Guest information

INTERNAL REGULATION FOR PERSONAL DATA PROTECTION

Ultimo aggiornamento: May 4th, 2022

Privacy policy provided to guests and concerning the processing of personal data (Artt.13-14 Reg. UE 679/16).

Dear Guest, privacy has always been a key point of our work philosophy. That said, it is not just to comply with the obligations imposed by the legislation on the protection of personal data that we have made this document available and specific notices that will allow guests to appreciate the transparency of our policies. The guests are invited to view them at the reception and whenever they are delivered or made available.

1. WHICH DATA ARE TREATED

> Information provided by the guest or by a third party acting on his / her behalf (generality, identity card details, generality of the companion, particulars required to meet the special needs of the host or his / her accompanist), also through the Organization (travel agency, company, association, other) that has organized or offered to the visitor the permanence at our facilities,

Information about staying in our facilities (period and time of stay, room / structure occupied or reserved, reservations)

Information about the services requested or used (phone calls made, minibar, alarm clock, additional services provided by related companies or other suppliers, etc.)

Information that originates from the stay in our facilities (needs treated by the staff responsible for meeting them, requests and reservations sent to the reception or through the reception, etc.), which, in the absence of a specific consent or particular needs, are preserved only for the time necessary to ensure the best service

In some cases, known by the customer, data relating to the Organization (travel agency, company, association, etc.) that has organized or offered to the visitor the stay at our facilities

Data obtained from the questionnaires of "satisfaction rating" or during telephone interviews, always assessing the degree of satisfaction

When using the wifi internet access: information about visited sites and internet transactions associated with the IP address used by the guest (navigation log) more specifically, such data:

  • will be kept for at least 6 months and will remain available to the Police Authorities to which they may be notified in connection with activities related to the prevention or repression of crimes
  • could be associated with the guest exclusively through specific procedures that will only be activated on after request by the Authority

In the case of payment by credit card or check, a photocopy of the identity document can be requested and obtained as guarantee of correct identification of the customer, which will be kept, unless different requirements, until the payment is well completed and/or the in the case of possible controversy.

We recall that the law establishes special protection for sensitive data: data suitable for revealing racial or ethnic origin, religious, philosophical or other beliefs gender, political opinions, membership of parties, syndicates, associations or organizations of a religious, philosophical, political or trade union type, as well as personal data suitable for revealing the state of health and sexual life. " They may be processed only with the written consent of the person concerned. Some of the data described above, such as those relating to particular guest requests, might fall technically in this category; for this reason specific consent will be required to the person concerned, where the characteristics or the methods of treatment should be required.

We remind you that the rules establish special safeguards for data defined as "special" by art. 9 of the EU Reg. 2016/679 (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a person physical, health or sexual life data or sexual orientation of the person). Some of the data described above, such as those relating to particular requests of the guest, could technically fall into this category; for this reason specific requests will be ask to the data subject, should the characteristics or methods of processing require it

2. DATA ORIGIN

Recruitment and updating of data is done primarily through the person or persons acting on his / her behalf (eg family members, travel agencies, tour operators, associations, etc.) or from sources freely accessible to anyone, with the exception of data about the required / used serivices, which originate during the stay.

3. WHY ARE DATA TREATED

The treatments that will be carried out have the following aims:

(A) to comply with obligations deriving from Community laws, regulations and regulations, including the obligation to inform the Authorities provided in art.109 of Royal Decree 773 of 18 June 1931 and subsequent amendments;

B) fulfill contractual and accounting and tax obligations; The services required by the data subject or by third parties on behalf of the person concerned.

C) offer guests attentive and customized services throughout their stay in our facility including, for example: secretarial service, reception of mail, delivery of mail and parcels, passage of telephone calls, reservation of external services, communications concerning special offers or events;

D) Recognize the guest and always guarantee the same personalized services in all the facilities operated by HUMAN COMPANY Srl

E) purposes connected with the public relations, information, commercial and customer satisfaction. In particular, the addresses, email and email addresses provided may be used for sending courtesy and / or advertising material relating to services similar to those in the current business relationship. It is understood that the guest has the right to object at all times to this treatment.

In this regard, it should be noted that the law allows the use of the e-mail address provided by the data subject when purchasing a travel / subscription ticket, provided that it does not deny such use;

(F) assert or defend a right, even by acting as representative agents, either in an out-of-court or in an administrative or judicial capacity;

G) regarding any reports:

  • Ensure a timely and accurate response to guest reports, facilitating the creation of an effective communication channel between the Company and the Customer-user;

  • Enhance the customer acquisition system, needed for verification, to improve a service that is more and more adapted to environmental demand and constraints;

  • Provide systematic registration and systematic analysis of service disparities to correct defects.

3.1 WHY DATA MAY BE TREATED - legal basis of treatment
The data can be processed, always in relation to the purposes indicated above:

as they are necessary to fulfill obligations deriving from a contract in which the data subject is a party as well as the related legal obligations or to satisfy his requests (in particular for the purposes referred to in the previous point a-b-c-g)

as necessary for the pursuit of legitimate interests of the data controller, consisting in the correct organization and planning of activities and the improvement of their service, in the protection of assets and credit, as well as in processing personal data for direct marketing purposes always keeping account of the reasonable expectations nurtured by the data subject based on his relationship with the data controller (ref. art. 130 c.4 D: Lgs. 196/2003) in particular for the purposes of the previous point letters c d e g,

having the data subject express their consent, in relation to the further storage, to the use of addresses, even different from the e-mail address, for marketing and communication activities, to the processing of data included in the special categories referred to in art. 9 EU Reg. 2016/679;

as necessary to assert or defend a right in court or to assess whether there is a right to be usefully protected in court

4. HOW THE DATA ARE TAKEN AND WHEN HOLD

Personal data processing can take place using paper and / or computer and / or telematic tools chosen according to criteria of functionality, safety, efficiency and speed in the continuous search for the best service standard and protection for the guest, always guaranteeing the utmost privacy and not excessive in relation to the purposes described above. In this context, and to speed up the check-in procedures in the treatmente of the identity document data, required for mandatory communications to the Police Authorities, can be obtained through an electronic reading system.

