Privacy

INFORMATION FOR WEBSITE USERS

The main rules governing the processing of personal data are the European Regulation 679/2016 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018
Data of the Data Controller
AD HOK S.R.L. (IT02895820211) with registered office in Piazza Gilm, n. 2 - 39031 Brunico /Bruneck (BZ)
mail info@veronasuites.com
PEC adhoksrl@pec.it

DEFINITIONS (the definitions represent a summary of art. 4, EU Reg. 679/2016)
Personal data any information relating to a natural person.
Processing any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data.
Data subject Natural person to whom the data processed by the Data Controller or the Processor belongs
Data Controller (TDT) the natural or legal person, public authority, service or other body which, alone or together with others, determines the purposes and means of the processing of personal data
Processor the natural or legal person, public authority, service or other body which processes personal data on behalf of the data controller on the basis of a contract that regulates the conditions of assignment.
Third party supplier who can be classified as an interested party (if a natural person, e.g. sole proprietorship) or as a contractual counterpart, possible or actual, who operates through collaborators (natural persons) to offer their goods or services to the TDT

DATA ORIGIN
The personal data processed by TdT are:
- provided directly through the following channels: Whatsapp 0457238027; Telephone 3780615240
Email info@veronasuites.com and all allow free data entry.
Each of these means must be used limited to the entry of anonymous information or in any case data that does not allow the identification of individuals. In any case, special data (health, biometric, judicial, etc.) cannot be entered in this field. The personal data contained in the message will be stored for contractual/pre-contractual purposes only.
Where one of these tools is used to communicate personal-work information (e.g. To make a spontaneous application), TDT, at the first moment of direct contact, will provide the information relating to the management of the personal data of candidates;
- acquired automatically by the computer system with access to the site, as they are linked to navigation of the same. In this case the information is managed through cookies (see section).

