09231816411
info@imuliniresort.it
MENU
Book now at
the best price

INFORMATION ON THE PROCESSING OF PERSONAL DATA

articles 13-14 of EU Regulation 2016/679 and current national legislation

Dear Interested Party,

this is to inform you that, during the provision of the services offered, your personal data and that of any third parties with whom the

stay will be shared, will be processed by us in full compliance with the principles of lawfulness, correctness, transparency, minimization

and limitation of data and all that is provided for by EU Regulation 2016/679 GDPR and by the national legislation in force regarding

the protection of data of natural persons.

1. DATA CONTROLLER

The data controller is I MULINI DEL CONTE S.r.l., with registered office in 91100 Trapani, Via Nicolò Riccio n. 85, operational

headquarters in 91016 Erice (TP), Lungomare Dante Alighieri snc, P.Iva: 02757720814, E-mail info@imuliniresort.it – Pec:

imulinidelcontesrl@pec.it

2. PURPOSE AND LEGAL BASIS OF THE PROCESSING

Your personal data will be collected and processed in relation to the purposes described below:

2.1 to execute pre-contractual measures (e.g. request for a quote), to manage your contractual relationship relating to the hotel

and/or restaurant service, to acquire and confirm your reservation and to provide the requested services.

Legal basis: execution of pre-contractual measures at the request of the interested party, execution of a contractual relationship to

which the interested party is a party [art. 6, par.1 b) GDPR]. Consent of the interested party in the event of provision of Special Data

[art. 9, par.2].

2.2 to comply with current administrative, accounting and tax obligations.

Legal basis: execution of a contractual relationship, execution of legal obligations [art. 6, par.1 b, c) GDPR].

2.3 to fulfill the obligation set forth in the “Consolidated Law on Public Safety” (art. 109 Royal Decree 18 June 1931, no. 773) which

requires us to communicate to the Police Headquarters, for public safety purposes, the personal details of guests staying in accordance

with the procedures established by the Ministry of the Interior (Decree 7 January 2013).

Legal basis: execution of legal obligations [art. 6, par.1 c) GDPR].

2.4 litigation management.

Legal basis: legitimate interest of the Data Controller to exercise rights and defend itself both judicially and extrajudicially against third

parties, including public entities and against interested parties [articles 6 par.1 f); 9 par.2 f) GDPR].

2.5 for the purposes of protecting company assets through a video surveillance system of some areas of the structure, identifiable by

the presence of specific signs. For further details, please refer to the dedicated information.

Legal basis: legitimate interest of the Data Controller to protect company assets [art. 6 par.1 f) GDPR].

2.6 for marketing purposes and therefore to send you promotional communications and newsletters, updates on rates and offers

practiced, by post, e-mail, telephone, sms, mms, and similar, by the Data Controller.

Legal basis: your free and explicit consent [articles 6 par.1 a); 9 par.2 a) GDPR], revocable at any time, without prejudice to the

lawfulness of the processing based on consent before revocation.

3. NATURE OF THE PROVISION OF PERSONAL DATA

The provision of personal data for the purposes referred to in points 2.1, 2.2, 2.3 is mandatory, similarly, taking into account the

purposes of legitimate interests pursued referred to in points 2.4, 2.5, the provision must be consented to; in the event of failure to

provide them, we will not be able to confirm the booking and/or provide the requested services.

The provision of data for the purpose referred to in the previous 2.6 is optional and failure to provide it does not prevent the provision

of the requested hotel service, but will have the sole consequence of not being able to take advantage of the purposes described.

4. RETENTION PERIOD

The data will be retained for the time necessary to achieve the purposes for which they are collected and, subsequently: for one year

from the first contact in the case of pre-contractual measures; for the time in which the Data Controller is subject to retention

obligations for purposes provided for by law or regulation, or for tax purposes (10 years from the termination of the contractual

relationship); according to the limitation periods provided by law with reference to the individual rights enforceable by the parties.

For purpose 2.5, the recorded images are deleted after 48 hours, subject to the exceptions specified in the dedicated information.

The personal data processed for marketing purpose 2.6 will be retained until the interested party revokes the consent previously given

and in any case no later than 24 months from the issue of the consent, unless renewed.

