Preamble
Albergo San Lorenzo, as the Data Controller (hereinafter: "Controller") pursuant to EU Regulation 679/2016 (hereinafter: "Regulation") — considers privacy and the protection of personal data one of the primary objectives of its activities. We therefore invite you, before communicating any personal data to the Controller, to read this Privacy Policy carefully, as it contains important information on the protection of your personal data. It describes the personal data processing activities carried out by the Hotel through the website www.sanlorenzopoppi.com (hereinafter: "Site"), the related commitments undertaken in this regard, and forms an integral part thereof in relation to the services offered. Albergo San Lorenzo may process the user's personal data when they visit the Site and use the services and features available on it. In the sections of the Site where personal data is collected, a specific notice pursuant to Art. 13 of EU Reg. 2016/679 is normally published. Where required by EU Reg. 2016/679, the user's consent will be requested before processing their personal data. If the user provides personal data of third parties, they must ensure that the communication of such data to Albergo San Lorenzo and the subsequent processing for the purposes specified in the applicable privacy notice complies with EU Reg. 2016/679 and the related legislation.
We also inform you that the processing of your personal data will be based on the principles of fairness, lawfulness, transparency, purpose and storage limitation, data minimisation and accuracy, integrity and confidentiality, as well as the accountability principle referred to in Art. 5 of the Regulation. Your personal data will therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations set out therein.
By processing of personal data we mean any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.
We inform you that the personal data subject to processing may consist — also depending on your choices regarding how to use the services — of textual information, photographic or video images, and any other information capable of rendering the data subject identified or identifiable, depending on the type of services requested.INDEX
Below we provide the index of this Privacy Policy so that you can easily find the information relevant to the processing of your personal data.
1. DATA CONTROLLER
2. LAWS AND REGULATIONS
3. PERSONAL DATA SUBJECT TO PROCESSING
3.1. Navigation data
3.2. Data voluntarily provided by you
3.3. Third-party data voluntarily provided by you
3.4. Personal information received from other sources
3.5. Data processed in interaction with social networks
3.6. Special categories of data
3.7. Cookies
4. PURPOSES OF PROCESSING
5. LEGAL BASES AND MANDATORY OR OPTIONAL NATURE OF DATA PROVISION
6. RECIPIENTS OF PERSONAL DATA
7. TRANSFERS OF PERSONAL DATA
8. SECURITY AND QUALITY OF PERSONAL DATA
9. RETENTION OF PERSONAL DATA
10. SPECIAL CATEGORIES OF DATA SUBJECT TO SPECIAL PROCESSING
11. MINORS
12. DATA SUBJECT RIGHTS
13. LINKS TO OTHER WEBSITES
14. AMENDMENTS
1. DATA CONTROLLER
The Data Controller is:
Albergo San Lorenzo, Piazza Jacopo Bordoni 2, 52014 Poppi AR – VAT No. 02215490513, Tax Code 02215490513, Tel. +39 0575.520176 – Mobile +39 331.1656243, represented by the legal representative pro tempore.
2. LAWS AND REGULATIONS
The regulatory sources we refer to for the protection of personal data are:REGULATION (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR");
National Code on the protection of personal data (Legislative Decree no. 196 of 30 June 2003), as amended by Legislative Decree 101/2018;
National Supervisory Authority for the protection of personal data, through measures and guidelines issued by the same on the matter.
3. PERSONAL DATA SUBJECT TO PROCESSING
Visiting and browsing the Site does not generally involve the collection and processing of the user's personal data, except for navigation data and cookies as specified below. In addition to so-called "navigation data", personal data voluntarily provided by the user when interacting with the Site's features or requesting services offered on the Site may also be processed. Such data may consist of an identifier such as a name, email address, an online identifier, or one or more characteristic elements capable of rendering the data subject identified or identifiable, depending on the type of information you may include in the text of your message when you choose to interact with us (hereinafter simply "personal data").
