Privacy Statement and Cookie Policy

Version 1.0

Hotel Gran Ciasa di Declara Carlo & Co. S.A.S., having registered office in Str. Sorà 15 – Colfosco I-39033 Corvara in Badia (BZ) (hereafter Hotel Gran Ciasa) is committed to protecting the online privacy of users. Pursuant to art. 13 of EU Regulation 2016/679 (hereafter: "Regulation"), this statement was written to inform you on our privacy policy and how your personal data is handled when you visit our website (hereafter “Website”), as well as to enable you to give your specific and informed consent to the processing of your Personal Data, where applicable. Please be informed that parental consent is required for children under 16 years of age. The information and data provided by you, or otherwise acquired through use of our online services (hereafter "Services") on your part, will be processed in compliance with the Regulation and the Data Controller’s obligation to confidentiality.
Pursuant to the Regulation, Hotel Gran Ciasa shall process Personal Data based on the principles of lawfulness, fairness, transparency, limitation of purpose and retention, data minimisation, accuracy, integrity and confidentiality.

TABLE OF CONTENTS

    1. Data Controller
    2. Personal Data subject to processing
        a. Browsing data
        b. Special categories of Personal Data
        c. Data volunteered by Data Subjects
    3. Purposes of data processing
    4. Lawful basis and mandatory or optional nature of data processing
    5. Disclosure of Personal Data
    6. Transfer of Personal Data
    7. Retention of Personal Data
    8. Your rights
    9. Changes

1. Data Controller

In relation to the data processing carried out through our website, the Data Controller as defined above is Hotel Gran Ciasa di Declara Carlo & Co. S.A.S.. For any information regarding the processing of Personal Data by the Data Controller, including the list of Data Processors, please write to the following address: privacy@granciasa.com

2. Personal Data subject to processing

Please be informed that as a result of website browsing, the Data Controller will collect and process Personal Data that may consist of information like name and surname, identification number, online identifier, mail address, e-mail address, landline and/or mobile telephone number or information on one or more physical, physiological, psychological, financial, cultural or social features relating to an identified or identifiable person (hereafter “Personal Data”).
The following Personal Data is processed through our Website:

3. Purposes of data processing

If necessary and with your specific consent, we will process your Personal Data for the following purposes:

4. Lawful basis and mandatory or optional nature of data processing

The lawful basis for the processing of Personal Data for the purposes referred to in section 3 (a-b-c) is art. 6(1)(b) of the Regulation (performance of a contract) as the data is necessary to provide the services required and/or to respond to requests from the interested party. Giving your Personal Data for these purposes is optional, but indispensable to activate the services provided by the Website, to answer requests or evaluate CVs. With specific reference to the purpose 3.c and the viewing of profiles on professional networking platforms made freely available on the Internet, as mentioned in section 2.b, the lawful basis is art. 6(1)(f) of the Regulation, i.e. the legitimate interest of the holder in verifying the candidate’s suitability for the open position and any potential risks.
For the purposes illustrated in section 3.d, the lawful basis is art. 6(1)(c) of the Regulation (compliance with legal obligations). Once provided, Personal Data must be processed for the Data Controller to comply with legal obligations.
Art. 6(1)(a) of the Regulation (your consent) is the lawful basis for the processing of data for the purposes referred to in section 3.e. In this respect, activities that involve the direct sending of advertising material, direct sales or market surveys and commercial communications in relation to products or services similar to those you purchased, the Data Controller may use your e-mail and mail addresses without your consent, in accordance with and within the limits allowed by art. 130, paragraph 4 of the Italian Data Protection Code and the by the Decision of the Italian Data Protection Authority of 19 June 2008. The lawful basis for the processing of your data for this purpose is Art. 6(1)(f) of the Regulation (legitimate interest).

5. Disclosure of Personal Data

For the purposes listed in section 3, your Personal Data may be shared with:

6. Transfer of Personal Data

Some of your Personal Data is shared with Recipients who may be located outside the European Economic Area. The Data Controller ensures that these Recipients process your Personal Data in compliance with the Regulation. Transfer of Personal Data may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission or on another appropriate legal basis. For further information please contact the Data Controller by sending an e-mail to: privacy@granciasa.com

7. Retention of Personal Data

Personal Data processed for the purposes referred to in section 3(a-b) will be kept only for as long as strictly necessary to achieve those purposes. In any case, since data is used in order to provide services, the Data Controller will process the Personal Data up to the time allowed by Italian law (art. 2946 of the Italian Civil Code and subsequent amendments). With regard to any CVs submitted through the Website or by e-mail (see section 3.c), the Personal Data will be kept for as long as necessary for the purpose. The Data Controller may contact the candidate again shortly before the indicated deadline to ask for an extension of the retention period.
Personal Data processed for the purposes referred to in section 3(d) will be stored for as long as provided for by applicable laws and regulations.
Personal Data processed for the purposes referred to in section 3(e) will be kept until we have consent; if you do not withdraw your consent, your data will be stored for a time deemed appropriate.
For more information on our data retention policy and criteria, please contact: privacy@granciasa.com

8. Your rights

Pursuant to Art. 15 and following of the Regulation, you have the right to obtain access to your Personal Data at any time. You have the right to request from the Data Controller rectification or erasure of your data, as well as to object to and restrict processing of your data in the cases provided for by Art. 18 of the Regulation. You have the right to obtain the Personal Data concerning you in a structured, commonly used and machine-readable format in compliance with Art. 20 of the Regulation.mm m
Requests must be submitted in written form and sent at: privacy@granciasa.com
In any case, you also have the right to lodge a complaint with the competent Supervisory Authority (Italian Data Protection Authority) if you consider that the processing of your Personal Data infringes the applicable law, pursuant to Art. 77 of the Regulation.

9. Changes

This Privacy Policy takes effect on 25th May 2018. The Data Controller reserves the right to amend or update the content of this policy, in part or in full, especially in the case of changes in the applicable law. Since the content of our Website and Privacy Policy may be subject to change, we recommend you visit this section regularly for updates on how we collect and use Personal Data.

The holder of the referenced processing is:

Hotel Gran Ciasa di Declara Carlo & Co. S.A.S.

Str. Sorà 15 – Colfosco
I-39033 Corvara in Badia (BZ)
Tel. +39 0471 836138
Fax. +39 0471 836239
E-mail: privacy@granciasa.com
Internet: https://www.granciasa.com/

N. REA: BZ 122800
Vat Nr: IT 01467920219