Dear Data Subject
Hotel Opco srl informs you that all personal data provided and acquired during
registration and the provision of the requested service will be processed in a
pertinent and transparent manner and in compliance with the principles of
lawfulness, transparency and correctness.
European and national privacy legislation provides as a
fundamental right the protection of individuals with regard to the processing
of their personal data, as well aś the free movement of such data.
We therefore inform you of the following.
"DATA CONTROLLER"
The "OWNER", Hotel Opco srl, emailbelstaygroup@belstayhotels.it
is the sole "OWNER".
PLATEFORM SRL, email amministrazione@plateform.app, henceforth "SERVICE
PROVIDER", is the "PROCESSOR" insofar as it carries out
processing in the interest of and on behalf of the "RESTAURER".
The "SERVICE PROVIDER" has developed and is the owner of hardware and
software that serve the operation of a booking and marketing platform for the
catering industry.
The "SERVICE PROVIDER" is also the owner of the duly filed and
registered trademark "PLATEFORM".
The term "PLATEFORM" hereinafter refers to the platform and the
services it offers.
The "RESTAURER" is the sole "OWNER", since the
"SERVICE PROVIDER" only carries out processing in the interest of and
on behalf of the "RESTAURER".
The "RESTAURER" is the "PERSON RESPONSIBLE FOR THE
PROCESSING" only with reference to the processing it carries out directly.
The "SERVICE PROVIDER" has no interest in the personal data.
The "RETAILER" has an interest in the personal data for the provision
of the requested service.
When the contractual relationship between the "SUPPLIER OF SERVICES"
and the "RESTAURER" ends, the "SUPPLIER OF SERVICES"
retains only "ANONYMIZED" data that do not refer to the individual
(simple anonymous statistical data), while the "RESTAURER" reserves
the right to retain all data, but must provide "THE DATA SUBJECT"
with a new information notice, which must show that the "SUPPLIER OF
SERVICES" no longer plays any role.
The burden of providing new information lies exclusively with the
"SUPPLIER OF SERVICES". The "SERVICE PROVIDER" has no way
of knowing whether or not the new information notice has been sent "TO THE
DATA SUBJECT" and cannot therefore be held liable in any way for failure
to send it.
SOURCE OF PERSONAL DATA AND LEGAL BASIS
Data are collected directly from the data subject through:
a) paper form,
at the "RESTAURANT". The data subsequently flow into 'PLATEFORM';
b) online form,
from the "RESTAURANT'S" website or from "PLATEFORM";
c) table reservation from "PLATEFORM", directly or by means of
website links on the "RESTAURANT'S" website, on other platforms (e.g.
Facebook), or from apps installed on "THE DATA SUBJECT’S" devices.
Hotel Opco uses the personal data provided to process the
booking and to send specific information such as confirmation.
The legal basis is legitimate interest. - The 'DATA
CONTROLLER' and 'PROCESSOR' have an interest in retaining the data relating to
the operations carried out should it become necessary to protect their rights.
PURPOSES AND METHODS OF DATA PROCESSING
We would like to inform you that your personal data is
processed for institutional and contractual purposes in order to guarantee the
reception service at the restaurant and table reservation via the
"Plateform" app and/or website https://www.seguimirestaurant.it/ .
Hotel Opco uses the personal data provided to process the
booking and to send specific information such as confirmation.
"PLATEFORM" does not provide for any automated
processing of personal data.
In order to advantage
of the reservation service, we inform you that the provision of data is
compulsory, and your refusal to answer will make it impossible to reserve a
table for you at the restaurant.
The Data Controller collects and processes the following
data of Data Subjects
·
first name, surname, e-mail and mobile phone
· communication of special data such as
allergies and/or food intolerances (if the person concerned communicates any
allergies and/or food intolerances when booking).
The
latter particular data concerning food intolerances and allergies are given
voluntarily by the person concerned.
THIRD-PARTY
PROVIDERS THAT PROCESS PERSONAL DATA OF THE CUSTOMER/END USER ("DATA
SUBJECT")
"THE DATA SUBJECT"
may indicate, requested or unsolicited, data belonging to "THIRD
PARTIES". With regard to such data, "THE DATA SUBJECT" assumes
all responsibilities, guaranteeing in particular that it has acquired the data
in full compliance with the relevant regulations in force and that it has
consented to the processing thereof, and providing ample indemnity against any
dispute, claim, request for damages.
