This page shows the personal data security policies that the company Hassler Roma S.p.a. puts in place for users who visit the website, and more generally for data processing subjects who, for various reasons, interact with our hotel.
The information is also based on Recommendation No. 2/2001 that the European personal data protection authorities, who met in the Group established by Art. 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, times and nature of the information that data controllers must provide users with when they connect to web pages, regardless of the purpose of the connection.
DATA CONTROLLER AND SUPERVISORS
- Pursuant to Art. 4 point 7 of the GDPR 2016/679, the Data Controller for the Site is the company Hassler Roma S.p.a..
- Pursuant to Art. 28 of the GDPR 2016/679, the Data Supervisor for bookings for the Hotel Hassler made via the company’s website via the platform https://be.synxis.com/ is the company The Leading Hotels of the World, Ltd. - 485 Lexington Avenue, Suite 401 New York, NY 10017. The Leading Hotels of The World, Ltd uses the company Sabre GLBL Inc. - 3150 Sabre Drive, Southlake, Texas 76092 for this purpose.
- Within the meaning of art. 28 of GDPR 2016/679, the data processor assigned to process Palazzetto reservations that are made through the institutional website of the company at https://reservations.travelclick.com platform is the company TravelClick Inc. (https://www.travelclick.com).
- The manager of the website of the Hotel Hassler in Rome and the configuration of cookies of the pages of the site (excluding the reservation platforms managed by the third-party data processors identified above) is the company Aro Cumarsaid Teoranta - Ireland, Na Forbacha, Gaillimh H91 Yd2T which hosts the website.
DATA PROCESSING LOCATION
The processing related to the web services of this website takes place at the registered office of the Data Controller and the Data Supervisors and is only handled by technical staff from the department in charge of processing.
The personal data provided by users who request informative material are only used to perform the service or provision requested while some forms of data acquisition include the possibility of communicating the personal data of the person concerned to suppliers of services in order to comply with the contract and provided the services requested.
TYPES OF DATA PROCESSED
In normal operation, the computer systems and software procedures involved in the operation of this website acquire some personal data which are implicitly transmitted when using Internet communication protocols. This information, which is not collected to be associated with identified data subjects, but by their very nature could, by means of processing and associations with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by the users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (completed, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are only used to obtain anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: apart from this eventuality, as it is, data on web contacts do not remain for more than thirty days.
Data provided by the user voluntarily
The optional, explicit and voluntary sending of email to the addresses indicated on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data inserted in the message.
The voluntary filling in of data acquisition forms to request specific services or to take advantage of offers or purchase services and products, involves the subsequent processing of the personal data provided to ensure the execution of a contract to which the data subject is party or in the implementation of precontractual measures adopted on their request.
This website’s services are not intended for minors. We do not knowingly collect the data, including personal data, of minors.If we find that we have collected the personal data of a minor, we will immediately delete them, unless we are obliged by law to retain such data. The User is asked to contact us if you believe that Hassler Roma S.p.a. has wrongly or inadvertently collected information on a minor.
DATA PROCESSING METHODS
Personal data will be processed with automated tools for the time necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent a data loss, unlawful or incorrect use and unauthorised access.
PURPOSE AND LEGAL BASIS AND NATURE OF THE PROVISION
The Personal Data you provide via the Site will be processed by the company Hassler Roma S.p.a. for the following purposes:
a) purposes concerning the execution of a contract to which the data subject is party or in the implementation of precontractual measures adopted on your request (e.g. contact request via the contact form, booking, taking advantage of special offers, etc.). Consent not necessary;
b) purposes concerning the execution of a contract to which the data subject is party for the purchase of products or services (e.g. Gift Vouchers & Boutique); Consent not necessary;
c) purposes related to the emailing of promotional and commercial material as a result of voluntarily signing up to the Hassler Hotel’s newsletter. Requires the explicit consent of the person concerned or the exercise of soft spam;
e) research and statistical analysis purposes on aggregated anonymous data, aimed at measuring the operation of the Site, to measure traffic and assess usability and interest to make it more functional and perform better; Consent not necessary because no personal data is processed
g) purposes relating to compliance with laws and regulations; Consent not required
h) purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions. Consent not required
The data processed by us may include special categories of personal data as defined by Article 9 of GDPR 2016/679 or personal data about your state of health or religion (food allergies, services for the differently abled, menu based on religion, etc.) that you voluntarily provided in the free text fields of request messages.
