(1) Relevant legislation and recipients of the Privacy Policy.
The European General Data Protection Regulation (Reg. No. 679/2016 of April 26, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in particular Provision No. 13 of the Regulation, also referred to in the following document as ‘GDPR’) aims to ensure that the processing of personal data is carried out with respect for the rights, fundamental freedoms and dignity of natural persons, with particular regard to confidentiality and personal identity. The GDPR requires that data subjects or the person from whom personal data are collected receive specific information about the purposes and methods of data processing. If you are under the age of 18 (eighteen), or if you have limited capacity to act, this Privacy Policy is addressed to the person in charge, as identified by current Italian law, who is the only person entitled to give us consent to process your personal data.
(2) Data Controller and Processors.
Pursuant to the GDPR, Lecco Hostel (Ristogest S.r.l.) with registered office in Lecco (LC), Via Carlo Cattaneo n. 42/H, C.F. 02958770162, email: info@leccohostel.com (hereinafter referred to as “Data Controller”) is responsible for the processing of your personal data acquired through the completion of the documentation required for the check-in process. You can request the full list of data processors (both internal and third parties) from us by sending an email to the following email address: info@leccohostel.com.
(3) Types of data collected and purposes of processing
The Holder assures that your data entered in the attached form will be collected and processed in accordance with the GDPR and will be kept only for the time strictly necessary to perform the requested hotellerie service. The lawfulness of the processing is based on the fact that the processing itself is necessary for the performance of a contract to which the data subject is a party (Art. 6.1-b of the GDPR), or, as the case may be, the processing is necessary to comply with a legal obligation to which the Controller is subject (Art. 6.1-c of the GDPR). Only if you provide us with your explicit consent, by ticking the box “I consent to the processing of my data for promotion and direct/indirect marketing purposes,” we will use your data to send you updates and news about our activities (including when carried out in partnership and/or collaboration with other parties), in particular about services and events, surveys and/or opinions and/or dedicated discounts and for other types of communications related to services and for statistical processing of studies and research. The lawfulness of this type of processing is your explicit consent (Art. 6.1-a of the GDPR) to the processing of your personal data for specific purposes. Your consent is optional (and you may freely change it, even if you have consented, by sending a request to the following email address: info@leccohostel.com or through a different modality indicated by the Controller without further formalities); your refusal will not result in the impossibility of completing the procedures further indicated.
(4) Recipients of the personal data
Your personal data may be disclosed to private or public entities that, in strict compliance with current legislation, may access the data in accordance with the legal obligation in force (by way of example and not limited to, officials of the Financial Administration); to supervisory companies, to the extent strictly necessary to enable their tasks; to entities that are consultants to the Data Controller, subject to an explicit letter as Data Processor from the Data Controller requiring that the confidentiality and security of data processing be guaranteed. Under no circumstances will your Personal Data be shared or disseminated or disclosed, with the exceptions noted above, to third parties.
(5) Rights of interested parties
We remind you that the GDPR gives you the exercise of specific rights. Among these, you have the right to obtain confirmation of the existence of your personal data even if not yet registered, communication in accessible format of your data, their origin, and the methodology and purpose of processing. In particular, the data subject has the right to obtain: confirmation as to whether or not personal data concerning him or her are being processed and, if so, access to the personal data (right of access, ex art. 15 GDPR); rectification of inaccurate personal data concerning him or her or supplementation of incomplete personal data (right of rectification, ex art. 16 GDPR); deletion of data in accessible format, their origin, and the methodology and purpose of processing. 16 GDPR); the deletion of your data if one of the reasons provided for in the Regulations applies (right to deletion, ex-art. 17 GDPR); the restriction of the processing of your data if one of the conditions provided for in the Regulations applies (right to restriction of processing ex-art. 18 GDPR); the right to request a complete and updated list of all the Authorized Persons in charge of processing your personal data.
(6) Personal data protection
The Data Controller uses particularly advanced security technologies to protect the privacy and integrity of your data.
(7) Length of retention of personal data
We will retain your personal data for as long as necessary to fulfill legal obligations, resolve legal disputes, and enforce and comply with agreements. Your personal data will be kept, in accordance with the law, for a period no longer than is necessary to fulfill the purposes for which the Controller is processing them. Specifically: in relation to the existing contract, data will be retained for the periods defined by current regulations. In the event of termination of the contractual relationship, data of a civil nature will be kept for ten years; in relation to the management of personal data that the user has voluntarily provided when registering for our services accessible through credentials and/or the newsletter, we will keep the data as long as the registration is active; in relation to the processing of the user’s personal data for marketing purposes and analysis of consumer behavior and choices, only in the event that the user has provided us with specific consent (optional), we will keep the data collected only for the period strictly necessary to manage the aforementioned purposes. We will store this data according to criteria that comply with current regulations and balance the legitimate interests of the Data Controller with the rights and freedoms of users. The Data Controller will use the user’s data for these purposes for a maximum period of 24 months, after which it will proceed to deletion, in the absence of specific rules defining different retention periods and a new explicit consent to use, which is required as the expiration date approaches. In relation to users’ personal data for profiling purposes, only in cases where the user has provided specific consent (option), the Data Controller will retain the data for the period strictly necessary to manage the purposes described above. We will store this data according to criteria that comply with current regulations and balance our legitimate interests and your rights and freedoms. We will use the user’s data for these purposes for a maximum period of 12 months, after which we will proceed to deletion, in the absence of specific rules defining different retention periods and a new explicit consent to use, which is required as the expiration date approaches.
(8) Information
You may exercise the above rights at any time by submitting a simple request to the Data Controller at the following e-mail address: info@leccohostel.com or at the physical address listed in the “Data Controller” provision.
We will contact you as soon as possible and, in any case, in less than 30 (thirty) days from the date of your request.
(9) Complaints
If you believe that the Data Protection Act has been violated in connection with the processing of your personal data, you have the right to file a complaint with the local Data Protection Authority in the European Economic Area (EEA). Details of the different Local Authorities, depending on the country you are in, can be found at the following link. http://www.garanteprivacy.it/web/guest/home/footer/link