Privacy Newsletter

INFORMATION
ARTS. 13 AND 14 OF REGULATION (EU) 2016/679

Data Subjects: Website visitors, service users, and newsletter subscribers

“HOTEL SPORTING S.R.L.”, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter ‘GDPR’, hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency, and the protection of your privacy and rights. To fulfill its purposes related to the management of the relationship, the Data Controller needs to collect personal data, such as, by way of example, name and surname, telephone or mobile number, email address, tax code. Your personal data will be processed in accordance with the legislative provisions of the aforementioned regulation and the confidentiality obligations provided therein.

Purpose of processing: Service provision:
Your data will be processed in order to respond to any requests that may be received through the completion forms and forms available on the website, or through requests received via email.
Legal basis: The legal basis for the processing is contractual in nature insofar as data processing is carried out following a request for information and the subsequent response.

Optional purposes:
Marketing – newsletter subscription service: in particular, your data will be processed, with your free consent, for the receipt of newsletters by entering your email address in the appropriate text box indicating newsletter subscription, or by selecting/checking the appropriate box indicating “subscribe to the newsletter” in a form.

Legal basis: The legal basis for processing is the data subject's consent.

Consequences of refusal of optional purposes: Providing your data for the above-mentioned purposes is optional, and refusal to consent to the processing does not affect the continuation of the relationship or the adequacy of the processing itself.

Consequences of non-disclosure: The processing of data necessary to fulfill these obligations is essential for the proper management of the relationship, and providing such data is mandatory to achieve the purposes outlined above.
The Data Controller also informs you that failure to provide, or incorrect provision of, mandatory information may prevent the Controller from ensuring the appropriateness of the processing.

Processing methods: Processing is carried out using manual and/or IT and telematic tools, in a manner that guarantees the security, integrity, and confidentiality of the data, in compliance with the physical and logical organizational measures provided by current regulations, in order to minimize the risks of destruction or loss, unauthorized access, alteration, and unauthorized disclosure in accordance with Articles 5 and 32 of the GDPR.

Recipients: For the performance of certain activities or to support the operation and organization of the activity, some data may be made known to or communicated to recipients. These recipients include:
Third parties (communication to: natural or legal persons, public authorities, services or other entities other than the data subject, the controller, the processor, and persons authorized to process data), including:
• Companies managing traditional or IT postal services
• Any other parties whose data communication is necessary to achieve the above-mentioned purposes.
Data Processors (a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller)
• Providers of IT, web, or other services necessary to achieve the purposes necessary for managing the relationship.
Within the company, your data will only be processed by staff specifically authorized by the Controller, subject to confidentiality agreements, and in particular by the following categories of employees:
• Administration;
• Other staff whose processing is necessary for the correct execution of the relationship;

Disclosure: Your personal data will not be disclosed in any way.

Transfer of data to third countries: The controller does not transfer personal data to non-EU countries. Should it become necessary, the data subjects will be informed in advance, and appropriate safeguards will be adopted for the transfer to the recipients, which may include: verifying the existence of adequacy decisions for the recipient country by the Commission, signing standard contractual clauses, verifying the adoption of any additional measures following Recommendation 01/2020 EDPB. By way of derogation from such guarantees, for data processing operations (pursuant to Article 49 of the GDPR), where applicable, it will be verified whether there is a contract or pre-contractual measures in favor of the data subject or the data subject's consent to the transfer.

Data retention period: Please note that, in accordance with the principles of lawfulness, purpose limitation, and data minimization, under Article 5 of the GDPR, the retention period of your personal data is established for no longer than is necessary for the purposes for which the data are collected and processed. In the event a contract is signed, this period may end upon expiration or withdrawal from the contract. The same data may be retained, where applicable, for an additional period for the management of any disputes, with the legal basis for such retention being the legitimate interest of the data controller. The retention period for data processing for marketing purposes is consistent with the purposes pursued by the data controller and, in any case, does not exceed 3 years from the last contact or response received.

Data Controller: The data controller, pursuant to the regulation, is “HOTEL SPORTING S.R.L.”, with registered and operational office at Viale Amerigo Vespucci, 20 – 47921 Rimini (RN), VAT no.: 03472560402, Tel: 0541 55391, represented by its legal representative pro tempore. You may request further information regarding the data provided by sending an email to: info@hotelsportingrimini.com or by fax to 0541 55455.

The Data Protection Officer (“DPO”) is Studio Paci & C. Srl (Contact: Dr. Gloriamaria Paci), reachable at the following address: dpo@studiopaciecsrl.it phone: 0541 1795431, and PEC: studiopaciecsrl@pec.it.

Reg. EU 2016/679: Arts. 15, 16, 17, 18, 19, 20, 21, 22, 23 - Data Subject Rights

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and communication of such data in an intelligible form.

2. The data subject has the right to be informed of:
   a. the source of the personal data;
   b. the purposes and methods of processing;
   c. the logic applied if the processing is carried out with the aid of electronic instruments;
   d. the identification details of the controller, processors, and designated representative pursuant to Article 5(2);
   e. the entities or categories of entities to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the State, data processors, or persons in charge.

3. The data subject has the right to obtain:
   a. the updating, rectification, or, where interested, the integration of data;
   b. the erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
   c. certification that the operations as per letters a) and b) have been notified, also regarding their content, to those to whom the data were communicated or disclosed, unless this proves impossible or involves a manifestly disproportionate effort compared to the right being protected;
   d. data portability.

4. The data subject has the right to object, in whole or in part:
   a. on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;
   b. to the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.

Complaint: Data subjects, if the prerequisites are met, also have the right to lodge a complaint with the Supervisory Authority according to the procedures provided. For any further information, and to exercise the rights granted to you by the European Regulation, you may contact the data controller using the contact details provided above.

Consent
Consent acquisition clause

Your consent for receiving the newsletter will be recorded (IP address, email, date and time) by ticking the box located below the email input field or by checking/clicking the relevant checkbox and simultaneously pressing the “submit” / “ok” button. This consent will be stored to prove its granting and to allow you to unsubscribe at any time, as well as to exercise all the rights listed above.