Privacy Policy

We inform you,

pursuant to Article 13 of GDPR No. 2016/679 (hereinafter, “GDPR”), that in the event of the collection of personal data concerning you, such processing will be based on the principles of fairness, lawfulness, transparency, and the protection of your privacy and rights;

1. our organization, as a legal entity, takes on the dual role of data controller and data processor;
2. the data controller and the data processor (see contact details on the last page); after conducting internal assessments, have not appointed a data protection officer, as they are not required to do so under Article 37, paragraph 1 of GDPR No. 2016/679.

Your data will be processed

c/i) pursuant to Article 6, letter b) and c), for purposes related to the execution of a contract or the execution of pre-contractual measures and to comply with legal obligations to which the data controller is subject; for example, data processing necessary for managing requests, quotes, and bookings, fulfilling all contractual, accounting, and tax obligations, managing payments including credit cards, POS, and advanced online services managed by the respective credit institutions or agencies, and managing disputes; furthermore, for all obligations provided by law; for example, regulations, community and local laws, or orders from authorities, data registration and communication to authorities, and management of any disputes; in addition, for the pursuit of the legitimate interest of the data controller or third parties under the conditions provided by the GDPR;

c/ii) pursuant to Article 7, with your freely expressed consent, for other service and marketing purposes; for example, data processing necessary for sending promotional offers about our services and other events, updating rates, other quotes provided, as well as greetings and holiday communications; to execute additional services such as external communication of data related to your stay solely to allow the function of receiving items, messages, and phone calls addressed to you;

for the processing of special categories of personal data to offer a better level of hospitality; for example, food intolerances, allergies, or other special data;

for the processing of advanced online services; for example, registration in our management program to use your email address to send the bill, receipt, or invoice, to manage loyalty points and other similar services;

c/iii) pursuant to Article 7, with your freely expressed consent, for further purposes; for example, data processing necessary to log in to our public WIFI/LAN network to browse the internet;

as well as data processing necessary during the use of our institutional website, the transmission of which is implicit in the use of internet communication protocols; such data are not collected to be associated with identified interests, but by their very nature could, through processing and associations with data held by third parties, allow the identification of users; for example, this category of data includes IP addresses or the names of devices used by users connecting to the site, the URI notation addresses of requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response, and other parameters related to the user’s operating system and information environment;
the aforementioned data may be used solely to derive anonymous statistical information on the use of the public WIFI/LAN network and the institutional site; for example, to check the correct functioning of our IT infrastructure and improve the service;
similarly, the data could be used by the competent authorities, for example, for the ascertainment of responsibility in the event of hypothetical cyber crimes or damage to our WIFI, LAN, IT system, and our institutional site.

1. d) pursuant to Article 6, paragraph 1, letter f), taking into account the reasonable expectations of the parties, for the purposes of legitimate interests pursued by the data controller or third parties; for example, data for the purpose of fraud prevention (monitoring attendance, entry logs, biometric data, video surveillance images, etc.) and direct marketing purposes.

The recipients and categories of recipients of your data are

1. e) natural or legal persons, public authorities, collaborators such as employees, professionals, service providers, entities, and associations.

Your personal data may be transferred to a third country or to an international organization

1. f) by virtue of the above, your data, in addition to being processed in paper format in the internal archives of our organization or at third parties; are mainly processed and stored in electronic format on our internal mass storage devices or within the European Union through hosting services, servers, and cloud. It is understood that the data controller, where necessary, will have the right to move hosting servers, servers, and cloud even in non-EU areas; similarly, the data controller assures that the transfer of data to non-EU areas will occur in accordance with applicable legal provisions, subject to the signing of the standard contractual clauses provided by the European Commission.

The processing of your data is fair and transparent, carried out through the operations of collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.

They may be processed, only for the purposes of the previous c/i, c/ii, c/iii, and d, also by employees and collaborators of the data controller or other entities based in Italy and other European countries, by third-party companies or other subjects; for example, by way of indication, credit institutions, professional firms, insurance companies for the provision of insurance services, IT and telecommunications service providers, or other entities that provide services/products on behalf of the Data Controller, in their capacity as external data processors. If personal data are not obtained from the data subject, the data controller, in accordance with Article 14 of the GDPR, will provide within one month every specific circumstance; otherwise, this information will apply to you.

The retention period of your data is defined

1. a) for a time necessary to fulfill the purposes mentioned above and in any case for no more than 10 years from the termination of the relationship for the purposes of points c/i above and for no more than 2 years from the collection of data for the purposes of points c/ii, c/iii, and d.

As a data subject, by sending a registered letter or an email to the data controller, you can assert the following rights.

1. b) dright of access, under Article 15 of the GDPR, to obtain confirmation as to whether or not personal data concerning you are being processed and, in such case, to obtain access to the personal data and information; in case of request for further copies of data, the data controller reserves the right to charge you a reasonable fee based on administrative costs;

right of rectification, under Article 16 of the GDPR, to obtain the rectification of inaccurate personal data concerning you without undue delay;

right to erasure, under Article 17 of the GDPR, to obtain the erasure of personal data concerning you without undue delay;

right to restriction of processing, under Article 18 of the GDPR, to obtain restriction of processing;

right to data portability, under Article 20 of the GDPR, to receive in a structured format the personal data concerning you provided to a data controller and to transmit such data to another data controller without hindrance;

right to object, under Article 21 of the GDPR, to object at any time to the processing of personal data concerning you under Article 6, paragraph 1, letters e) or f), including profiling based on such provisions.

1. c) right to withdraw consent, for cases provided by the GDPR, at any time without affecting the lawfulness of processing based on consent before its withdrawal;
2. d) right to lodge a complaint with a supervisory authority, in ITALY, the Privacy Guarantor, PIAZZA DI MONTE CITORIO n. 121 00186 ROME, email garante@gpdp.it
3. e) Nature of the provision of data and consequences of refusal to respond

The provision of data for the purposes of the previous point c/i is mandatory, similarly, taking into account the legitimate purposes pursued in the previous point d, the provision must be consented to ; in their absence, our organization cannot guarantee the provision of services and the satisfaction of your expectations. Without the need for explicit consent, the processing of such data may be carried out by Authorities, insurance companies for the provision of insurance services, professional firms also for the management of disputes, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disseminated. The provision of data for the purposes of the previous c/ii and c/iii is instead optional. Taking into account the reasonable expectations of the parties for the purposes. You can therefore decide not to provide any data or subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising material related to the services offered and will not be able to use internet connections through our public WIFI/LAN network as well as a series of advanced services available on our institutional site. You will still have the right to the services of the previous c/i

1. f) It is your right not to be subject to a decision based solely on automated processing

as referred to in the previous points c/ii and c/iii, including profiling that produces legal effects concerning you or similarly significantly affects you. Therefore, the data subject can decide to receive only communications through traditional means or only automated communications or neither type of communication.

dated 25/05/2018

Contact details of the Data Controller

Hotel Mariver – Mariver Srl
Legal headquarters – Via Leonardo da Vinci, 4, Jesolo 30016 (VE)
VAT number – 03841110277
REA. VE – 342791
Operational headquarters – Via Leonardo da Vinci, 4, Lido di Jesolo 30016 (VE)
Tel. – 0421 96 10 45