Privacy Policy

Privacy Policy pursuant to EU Regulation 679/2016

The company Locanda De Ciompi (VAT number 06957500488) with registered office in Via Pietrapiana, 28 50121 – Florence (FI), as Data Controller pursuant to Articles 4 and 28 of Legislative Decree 30 June 2003, n. 196 – Privacy Code (hereinafter “Code”) and Articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, “Regulation”) informs pursuant to art. 13 of the Code and 13 of the Regulation which will process personal data relating to customers or subjects who request information via forms (where they are natural persons).

  • Object of the processing

    The data processed are: personal data; contact information such as telephone number, email address, etc. The personal data indicated above will be processed exclusively for the provision of the service as requested by the customer and for all activities instrumental to this, including the purposes of establishing and managing contractual relationships of any kind, as defined by the sector legislation. The provision of the requested data is mandatory as it is necessary to carry out the service and any refusal to provide such data could result in the failure to complete or maintain the contractual relationship; the processing will be carried out both manually and through the use of computerized procedures; the data will not be disclosed.

  • Purpose of processing

    The data will be processed to allow the performance of activities related to the establishment and management of the service requested from the Owner. The same data will be processed lawfully, correctly and with the utmost confidentiality, mainly with electronic and computer tools and stored on both computer media and paper media and on any other type of suitable media, in compliance with the minimum security measures as provided for by the Code and the Regulation. Only if expressly authorized by means of a specific flag/check will the data be used to send commercial information.

  • Methods of processing

    The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and/or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes above and in any case for: no more than 10 years from the conclusion of the contract; no more than 2 years from the request for information. In case of consent to the processing for sending commercial information, the email that will be included in the mailing list will be used for the aforementioned purposes until the cancellation by the user and in any case no later than 5 years from the sending of the last email containing commercial information.

  • Access to data

    The owner may provide access to personal data to the following subjects (for the purpose of fulfilling the obligations connected to the established relationship or for data storage security purposes): to employees and collaborators of the Owner in their capacity as authorized persons and/or DPO and/or system administrators, all formally appointed or appointed;

  • Communication of data

    The Owner may communicate the data for the purposes referred to in art. 2 to Supervisory Bodies, Judicial Authorities and all other subjects to whom communication is mandatory by law for the fulfillment of the purposes set out by law. The aforementioned data will not be disclosed.

  • Data Storage and Transfer

    The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to other countries of the European Union and/or non-EU countries. In this case, the Data Controller ensures from now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission. The data will be transferred only in the event of acquisition or transfer of a company or branch of a company and in any case after sending a new information notice to the user.

  • Rights of the interested party

    The customer, in his capacity as interested party, has the rights set out in art. 7 of the Privacy Code and art. 15 of the Regulation and specifically:
    • The interested party has the right to obtain confirmation of the existence or otherwise of personal data concerning him or her, even if not yet recorded, and their communication in an intelligible form.
    • The interested party has the right to obtain the indication:
      • of the origin of the personal data;
      • of the purposes and methods of processing;
      • of the logic applied in the case of processing carried out with the aid of electronic instruments;
      • of the identification details of the owner, managers and representative;
      • of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or persons in charge.
    • The interested party has the right to obtain:
      • updating, rectification or, when interested, integration of data;
      • cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
      • certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected.
    • The interested party has the right to object, in whole or in part:
      • for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;
      • to the processing of personal data concerning him/her for the pursuit of purposes not contemplated by art. 2.
      Where applicable, the interested party also has the rights referred to in articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Guarantor Authority.

  • How to exercise rights

    The customer can exercise the rights referred to in the previous article at any time by sending an email to:  info@locandadeciompi.it

Bed and Breakfast Firenze Centro Storico
Loading...