INFO@ELETTOHOTEL.IT
ELECTED HOTEL
Via G. Matteotti 44
Via Roma 35 (Parking)
Sanremo (Im)
18038
Italy
P.I./C.F. 01420270082 - CITR: 008055-ALB-0015 - CIN: IT008055A1I8C83Z52
Privacy Policy
Purpose
This notice defines the adoption of uniform criteria in order to align the management of personal data by Albergo Eletto s.a.s. (hereinafter simply Albergo Eletto) with data protection regulations.
The purpose of the Data Protection Law is to protect the rights of individuals whose data is acquired, stored, processed, or provided, and it applies to all paper and electronic archives as well as documents stored on other devices. It requires the adoption of adequate security measures against unauthorized access and the loss, alteration, disclosure, or destruction of personal data.
Everyone has the right to know how their personal data is processed. Albergo Eletto recognizes that the lawful and fair processing of personal data is essential for continued business success in an increasingly regulated global market. In the course of its activities, Albergo Eletto may collect, store, and process personal data concerning its employees, customers, suppliers, and other third parties. We recognize the need to process data appropriately and lawfully and are committed to doing so.
Scope of application
This Notice applies to all activities carried out by Albergo Eletto s.a.s.
The types of information we may be required to manage include data concerning current, past, and future employees, clients, suppliers, and consultants, as well as those of other third parties with whom we are in contact. This information, which may be stored on paper, electronically, or on other media, is subject to certain legal safeguards, as specified in the Data Protection Act, which imposes controls on how such information is used.
This notice defines the data protection rules and the conditions that must be met for legal obligations regarding the acquisition, management, processing, storage, transfer, and destruction of personal information.
This notice is not part of the employee's employment contract and may be amended at any time.
Any questions or concerns regarding the application of this notice should be submitted to the following contact e-mail address: info@elettohotel.it
If you believe that the notice has not been observed with regard to your personal data or that of third parties, you should report the issue to your line manager, the Human Resources Manager, or the Customer Service Manager.
Any violation of this policy will be taken seriously and may result in disciplinary measures.
“Data” means information stored on electronic, computer, or certain paper-based storage systems, as well as on other storage media.
“Data subject” means a person whose personal data we retain. All data subjects have the right to legal protection of their personal data.
“Personal data” means any data or information concerning a natural person who can be identified, directly or indirectly, based on such data or information (or based on data or other information in our possession). Personal data can be factual (such as name, identification number, location data, online identifier, address or date of birth); subjective (such as performance evaluation) or one or more elements characteristic of the physical, physiological, genetic, mental, economic, cultural, or social identity.
“Data controller” means the legal entity that determines the purposes and means of the processing of personal data; It is responsible for defining practices and policies in line with the Data Protection Law. In this case, it refers to Albergo Eletto s.a.s.
“Data users” refers to employees whose work involves the use of personal data. Data users are required to protect information at all times in line with our security and data protection policies.
"Data processors" refers to persons who process personal data on behalf of Albergo Eletto. Employees of the data controllers are excluded from this definition, which may however include third-party suppliers who manage personal data on behalf of Albergo Eletto.
“Processing” means any activity involving the use of data. It includes the collection, recording or storage of data or any operation or set of operations performed on the data such as adaptation, modification, retrieval, use, communication, deletion or destruction thereof. Processing also refers to the transfer of personal data to third parties.
“Sensitive data” refers to information concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, physical or mental health status, as well as the data subject’s sex life or sexual orientation; Sensitive data may only be processed under strict conditions and normally requires the explicit consent of the data subject.
Albergo Elettotratta processes personal data fairly and reasonably as desired and deemed appropriate by the interested parties in relation to the use of data concerning them, as well as in accordance with the principles of good practice that are concretely applicable. These principles ensure that personal data are:
(a) Fair and lawful processing: processed lawfully, fairly, and transparently;
(b) Processing for specified purposes: collected for specified, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with those purposes;
(c) Adequate, relevant and not excessive processing: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(d) Accurate data: accurate and, where necessary, up to date; all reasonable measures must be taken to promptly erase or rectify inaccurate data with respect to the purposes for which they are processed;
(e) Data retention: kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed;
(f) Data security: processed in such a way as to ensure adequate security, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and from accidental loss, destruction, or damage.
Each of these principles is described in more detail below.
The Data Protection Law does not intend to prohibit the processing of personal data, but to ensure that it is done fairly without prejudicing the rights of the Data Subjects. Data Subjects must be informed about the identity of the Data Controller (in this case Albergo Eletto s.a.s.), the internal company contact details to be used for any needs related to data processing, the purposes for which the data are processed, and the identity of those to whom the data are disclosed or transferred.
The processing of personal data is lawful only if certain conditions are met. These conditions may include, among others:
(1) the data subject has given their consent to the processing of personal data;
(2) the processing is necessary for the pursuit of the legitimate interest of the Data Controller or the third party to whom the data are communicated;
(3) the processing is necessary for the performance of a contract;
(4) a request has been received from the Data Subject;
(5) the fulfillment of a legal obligation or for legitimate interests.
The processing of sensitive data requires that more than one of these conditions are met. In most cases, the explicit consent of the data subject to the processing of their sensitive data is required.
The personal data of Albergo Eletto employees may be processed for legal, personnel management, administrative and managerial purposes, and to allow the Data Controller to fulfill its legal obligations as an employer, for example to pay employees, monitor their performance, and provide benefits related to their duties.
