PRIVACY POLICY

PRIVACY POLICY
INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

Data subjects: users who visit the website www.hotelsportingrimini.com of “HOTEL SPORTING S.R.L.”

WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation" or "GDPR"), this page describes the methods of processing the personal data of users who consult the website of “HOTEL SPORTING S.R.L.”, accessible electronically at the following address: www.hotelsportingrimini.com.

This information does not apply to other websites, pages or online services that can be reached through hyperlinks published on this site but refer to resources outside the www.hotelsportingrimini.com domain.

DATA CONTROLLER
Following consultation of the site, data relating to identified or identifiable natural persons may be processed. The data controller is “HOTEL SPORTING S.R.L.”, with registered office and operations at Viale Amerigo Vespucci, 20 – 47921 Rimini (RN), VAT: 03472560402, e-mail info@hotelsportingrimini.com, tel. +39 0541 55 391.

DATA PROTECTION OFFICER
The Data Protection Officer (DPO) is Studio Paci & C. Srl (Representative: Dr. Gloriamaria Paci), who can be contacted at: dpo@studiopaciecsrl.it, tel. +39 0541 1795431, PEC: studiopaciecsrl@pec.it

TYPES OF DATA PROCESSED, PURPOSES OF PROCESSING AND LEGAL BASIS

1) Browsing data
Legal basis: “data processing necessary for browsing the website” – contractual obligation – Art. 6(1)(b) GDPR
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the response status from the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment.
These data, necessary for browsing the site and for using the information contained therein, are also processed by the controller for the purpose of:
− obtaining aggregate and anonymous statistical information on the use of the site (most visited pages, number of visitors by time slot or daily, geographic areas of origin of users, etc.);
− checking the correct functioning of the services offered;
− preventing or combating any possible IT offenses or fraudulent use of the functionalities available on the site, including for the purpose of reconstructing security incidents and ensuring traceability.
Data retention period:
Browsing data will be stored, in compliance with the principles of lawfulness, purpose limitation, and data minimization (Art. 5 GDPR), for a period no longer than necessary to achieve the technical purposes described above, unless needed to ascertain crimes by the Judicial Authority.

2) Data provided by the user
Legal basis: “data processing necessary to respond to user requests” – contractual obligation – Art. 6(1)(b) GDPR
The voluntary, explicit and optional sending of messages to the contact addresses of “HOTEL SPORTING S.R.L.”, private messages sent by users to institutional profiles/pages on social media (where this is possible), as well as the filling out and submission of forms on the website of “HOTEL SPORTING S.R.L.”, entail the acquisition of the sender’s contact details, necessary to respond, as well as all personal data included in the communications.
Specific information is published on pages prepared for the provision of specific services. Where necessary, user consent is collected, informing them about the purposes and the optional nature of providing the data.
Data retention period:
User-provided data are retained for the time necessary to manage each request. Subsequent retention for statistical purposes involves the anonymization of such data (unless necessary to ascertain crimes by the Judicial Authority).

3) Identification via Social Media
Legal basis: “execution of contractual or pre-contractual measures taken at the request of the data subject” – Art. 6(1)(b) GDPR
You may use your social media profiles, such as Facebook or Google, to verify your identity for the purpose of online room booking. We will access only the information you have authorized from your social profile, such as: profile ID, name, surname, email address, and phone number. Other available information will not be used.

4) Newsletter
Legal basis: “data subject’s consent” – Art. 6(1)(a) GDPR
Data necessary for managing the newsletter, following explicit user consent, are processed as described in the specific privacy policy available through the newsletter form. Consent may be withdrawn at any time via the unsubscribe link in every email or by writing to info@hotelsportingrimini.com

5) Cookies and other tracking technologies
Use is made of:
a) technical cookies necessary for user navigation, enabling correct use of the site and its content.
Legal basis: “contract, as they are functional and necessary.”
b) analytical cookies used to process aggregate statistical analysis on the use and interaction with the site.
Subject to user consent.
Legal basis: “consent.”
c) profiling cookies that collect information about user preferences during navigation, to create profiles for marketing and advertising campaigns.
Legal basis: “consent.”
Information on data processing, purposes, duration and full cookie management, including consent and withdrawal, is available in the “Cookie Settings” document also available in the site footer.

6) Social Media Policy: Information on personal data processing via Social Media platforms
For data processing activities by Social Media platform providers, please refer to their respective privacy policies.
The Data Controller processes personal data shared by users through dedicated Social Media pages, for corporate promotion and advertising purposes, and to manage interactions (comments, public posts, messages, shares, etc.), in compliance with current data protection laws and this privacy policy. Where necessary, user consent is collected, informing them of the purposes and optional nature of providing data.
Personal or “sensitive” data included in comments or public posts on social media may be removed.

The platforms used are:
• Facebook: https://www.facebook.com/HotelSportingRimini/
• Instagram: https://www.instagram.com/hotel_sporting_rimini/

RECIPIENTS OF THE DATA
Recipients of data collected as a result of consultation of the services listed above include subjects appointed by the Controller pursuant to Article 28 of the Regulation as data processors, as well as other digital service providers (e.g. web agencies, IT system support, digital communication providers). A full list is available upon request by writing to info@hotelsportingrimini.com
Some data may be transmitted to, or acquired by, third parties acting as independent data controllers, particularly with respect to cookies, which are typically anonymized for statistical purposes.
If a transfer to non-EU countries is envisaged, the safeguards adopted will be described in section 6 of this document.
Personal data are also processed by “HOTEL SPORTING S.R.L.” personnel, based on specific instructions on the purposes and methods of processing.

DATA PROCESSING SECURITY
Personal data transmitted and stored for the time necessary to achieve the declared purposes are protected by specific technical and organizational security measures, in compliance with Art. 32 of the Regulation, to ensure, on a permanent basis, the confidentiality, integrity, availability, and ability to quickly restore access to personal data in case of a physical or technical incident, including the risk of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data.

TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
The Controller does not transfer personal data to non-EU countries. However, by consenting to analytical and/or profiling cookies, your data may be transferred to the USA, a country which currently does not provide adequate guarantees for your data. Google has declared the implementation of supplementary security measures that the Controller has assessed as sufficient.

RIGHTS OF DATA SUBJECTS
Data subjects have the right to obtain from “HOTEL SPORTING S.R.L.”, where applicable, access to their personal data, rectification, erasure, restriction of processing, data portability, and the right to object to processing or to withdraw consent (where this is the legal basis), pursuant to Articles 15–22 of the Regulation.
Requests may be submitted to: “HOTEL SPORTING S.R.L.”, Viale Amerigo Vespucci, 22 – 47921 Rimini (RN), or to the Data Protection Officer: Studio Paci & C. Srl (Dr. Gloriamaria Paci) at dpo@studiopaciecsrl.it, tel. +39 0541 1795431.
A template for exercising these rights is available on the Italian Data Protection Authority website at this link:
https://www.garanteprivacy.it/web/guest/home/docweb/-/docwebdisplay/docweb/9038275

RIGHT TO LODGE A COMPLAINT
Data subjects who believe that the processing of their personal data via this site violates the Regulation have the right to lodge a complaint with the Italian Data Protection Authority, as provided by Article 77 of the Regulation, or to seek judicial redress (Article 79 of the Regulation).
The complaint form is available at this link:
https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524