TYPE AND CATEGORY OF DATA
The personal data processed by TDT are related to the natural person, to his/her identity and consist of the general information of the individual; they may be related to the people who represent the supplier and may concern the supplier's collaborators. Such data are name, surname, telephone number, email, physical and digital address, C.F./P.IVA (if any).
The data processed by TDT are exclusively of a common nature and are not intended for dissemination. TDT does not request and has no interest in collecting and processing data classified by the Regulation as particular (health, genetic, biometric, etc.) or criminal.
Special data such as eating habits may be processed, upon explicit request of the interested party, in order to personalize the catering service for the interested party.
Telematic data. The IT system and software used for the company web portal acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication products: IP addresses, operating system and browser used by the Internet user, date and time of connection and disconnection, time spent on the site, pages visited, activity performed, location (if the relevant service is active) and any other information made available or transmitted by the Internet user's device, based on the security settings chosen.
Also processed are the domain names of the computer used by the Internet user to connect to the site, URL (Uniform Resource Locator) of the requested resource, time of the request, method used to send the request to the server, size of the file received, numeric code used to indicate the status of the response given by the server (done or error, etc.) and other parameters relating to the operating system and the user's computer.
The processing of the aforementioned data is functional to allow a simple and rewarding browsing experience, to allow the TDT to improve the browsing experience through anonymous analysis of aggregate data, as well as to improve the offer of the service provided.
This information is not stored to identify the interested parties but, due to its nature, can, through processing and association with other data, allow the identification of the user. They are used to create anonymous statistics on the use of the site and to check its correct functioning. They are normally deleted immediately after processing. They can be used and provided to law enforcement and the judiciary to ascertain responsibility in the event of damage to the site or illicit acts committed via the network.
Cookies. Some information regarding navigation is stored on the user's computer and read by the system at the next connection. These files, called "cookies", contain data that are not personal in nature, as they do not allow the specific identification of the user, but could allow it through interconnection with other data. The information contained in cookies allows you to see the frequency of visits to a site and the activity carried out during navigation. In this way, over time, it is possible to improve the contents of the site and make it easier for the user to use. Companies that transmit content to the site or whose sites are accessible via links can use cookies when the user selects the relevant link. In these cases, the use of cookies is not under the direct control of the TDT of this site.
The use of cookies by this site is intended to provide the service requested by the user, facilitate navigation of the site and allow better use of the contents, collect data for statistical purposes possibly to know which areas of the site have been visited and improve the contents of the site.
Before accessing the site, it is possible to select and accept only some cookies, according to the user's preferences; the necessary cookies cannot be disabled since they contribute to the correct functioning of the site.
Cookies are of the following type:
- necessary/technical: These are cookies necessary to ensure the correct and smooth functioning of the site: they allow navigation of the pages, sharing of content, memorization of login credentials to make entry to the site quicker and to keep preferences active during navigation, facilitating the browsing or purchasing experience. Without these cookies it is not possible to provide, entirely or in part, the services for which users access the site.
- statistical: They allow us to understand how users use the site in order to then evaluate and improve its functioning, in order to create increasingly appropriate content. They allow us to know which pages are the most and least frequented, how many visitors there are to the site, how much time is spent on the site by the average user and how visitors arrive at the site. In this way it is possible to determine which are the optimal functions and the most appreciated contents and how the contents and functionality of the pages can be improved.
- analysis/analytics: They are used to keep track of the searches performed by the user in order to submit products and services in line with previous browsing and searches. They are normally used for remarketing operations, through which advertising relating to consultations already carried out and similar products and services is conveyed to the user during navigation.
- profiling: These are tools suitable for memorizing the choices made by the user during navigation and consultation, in order to create personal profiles capable of classifying and cataloging tastes, preferences, navigation and consumption habits. By generating these profiles, the user's navigation experience can be improved but above all be oriented to his preferences, capacity and possibility of purchasing or using services. They can be deactivated without creating any obstacle or impediment to navigation.
- third parties: These are cookies used by third parties not directly controlled by TDT. The company cannot provide guarantees regarding the use that will be made of the data, the processing of which is directly operated by an external party. Cookies from third-party operators allow us to offer advanced features, more information and personal functions, including the ability to share content through social networks and have a personalized site experience based on the preferences expressed through the pages visited. If these external services are used, those who provide them may be able to know that the user has visited the Owner's site. The use of data collected by these external operators is subject to their data protection policies. Third-party cookies are identified with the names of their respective operators and can be deactivated.
Cookie management. When accessing the site, a cookie detail form will appear. By clicking on one of the cookie selection buttons shown in the banner that appears when entering the site (“Reject”, “Accept Selected”, “Accept All”), you authorize the total or partial installation of cookies on the device used by the Data Subject (the “Reject” button does not concern cookies designated as “necessary” which will be downloaded anyway since they contribute to the functioning of the site).
The cookie settings can be changed at any time through the functions of your browser. To prevent the installation of third-party cookies and remove previously installed cookies, you must adjust or modify the settings of your navigation browser and/or consult the guide made available by the manufacturer of the software or application. By way of example but not limited to, information on how to manage cookies on your browser is available at the addresses: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, Microsoft Edge.
Third-party sites. The site, even if only periodically, may contain links to third-party sites and applications (Google Adwords, Analytics, Youtube, Vimeo, etc.), to provide additional services and information to the user.
Access to the third-party site, even if it occurs through the TDT site, determines the exit from the company site and access to other resources that are not under the direct control of the TDT, which, therefore, will not be responsible for the procedures relating to navigation, security and processing of personal data operated by other sites, even in the presence of co-branding or display of the company logo.
The Internet user, by clicking on the link to the site of a third party must inform themselves about the use of the aforementioned site, by accessing the relevant privacy page, generally indicated at the bottom of the site or in a specific section that is normally clearly visible.
Interaction with social networks and external platforms. The site, through widgets and buttons, can interact with external platforms and social networks. In this case, the information acquired depends on the settings of the profiles used by the user and not by the TDT.
Currently the site has widgets that merely connect to the “social” page of the TDT and does not allow automatic interaction through them (e.g. like, recommend, etc.).
More information can be acquired on the websites of the companies that offer the service. In this case, the data are not managed by the website of the Data Controller, which connects these buttons only to offer an additional service to the Interested Party but has no control over them.