"PLATEFORM" provides the possibility to be integrated with software
of "THIRD-PARTY SERVICE PROVIDERS" (as is the case, for example, with
some cash management software), provided that they offer suitable data
confidentiality guarantees, it being understood that the responsibilities of
"PLATEFORM" and of the "THIRD-PARTY SERVICE PROVIDERS"
remain distinct and independent.
RETENTION PERIOD
The determination of the period of retention of your
personal data complies with the principle of necessity of processing.
The data will be processed for as long as is necessary for
the performance of the existing contractual relationship and for the period of
time stipulated by specific industry regulations.
After the specified retention periods have elapsed, the data
will be deleted or anonymised, subject to technical deletion and backup
procedures
The 'SERVICE PROVIDER' only stores consumption data and only
in 'ANONYMIZED' form. Therefore, it does not need to request consent and can
store this data indefinitely, since it is not personal data and it is no longer
possible to retrieve the key to link this data with THE DATA SUBJECT.
COMMUNICATION AND DISSEMINATION OF DATA
All data collected and processed may be disclosed
exclusively for the purposes and in the manner specified above to the
categories listed below:
•
Internal and external staff the restaurant uses
to perform services (Restaurant Managers, F&B Managers, authorised
data processing personnel)
•
Reception,
administration and bursar's employees of the facilities managed by Hotel Opco
as data processors
•
Third parties and collaborators in a contractual
or contractual relationship with the Controller
•
External professionals providing assistance
and/or consultancy to the Controller and acting as data controllers (e.g.
administrative, accounting, technical and IT services)
Your data will not be otherwise disclosed, sold free of
charge and/or against payment or shared with third parties and will be used
solely and exclusively for the above-mentioned purposes.
DATA TRANSFER ABROAD
The collected data will not be transferred to third countries.
Currently, "PLATEFORM" stores data on servers located in countries
within the European Union.
If, in the future, servers are used in countries outside the European Union,
servers will be chosen that guarantee adequate security measures (e.g. USA -
Privacy Shield).
DATA FROM MINORS
It is not intended to collect data from persons who have not reached the age of
majority. For this reason, all our forms are marked as follows:
"DO NOT FILL IN IF YOU ARE NOT OF LEGAL AGE".
RIGHTS OF THE DATA SUBJECT
Pursuant to European Regulation 679/2016 (GDPR) and the
national legislation in force, the data subject may, in the manner and within
the limits provided by the legislation in force, exercise the following rights:
•
To request confirmation of the existence of
personal data concerning him/her (right of access of the data subject - Art. 15
of Regulation 679/2016), to know their origin and to receive intelligible
communication of them
•
Having information on the logic, methods and
purposes of processing
•
Request the updating, rectification,
integration, deletion, transformation into anonymous form or blocking of data
processed in breach of the law, including data no longer necessary for the
purposes for which they were collected (right of rectification and deletion -
Articles 16 and 17 of Regulation 679/2016)
•
Right to restrict and/or object to the
processing of data concerning him/her (Art. 18 of Regulation 679/2016)
•
Right to withdraw consent to processing
•
Right to data portability (Art. 20 of Regulation
679/2016)
•
In cases of consent-based processing, receiving
one's own data provided to the controller, in structured, machine-readable form
and in a format commonly used by an electronic device
•
The right to lodge a complaint with the
Supervisory Authority (data subject's right of access - Article 15 of
Regulation 679/2016).
We remind you that at any time you may exercise your rights
under Articles 15 et seq. of EU Regulation 2016/679, modify your data or update
your consent by writing to Hotel Opco srl Piazza Eleonora Duse 2 - 20122 Milano
(MI) or by sending an email to belstaygroup@belstayhotels.it or PEC
bcopcosrl@legalmail.it . The data controller is Hotel Opco srl, P.IVA
11285190960 Tel. +393351379432 E-mail belstaygroup@belstayhotels.it.
The Controller may make changes and/or additions to this
policy, also as a consequence of any subsequent regulatory changes to the
Privacy Regulations. Changes will in any case be notified in advance and may be
made available on the Controller's communication channels.
Dear data subject
Hotel Opco srl hereby informs you that all personal data supplied and acquired
during the registration and provision of the requested service will be
processed in a pertinent and transparent manner and in compliance with the
principles of lawfulness, transparency and correctness.
European and national privacy legislation provides as a
fundamental right the protection of individuals with regard to the processing
of their personal data, as well as the free movement of such data.
We therefore inform you of the following.
Data collected for the marketing purposes described below
will be processed with explicit consent.
Failure to consent to the processing of data for marketing
purposes will in no way affect the use of the services requested nor will it
affect existing contractual relations.