The personal data processed through the Site are as follows:
3.1. Navigation data
The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified individuals, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the user's operating system and computing environment. These data are used solely to obtain anonymous statistical information on the use of the Site in order to monitor its correct functioning, to identify anomalies and/or misuse, and are deleted immediately after processing. The data may be used to establish liability in the event of hypothetical cybercrimes against the Site or third parties.
3.2. Data voluntarily provided by you
Unless reference is made to specific notices, this Privacy Policy is also intended to apply to the processing of data you voluntarily provide through the Site in order to obtain information about the services offered by the Hotel, or when you decide to book a stay, in which case you are asked, as basic data, for your name and email address. We may also ask for your home address, telephone number, nationality, payment details, the names of any other people travelling with you, and any preferences for your stay. If you wish to contact us, or contact us through other means (for example, on social media), we will also collect information through these channels. You may be interested in subscribing to our newsletter to receive information on advantageous promotions reserved for this channel. In this regard, we invite you not to enter, in the forms contained within the Site, information that may fall within the category of special categories of personal data referred to in Art. 9 of the Regulation (for example, data relating to your health or that of others), unless expressly requested (see below, "special categories of data").
3.3. Third-party data voluntarily provided by you
It may be necessary to book a stay for other people travelling with you, or to make a booking on behalf of another person. In these cases, during the booking process you will need to provide data about them as well. In such cases, the information provided will be used only as described on the relevant service pages, where you can read all the details. We wish to specify that it is our responsibility to ensure that the people whose information you have provided are aware of this, and that they have accepted the ways in which Albergo San Lorenzo uses their information (i.e. as described in this privacy notice). In this regard, we clarify that if you provide or otherwise process personal data of third parties in your use of the Site, you guarantee from now on — assuming all related responsibility — that such particular processing is based on the prior acquisition by you of the third party's consent to the processing of information concerning them.
3.4. Personal information received from other sources
In addition to the information you provide directly, we may also receive information from other sources, such as commercial partners including affiliates and independent third-party sub-suppliers, which may be combined with information received directly from you. For example, Albergo San Lorenzo's booking services are available not only on the Albergo San Lorenzo website, but are also integrated with the services of affiliated partners that you can find online. When you use these services, you communicate your booking details to our business partners, who then send them to us. Furthermore, we rely on international external providers to manage payments between users and the properties: these service providers share payment information to help us manage payments and handle your booking, so as to ensure the best possible experience. Partner properties may also share information about you with Albergo San Lorenzo, for example when you have questions about an ongoing booking, in the event of a dispute about a booking, or if there are communications about your booking through Albergo San Lorenzo.
3.5. Data processed in interaction with social networks
Some services allow interactions with social networks or other external platforms. Interactions and information acquired are in any case subject to the user's privacy settings for each social network. Where a social network interaction service is installed, it is possible that, even if users do not use the service, it may still collect traffic data relating to the pages on which it is installed. By way of example:
Facebook and Instagram Like button and social widgets
The "Like" button and Facebook social widgets are services for interaction with the Facebook and Instagram social network, provided by Facebook Ireland Ltd.
Personal data collected: Cookies and Navigation and usage data. Place of processing: Ireland – Privacy Policy
Tripadvisor social widgets (Tripadvisor)
Tripadvisor social widgets are services for interaction with the web review portal for hotels, B&Bs, restaurants, and tourist attractions, controlled by Tripadvisor LLC through its appointed representative for the European Union.
Personal data collected: Cookies and Navigation and usage data. Place of processing: USA – Privacy Policy
LinkedIn social widgets button
The "Like" button and LinkedIn social widgets are services for interaction with the LinkedIn social network, provided by LinkedIn Corporation through the data processor LinkedIn Ireland Unlimited Company.
Personal data collected: Cookies and Navigation and usage data. Place of processing: USA – Privacy Policy
3.6. Special categories of data
When interacting with the Site, no information is requested that could lead to the processing of data falling within the category of special categories of personal data referred to in Art. 9 of the Regulation.
3.7. Cookies
Information about the cookies served by the Site is available in the relevant section of the site.
