-making process
In addition, the data subject has the right to file a complaint with the competent authority.
The rights listed above may be restricted for security and defence reasons.
The Data Controller, with regard to the exercise of his/her rights, must reply to the data subject within one month from receipt of the request or within 3 months, in more complex cases, with the obligation to inform the data subject of the reasons for such extension within one month from receipt of the request.
For the exercise of its professional activity, the Data Controller provides to third parties the data it collects, appointing them as Data Processors, the processors process the data in accordance with the methods specified by the Data Controller (details on such processing may be requested to the Data Controller).
The data collected by the Data Controller are aimed at the execution of contracts, the data subject cannot refuse to provide their data if they intend to use the services provided by the Data Controller.
None of the data collected will be transferred to non-EU countries.