PRIVACY

PRIVACY POLICY INFORMATION SHEET PURSUANT TO ART. 13 OF THE GENERAL DATA PROTECTION REGULATION (GDPR) (EU) NO. 679/2016

1. Foreword

For E.G.A. Emiliana Grandi Alberghi S.r.l. your privacy and the security of your personal data are particularly important, which is why we collect and treat them with the utmost care, attention, while adopting specific technical and structural measures to ensure full security of the processing.

In compliance with art. 13 of EU Regulation 2016/679 (hereinafter also referred to as “Regulation”), we hereby provide you with information regarding the processing of personal data provided by you as a User (hereinafter also referred to as “Interested” or “User”) of the site www.monrifhotels.it (hereinafter also referred to as just “Site”).

2. Definitions

Personal data: means any information concerning an identified or identifiable natural person (“interested party”); an identifiable natural person is considered to be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characteristic of his physical, physiological, genetic, mental, economic, cultural or social identity.
Treatment: means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
Special categories of personal data: we mean data that reveals racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or to the person's sexual orientation.
Data controller: we mean the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of the processing of personal data.
Data processor: we mean the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
Purposes of processing

E.G.A. Emiliana Grandi Alberghi S.r.l. collects personal data such as personal data such as name and surname, email, address, browsing data whose transmission is implicit in the use of Internet communication protocols (IP addresses, URI addresses, other parameters relating to the operating system and the user's computer environment).

In particular, these personal data are processed for the following purposes:

Finalità

Base Giuridica

A

Navigating the Site

The treatments carried out for these purposes are necessary for the fulfillment of contractual obligations, and do not require specific consent from the interested party.

B

Fulfilment of obligations established by laws, regulations, European legislation, or by provisions issued by the Authorities

The treatments carried out for these purposes are necessary for the fulfillment of legal obligations and to make the requested service/asset usable, and do not require specific consent from the interested party.

C

Sending commercial communications relating to promotions and/or other offers, in the interest of the Data Controller or other companies connected to the Data Controller.

The treatments carried out for these purposes are carried out with the specific consent provided by the user, with the exception of commercial communications relating to products and/or services similar to those already purchased and/or subscribed to by the user for which the processing is based on a legitimate interest of the Data Controller.

D

Carry out profiling activities, that is, the analysis and processing of customer information, your preferences, habits, consumption choices.

The treatments carried out for these purposes are carried out with the specific consent provided by the user, with the exception of an activity of analyzing basic information relating to your consumption preferences.

3. Communication of personal data to third parties

Your personal data are processed by staff of Ega Emiliana Grandi Alberghi S.r.l., specifically authorized pursuant to art. 4 paragraph 10 of the EU Regulation, who process data after specific instructions from the Data Controller.

Your personal data will also be transmitted to third parties that we use to provide our services;
these subjects have been adequately selected by us and offer a suitable guarantee of compliance with the rules on the processing of personal data. These subjects have been appointed as data processors pursuant to art. 28 of the EU Regulation, and are required to carry out their activities according to the specific instructions given by Ega Emiliana Grandi Alberghi S.r.l and under its control.

These third parties may belong to the following categories: financial operators; internet providers; companies specialized in IT services; couriers; companies that carry out marketing activities; companies specialized in market research and data processing. A specific and updated list of these subjects is available at the headquarters of the Data Controller, and can be consulted at the request of the interested party.

The data may be transmitted to third parties in the event of mergers, acquisitions, sale of a company or branch of business and other extraordinary transactions, as well as to anyone who is a legitimate recipient of communications required by law or regulation. For the pursuit of the processing purposes indicated above, your personal data may be communicated to other companies in the Group of which Ega Emiliana Grandi Alberghi S.r.l is part, which will process the data according to applicable privacy law and which are established within the European Union. It is understood that your personal data will not be disclosed to third parties so that they can use them for their own promotional purposes and will not be disclosed in any way.

Your data may also be transmitted to police forces and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, as well as to allow Ega Emiliana Grandi Alberghi S.r.l to exercise or protect its own right or that of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others.

The personal data you provide may be disclosed to third parties, including those appointed as Managers.

RESERVATION SYSTEM SECURITY
D-EDGE uses the credit cards provided at the time of booking in accordance with the PCI DSS (Payment Card Industry Data Security Standard) security protocol. All information sent to this site, if in an SSL session, is encrypted and protected against disclosure to third parties.

4. Transfer of personal data outside the EU

As a rule, personal data is not transferred to third countries outside the EU or to international organizations; some of the third parties referred to in paragraph 4 above, however, may be based in countries not belonging to the European Union.