4. PURPOSES OF PROCESSING
Your personal data will be processed, with your consent where required, for the following purposes:
4.1. to enable navigation of the Site;
4.2. to respond to specific requests for information addressed to the Hotel and to contact you by email, post, telephone or SMS, depending on the contact method you have chosen;
4.3. to manage requests for accommodation bookings, auxiliary transport services, etc., both through our online services or by means of direct contact with the facility or through external commercial partners, including through the use of the data subject's credit card, which may be used for purposes related to guaranteeing the requested service and for the possible charging of a cancellation fee in the event of cancellation beyond the agreed deadline for exercising the right of withdrawal indicated in the booking confirmation, or in the event of non-arrival within the defined deadline;
4.4. to fulfil any obligations required by current laws, regulations or EU legislation, or to satisfy requests from authorities, such as for example:to fulfil the obligation set out in Article 109 of Royal Decree no. 773 of 18 June 1931, which requires us to register and communicate to the Police the personal details of guests staying at the property;
to fulfil the obligation to report to the Regional Tourism Observatory, in order to monitor the tourism sector through the acquisition, management and dissemination of information and statistical data relating to the flow of regional tourism supply and demand (Regional Law no. 13/2007, arts. 28 and 31, as amended by Regional Law no. 17/2011).
4.5. to carry out direct marketing activities by email for products and/or services similar to those previously purchased, unless you expressly refuse to receive such communications, which you can easily express during registration or on subsequent occasions by objecting to the processing;
4.6. subject to consent, to carry out marketing activities such as:
sending you informational and promotional material relating to the activities and services of the Hotel and its commercial partners;
sending you personalised offers based on preferences, interests, customisations or other so-called profiling elements;
sending you surveys to improve the service ("customer satisfaction");
newsletters and other possible communications.Such communications may be made by email or SMS, by post and/or by telephone with an operator and/or through the Hotel's official social network pages. It is specified that the Controller collects differentiated consents for the marketing purposes described here and for the sending of newsletters, pursuant to the General Provision of the Data Protection Authority "Guidelines on promotional activities and combating spam" of 4 July 2013. Should you in any case wish to object to the processing of your data for marketing purposes carried out by the means indicated here, you may do so at any time by contacting the Controller at the contact details indicated in the "Contacts" section of this policy, without prejudicing the lawfulness of the processing based on the consent given before its withdrawal.
4.7. for statistical purposes, without it being possible to trace back to your identity.
Specific security measures are observed to prevent data loss, unlawful or incorrect use of data, and unauthorised access to data.
5. LEGAL BASES AND MANDATORY OR OPTIONAL NATURE OF DATA PROVISION
The legal basis for the processing of personal data for the purposes referred to in sections 4.1, 4.2 and 4.3 is Art. 6(1)(b) of the Regulation ([…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), as the processing is necessary for the provision of services. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the requested services.
The purpose referred to in section 4.4 represents lawful processing of personal data pursuant to Art. 6(1)(c) of the Regulation ([…] processing is necessary for compliance with a legal obligation to which the controller is subject). Once personal data has been provided, processing is indeed necessary to fulfil the legal obligations indicated in the above-described purpose, to which Albergo San Lorenzo is subject.
The processing carried out for the marketing and profiling purposes described in section 4.5 is based on legitimate interest pursuant to Art. 6(1)(f) of the Regulation ([…] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child): for processing carried out for such purposes and on this legal basis, the data subject may exercise the right to object. For processing carried out for marketing purposes, legitimate interest is applicable within the limits set by the Regulation and by Art. 130, paragraph 4 of the Code on the protection of personal data (Legislative Decree 196/2003), where the processing is aimed at providing services similar to those already subscribed to or in which the data subject has expressed interest, unless they expressly refuse to receive such communications, which they may express by objecting both during registration and on subsequent occasions.