"OWNER"
The "RESTAURER", Hotel Opco srl, e-mailbelstaygroup@belstayhotels.it
is the sole "OWNER".
PLATEFORM SRL, email amministrazione@plateform.app,
hereinafter referred to as "SERVICE PROVIDER", is the
"PROCESSOR" insofar as it carries out processing in the interest of
and on behalf of the "RESTAURANT".
The "SERVICE PROVIDER" has developed and is the owner of hardware and
software that serve the operation of a booking and marketing platform for the
catering industry.
The "SERVICE PROVIDER" is also the owner of the duly filed and
registered trademark "PLATEFORM"[1].
The term "PLATEFORM" hereinafter refers to the platform and the
services it offers.
The "RESTAURER" is the sole "OWNER", since the
"SERVICE PROVIDER" only carries out processing in the interest of and
on behalf of the "RESTAURER".
The "RESTAURER" is the "PERSON RESPONSIBLE FOR THE
PROCESSING" only with reference to the processing it carries out directly.
The "SERVICE PROVIDER" has no interest in the personal data.
The "RETAILER" has an interest in the personal data.
When the contractual relationship between the "SUPPLIER OF SERVICES"
and the "RESTAURER" ends, the "SUPPLIER OF SERVICES"
retains only "ANONYMIZED" data that do not refer to the natural
person (simple anonymous statistical data), while the "RESTAURER"
reserves the right to retain all data, but must provide "data subject"
with a new information notice, which must show that the "SUPPLIER OF
SERVICES" no longer plays any role.
The burden of providing new information lies exclusively with the
"SUPPLIER OF SERVICES". The "SERVICE PROVIDER" has no way
of knowing whether or not the new information notice has been sent "TO THE
DATA SUBJECT" and cannot therefore be held liable in any way for failure
to send it.
SOURCE OF PERSONAL DATA AND LEGAL BASIS
Data are collected directly from the data subject through:
a) online form,
from the "RESTAURANT'S" website or from "PLATEFORM";
b) table reservation from "PLATEFORM", directly or by means of
website links on the "RESTAURANT'S" website, on other platforms (e.g.
Facebook), or from apps installed on "data subject" devices.
The legal basis for
marketing is always free, specific, informed and unequivocal consent.
PURPOSES AND
METHODS OF DATA PROCESSING
Hotel Opco may
process your data only with your free, specific, informed and unambiguous
consent for the following optional purposes:
a) receive free gifts, freebies
- The data required are: name, surname, email and/or mobile phone.
- The source is "data subject".
- The purpose is to enable "data subject" to receive freebies.
- The legal basis is consent. Without consent, the service cannot be
accessed.
- The duration of the processing is 12 months.
- It is in any case always possible to unsubscribe.
The processing involves 'DIRECT MARKETING', with autonomous
and express consent.
- The legal basis is consent.
- The duration of the processing is 12 months.
- It is in any case always possible to cancel.
- Without consent for both types of processing, you will not receive the free
gift.
b) Promotional and marketing purposes (sending of courtesy
communications and/or informative material, sending of newsletters with
advertising material on services, commercial, advertising and promotional
initiatives)
- The data requested are: name, surname, email, mobile phone.
- The source is "data subject".
- The purpose is to allow "data subject" to receive, by automated
contact and traditional means, communications of events and anything else.
- The legal basis is consent.
- The duration of the processing is 24 months.
- It is in any case always possible to cancel.
- The legal basis is consent, except in the case of
so-called Soft-Spam, processing which finds its legal basis in legitimate
interest.
The possibility of soft-spam is subject to the following
requirements:
1) the user is already a customer;
2) only on e-mail
3) only with e-mail already indicated in the context of the service or product
rendered;
4) only for direct sales of products and/or services
5) for similar products or services
6) provided that there has been no refusal to receive promotional
communications
7) with the possibility to simply object.
c) Profiled
marketing purposes (sending promotional messages and/or customised
commercial initiatives offered in line with your interests and the services you
use at the restaurant)
PROFILING' consists of enabling the 'DATA CONTROLLER', by
means of algorithms, to carry out an automated analysis that assesses personal
aspects concerning a natural person, in particular with a view to analysing or
predicting aspects concerning purchases, preferences or personal interests or
behaviour 'OF THE DATA SUBJECT'.
It is therefore an automated analysis of preferences,
habits, either directly expressed or inferred, which allows us to learn more
about "data subject’s" preferences, also in order to send him/her, by
automated contact and traditional means, communications relating to information
and/or promotional and commercial services/products that are more suitable for
the data subject, who will therefore also be subject to an automated
decision-making process.
