Privacy Policy

Dear Customer, we invite you to carefully read our Privacy Policy, which applies in all cases where you access the website www.hotelrio-bellaria.com (hereinafter the “Site”) and decide to browse within it and use its services. This document aims to provide you with the necessary information regarding the processing of personal data (hereinafter also “data”) that you freely provide; particularly concerning the purposes and methods of processing your personal data, as well as the scope of communication and dissemination of the same, the nature of the data in our possession, the retention period, and the rights reserved for you. This information is not valid for other websites that may be accessible via links on the Data Controller’s website, which is in no way responsible for third-party websites.

Summary

• Data Controller --> 2
• Subject of Processing --> 2
• Methods and Retention of Your Data --> 2
• Purpose and Legal Basis of Processing --> 2
• Optional or Mandatory Nature of Providing Data; Need for Consent and Consequences of Lack of Consent --> 3
• Subjects or Categories of Subjects to Whom Your Data May Be Communicated --> 3
• Subjects Who May Process Your Personal Data --> 3
• Security Measures --> 4
• Rights of the Data Subjects --> 4
• Contacts for Exercising the Data Subject's Rights --> 4
• Changes and Updates to This Privacy Policy --> 4

Data Controller

The Data Controller of the data collected through this Site is Hotel Rio di Lazzarini Claudia & C. s.a.s., VAT No. 01698650403, headquartered at Via Vespucci no. 63 – 47814 Bellaria - Igea Marina (RN), (hereinafter referred to as “the Data Controller”): the Data Controller autonomously decides the purposes and methods of processing the data, as well as the security procedures to be applied to ensure their confidentiality, integrity, and availability.

Subject of Processing

The Data Controller processes personal, identifying, and non-sensitive data (in particular, name, surname, email, phone number – hereinafter, “personal data” or simply “data”) communicated by you when requesting information and/or to use the newsletter/marketing services offered by the Data Controller. Navigation data may also be processed, personal data whose transmission is implicit in the use of internet communication protocols (such as IP addresses, browser type, operating system, domain name, and website addresses from which access or exit was made, information on pages visited by users within the Site, access times, single page visit duration, internal path analysis, and other parameters related to the user’s operating system and IT environment), acquired by the IT systems and software procedures responsible for the Site’s operation. In this regard, the Site uses cookies that collect your personal data. We invite you to review the Cookie Policy that describes the cookies used by the Site and their purposes.

Methods and Retention of Your Data

The processing of your personal data is carried out through the operations indicated in Article 4 No. 2) of Regulation (EU) 2016/679 and in compliance with the principles of lawfulness, correctness, and transparency and the other principles indicated in Article 5 of Regulation (EU) 2016/679. The Data Controller will process your data for service or pre-contractual purposes for the time necessary to fulfill the purposes of the processing. Data for newsletter/marketing purposes, where your explicit consent has been given, will be retained for the time necessary to pursue the purposes of the processing or for a shorter period, should you revoke your consent.

Purpose and Legal Basis of Processing

The voluntarily provided personal data will be processed for the following purposes: 1) for navigation on this website; 1.1) - to use the services offered and to receive responses to your requests; 1.2) - for the possible completion of data collection forms in dedicated areas; 1.3) - to comply with legal obligations, regulations, EU legislation, or an authority order; 1.4) - to prevent or detect fraudulent activities or harmful abuse of the website; 1.5) - to exercise the Data Controller’s rights, for example, the right of defense in court. The legal basis for processing for the purposes listed above under point 1) is: the processing of data is necessary to allow proper navigation on the website and to execute pre-contractual measures adopted at the request of the data subject (e.g., responding to your requests via specific forms), to comply with a legal obligation to which the Data Controller is subject, and finally, to pursue the legitimate interest of the Data Controller (e.g., exercising the right of defense in court or preventing fraudulent activities). 2): subject to your explicit consent, for the possible subscription to the newsletter service, to receive promotional and commercial communication emails, and/or for other direct marketing activities to receive promotional, commercial, and/or advertising material related to the services offered, as well as commercial initiatives, organized by the Data Controller through automated means (email, traditional mail, or other means of communication). The legal basis for processing for the purposes under point 2) is: the processing of data is lawful only if the data subject has given their consent.

