Privacy Policy 

Ognissanti Hotels

PRIVACY POLICY


**WHY THIS INFORMATION**


Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation"), this page describes the methods of processing the personal data of users who consult the following websites:

- hotelvillabetania.it

- hotelarcadiaflorence.com

- residenzaognissanti.com

- anticaportafirenze.com

- ognissantihotels.com

- hotellombardiafirenze.com

- palazzinafusi.com


This information does not concern other sites, pages, or online services reachable via hyperlinks published on these sites but refer to resources outside the respective domains.


**DATA CONTROLLER**


Following consultation of the above-listed sites, data relating to identified or identifiable natural persons may be processed. The Data Controller is Ognissanti Srl, with registered office in Via Benedetto Varchi, 34 - 50132, Florence. Contact email of the Data Controller: riccardo@ognissantihotels.com.


**DATA PROTECTION OFFICER**


Ognissanti Srl does not require the appointment of a Data Protection Officer pursuant to Article 37 of Regulation (EU) 679/2016.


**PURPOSES, LEGAL BASIS, AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING**


- **a)** Purposes related to the execution of a contract to which the data subject is a party (e.g., purchase of services) or to the execution of pre-contractual measures taken at the request of the data subject (e.g., contact request via messages sent to the contact addresses provided on this website, etc.).

- **b)** Purposes of statistical analysis on anonymous data, without the possibility of identifying the user, aimed at measuring the performance of the site, measuring traffic, and evaluating usability and interest.

- **c)** Purposes related to compliance with a legal obligation to which Ognissanti Srl is subject.

- **d)** Purposes necessary to establish, exercise, or defend a right in judicial proceedings or whenever judicial authorities exercise their judicial functions.

- **e)** Sending commercial communications.


The legal basis for processing personal data for the purposes referred to in point **a)** is the service provision contract or the execution of pre-contractual measures. Processing personal data by the Data Controller for the purpose referred to in point **a)** does not require the consent of the data subject under applicable law. The purpose referred to in point **b)** does not involve the processing of personal data. The processing aimed at achieving the purposes referred to in points **c)** and **d)** represents a legitimate activity as it is necessary to comply with legal obligations to which the Data Controller is subject or to exercise rights of defense in court. For the purpose referred to in point **e)**, the Data Controller bases the processing on the consent of the data subject.


Except for navigation data, necessary to implement computer and telecommunication protocols, providing data by users through the various means made available is free and optional. Specifically, regarding the purpose referred to in point **a)**, providing personal data is optional, but failure to provide it may make it impossible to provide the service and/or respond to requests. Regarding the purpose referred to in point **e)**, providing personal data is optional; however, in the absence of the required data and/or consent from the data subject, they will not receive our newsletter.


**TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING**


- **Navigation data**: The computer systems and software procedures used to operate these websites acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the user's operating system and computer environment. These data, necessary for the use of web services, are also processed to:

  - obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);

  - check the correct functioning of the services offered.

  

  Navigation data do not persist for more than seven days and are deleted immediately after their aggregation (except for any need to ascertain crimes by the judicial authorities).


- **Data provided by the user**: The optional, explicit, and voluntary sending of messages to the contact addresses of Ognissanti Srl, as well as the completion and submission of forms on the websites, entail the acquisition of the sender's contact data necessary to respond, as well as all personal data included in the communications. Specific information will be published on the pages of the websites prepared for the provision of certain services.


- **Cookies and other tracking systems**: Ognissanti Srl collects personal data through cookies. More information on the use of cookies and similar technologies is available at the link at the bottom of the respective websites ("Cookie Policy").


**METHODS OF PROCESSING PERSONAL DATA**


The collected data are processed using IT tools and, only residually, with paper-based methods. For data processing related to web services, the Data Controller uses servers located within the European territory and IT systems located at the Data Controller's premises. Their transfer abroad is not foreseen. Appropriate technical and organizational measures are adopted to ensure an adequate level of security and to prevent data loss, illicit or incorrect use, and unauthorized access.


Data provided directly by the data subject are retained for the time strictly necessary to fulfill the requests of the data subject and then deleted, except in cases of product purchases (where the data may be kept for the duration of the relationship and according to legal obligations), subscription to the newsletter service (where the data may be kept until consent is revoked), and for defensive needs (which may necessitate further retention). Navigation data do not persist for more than seven days and are deleted immediately after their aggregation, except for any need to ascertain crimes by the judicial authorities.


**DATA RECIPIENTS**


The data of the data subject may be known by the staff or collaborators of our company, expressly designated as "authorized for processing" and/or appointed as "external data processors". For example, but not limited to, the recipient of the data collected following the consultation of the above-listed websites is the provider of the web platform development and maintenance services appointed by Ognissanti Srl, pursuant to Article 28 of the Regulation, as the external data processor.


**RIGHTS OF DATA SUBJECTS**


Data subjects have the right to obtain from Ognissanti Srl, in the cases provided, access to their personal data and the rectification or erasure of the same or the restriction of processing concerning them or to object to the processing and the portability of data (Articles 15 et seq. of the Regulation). Requests should be addressed to laurent@ognissantihotels.com.


**RIGHT TO COMPLAIN**


Data subjects who believe that the processing of personal data relating to them carried out through these websites is in violation of the provisions of the Regulation have the right to lodge a complaint with the Garante, as provided for by Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).