Privacy Policy
PERSONAL DATA POLICY
Pursuant to Section 13 of the EU Legislative Decrees 2016/679 and 196/03 and all successive changes.
This policy regards the personal data collection made by Madeep SRL – C.F. e P.IVA 03790970168 , Via G.Pezzana, 21A – 42124 - Reggio Emilia (RE) (from here on called “the Controller”) on this web site. Personal information and data may be collected during consultation of our web pages and through voluntary compilation of forms present on it. On this site, cookies or similar technologies are used, for which you are advised to see the specific policy. The collected data will be used only to respond to your requests.
The data given by you (from here on called “the Subject”) will be handled with full respect for the EU Legislative Decrees 2016/679 and 196/03 and will be used only to respond to your requests and may be communicated to third parties only when necessary for this purpose. The data spontaneously supplied by the Subject, when filling in the “CONTACT” form on the present web site, shall be used exclusively to fulfil your requests and shall not be used for other purposes, not even successively to your request. Only if the Subject applies for the “NEWSLETTER” service, the Hotel may send to the contacts, indicated by the Subject, informational and promotional material.
The use of the data by the personnel hired by the Controller will be done with procedures and information technology instruments suitable to protect the privacy and security of the Subject’s data and consists of their gathering, registration, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, diffusion, cancellation, destruction including any combination of the above-named activities. The data will be held for the amount of time strictly necessary to supply the requested services and will be, in any case, eliminated upon request by the Subject, except for further obligation for the conservation foreseen by law. Regarding the newsletter service, the data will be conserved for a period of 2 years (according to the Personal Data Protection Code of 24 February 2005), respecting the possibility of the Subject to cancel his data at any time. In the realm of his activity and for the above-mentioned finalities the Controller can use services from third parties who work for the Controller and according to his instructions, are responsible for their use. This means suppliers, commercial and productive partners, intermediaries, consultants, technicians and doctors and other similar parties who collaborate with our organization to complete contractual duties taken up with you; and parties who supply services strictly and necessarily related to the Controller’s activity such as tax consultants, banks, shippers, insurance companies, private and public institutions, also relating to inspections or verifications; and parties that can access the data according to law. The Subject can ask for a complete up-to-date list of the parties named, responsible for use of data, by applying to the contact indicated below. The data can also be communicated to all parties authorized by law for access (for example: sanitary service companies, financial administrations, etc.) The data can be transferred inside the European Union, where the Controller or his suppliers and collaborators have their headquarters or their own servers. The data can also be transferred outside the European Union. The Subject’s data will not be diffused.
THE SUBJECT’S RIGHTS:
- Right to access (art. 15 GDPR). The Subject’s right to have access to their own personal data and to submit a complaint to the controlling authority;
- Right to rectification (art. 16 GDPR). The Subject shall have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him or her;
- Right to erasure (right to be forgotten) (art. 17 GDPR). The Subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay;
- Right to restriction of processing (art. 18 GDPR). The Subject shall have the right to obtain from the controller restriction of processing;
- Notification obligation (art. 19 GDPR). The Data Controller shall communicate to each party receiving personal data, eventual rectifications or erasures of personal data or restriction of processing carried out in accordance with Article 16, Article 17 and Article 18;
- Right to data portability (art. 20 GDPR). The Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller and shall have the right to transmit those data to another controller without hindrance from the Controller;
- Right to object (art. 21 GDPR). The Subject shall have the right to object to processing of his personal data;
- Profiling (art. 22 GDPR). The Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling or which significantly affects him or her.
To contact and obtain your rights apply to:
Sig. Matteo Scotti
info@madeep.com
Policy revised 21/09/2022