In such cases, if these third parties do not offer an adequate level of data protection, as established by specific decisions of the European Commission, the transfer of your personal data will be carried out only with your consent or after conclusion between E.G.A. Emiliana Grandi Alberghi S.r.l. and said subjects of specific agreements, containing appropriate safeguards and guarantees for the protection of your personal data called “standard contractual clauses”, also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of a contract between you and E.G.A. Emiliana Grandi Alberghi S.r.l. or for the management of your requests.

5. Data Retention Period

We inform you that your data will be kept for a limited period of time, which varies depending on the type of processing activity and the specific purposes of the same, as exemplified below:

‍

data collected in the context of the use of services offered by E.G.A. Emiliana Grandi Alberghi S.r.l.: these data are kept until the termination of the service or the cancellation of the subscription to the service by the User;
data related to user requests to the Customer Service of E.G.A. Emiliana Grandi Alberghi S.r.l.: the data useful to assist you will be kept until your request is met;
we mean data that reveals racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health or sexual life or sexual orientation.data provided for commercial communications, opinion polls and market research: up to the user's request to interrupt the activity and in any case no later than 2 years from the last interaction of any kind of interested party with E.G.A. Emiliana Grandi Alberghi S.r.l.;
data provided for carrying out profiling activities: data relating to this type of activity will be kept for no more than 12 months.

At the end of these periods, your data will be permanently deleted or in any case irreversibly anonymized by E.G.A. Emiliana Grandi Alberghi S.r.l.

The data of the interested party will not be disclosed. The interested party has the right to request a complete and updated list of the subjects appointed as Data Processors by contacting the contact indicated below

2. Your rights

We inform you that you have the right to exercise the following rights in relation to the personal data covered by this information, as provided for and guaranteed by the Regulations:

Right of access and correction (articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, modified or integrated. If you wish, we will provide you with a copy of the data we hold about you.
Right to delete data (Art. 17 of the Regulation): in the cases provided for by current legislation, you can request the cancellation of your personal data. Once your request has been received and analyzed, it will be our responsibility to cease processing and delete your personal data, if found legitimate.
Right to restrict processing (Art. 18 of the Regulation): you have the right to request the limitation of the processing of your personal data in the event of unlawful processing or dispute of the accuracy of the personal data by the interested party.
Right to data portability (Art. 20 of the Regulation): you have the right to request to obtain, from the Data Controller, your personal data in order to transmit them to another Data Controller, in the cases provided for in the above-mentioned article.
Right to object (Art. 21 of the Regulation): you have the right to object at any time to the processing of your personal data carried out on the basis of our legitimate interest, explaining the reasons that justify your request; before accepting it, E.G.A. Emiliana Grandi Alberghi S.r.l. must evaluate the reasons for your request.
Right to lodge a complaint (Art. 77 of the Regulation): you have the right to lodge a complaint with the competent Authority for the protection of Personal Data if you believe that a violation of your rights has occurred, or is in progress, with regard to the processing of your personal data.

We inform you that you have the right to exercise the following rights in relation to the personal data covered by this information, as provided for and guaranteed by the Regulations:

Further information about the rights of the interested party may be obtained by asking the Data Controller for a full extract of the articles mentioned above.

7. Security measures

We are committed to protecting your personal data with specific technological and organizational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently.

We proceed to regularly test, verify and evaluate the effectiveness of security measures, in order to ensure continuous improvement in the safety of treatments.

8. Changes to this policy

‍The constant evolution of our services may entail changes in the characteristics of the processing of your personal data described so far. This privacy statement may undergo changes and additions over time, as necessary due to new regulatory interventions in the field of personal data protection, or the evolution/modification of our services.

We therefore invite you to periodically check the contents of our information: where possible, we will try to promptly inform you about the changes made and their consequences.

The updated version of the privacy policy, in any case, will be published on the page www.monrifhotels.it with an indication of the date of its last update.

‍Cookie

DefinitionsCookies are short fragments of text (letters and/or numbers) that allow the web server to store on the client (the browsers) information to be reused during the same visit to the site (session cookies) or later, even after days (persistent cookies). Cookies are stored, based on the user's preferences, by the individual browsers on the specific device used (computer, tablet, smartphone). Similar technologies can be used to collect information on user behavior and on the use of services.

Later in this document, we will refer to cookies and all similar technologies by simply using the term 'cookies'.

‍Types of cookies
‍
Based on the characteristics and use of cookies, we can distinguish different categories:

Strictly necessary cookies. These cookies are essential for the proper functioning of our site and are used to manage login and access to restricted functions of the site, in general to speed up, improve or customize the level of service to users. The duration of cookies is either strictly limited to the work session (closed on browsers are deleted), or of a longer duration, in order to recognize the visitor's computer. Their deactivation may compromise the use of the services accessible from login, while theThe public part of the site remains normally usable. (articles 15 and 16 of the Regulation): you have the right to access your personal data and to request that they be corrected, modified or integrated. If you wish, we will provide you with a copy of the data we hold about you.
Analysis and performance cookies. These are cookies used to collect and analyze traffic and site usage anonymously. These cookies, even without identifying the user, allow, for example, to detect if the same user reconnects at different times. They also allow you to monitor the system and improve its performance and usability. The deactivation of these cookies can be done without any loss of functionality.
Profiling cookies. These are permanent cookies used to identify (anonymously and not) the user's preferences and improve their browsing experience, in order to send advertising messages in line with the preferences expressed by the user while browsing the net.