"PLATEFORM"
does not provide for any automated processing of personal data
- The legal basis is consent.
- The duration of the processing is 24 months.
- It is in any case always possible to unsubscribe.
THIRD-PARTY PROVIDERS THAT PROCESS PERSONAL DATA OF THE CUSTOMER/END USER
("DATA SUBJECT")
" THE DATA SUBJECT " may indicate,
requested or unsolicited, data belonging to "THIRD-PARTY SUBJECTS".
With regard to such data, "THE DATA SUBJECT" assumes all
responsibilities, guaranteeing in particular that it has acquired the data in
full compliance with the relevant regulations in force and that it has
consented to the processing thereof, and providing ample indemnity against any
dispute, claim, request for damages.
"PLATEFORM" provides the possibility to be integrated with software
of "THIRD-PARTY SERVICE PROVIDERS" (as is the case, for example, with
some cash management software), provided that they offer suitable data
confidentiality guarantees, it being understood that the responsibilities of
"PLATEFORM" and of the "THIRD-PARTY SERVICE PROVIDERS"
remain distinct and independent.
RETENTION PERIOD
After the specified retention periods have elapsed, the data
will be deleted or anonymised, subject to technical deletion and backup
procedures
The 'SERVICE PROVIDER' only stores consumption data and only
in 'ANONYMIZED' form. Therefore, it does not need to request consent and can
store this data indefinitely, since it is not personal data and it is no longer
possible to retrieve the key to link this data with the data subject.
COMMUNICATION AND DISSEMINATION OF DATA
All data collected and processed may be disclosed
exclusively for the purposes and in the manner specified above to the
categories listed below:
•
Internal and external staff that the restaurant
uses to perform services (Restaurant Managers, F&B Managers, Marketing
Staff and persons authorised by the Owner)
•
External professionals providing assistance
and/or consultancy to the Controller and acting as data controllers (e.g. technology
and IT services)
Your data will not be otherwise disclosed, sold free of
charge and/or against payment or shared with third parties and will be used
solely and exclusively for the above-mentioned purposes.
Apart from the cases listed above, your data may not be
disclosed to partners, consultancy companies, private companies.
DATA TRANSFER ABROAD
The collected data will not be transferred to third countries.
Currently, "PLATEFORM" stores data on servers located in countries
within the European Union.
If, in the future, servers are used in countries outside the European Union,
servers will be chosen that guarantee adequate security measures (e.g. USA -
Privacy Shield).
NAVIGATION DATA, COOKIES AND OTHER TECHNOLOGIES
"PLATEFORM" does not issue cookies.
RIGHTS OF THE DATA SUBJECT
Pursuant to European Regulation 679/2016 (GDPR) and the
national legislation in force, the data subject may, in the manner and within
the limits provided for by the legislation in force, exercise the following
rights:
•
Request confirmation of the existence of
personal data concerning him/her (right of access of the data subject - Art. 15
of Regulation 679/2016), know their origin and receive intelligible
communication of them
•
Having information on the logic, methods and
purposes of processing
•
Request the updating, rectification,
integration, deletion, transformation into anonymous form or blocking of data
processed in breach of the law, including data no longer necessary for the
purposes for which they were collected (right of rectification and deletion -
Articles 16 and 17 of Regulation 679/2016)
•
Right to restrict and/or object to the
processing of data concerning him/her (Art. 18 of Regulation 679/2016)
•
Right to withdraw consent to processing
•
Right to data portability (Art. 20 of Regulation
679/2016)
•
In cases of consent-based processing, receiving
one's own data provided to the controller, in structured, machine-readable form
and in a format commonly used by an electronic device
•
The right to lodge a complaint with the
Supervisory Authority (data subject's right of access - Article 15 of
Regulation 679/2016).
We remind you that at any time you may exercise your rights
under Articles 15 et seq. of EU Regulation 2016/679, modify your data or update
your consent by writing to Hotel Opco srl Piazza Eleonora Duse 2 - 20122 Milano
(MI) or by sending an email to belstaygroup@belstayhotels.it or PEC
bcopcosrl@legalmail.it . The data controller is Hotel Opco srl, P.IVA
11285190960 Tel. +393351379432 E-mail belstaygroup@belstayhotels.it.
The Controller may make changes and/or additions to this
policy, also as a consequence of any subsequent regulatory changes to the
Privacy Regulations. Changes will in any case be notified in advance and may be
made available on the Controller's communication channels.