Privacy Policy

Privacy Policy

This Website collects some Personal Data from its Users.

Privacy Policy pursuant to art. 13 and 14 of the GDPR

(EU Reg. 679/2016 on the Treatment of Personal Data)

Pursuant to the law and in relation to Personal Data of which Valfim s.r.l., its collaborators and employees will come into possession, we advise you about the following information.

The "Data Controller" is Valfim s.r.l., represented by its legal representative pro-tempore, hereinafter also more briefly identified with the term "Company", VAT no. 01600490484, based in Sesto Fiorentino (FI), Via dei Colatori n. 3, tel. +390584 787131, fax +390584 787157, e-mail info@stmauritiushotel.com, which will use your data.

The "Data Processor" is any natural, legal person, Public Administration and any Entity that, where necessary and within the limits pertinent to the purposes of the Processing, uses Personal Data on behalf of the Owner.

1. Type of data collected. All the data necessary for: the correct carrying out of the tourist-receptive and catering activity, spa, promotional activity, advertising, evaluation of the service and relating to human resources.
2. Use of Data. The Data will be processed in accordance with the principles in accordance with art. 5 of the GDPR, including: lawfulness, correctness, transparency, limitation, confidentiality, etc.
3. Purpose of the Processing. The Treatment is finalized solely for the purposes indicated in the preceding paragraph 1.
4. Legal basis of the Treatment. The acquisition of the data takes place in relation to the contract between the owner and the interested party or eventually through consent.
5. Refusal to provide Data. Any refusal by the Interested party to provide Data necessary for the performance of the activity may make it impossible to provide the services, carry out the activities and / or manage the reports indicated in Chapter 1 above.
6. Data source. The personal data in which Valfim srl is in possession is collected in compliance with the provisions of Article 13 of the GDPR directly with the interested party or pursuant to art. 14 of the GDPR.
7. Data processing methods. The Treatment in the respect of the art. 5, paragraph 1, lett. "F" of the GDPR is carried out by means of the operations or set of operations summarized as follows: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The operations can be carried out with or without the aid of electronic or digital or automated means.
8. Data communication. Personal Data, for the purposes of the current contract, may be communicated for the purposes referred to in point 1 to internal and external Collaborators, Data Processors, subjects operating in the sector, subjects aimed at assessing the quality of the services provided and managing loyalty programs.
9. Dissemination of Data. Your Data will not be disseminated in any way, except for the cases indicated in the preceding paragraph.
10. Data transfer abroad. Personal data may be transferred to countries of the European Union and to countries outside the European Union for the purposes of the processing reported in point 3. Any transfer of data to a country outside the European Union will occur in compliance with articles 45 and following of EU Reg. n° 679/2016. In the absence of a decision on the adequacy of the protection level, the transfer can take place only in the cases provided by art. 49 of the mentioned Regulation.
11. Data retention. The Data is kept for the period necessary for the performance of the activity and in any case for a period not exceeding ten years.
12. Rights of the interested party. The law gives the interested party the exercise of specific rights, including:

• obtain from the Data Controller access to your Personal Data and information in an intelligible manner;
• have knowledge of the origin of the Data, the purposes and methods of the Processing;
• rectify and cancel (right to oblivion) ​​the Data;
• limit the Treatment or have the possibility to oppose it
• request data portability;
• withdraw consent to the Processing without prejudice to the lawfulness of the Treatment based on the previous consent;
• lodge a complaint pursuant to art. 77 GDPR to the Guarantor for the Protection of Personal Data.

13. Changes to this privacy policy. The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.

14. System logs and maintenance. For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

15. Information not contained in this policy. More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

16. Cookie Policy. Questo sito web fa utilizzo di Cookie. Per saperne di più e per prendere visione dell'informativa dettagliata, l'utente può consultare la cookie policy.

17. Non-continuous geolocation (this Website). This Website may collect, use, and share User location Data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Website. The geographic location of the User is determined in a manner that isn't continuous, either at the specific request of the User or when the User doesn't point out its current location in the appropriate field and allows the application to detect the position automatically. Personal Data collected: geographic position.
18. Specific use of personal data. In the following you will find specific notes on how specified sections of this website function:
     
    • Contact Request section
      The Contact Request section on this website offers the opportunity to make enquires about rooms, availability, offers, participation in events and courses. If you decide to send us your personal data, these data shall be processed exclusively for the purposes referred to above by persons specifically authorised so to do and in accordance with the routine in-house management procedures.
    • Enquiry/Online booking area
      The Enquiry/Online booking area on this website offers the opportunity to obtain information on offers and availability of stays and holidays and to book or purchase holidays/stays or other services from us (e.g. wellness). If you decide to send us your personal data, these data shall be processed exclusively for the purposes referred to above by persons specifically authorised so to do and in accordance with the routine in-house management procedures.
    • Section Newsletter
      If the visitor to our website would like to receive our newsletter, he must enter his personal data in the appropriate form in the Register for Newsletter section. The data collected serve for the despatch of the newsletter within the meaning of the declaration in the footnote to the form.
19. Under-age visitors (16 years)
    The St. Mauritius Hotel website, which is regulated by the foregoing data protection provisions, is not intended for the use of minors. We are aware of the necessity for protecting data, which concern minors, in particular in the online environment. Therefore we do not collect and store, except inadvertently, any data from under-age visitors.
     
20. Involvement of third part services and contents

Google Analytics, Google-IP-Locator, Google Maps, Google Maps Distance Api, Google reCHAPTA - Provided by: Google Inc.

YouTube-Contenuti - Provided by: Google Inc.

Social Network Facebook & Messenger - Provided by: Facebook Inc.

Social Wall Juicer - Provided by: SaaS.group LLC

Social Network Instagram - Provided by: Facebook Inc.

Vimeo - Provided by: Vimeo Inc.

Hotjar - Provided by: Hotjar Ltd.

Whatsapp - Provided by: WhatsApp Inc.

Qualitando - Provided by: Qualitando srl.

Travel Appeal – Provided by: The Data Appeal Company Spa.

Additional external content can be loaded via widgets and iframes. 

21. Links to third party Internet sites
    We advise you that the website, www.stmauritiushotel.com contains links to other websites, which are not managed within the meaning of the foregoing data protection directives.
22.  

Definitions and legal references

Personal Data. Any information that directly, indirectly, or in connection with other information - including a personal identification number - allows for the identification or identifiability of a natural person.

Usage Data. Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User. The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

Data Subject. The natural person to whom the Personal Data refers.

Data Processor. The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller. The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

This Website. The means by which the Personal Data of the User is collected and processed.

Service. The service provided by this Website as described in the relative terms (if available) and on this site/application.

European Union (or EU). Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies. Small sets of data stored in the User's device.

Legal information. This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy policy relates solely to this Website, if not stated otherwise within this document.

Last Review 15/02/2020