The processing carried out for the marketing and profiling purposes described in section 4.6 is based on your consent pursuant to Art. 6(1)(a) ([…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes) and Art. 22(2)(c) of the Regulation. The provision of your personal data for these purposes is therefore entirely optional and does not affect your access to other services. Should you wish to withdraw consent to the processing of your data for marketing and profiling purposes, you may do so at any time by contacting the Controller at the contact details indicated in the "Contacts" section of this policy.
It is also noted that the processing referred to in section 4.7 is not carried out on personal data and may therefore be freely performed by Albergo San Lorenzo.
6. RECIPIENTS OF PERSONAL DATA
For the purposes referred to in section 4 of this Privacy Policy, your personal data may be shared with third parties, either because you have consented to this or for legal reasons connected thereto. These are personnel operating within the Controller's organisation who are authorised to process data and/or our service providers and other third parties, as described in detail below:
6.1. Electronic invoicing: if you receive a receipt or invoice by email, a summary of the goods and services provided to you during your stay will be transmitted to your payment card provider and, if you participate in a corporate billing programme and use a corporate payment card, the payment card provider may transmit this summary to your employer. Once we have transferred your information, the privacy rules of your employer, payment card provider and card issuer apply.
6.2. Group events or meetings: if you participate in an event or meeting, the information collected for the planning of that event or meeting may be shared with the organisers and, where appropriate, with the guests organising or participating in the event or meeting.
6.3. Commercial partners: we may work with other companies to provide you with products, services or offers based on your needs and experiences, and may accordingly share your information with our commercial partners. For example, we may receive assistance from our commercial partners for car rental or other services, and may share your personal information with them to provide you with the requested services.
6.4. Service providers: we rely on third parties who provide services on our behalf and, where necessary, we may share your personal information with them. These are entities that typically act as data processors, namely:companies providing support in managing booking reception services carried out through the Albergo San Lorenzo website;
companies providing web mailing services for the automated sending of communications such as invitations, promotions, and newsletters;
individuals, companies or professional firms providing assistance and consultancy to Albergo San Lorenzo in tax, accounting, administrative, legal, fiscal, financial and regulatory compliance matters;
entities delegated to carry out technical maintenance of the Hotel's IT infrastructure and website.In general, our service providers are contractually committed — through confidentiality agreements signed by their staff — to protecting your personal information and may not use or share it unless required by law.
6.5. Telemarketing: if you stay at our hotel, we may share your telephone number and email address with the portfolio of brands indicated above, for telemarketing purposes in accordance with your preferences and applicable law. We may also receive your telephone number from our partners or other sources and use it for telemarketing purposes.
6.6. Other reasons: we may disclose your personal information in order to:comply with applicable laws;
respond to governmental or public authority requests;
comply with a valid legal procedure;
protect the rights, privacy, safety or property of Albergo San Lorenzo, Site visitors, guests, employees or the public;
enable us to pursue available remedies or limit the damages we may incur;
enforce the terms and conditions of our websites;
respond to an emergency.6.7. Aggregated or anonymised data with personal information removed: we may, from time to time, provide third parties with data that has been aggregated or anonymised. This means that your personal information that could be used to identify you has been removed from the data. Data provided to third parties in this way does not constitute personal data; however, you retain the right to object.
6.8. Credit institutions or insurance companies and brokers (solely in the event of incidents that may occur at the hotel).
6.9. Persons authorised by Albergo San Lorenzo to process personal data, who are necessary to carry out activities strictly related to the provision of services, and who have committed to confidentiality or have an adequate legal obligation of confidentiality. The complete list of data processors is available upon written request to the Controller at the contact details indicated in the "Contacts" section of this policy.
7. TRANSFERS OF PERSONAL DATA
We primarily store and process your personal data in Italy/EU/European Economic Area ("EEA"). If we transfer your personal data outside the EEA, we assure you that the transfer of data outside the EEA will take place in compliance with applicable legal provisions, following verification of the certification of conformity with the principles and protocols adopted by non-EU states with the European Union.
Data may be transferred outside the EEA if the level of data protection they provide has been deemed adequate by the European Commission pursuant to Art. 45 of the GDPR, through a specific adequacy decision.
