RESIDENCEHOTELS SPA explains, on this page, how it processes the data of users who visit its site and how the cookies that are installed by the site act.
This Privacy Policy is made in compliance with Article 13 of the GDPR 2016/679 (General Data Protection Regulation, European Data Protection Regulation), the Privacy Guarantor’s Guidelines of June 10, 2021, the EDPB Guidelines 5/2020 referring to consent, the ECJ Judgment October 1, 2019 C-673/17, the General Measure of the Privacy Guarantor on Cookies of May 8, 2014, no. 229, the “Working Document 02/2013 providing guidance on obtaining consent for cookies,” WP 29 Opinion No. 4/2012 On Cookie Consent Exemption, Directive 2002/58/EC, and Recommendation No. 2/2001 of the Working Group Article 29.
The following applies only to the site www.residencehotels.com; the Data Controller is not responsible for the data entered and cookies installed by other sites that may be consulted through links.
Information about the data controller and data protection officer (if any)
The Data Controller is RESIDENCEHOTELS SPA, with registered office in Via Gorizia 76, I-38122 Trento (Italy). To exercise your rights under the regulations, you can contact the Data Controller at its office or by calling 0039 – 0461 / 933 400 or writing to ufficio@residencehotels.com.
Purpose and legal basis for processing
The Data Controller explains below for what purposes it processes site user data.
| Purpose of processing | Fulfilling legal obligations |
|---|---|
| Description | Data processing is necessary for the fulfillment of obligations required by law, regulation, or EU legislation |
| Legal Basis | Fulfillment of a legal obligation to which the data controller is subject (Art. 6 para. 1 lit. c) GDPR 2016/679) |
| Nature of conferment | The provision of data is necessary to fulfill a legal obligation |
| Consequences of failure to confer | N.A. |
| Storage time | That required by the relevant legislation |
| Effective retention time | From the provision of data |
| Purpose of processing | Statistical analysis on aggregated or anonymized data |
| Description | The processing does not allow user identification, but serves to verify the adequacy of the web marketing campaigns adopted and/or the proper functioning of the site, measuring the user traffic it generates. The processing of aggregated or anonymous data, which do not allow the identification of the user, does not fall under the scope of the legislation on the protection of personal data and therefore no consent is required for their processing. |
| Legal Basis | N.A. |
| Nature of conferment | N.A. |
| Consequences of failure to confer | N.A. |
| Storage time | N.A. |
| Effective retention time | N.A. |
| Purpose of processing | Survey/Questionnaire liking/Questionnaire NOT ANONYMOUS (e.g., user experience feedback request) |
| Description | Performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1. lett. b) GDPR 2016/679) or Pursuit of the legitimate interests of the data controller or third parties (Art. 6 para. 1. lett. f) GDPR 2016/679) |
| Legal Basis | Performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1. lett. b) GDPR 2016/679) or Pursuit of the legitimate interests of the data controller or third parties (Art. 6 para. 1. lett. f) GDPR 2016/679) |
| Nature of conferment | The provision of data is optional |
| Consequences of failure to confer | Failure to provide data will only result in the inability to participate in the survey/questionnaire. |
| Storage time | 2 years |
| Effective retention time | From the provision of data |
| Purpose of processing | Availability request |
| Description | Data processing is necessary to provide feedback to the availability request on the dates indicated |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 (b) GDPR 2016/679) |
| Nature of conferment | The provision of data is necessary to fulfill a contractual obligation |
| Consequences of failure to confer | Failure to provide data may result in total or partial inability to respond to the submitted request. |
| Storage time | 2 years |
| Effective retention time | From the provision of data |
| Purpose of processing | Reservation of stay |
| Description | Data processing is necessary to book the stay at the Facility |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 (b) GDPR 2016/679) |
| Nature of conferment | The provision of data is necessary for the conclusion of a contract |
| Consequences of failure to confer | Failure to provide data may result in the total or partial inability to respond to the submitted request. |
| Storage time | 10 years |
| Effective retention time | From the provision of data |
| Purpose of processing | Digital check-in |
| Description | Data processing is required to check in online, so as to replace the waiting time in the Facility |
| Legal Basis | Performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR 2016/679) and performance of a legal obligation to which the data controller is subject (Art. 6 para. 1 lit. c) GDPR 2016/679) |
