Privacy

Information document in accordance with Regulation (EU) 2016/679 (hereinafter, GDPR)

The website www.stefaniahotel.it collects some Personal Data of its Users.

This information è prepared on the basis of the legislation on personal data protection, including Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, GDPR).

HOLDERS AND PROCESSOR

Nistema srl (hereafter, Data Controller),
based in Olbia (OT), Via Bora, 8 P.iva 02264480902
tel. +39 0789 39027 – email: info@stefaniahotel.it

CIN: IT090047A1000F2160

Typologies of Data Collected and Purpose of Processing

a) Contacts.
It is possible to contact the Data Controller to request information and for any request related to the services offered, in particular quotations, requests for availability or general. The data collected are: name, email address, telephone, and those contained in the body of the message sent; cookies, usage data and IP addresses (the latter data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning).

The purpose of the processing of your data è to fulfill your requests, and the legal basis of the processing lies in the execution of pre-contractual and contractual measures (Art. 6, lett. b, GDPR).

Your data will be processed only after you have given your explicit consent for the purpose of processing your contact request.

b) Reservations
You have the option to book hotel rooms through the website.

The data collected are: first name, last name, email address, telephone, residential address; cookies, usage data and IP addresses (the latter data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning).

The processing of your data will only take place after you have given your explicit consent for the purpose of processing your reservation request.

For specific information and information on payment processing, please see the specific information in the booking section

c) Content on external platforms.
These services allow you to view content hosted on external platforms directly from the pages of this Site and interact with them. In the event that such a service is installed, è it is possible that, even if Users do not use the service, it may collect traffic data related to the pages where è installed.

The widgets that are installed on this site are:

-Facebook (Facebook, Inc.). Facebook social link è an interaction service with the social network Facebook, provided by Facebook, Inc.
Personal Data Collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy. (Facebook has certification under the EU - U.S. frameworks that constitute a legal system for the transfer of personal data from the EEA to the U.S., within which certified organizations guarantee to provide a level of protection in line with European data protection law).

-Youtube. The YouTube social widget è a service for interaction with the social network YouTube, provided by Google Inc.
Personal Data Collected: Usage Data. Place of processing: United States – Privacy Policy. Privacy Shield adherent.

- Simplebooking. Online room reservation application provided by QNT S.r.l. a Socio Unico.
Personal Data Collected: Usage Data. Place of processing: Italy – Privacy Policy.

Mannerà and Place of Processing of Collected Data

The processing is carried out by means of computerized and/or telematic tools, with organizational modalities and logics strictly related to the indicated purposes and, in particular, through the adoption of the appropriate security measures referred to in EU Regulation 679/2016. In addition to the Data Controller, in some cases, other subjects involved in the organization of this application (personnel authorized by the Data Controller) or external subjects (such as third party technical service providers and hosting providers) also appointed, if necessary, Data Processors by the Data Controller may have access to the data.

Legal basis of the processing

The Controller processes Personal Data related to the User, for contact purposes. However, it is always possible to ask the Controller to clarify the concrete legal basis of the processing.

Location and scope of communication of your data

The data are processed and stored at the registered office of the Data Controller by personnel authorized by the Data Controller itself or by any persons in charge of occasional maintenance operations.

Your personal data are stored on servers located within the European Union, except as stated in point 1, letter b) of this privacy policy.

Your data may be disclosed to third parties belonging to the following categories: entities that provide services for the management of the website used by the Data Controller and communication networks (including e-mail); authorities competent for the fulfillment of legal obligations and/or provisions of public authorities, upon request.

Your data will not be subject to dissemination.

Subjects belonging to the above categories perform the function of Data Processors, or operate completely independently from the Data Controller.

The User canò request information on the list, constantly updated, of data processors from the Controller by contacting him at the contact details given at the beginning.

Nature of data provision and consequences of refusal to respond

The conferment of data for the purpose of contact è functional to take advantage of the services requested, therefore, any refusal to confer them entails the impossibility for the Owner to process your requests.

Period of storage

The Data are processed and stored for the time required by the purposes for which they were collected.

Personal Data collected for purposes related to the performance of a contract or the performance of pre-contractual measures between the Data Controller and the User will be retained until the performance of such contract is completed and, in any case, in accordance with applicable law.

The Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, at the expiration of this period, the right of access, cancellation, rectification and the right to portability of the Data can no longer be exercised.

We never and for no reason sell or rent Users' Data to third parties. The only uses of the Data are those highlighted in this policy. Users are the sole owners of their Data and may request its modification or deletion at any time.

User Rights

Users may exercise certain rights with respect to the Data processed by the Data Controller.

In particular, under the GDPR, the User has the right to:

-revoke consent at any time;

-oppose the processing of their data;

-access their data;

-verify and request rectification;

-obtain restriction of processing;

-obtain the deletion or removal of one's personal data;

-receive their data or have them transferred to another data controller;

-submit complaints to the Supervisory Authority (Privacy Guarantor).

How to exercise rights

To exercise their rights, the User mayò address a request to the contact details of the Controller indicated in this document.

System logs and maintenance

For needs related to operation and maintenance, this application may collect System Logs, which are files that record interactions and may also contain personal data, such as the User's IP address.

Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.