Residenza Napoleone III
Via della Fontanella di Borghese, 56
00186 Roma - Italy
Dear Sir / Madam,
We wish to inform you that the EU Reg. 2016/679 ("European Regulation on the protection of personal data") provides for the protection of persons and other subjects and respect for the processing of personal data. Pursuant to Articles 13 and 14. We provide the following information. The personal data provided will be processed in compliance with the aforementioned law and confidentiality obligations.
Data Controller and Processing Operators
The data controller is Letizia Ciancarelli, Rome, via della Fontanella di Borghese n. 56, C.F. CNC LTZ 43R51 H501O. The updated list of data processing officers is kept at the address of the Data Controller.
Purposes of Data Processing and Legal Basis
The personal data provided will be used only for the correct and complete execution of the purposes related to the service connected with the stay at the B & B and to fulfill its specific requests, as well as to fulfill regulatory obligations, including accounting and tax. For the purpose of the indicated processing, the holder may become aware of data defined as "sensitive" pursuant to EU Reg. 2016/679, such as those suitable for revealing the racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations of religious, philosophical, political or trade union organizations, health status and sexual life.
Letizia Ciancarelli, processes personal data, identification (for example, name, surname, address, telephone, e-mail, bank and payment details) - hereinafter, "personal data" or even "data", communicated during the booking or confirmation of your stay in the Residenza Napoleone III B & B in Rome. Your personal data, sensitive and judicial, concerning the performance of the service requested by you are processed. During your stay you may need to acquire and carry out processing operations of your sensitive and judicial personal data. You are asked to express your consent in writing.
Recipients of Personal Data
The data may be made accessible for the purposes indicated:
• to the employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal process managers and / or system administrators;
• to third-party companies or other subjects (as an indication, professional offices, consultants, IT support and backup disaster recovery etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data controllers.
The persons in charge of the treatment in charge and the external Data Processors are promptly identified in the Privacy Document, updated on a regular basis.
Scope of Communication and Dissemination
We also inform that the collected data will never be disclosed and will not be communicated without explicit consent, except for the necessary communications that may involve the transfer of data to public bodies, consultants or other subjects for the fulfillment of legal obligations.
Methods of treatment and conservation
The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
Nature of providing data and consequences of refusing to answer
The communication and / or consultation of personal data is a necessary requirement to provide the B & B service and, therefore, in case of failure to communicate such data it is not possible to use the service itself.
Rights of the Interested Party
At any time, you can exercise, pursuant to art. 7 of Legislative Decree 196/2003 and articles from 15 to 22 of EU Regulation no. 2016/679, the right to:
• request confirmation of the existence or otherwise of personal data;
• obtain information about the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the retention period;
• obtain data correction and deletion;
• obtain the treatment limitation;
• obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
• oppose the processing at any time and also in the case of treatment for direct marketing purposes;
• oppose an automated decision-making process concerning individuals;
• ask the data controller to access personal data and to rectify or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
• revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
• propose a complaint to a supervisory authority.
How to Exercise Rights
You can exercise your rights at any time by sending:
• a registered letter A/r at Letizia Ciancarelli, Rome, via della Fontanella di Borghese n. 56