Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

We take the protection of our customers’ privacy seriously and guarantee the security and confidentiality of all personal data provided by users. This page describes the management and processing of personal data of users who visit our Site.

 

Pursuant to article 13 of Regulation (EU) 2016/679

SENSITIVE DATA

This means information that can be linked to a specific person, such as name and surname, address, date of birth, telephone number and/or e-mail address, tax code and/or VAT number, credit card.

 

DATA CONTROLLER
The data controller is the company Hotel Majestic Toscanelli SNC di Italo Morosi & C. based in Padova, via dell’Arco 2 – phone 049 663244

E-mail: majesticoscanelli.com

 

THE “DATA CONTROLLERS”
The external data processing controller for the management of the site and the acquisition of personal data during the booking process is “D-EDGE SAS”, owner of the hotel booking engine integrated in this website.

Based in Paris (F), boulevard Poissonnière 14/19, telephone +33144710520,

mail: accounting@d-edge.com

Other external data processing controller is “ALL IN ONE SRL”, based in Padova, via Astichiello 10/18, email: aio@allinone.srl, holder of the computer equipment where the registration data to the site are stored.

The data controllers are available to the data subjects for any information regarding the processing of their personal data and the exercise of their rights.

 

PURPOSE OF THE PROCESSING

Personal data voluntarily and optionally provided by users who submit requests to receive information about hotel services (prices, room availability, etc.), or simply submit applications for employment by sending curricula in electronic form, are used only for the purpose of performing the service or performance requested and are not disclosed to third parties unless disclosure is required by law or strictly relevant and necessary for the fulfillment of requests.

The personal data provided will be collected and processed, also with the help of electronic means directly and/ or through delegated third parties (e-mail service company, website hosting company, Public Bodies or Offices in accordance with legal and/or contractual obligations) for the following purposes:

  1. check the availability of the requested room with respect to information entered in the booking form;
  2. to enable you to make and confirm your reservation by providing your identification data and credit card details as a guarantee;
  3. send promotional and commercial material by email following the voluntary registration to the Hotel newsletter. Requires the explicit consent of the data subject or the use of soft spam. The legal basis is based on Article 6 para. 1 lett. A) of the GDPR 2016/679 or requires the consent of the data subject or the registration to the newsletter is to pursue pursuant to Article 6 part.1 lit. f) of the GDPR 2016/679 a legitimate interest from the processing;
  4. fullfill with administrative, accounting and tax obligations, as well as to comply with laws and regulations;
  5. provide answers on our hotel services (room availability, prices, conference rooms, catering, etc.);
  6. register for the newsletter to receive regular commercial or promotional communications;
  7. profiling through third-party cookies, is required;
  8. research and statistical analysis on anonymous aggregated data are intended to measure the site’s functioning, traffic, and user-friendliness to enhance functionality and efficiency.  Consent not necessary as no personal data processing is involved;
  9. to evaluate potential job applications received via email submitted in the ‘Work with us’ section.
  10. The Owner shall defend itself in court or in the phases leading to its establishment against any abuses resulting from unlawful use of the website or related services by the User.
  11. for legal and regulatory compliance. Consent not required. Based on art. 6 para. 1 lett. C of GDPR 2016/679

 

COOKIES POLICY
The use of c.d. session cookies (which are not stored in a persistent way on the user’s computer and disappear with the closing of the browser) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site. The session cookies used in this site avoid the use of other computer techniques that could potentially compromise the confidentiality of users’ browsing and do not allow the acquisition of personal data that can identify the user.

 

DATA RETENTION PERIOD
Data collected from the website will be stored for the entire registration process, after which it will be destroyed.

For the purpose of booking and managing the subsequent contractual relationship, the owner will process and store the customer’s personal data for the entire duration of the contractual relationship and for any reason, at the end of the same, as long as the current legislation is followed in accounting, tax, civil, and procedural matters.

The controller will use the guest’s personal data for marketing purposes until they either withdraw consent or exercise their right to delete it.

 

AUTOMATED PROCESSING
No profile emails are sent but profiling cookies are used. For details of the profiling cookies used and their interaction with social tools, please consult the Cookie Policy. (refer to the website’s cookie policy).

 

SECURITY SYSTEM OF RESERVATIONS

DEDGE uses the credit cards provided during the booking process in accordance with the PCI DSS security protocol (Payment Card Industry Data Security Standard). All information sent to this site, if in an SSL session, is encrypted and protected against disclosure to third parties.

 

RIGHTS OF DATA SUBJECTS
The user can freely exercise the rights provided for in Articles 15 et seq of GDPR 2016/679, that is:

  • revoke your consent at any time. You may withdraw your previously expressed consent to the processing of your Personal Data;
  • oppose the processing of your Data. You can object to the processing of your Data when it takes place on a legal basis other than consent;
  • access your Data. The User has the right to obtain information about the Data processed by the Controller, on certain aspects of the processing and to receive a copy of the Data processed;
  • verify and request adjustment. You may verify the accuracy of your Data and request its update or correction;
  • obtain the restriction of processing. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose than their storage;
  • receive your Data or have it transferred to another controller. The User has the right to receive his Data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain the unhindered transfer to another controller. This provision is applicable when the Data are processed with automated tools and the processing is based on the User’s consent, on a contract of which the User is a party or on contractual measures related to it;
  • Submit a complaint. The user may file a complaint with the competent data protection supervisory authority or take legal action.

 

UPDATE AND REVISION
The Privacy Policy has been updated and inserted on our website on OCTOBER 10,  2024.   Regardless of any subsequent updates, we will comply with the data privacy practices described in this Privacy Policy at the time the user provided us his data.                                                                                                                                                       If we decide to change our privacy policy, these changes will be reflected in this privacy statement and at the effective date of application, so that the user can always be updated on the information we collect, on the use we make of them and, in some cases, their possible distribution.