LEGAL BASIS AND PURPOSE OF THE PROCESSING
The data will be processed lawfully and fairly, in compliance with the principles established by the European and Italian legal system.
The personal data will be processed in order to organize and conclude hotel contracts (overnight stay and board) according to the needs expressed by the interested party.
The legislation that establishes the processing of the aforementioned data is contained in the civil code - with regard to the formation of the contract - and in tax legislation.
The data communicated must be complete and correct. Any incorrect or insufficient communication of the requested data may result in the total or partial impossibility of fulfilling the requests of the interested party and the possible lack of correspondence of the results of the processing to the agreements entered into or the obligations imposed by rules and regulations
The processing of personal data is carried out for the purpose of concluding and fulfilling the contract, as well as (in the event of conclusion of the contract) to fulfill legal obligations (art. 109, T.U.L.P.S.) and, therefore, the consent of the interested party is not necessary.
With the only necessary consent of the interested party, the TDT may process personal data of the latter for commercial and marketing purposes.

PROCESSING METHODS AND PREVENTION AND SAFETY MEASURES
Personal data will be processed directly by the TDT in the person of the l.r.p.t. or by persons authorized by the same to process data through a specific (collaborative) relationship.
The data is processed using manual and automatic/telematic systems and is accessible only by the TDT in the person of the l.r.p.t., or his/her representatives, within the limits of the specific activity carried out for the TDT.
Personal data is processed according to specific instructions detailed in specific regulations by the TDT.
The data of the Interested Parties will be (pursuant to art. 109, co. 3 T.U.L.P.S.) instead communicated to specific persons considered recipients pursuant to and for the purposes of art. 4, per. 1, no. 9), EU Reg. 679/2016 only by the TDT who will guarantee maximum confidentiality of the operation and the reasons for the request for the communicated data.
The booking service is not managed directly by TDT but is managed by Beddy management, which assumes the role of Data Controller. Data processing on the platform is described at the following address https://www.zucchetti.it/it/cms/service/privacy.html.

MINORS
The personal data of minors will be processed exclusively for the purposes of fulfilling the contract or fulfilling legal obligations (art. 109, T.U.L.P.S.).
The data of minors will be deleted immediately if they are not communicated by the person exercising parental responsibility or guardianship.

CONSERVATION TERMS
The data processed by the TDT will be retained within the limits and in compliance with all current regulatory obligations and in any case no later than 10 years from the termination of the contractual relationship, from the formation of accounting and/or tax records and/or for reasons of public safety

AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not use automated decision-making processes.

COMMUNICATION AND DISSEMINATION
The data will be communicated to third parties, who may assume, based on the type of relationship, the qualification of data controller pursuant to art. 28, EU Reg. 679/2016 or mere recipients of the communication, for activities connected to or deriving from that of the TDT or in fulfilling obligations deriving from laws or regulations (Institutions, Law Enforcement, Judicial Authority, etc.).
By way of example and not limited to:
- according to legal obligations to the competent police headquarters;
- subjects who need to know the interested party's data for purposes relating to the relationship with the Data Controller (Credit institutions, insurance companies, financial intermediaries, electronic money and payment management institutions, debt collection companies, verification companies, communications companies, etc.);
- consultants, collaborators, service companies, to the extent necessary to carry out the task assigned by the Data Controller;
- controlled and/or associated companies that can access the data, to the extent strictly necessary to carry out tasks assigned by the Data Controller;
- post offices, couriers, transporters;
- the updated list of data controllers is available at the Data Controller's headquarters.