| Nature of conferment | The provision of data is necessary to fulfill a legal or contractual obligation |
| Consequences of failure to confer | Failure to provide data may result in total or partial inability to respond to the submitted request. |
| Storage time | 10 years |
| Effective retention time | From the provision of data |
| Purpose of processing | Gift certificate |
| Description | Processing is required for the purchase of the gift certificate. |
| Legal Basis | Execution of a contract to which the data subject is a party or execution of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 (b) GDPR 2016/679) |
| Nature of conferment | The provision of data is necessary for the conclusion of a contract |
| Consequences of failure to confer | Failure to provide data may result in the total or partial inability to respond to the submitted request. |
| Storage time | 10 years |
| Effective retention time | From the provision of data |
| Purpose of processing | Newsletter |
| Description | Processing is required to subscribe to the newsletter and receive commercial communications |
| Legal Basis | Consent of the data subject (Art. 6 para. 1. lett. a) GDPR 2016/679) |
| Nature of conferment | The provision of data is optional |
| Consequences of failure to confer | Failure to provide data will only result in non-subscription and inability to receive the newsletter |
| Storage time | Until consent is revoked |
| Effective retention time | From the consensus |
| Purpose of processing | Selection process |
| Description | Processing is necessary for sending and managing the application and for participation in the candidate search and selection process |
| Legal Basis | The legal basis is the performance of a contract to which the data subject is a party or performance of pre-contractual measures taken at the request of the data subject (Art. 6 para 1 lett. b) GDPR 2016/679). Any special data will be processed by virtue of the fulfillment of obligations and for the exercise of specific rights of the Data Controller or the data subject in the field of labor law and social security and protection (Art. 9 paragraph 2 letter b) GDPR 2016/679). In case of the continuation of the personnel selection procedure, up to the recruitment, for the processing of special data, Article 9 paragraph 2 lett. h) GDPR 2016/679 is added, whereby the processing is necessary for purposes of preventive medicine or occupational medicine, evaluation of the employee’s ability to work […]. |
| Nature of conferment | The provision of data is necessary |
| Consequences of failure to confer | Failure to provide data may result in the total or partial inability to respond to the submitted request. |
| Storage time | 2 years from the conclusion of the personnel selection procedure in case of continuation in the personnel selection procedure |
| Effective retention time | From the provision of data |
Methods of processing, automated decision making.
Data processing is carried out in computer-based mode, although potential processing in paper-based mode is not excluded. No automated decision-making processes are used to process your personal data.
Any profiling by cookies is done against specific user consent: more information is available in the cookie policy and/or information banner at first access.
User profiling carried out by means other than cookies is described in the section “Purposes of processing,” where carried out.
Target audience
Your data may be disclosed to the following categories of recipients:
Transfer of data to third countries or international organizations
Data disclosed may be transferred to third countries and/or international organizations outside the EU. The transfer is legitimized by the presence of an adequacy decision and/or the adoption of the guarantees, precautions and security measures.
The service providers listed below may transfer your personal data outside the European Union. In detail:
| SUPPLIER | DATA TRANSFER STATUS | ADEQUACY DECISION |
|---|---|---|
| Mailchimp | USA | EU-US Data Privacy Framework del 10.07.2023 |
| USA | EU-US Data Privacy Framework del 10.07.2023 |
The hosting of the site is within the European Union.
Rights of the data subject and complaint to the Data Protection Authority
You have the right to ask us at any time for access to the data concerning you, their amendment, supplementation or deletion, the restriction or opposition to their processing, where there are legitimate reasons, as well as the portability of these data to another Data Controller. We will provide you with a response in writing within 30 days. You may revoke, at any time, the consents you have given on this site, by contacting one of the contact details given within this Privacy Policy You may also lodge a complaint with the Control Authority, where you believe that your data has been processed unlawfully.