The Controller also declares that, in the absence of an adequacy decision by the European Commission on the level of protection of data subjects guaranteed by third countries pursuant to Art. 45 of the GDPR, the transfer of data will take place, where possible, following the signing of the Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46(2)(c) and, exceptionally, subject to the consent of the data subject.
8. SECURITY AND QUALITY OF PERSONAL DATA
Albergo San Lorenzo is committed to protecting the security of the user's personal data and complies with the security provisions required by applicable law in order to prevent data loss, unlawful or illicit use of data, and unauthorised access thereto. Furthermore, the information systems and computer programmes used are configured so as to minimise the use of personal and identifying data; such data are processed only to achieve the specific purposes pursued on a case-by-case basis. Albergo San Lorenzo uses multiple advanced security technologies and procedures to promote the protection of users' personal data; for example, personal data is stored on secure servers located in access-controlled and monitored locations. Users can help and contribute to keeping their personal data up to date and accurate by communicating any changes relating to their address, qualifications, contact information, etc.
9. RETENTION OF PERSONAL DATA
Personal data processed for the purposes referred to in sections 4.1, 4.2 and 4.3 will be retained for the time strictly necessary to achieve those same purposes. In any case, since these are processing activities carried out for the provision of services, Albergo San Lorenzo will retain personal data for the period provided for and permitted by Italian law in order to protect its own interests (Art. 2946 of the Civil Code and following).
Personal data processed for the purposes referred to in section 4.4 will be retained for the period required by the specific applicable legal obligation or rule.
For the purposes referred to in section 4.5, your personal data will be processed until you have objected to the processing.
For the purposes referred to in sections 4.6 and 4.7, your personal data will, as a general rule, be processed until your consent is withdrawn. Should you withdraw from the services provided by Albergo San Lorenzo without having withdrawn such consents, the data may continue to be processed after your withdrawal. A periodic annual review of the data processed and the possibility of deleting it if no longer necessary for the intended purposes is provided for. With reference to personal data processed for Marketing Purposes or for profiling purposes, such data will be retained in accordance with the principle of proportionality and in any case until the processing purposes have been achieved or until the specific consent of the data subject has been withdrawn.
Specifically, the Data Controller will process data for no longer than 2 years from the collection of data for Marketing Purposes and one year for data collected for profiling purposes.
Further information regarding the data retention period and the criteria used to determine such period may be requested by sending a written request to the Controller at the contact details indicated in the "Contacts" section of this policy. In any case, the right of Albergo San Lorenzo to retain your personal data for the period provided for and permitted by Italian law in order to protect its own interests (Art. 2947(1)(3) of the Civil Code) is reserved.
10. SPECIAL CATEGORIES OF DATA SUBJECT TO SPECIAL PROCESSING
The term "sensitive data subject to special processing" refers to your information relating to racial or ethnic origin, political opinions, religion or other beliefs, trade union membership, health, sexual life or orientation, genetic information, criminal records, and biometric data used for the purpose of uniquely identifying an individual. We generally do not collect special categories of data, unless voluntarily provided by the user. We may use the health data you have provided to offer you a better service and meet your particular needs (for example, by providing special access measures for persons with disabilities). These are therefore data whose protection is intended to guarantee freedom of thought and opinion, the dignity of the person and freedom from possible discrimination; their processing requires explicit consent, even if not necessarily in writing, because they concern particularly private aspects of the individual and may be used for discriminatory purposes.
11. MINORS
The new European Regulation (GDPR) has established, in Article 8, the obligation not to allow the direct offering of information society services (i.e. registration with social networks and messaging services) to persons under the age of 16, unless the consent of parents (it must be verified that consent is given by the person exercising parental authority) or their legal representatives is obtained.
Registration with an online service is therefore subject to the rules on the conclusion of contracts, which require the person to be capable of appreciating the nature and consequences of their consent.