TRANSFER ABROAD
The TDT uses non-Italian services for data storage and this determines the need to transfer data abroad. The data transmitted are:
- for the storage of data used in administrative offices (billing data, electronic documents, employee data, and similar), the Data Controller is Hetzner https://www.hetzner.com/legal/privacy-policy/
- for the website and management of the related database, the Data Controller is Verecel https://vercel.com/legal/dpa
In both cases, the data is transferred to servers not physically located in Italy. In the case of Hetzner, the data is transferred to servers in EU countries but can be transferred to the USA; in the case of Vercel, the data is stored on the Amazon platform in the USA.
Both data controllers offer adequate protection regarding the Processing of data; furthermore, for the transfer of data abroad, the so-called Privacy Act is in force. Privacy Shield therefore, data processing in the USA can be considered compliant with GDPR https://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:32023D1795
FURTHER PURPOSES – LEGAL BASIS FOR PROCESSING (currently not foreseen)
The TDT, with prior express consent, may request additional data for the following purposes:
a. Direct marketing purposes: i.e. the desire to carry out promotional and marketing activities through communications relating to services and products similar to those already used, initiatives and related offers. The communications may also include: invitations to events organized by TDT independently or in collaboration with third parties: in this case the data will also be used for the consequent instrumental and/or complementary activities connected to the Event; newsletters, publications and any other type of professional information material identified as being of specific interest to you organized by TDT independently or in collaboration with third parties (e.g. marketing agencies); carrying out market research, conducting statistical surveys.
b. Indirect marketing purposes: i.e. the desire to carry out, also through external communication agencies, promotional and marketing activities on behalf of third parties through communications relating to services and products provided by other parties and with which TDT has legal relationships. The communications may also include: invitations to events: in this case the data will also be used for the consequent instrumental and/or complementary activities connected to the Event; newsletters, publications and any other type of professional information material identified as being of specific interest to you organized by TDT independently or in collaboration with third parties (e.g. marketing agencies); carrying out market research, conducting statistical surveys.
c. Profiling purposes: i.e. the desire to profile you by evaluating your preferences, needs and consumption habits, also in relation to market research and statistical analysis. This allows us to better understand the needs of our interlocutors, provide personalized, high-performance offers and services and, no less important, offer increasingly relevant and competitive products and services. With regard to these purposes, it is specified that marketing actions may be managed both through traditional methods (e.g. paper mail, telephone calls with an operator, etc.) and with automated and/or similar methods (e.g. e-mail). The Processing of Personal Data for the purposes indicated in points b) and c) will be conditional on obtaining your consent pursuant to art. 7 of the Regulation; the Processing of Personal Data for the purposes indicated in point a) may, however, be carried out on the basis of the legitimate interest of the TDT, regardless of consent and in any case until such Processing is opposed.

HOW TO REVOKE CONSENT
It is always possible to revoke consent by sending written communication to the TDT by sending an email to info@veronasuites.com.
If the interested party notices a violation of his/her rights, he/she can contact the competent supervisory authority pursuant to art. 77 of the GDPR, without prejudice to the possibility of contacting the judicial authority directly.

RIGHTS OF THE INTERESTED PARTY
The interested parties are recognized the rights referred to in articles 15 to 22 of GDPR 679/2016.
In particular, the interested party has the right to access their data (art. 15) to request rectification, updating, integration (art. 16) and cancellation (art. 17), to limit their use by the Data Controller (art. 18), to obtain a copy in a structured format, commonly used and readable by an automatic device (art. 20), to oppose the processing if the conditions are met (art. 21 and 22).
The rights can be exercised to the extent that the processing is not mandatory by law or regulation.
Requests relating to the exercise of the rights of the interested party can be forwarded to the Data Controller at the email address info@veronasuites.com.
If the interested party is not satisfied with the response to his/her requests, he/she may lodge a complaint with the Authority for the protection of personal data.
The citizen of another member state of the European Union has the right to contact the supervisory authority of his/her country.