Examples of cases in which employees' sensitive data may be processed are listed below:
- information relating to the physical or mental health conditions of an employee is used to monitor sick leave and assess the employee's work capacity or the need for healthcare assistance;
- information concerning racial or ethnic origin as well as religious beliefs or similar information is used to monitor compliance with equal treatment legislation;
- to comply with legal requirements and obligations towards third parties.
Personal data is processed exclusively for the specific purposes communicated to the data subject at the time of the initial collection of data concerning them or for any other purpose specifically permitted by the Data Protection Law. This means that personal data is not collected for one purpose and then used for a completely different purpose. If it becomes necessary to change the purposes for which the data is processed, the data subject must be informed of the new purpose before proceeding with the processing.
Personal data must be collected only to the extent necessary for the specific purpose communicated to the Data Subject. Personal data not necessary for the indicated purpose will not be collected in the first place.
Personal data must be accurate and regularly updated. It is therefore necessary to take the necessary measures to verify the accuracy of personal data at the time of collection and subsequently at regular intervals. Inaccurate or outdated data will be destroyed.
Personal data will not be retained for longer than necessary to achieve the purposes for which they are processed. This means that the data will be deleted or destroyed from our systems when they are no longer needed. For information on the retention period of certain data before their destruction, please contact the Human Resources Office.
Albergo Eletto guarantees the adoption of appropriate security measures to prevent unauthorized or unlawful processing and accidental loss or damage of personal data.
The Data Protection Law requires us to establish procedures and technologies aimed at ensuring the security of personal data from the moment of collection until destruction. Personal data may be transferred to another data controller only on the condition that they agree to comply with the obligations relating to these procedures and policies or that they adopt adequate security measures.
Ensuring data security means guaranteeing its confidentiality, integrity, and availability, as defined below:
- confidentiality means that access to data is allowed only to people authorized to use it;
- integrity means that personal data must be accurate and adequate for the purposes for which they are processed;
- availability means that authorized users must be able to access the data if necessary for authorized purposes.
The safety procedures include:
- entry checks: it is necessary to report the presence of strangers inside an area subject to control.
- lockable desks and cabinets: desks and cabinets that contain confidential information must be locked. (Personal information is always considered confidential).
- disposal methods: paper documents must be shredded. USB sticks, CDs, and external hard drives must be physically destroyed when no longer needed.
- equipment: data users must prevent bystanders from viewing confidential information on the computer screen and log off when the computer is left unattended.
Personal data (such as email addresses) may be used for marketing and advertising purposes if these are the purposes for which the data was originally collected or if marketing and advertising are compatible with the original purpose of collection. However, if personal data was collected for different reasons, it is necessary to obtain the consent of the data subject before initiating advertising and marketing communications, and the process may be regulated, in particular by anti-spam laws. All direct marketing communications made to a person must provide the possibility for that person to opt out of receiving further marketing communications.
Albergo Eletto will send direct marketing communications only to individuals who have previously given their consent (“opt-in”) obtained by virtue of the fact that they are already our customers, in order to keep them regularly updated about our offers, or who have previously provided their email address or have registered directly on our website.
If an individual objects to receiving direct marketing communications from Albergo Eletto or withdraws their consent, Albergo Eletto will refrain from sending further marketing material as specifically requested by the concerned person. The option to unsubscribe (“opt-out”) from marketing communications will be offered each time.
Personal data is processed in line with the rights of the data subjects. Data subjects have the right to:
- receive information on the correct processing such as privacy notices/policies and transparency regarding the use of personal data;
- receive confirmation about the processing of data concerning them and request access to a Data Controller;
- have personal data rectified if it is inaccurate or incomplete;
- request the deletion or erasure of personal data when there are no valid reasons to continue processing it;
- cease the processing of data concerning them;
- obtain and reuse personal data concerning them for their own purposes;
- object to the sending of advertising material (including profiling) and to the processing of data that could cause unjustified substantial harm or a situation of danger to themselves or anyone else;
oppose any decision that significantly affects them and is based solely on a computer system or automated process.
The data subject can obtain information about the data held by Albergo Eletto by sending a written request to the Human Resources Office or to the Data Protection Officer.
To help respond to such a request, before replying to the Data Subject, Albergo Eletto may ask the latter to:
(i) specify the type of Personal Data you are requesting access to;
(ii) specify, as far as reasonably possible, the database system in which the Personal Data may be stored;
(iii) specify the circumstances in which Albergo Eletto obtained the Personal Data;
(iv) provide proof of your identity; and
(v) in the case of a request for rectification, deletion or blocking, specify the reasons why the Personal Data are inaccurate, incomplete or not processed in accordance with applicable law or this Privacy Policy.
Staff members who receive a written request must promptly forward it to the respective Human Resources Office or the Data Protection Officer.
Staff members handling third-party requests must exercise the utmost care when disclosing personal information held by Albergo Eletto.
In particular, they are required to:
- verify the identity of the person making the request and whether they are authorized to receive the requested information;
- ask the third party to submit the request in writing so that their identity and right to receive the requested information can be verified;
- refer to the Human Resources Office or the relevant Data Protection Officer for assistance in difficult situations;
- where appropriate, provide information to the third party requesting it in accordance with data protection principles.
Any violation or potential violation of personal data detected must be immediately reported to the local Human Resources Office
All data protection notices and related procedures will be reviewed and updated as and when appropriate by the Notice Managers in order to ensure the achievement of the set objectives.
Recommendations for any changes should be addressed to the contact address: info@elettohotel.it
Albergo Eletto s.a.s.
Hotel Eletto
Via Roma 35 (Parking)
Via G. Matteotti 44
18038 Sanremo
Italy
✉️
Albergo Eletto s.a.s.P.I./C.F. 01420270082