5. CATEGORIES OF PERSONAL DATA

The personal data subject to processing are:

common data, i.e. identification and contact data (e.g. name, surname, date of birth, address, telephone number, email, tax code

and/or VAT number), credit card/bank data for transactions and video surveillance images;

special data, i.e. personal data belonging to one or more "special categories", as indicated in art. 9 GDPR. In fact, data relating to health

conditions (e.g. any allergies and/or food intolerances) or ethical choices, provided by you in order to report a need, may be subject

to processing.

6. METHODS OF TREATMENT

- In relation to the indicated purposes, the personal data collected will be processed using paper and computer tools (e.g. PC, tablet,

smartphone, etc.). The processing operations will be carried out in such a way as to guarantee the logical and physical security and

confidentiality of your personal data.

8. DATA SOURCE

- Personal data is collected directly from the interested party, or from third parties (online travel agencies, institutions, associations,

organizations, companies or private individuals who organize events or stays in the facility).

9. CATEGORIES OF RECIPIENTS

The personal data collected may be made accessible, exclusively for the purposes specified above, to the following categories of

subjects other than the Data Controller:

- collaborators, employees and trainees, in their capacity as Authorized subjects;

- other subjects who carry out external activities on behalf of the Data Controller, in their capacity as Data Processors (e.g. consultants,

lawyers, system administrators, IT companies for the purposes of management, maintenance, updating of the software systems and

website used by the Data Controller, digital archiving and storage services for electronic documents, banking and insurance

institutions that provide services functional to the purposes indicated above), expressly appointed by the Data Controller on the

basis of a written agreement pursuant to art. 28 GDPR. The list of data processors is available from the Data Controller;

- Public bodies, Supervisory Bodies, Health Authorities, Judicial Authorities and/or Public Security, on the basis of specific legal duties,

who act in their capacity as independent Data Controllers.

10. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

- The Owner does not intend to transfer your Personal Data to a third country or to an international organization. Should it be necessary

to transfer to non-EU countries, reference will be made exclusively to countries for which an adequacy decision exists and all

appropriate measures will be adopted to guarantee an adequate level of protection, pursuant to articles 44 et seq. of the GDPR.

11. AUTOMATED DECISION MAKING

- Personal data will not be subjected to automated decision-making processes or profiling.

12. RIGHTS OF THE INTERESTED PARTY

Pursuant to European Regulation 679/2016 (GDPR) and the national legislation in force, the interested party may, according to the

methods and within the limits established by the legislation in force, exercise the following rights:

- art. 15 right of access (the interested party has the right to be informed of the processing carried out on their personal data, to know

their origin and possibly receive a copy);

- art. 16 right to rectify inaccurate personal data or to integrate incomplete personal data;

- art. 17 right to erasure of personal data without unjustified delay, so-called “right to be forgotten” (the interested party has the

right to erasure of their data if, in their opinion, they are no longer necessary for the purposes for which they were collected; if they

withdraw their consent and there is no other legal basis for the processing; if the interested party objects to the processing and

there are no other legitimate reasons prevailing to proceed with the same; if the data is processed unlawfully; if the data must be

erased to comply with a legal obligation to which the owner is subject);

- right to limit the processing of their personal data in the cases provided for by art. 18 of the EU Regulation;

- art. 20 right to data portability (the interested party may request his/her personal data in a structured format in order to transmit

them to another owner, in the cases provided for by letter f) of the same article);

- art. 21 right to object to the processing of his/her personal data having as legal basis the performance of a task of public interest or

connected to the exercise of public powers, or the legitimate interest of the owner;

- art. 22 right not to be subjected to automated decision-making processes;

- right to withdraw consent, at any time, if the processing is based on consent for one or more specific purposes. The processing

carried out prior to the withdrawal, however, retains its lawfulness (art. 7, par. 3, of the GDPR);

- right to lodge a complaint with the Supervisory Authority (Guarantor for the protection of personal data).

Requests may be addressed to the Data Controller via E-mail: info@imuliniresort.it or Pec: imulinidelcontesrl@pec.it. We will follow

up on the request without unjustified delay, at the latest within one month of receiving it (extended by two months in the case of

numerous or complex requests).