Optional or Mandatory Nature of Providing Data; Need for Consent and Consequences of Lack of Consent

Apart from what is specified for navigation data, you are free to provide your personal data. The provision of personal data for the purposes referred to in point 1) is optional but necessary to use the services requested from time to time from the Data Controller and to use the specific functionalities of the Site. Failure to provide them may make it impossible to obtain what is requested or to use the services of the Data Controller. Consent to the processing of data for purposes under point 2) – i.e., for promotional, commercial communication, and/or marketing purposes, in general, is always optional. In its absence, the Data Controller can still provide the services under point 1) and you can still fulfill other requests and use the services provided by the Data Controller – point 1) (e.g., send contact requests, use other services, etc.). You can decide not to provide any data or subsequently revoke the possibility of processing data already provided at any time, but the revocation will not affect the lawfulness of the processing based on consent before the revocation.

Subjects or Categories of Subjects to Whom Your Data May Be Communicated

Your data will be communicated to third parties only with your expressed consent, except in cases where communication is mandatory by law or necessary for purposes required by law for which the data subject’s consent is not required; in such cases, the data may be made available to third parties who will process them independently and solely for those purposes (e.g., in the case of requests from police forces or the judiciary or other competent authorities or to fulfill obligations arising from the contract with you). Your data will not be disseminated in any way.

Subjects Who May Process Your Personal Data

The Data Controller may use third parties to process your personal data to carry out certain activities. The third parties performing these operations have been duly selected and possess the necessary experience, capability, and reliability and provide adequate guarantees of full compliance with the current provisions on processing, including data security. These third parties will be appointed “Data Processors” and will carry out their activities according to the instructions given by the Data Controller and under its direct control. The updated list of Data Processors can be requested from the Data Controller. Your data will also be processed by individuals authorized by the Data Controller to perform activities strictly related to the provision of services or other purposes mentioned above, who are appropriately instructed and committed to confidentiality (e.g., Data Controller employees).

Security Measures

The Data Controller adopts appropriate security measures to minimize the risks of destruction or loss – even accidental – of the data, unauthorized access, or processing that is not permitted or does not conform to the collection purposes stated in this Privacy Policy.

Rights of the Data Subjects

Regulation (EU) 2016/679 “GDPR” recognizes the possibility for the data subject to exercise the following rights: • Right to access the collected and processed data (art. 15) • Right to obtain rectification of the data (art. 16) • Right to obtain deletion of the data and right to be forgotten (art. 17) • Right to obtain restriction of processing (art. 18) • Right to data portability to another Data Controller (art. 20) • Right to object to processing (art. 21) • Right not to be subject to automated processing (art. 22) • Right to lodge a complaint with the Supervisory Authority (art. 77); • Right to judicial remedy against the Supervisory Authority (art. 78) and against the Data Controller and/or the data processor (art. 79); • Right to withdraw consent at any time (art. 7 paragraph 3), without affecting the lawfulness of the processing based on consent before its withdrawal. In the event of a personal data breach concerning the data subject, considering the provisions of art . 34 GDPR, the Data Controller will communicate the breach to the data subject.

Contacts for Exercising the Data Subject's Rights

You may exercise your rights at any time by sending a registered letter with return receipt to Hotel Rio, Via Vespucci no. 63 – 47814 Bellaria - Igea Marina (RN) or an email to: rio@hotelrio-bellaria.com This Site and the Data Controller’s Services are not intended for individuals under 16 years of age, and the Data Controller does not intentionally collect personal information about minors. If information about minors is unintentionally recorded, the Data Controller will promptly delete it upon the users’ request. Changes and Updates to This Privacy Policy The Data Controller may change or simply update, in whole or in part, the Site’s Privacy Policy, including due to changes in laws or regulations governing this matter and protecting your rights. The changes and updates to the Privacy Policy will be binding as soon as they are adopted and published on the website.