In any case, parental consent is not always necessary. Under Article 8 of the new European Regulation, parental consent is required only if the processing of minors' data is legitimised on the basis of consent. If, on the other hand, the processing has another legal basis, such as compliance with a legal obligation, legitimate interests, etc., parental consent is not required. Furthermore, this threshold may be further lowered by individual Member States (but the threshold cannot fall below 13 years of age). In this regard, the Italian legislator has set the age limit applicable in Italy at 14 years, with the decree adapting the Privacy Code.
Our website does not intend to intentionally request or collect personal data from persons under the age of 16. If we are informed or otherwise discover that the personal data of a minor has been incorrectly collected, we will take all commercially reasonable steps to delete such information.
12. DATA SUBJECT RIGHTS
At any time, the data subject may exercise their rights against the Data Controller, pursuant to EU Regulation 679/2016, using the contact details indicated in the contacts section of the policy.
To ensure the correct exercise of rights, the data subject must identify themselves unambiguously.
Albergo San Lorenzo undertakes to provide a response within 30 days and, where it is not possible to meet this deadline, to explain any extension of the prescribed timeframe. The response will be provided free of charge, except in cases of unfoundedness (e.g. no data relating to the requesting data subject exists) or excessive requests (e.g. repetitive over time), for which a contribution towards costs not exceeding the costs actually incurred for the specific research carried out may be charged. Rights relating to personal data concerning deceased persons may be exercised by those who have a personal interest or act in protection of the data subject or for family reasons worthy of protection. The data subject may also lodge a complaint with the supervisory authority.
In the event of a personal data breach suffered by Albergo San Lorenzo, the Controller will notify the competent supervisory authority of the breach within 72 hours of its occurrence, and will also communicate the event to the data subject, except in the cases of exclusion provided for by law.
Art. 15 (right of access), 16 (right to rectification) of EU Reg. 2016/679
The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right of the data subject to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right under Art. 17 of EU Reg. 2016/679 – right to erasure ("right to be forgotten")
The data subject has the right to obtain from the Controller the erasure of personal data concerning them without undue delay, and the Controller has the obligation to erase personal data without undue delay, where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based in accordance with Art. 6(1)(a) or Art. 9(2)(a), and where there is no other legal ground for the processing; the data subject objects to the processing pursuant to Art. 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2); the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) of EU Reg. 2016/679.
Right under Art. 18 – Right to restriction of processing
The data subject has the right to obtain from the Controller restriction of processing where one of the following applies: the data subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; although the Controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pursuant to Art. 21(1) of EU Reg. 2016/679, pending verification of whether the legitimate grounds of the Controller override those of the data subject.
Right under Art. 20 – Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another Controller without hindrance from the Controller.
Withdrawal of consent to processing
The data subject has the right to withdraw consent to the processing of their personal data by sending a registered letter with acknowledgement of receipt to the address indicated in the contacts section, accompanied by a copy of their identity document, with the following text: "withdrawal of consent to the processing of all my personal data". Upon completion of this process, your personal data will be removed from the archives as soon as possible, together with the accompanying copy of the request.
In any case, you always have the right to lodge a complaint with the competent supervisory authority (the Italian Data Protection Authority – Garante per la protezione dei dati personali), pursuant to Art. 77 of the Regulation, if you consider that the processing of your data is contrary to the legislation in force.
13. LINKS TO OTHER WEBSITES
Our website may contain links to third-party websites. Please note that we are not responsible for the collection, use, management, sharing or disclosure of data and information by such third parties. If you provide information on and use third-party sites, the privacy policies and terms of service of those sites will apply. We invite you to read the privacy policies of the websites you visit before submitting personal information. In some cases, these sites may be co-branded and display our logos or other registered trademarks. To find out whether you are on our website, check the URL of the page you are visiting.
14. AMENDMENTS
Albergo San Lorenzo reserves the right to modify or simply update the content of this Privacy Policy, in part or in full, also due to changes in applicable law. Albergo San Lorenzo will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Site. For this reason, we invite you to visit this section regularly to read the most recent and updated version of the Privacy Policy, so as to always be informed about the data collected and how Albergo San Lorenzo uses it.