The data in question will be processed in accordance with the general authorisation of the Data Protection Guarantor No. 5 only released for data and operations essential to fulfil precontractual obligations also that the hotel assumes in its sector of activity in order to provide specific goods, provisions or services requested by the data subject.
Pursuant to Art. 9 of GDPR 2016/679, we always ask for explicit permission to process personal data because we cannot know in advance whether the data subject will voluntarily enter data that fall into the category in question in the personal data acquisition forms.
The Company will process CVs received by email or through third-party recruiting companies (adverts on portals, etc.) to assess potential applications within the company or that there may be in the near future.
The processing is performed electronically with the exclusion of CVs received through the post.
CVs considered ‘interesting’ will be kept at the company’s registered office for a period not exceeding one year and will be processed in full compliance with the minimum-security measures referred to in Article 32 of GDPR 2016/679
CVs not considered relevant, as well as those CVs whose retention time has exceeded 18 months, will be discarded.
The CVs will be kept at the Hotel Hassler in Rome and will not be disclosed to unauthorised third parties.
They may be assessed by employees or collaborators of the hotel appointed as data processors (pursuant to Art. 29 and 32 subparagraph 4 of GDPR 2016/679).
Applicants are kindly asked to respect the following rules when sending CVs in electronic format:
- write your own CV in European format;
- send your CV in PDF format;
- avoid putting special categories of personal data in your CV as defined by Article 9 of GDPR 2016/679 (relating, in particular, to your state of health, religious, philosophical or political beliefs) not relevant in relation to the job offer;
- give your consent to the processing of sensitive data relevant to the establishment of an employment relationship (for example belonging to protected categories).
The company reserves the right not to discard CVs that fail to meet the above requirements.
The aim of the processing related to CV management will affect activities closely related to the assessment, recruitment or selection of staff, with objectives of collaboration, fixed-term or open-ended recruitment or internships, i.e. to allow the applicant selected to prepare their thesis at our registered office.
TRANSFER OF PERSONAL DATA
Some of the data subjects’ personal data are transferred to recipients who may be located outside the European Community. Hassler Roma S.p.a. ensures that the electronic and paper processing of your Personal Data by Recipients is carried out in compliance with the applicable legislation that has a legal applicability framework outside the EU.
In other cases, transfers are based either on a decision of adequacy or on the Standard Model Clauses approved by the European Commission, as well as in compliance with the Privacy by Shield principles in the case of transfers to the USA.More information and clarifications on this matter are available from the Business Data Supervisor at the address: firstname.lastname@example.org.
By way of example and not limited to, the Hotel Hassler will process the personal data for the newsletter service until the person concerned decides to unsubscribe from the service by simply clicking in the email received.
Notwithstanding the above, Hassler Roma S.p.a. will process your personal data until the time allowed by Italian law to protect its interests (Art. 2947(1)(3) of the [Italian] Civil Code).
More information about the retention period of personal data and the criteria used to determine this period can be requested by writing to email@example.com.
DATA SUBJECT'S RIGHTS
Data subjects whose personal data is referred to have the right to obtain confirmation of the existence or not of such data at any time and to know their content and origin, check their accuracy or request their integration, updating or rectification (Art. 15 – 23 GDPR 2016/679). Pursuant to the articles in question, data subjects have the right to request the deletion, transformation into anonymous form or blocking of information processed in breach of the law, and to object in any case, for legitimate reasons, to its processing. Requests should be sent to Hassler Roma S.p.a. Piazza Trinità dei Monti 6 - 00187 Rome for the attention of the Data Supervisor for business activities.
In accordance with Chapter III of GDPR 2016/679, the data subject has the right to request access to their personal data at any time, their rectification or cancellation or object to their processing, the limitation of the processing as well as to obtain in a structured format, for general and readable use by an automatic device, data that concern them and furthermore, they have the right to object to profiling and lodge a complaint to the Supervisory Authority.
The data subject has the right to revoke this consent at any time without affecting the legality of the processing based on the consent given before the revocation. For the complete and exhaustive list of rights that can be exercised by the data subject, refer to Art. 15-23 of GDPR 2016/679.
Requests should be sent via email to the following address: firstname.lastname@example.org
UPDATES AND REVISION