Third-party cookies

By visiting a website, you can receive cookies both from the site visited (“owner”) and from sites managed by other organizations (“third parties”). An example is represented by the presence of “social plugins” (e.g. Facebook, Twitter, Google+) aimed at sharing content on social networks. The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of information collected by “third parties” is governed by the relevant information to which please refer.

Managing cookies

‍The user can decide whether or not to accept cookies using their settings browsers.

Give up cookies

The total or partial disabling of technical cookies may compromise the use of the site's features reserved for registered users. On the contrary, the usability of public content is also possible by completely disabling cookies.

Disabling “third-party” cookies does not affect navigability in any way. The setting can be defined specifically for different sites and web applications.
In addition, the best browsers allow you to define different settings for 'proprietary' cookies and for those of 'third party'.

As an example, with Google Chrome, click the wrench in the upper right corner and select 'Settings'. At this point, select 'Show advanced settings' ('Under the hood') and change the Privacy settings.

Chrome: https://support.google.com/chrome/answer/95647?hl=it
‍Internet Explorer: https://support.microsoft.com/it-it/help/17479/windows-internet-explorer-11-change-security-privacy-settings
‍Opera: http://help.opera.com/Windows/10.00/it/cookies.html

AUTOMATED TREATMENTS
D-EDGE does not send profiled emails, however, it uses profiling cookies. For details of the profiling cookies used and their interaction with social tools, see the Cookie Policy.

‍Google Analytics
‍
The site uses Google Analytics. This is a web analysis service provided by Google Inc. (“Google”) which uses cookies that are placed on the user's computer to allow statistical analysis in aggregated form regarding the use of the website visited. The site operator has activated the IP address anonymization function and signed the amendment on data processing in accordance with the European regulations dictated by Directive 95/46/EC.

Advertising cookies (remarketing, segmentation and targeting) from Google, Facebook and LinkedIn

These cookies are intended to provide the user with advertising spaces that can be installed by third parties. Some are used to recognize individual advertising messages and to know which ones were displayed and when, then allowing banners and/or advertisements relating to certain products to appear when visiting other affiliated sites, based on the user's browsing history.
Users are assigned a technical identifier but under no circumstances are personal identification data such as the user's name or address collected.

Other advertising cookies are used to hypothesize a user's browsing “profile”, so that they can propose advertising messages in line with their behavior and interests on the network. This “profile” is anonymous and the information collected through these cookies does not allow us to trace the identity of the user.

In particular, it should be noted the use of “Google Analytics”, “LinkedIn Ads” And say “Facebook Ads”, including the so-called “advertising function.” This is a web analysis service provided by Google, LinkedIn and Facebook that use analytical cookies that are installed on the user's computer to carry out statistical analysis in aggregate form on the use of the visited website, as well as to allow the profiling of visitors to the Sites (who are identified by “detection cookies”) based on the information contained in them”cookies for advertising ”, which concern three categories: age group, gender, marketing segments.

On the web page https://www.google.com/analytics/learn/privacy.html?hl=it you can find more information related to the Google service.
‍
On the web page https://it-it.facebook.com/privacy/explanation you can find more information related to the Facebook service.
‍
On the web page https://www.linkedin.com/legal/privacy-policy you can find more information related to the LinkedIn service.
‍
Google's Privacy Policy, http://www.google.com/intl/it/policies/privacy/, on the other hand, regulates the processing of personal data of users who use Google products and services.

To consult the privacy policy of Google Inc., independent data controller related to the Google Analytics service, see the following link: http://www.google.com/intl/en/analytics/privacyoverview.htmlFinally, the list of cookies used by Google Analytics can be found at the following address: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage).

At the following link https://tools.google.com/dlpage/gaoptout?hl=it The browser add-on for deactivating Google Analytics is also made available by Google.

To consult LinkedIn's privacy policy, see the following link: https://www.linkedin.com/legal/privacy-policyL’elenco of the cookies used by LinkedIn are, finally, available at the following address: https://www.linkedin.com/legal/cookie-table where it is also possible to manage them.

Data controller

The processing of your personal data is carried out by E.G.A. Emiliana Grandi Alberghi S.r.l., with headquarters in via E. Mattei, 106 — 40138 Bologna, as Data Controller pursuant to and for the purposes of the EU Regulation.

For any question or request related to the processing of your personal data, you can contact the following
‍
Group DPO
The contact details of the Group DPO are: dpo@monrif.net