Information pursuant to art. 13 of the European Regulation n. 679/2016 (GDPR)
With reference to Legislative Decree no.196 / 2003 (Code regarding the protection of Personal Data) and pursuant to articles 13 and 14 EU Regulation GDPR n.679 / 2016, Mom’s House di Laura Miotto, Via dei Salesiani, 132 – 55045 Pietrasanta (Lucca) – Partita IVA 00801810960
as “Data Controller”, intends to process the personal data provided, exclusively for the execution of contractual or legal obligations deriving from the commercial relationships between us and addressed to those who interact with the web services accessible via telematics starting from the address:
The information is provided only for the aforementioned site and not for other websites that may be consulted by the user via links and complies with Recommendation no. 2/2001 relating to the minimum requirements for online data collection in the European Union, adopted on 17 May 2001 by the Article 29 Working Group.
Those responsible for the treatment
Pursuant to art. 28 of the GDPR 2016/679
The data processor for the management, maintenance and supervision of the website is: The data controller
Place of data processing
The treatments connected to the web services of this site take place at the headquarters of the owner and the data processors. No data deriving from the web service is communicated to third parties or disseminated.
Type of data processed
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not currently persist for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
Personal data are processed with automated tools for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
Purpose, legal basis and nature of the provision
In this regard, we inform you that the processing of personal data will take place for institutional purposes, connected or instrumental to the activity of our Company, and, therefore, for:
to execute the hotel reception service, and consequent operations, or to one or more contractually agreed operations;
fulfill legal obligations of a physical, accounting and administrative nature; for management purposes (billing, possible document management, etc.);
fulfill operational and management needs internal to the Data Controller and inherent to the service provided; as well as, subject to the acquisition of your free, specific and distinct consent;
exercise the rights of the Data Controller, for example the right to defense in court;
process the data of your child / minor children over whom he exercises parental authority in order to be able to carry out the booking and registration service at the hotel.
In a variety of ways, for example to provide and personalize the services that you request and expect from the Data Controller, in the case of booking a hotel stay, to offer the level of hospitality expected in the room and as described in greater detail below :
to execute (with your written consent) hotel services such as the external communication of data relating to your stay for the exclusive purpose of allowing the function of receiving objects, messages and telephone calls addressed to you.
Type of personal data we process
The term “personal data” contained in this Regulation refers to information that identifies you or is capable of identifying you as an individual. The specific type of information collected will depend on the context of the user’s interactions with the Data Controller and the services used. The types of data we may process (which may vary depending on the applicable laws in a jurisdiction) include:
name, gender, address and telephone number of your home and workplace, job title, date and place of birth, image, nationality, passport and visa information;
information relating to the guest’s stay, date of arrival and departure, goods and services used, formulation of special requests, comments on preferences in services (including
preferences relating to type of room and holiday);
payment information (including credit card numbers, billing addresses and bank account information);
any information necessary for the fulfillment of special requests (for example, health conditions which require specific accommodation or services);
copies of correspondence with the user if he contacts us;
contacts and any relevant details relating to company employees and salespeople, as well as other individuals we work with (e.g. travel agents, event and meeting planners); is
in limited cases, information relating to the credit situation of customers;
information related to the use and user interaction with our website.
Methods of data processing
The processing of personal data will take place using paper, computer or telematic tools and with adequate security measures to guarantee the security and confidentiality of your personal data.
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, blocking.
Your personal data are subjected to both paper and electronic and / or automated processing (in any case suitable for guaranteeing the security and confidentiality of the data).
Data retention times
To the extent permitted by applicable law, we will retain your personal information for the period necessary to meet or comply with the following:
the purposes for which the user’s personal information was provided,
an identifiable and continuous work need, including for accounting and documentation purposes,
a specific legal or regulatory requirement, and / or
a record retention requirement that may be relevant to notified regulatory investigations or active legal proceedings.
If there is not sufficient justification for retention, personal information will be deleted, destroyed, anonymized and / or securely blocked.
Legal basis of the processing
Legal basis: EU Regulation no. 679/2016
196/2003 (Code regarding the protection of Personal Data)
We reserve the right to disclose any personal data relating to you in the event that we were enjoined by a judicial authority or should we receive a legitimate request from a government entity, or if we believe it is necessary or desirable to comply with the law or protect or defend our rights or property.
We also reserve the right to retain stored personal data and to process them in order to comply with accounting and tax rules and regulations, as well as data retention.
Revocation of consent
With reference to Article 23 of Legislative Decree 196/2003 and to art. 6 of the GDPR 679/16, the interested party can revoke the consent at any time.
Rights of interested parties
With reference to Article 7 of Legislative Decree 196/2003 and to art. 15 “right of access”, art. 16 “right of rectification”, art. 17 “right to cancellation”, art. 18 “right to limitation of treatment”, art. 20 “right to portability”, Article 21 “right to object to the automated decision-making process of the GDPR 679/2016, the interested party exercises his rights by writing to the Data Controller at the address shown at the beginning of the Policy or by email firstname.lastname@example.org
The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: – the purposes of the treatment;
– the categories of personal data in question;
– the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
– when possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
– the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
– the right to lodge a complaint with a supervisory authority;
– if the data are not collected from the interested party, all available information on their origin;
– the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 relating to the transfer.
The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
The right to obtain a copy referred to in paragraph 3 must not affect the rights and freedoms of others.
The Data Controller does not intentionally collect personally identifiable information from persons under the age of 18 from its websites. The Data Controller may collect personally identifiable information from persons under the age of 18 as part of the guest registration process, but always with the consent of the child’s parent or legal guardian.
How secure is user information?
We take reasonable administrative, organizational and technical safeguards and security measures to protect the personal information under our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, abuse or damage. We regularly review and monitor these safeguards and security measures.
UPDATE AND REVIEW