In any case, the administrative data will be kept in accordance with the terms of the law; the other data acquired or filed during the stay at the facilities will be kept in a confidential form, until the payment is well completed and the time available for any disputes is exceeded, however not for 6 months, except for different needs; With the consent of the person concerned, such data will be kept further (for a maximum period of three years from the customers’ last stay in our faciliaties) in a database of HUMAN COMPANYI Srl for the sole purpose of recognizing the guest and always guaranteeing the same personalized services in all the facilities managed by the subsidiary companies.

5. WHO CAN TREAT (RESPONSIBLE AND APPOINTEE)

For the same purposes, the data can only be processed, within the limits of what is actually necessary to perform its functions, from the following categories of agents and / or managers: Management; Administrators, reception staff for the management of the guest's stay, plant maintenance or cleaners; Appointee for the management / maintenance of IT systems and, finally, Subsidiary Companies / Subsidiaries / Associates or other entities (companies / professionals) appointed for this purpose and who need access to certain data for auxiliary purposes as described in the previous point 3, always within the limits strictly necessary to carry out the tasks delegated to them.

6. TO WHOM MAY BE COMMUNICATED

Personal information regarding guests may be communicated:

To the persons indicated by the guest or by someone acting on their behalf at the time of acceptance or during stay in our facilities

To the Public Safety Authority or to Public Bodies in compliance with statutory requirements

Limited to accounting and tax data to banks, lenders, data processing companies and credit card companies, for activities strictly related to the execution and administrative management of the contract.

To insurance institutes, public bodies and public bodies for the fulfillment of legal obligations.

Only at the guest's request, to foreign embassies / consulates / indicated by the guest,

To vector companies (Travel Agencies, Tour Operators, etc.) in the form of confirmation, who have direct contact with the guest and who have been involved in the organization of the stay;

The sole data concerning the presence in our facilities, possibly with reference to the occupied accommodation, may only be communicated with the consent of the guest:

  • with the consent of the guest, if needed to find him from the outside, eg. phone.
  • in the form of a list of names, to companies that manage some of the internal services to the facility to whom the guest hosts, who retain the title for all the personal data, needs to provide such informations in order to obtain such services: such companies will comply with privacy law obligations

To parent companies, subsidiaries and affiliates, always and for the purposes described in paragraph 3 above

To other subjects who need access to certain data for auxiliary purposes in accordance with the previous point 3, always within the strictly necessary limits to carry out the duties delegated to them, such as: tax compliance, accounting, assurance, insurance, information system management, financial services;

Of course, all the above-mentioned communications are limited to the data required by the recipient body (which will remain a self-titular holder for all subsequent treatments) for carrying out their duties and / or for achieving the purposes associated with the communication itself.

The processing of the data may also consist of their communication abroad, both inside and outside the European Union, to the country of origin or destination of the guest and to the strictly necessary data in relation to specific requests by the guest himself.

6.1 TRANFER ABROAD AND SPREAD
The processing of the data may also consist in their communication abroad, both within and outside the European Union to the country of origin or destination of the guest and limited to strictly necessary data, in relation to the specifications guest requests. The transfer will always be carried out in full compliance with the law and may be carried out exclusively on the basis of the conditions of legitimacy referred to in point 3.1

The data in question will not be disclosed.

However, it is important to remember that the facilities has many common areas where guests or visitors make video-photographic shots in which other guests or visitors could then appear, destined for publication, for example, on social channels or websites.

7. WHEN YOU MUST COMMUNICATE YOUR DATA

The communication of your data is:
  • compulsory as far as is necessary for the treatments referred to in points (a) and (b) of paragraph 3 above and if not allowed it may make impossible the execution of the contract;

  • obviously optional in relation to points (c), (d) and (f) of paragraph 3 above, so a specific consensus is required, without which there will be no consequences except the inability to serve the host better.

It should be specified that most treatments are

8. VIDEO SURVEILLANCE

The presence of a video surveillance system is duly signaled by specific alerts in the monitored areas, which also indicates if there is a video recording system. Images can be viewed in real time by reception and security personnel in order to provide the necessary assistance and promptly detect possible security situations for the security of the guests; More specifically, the plants can be installed for the following purposes:

Support staff in security and access control activities

Preventing from possible damages, thefts or goods removals

Ensure the safety of staff and guests by detecting situations of particular danger or accidents

Identify the most suitable form of intervention, enabling correct sizing in case of special hazard or accident

To allow for the reconstruction of the dynamics of significant facts for the protection of the safety of persons or in the case of illicit perpetrators of damage to the guests and / or to the facility and its staff

In addition to the above, any video surveillance provided by the system, which is periodically deleted in full compliance with the privacy policy, may be used:

To comply with provisions issued by the Judicial Authority and / or the Judicial Police;

To claim or defend a right by a third party;

Eventually to complete the documentation accompanying the complaint filed with insurance companies.

The legal basis of this treatment consists in the legitimate interest of the Data Controller coinciding with the declared purposes.

9. WHO IS THE HOLDER OF THE TREATMENT

The holder of the treatment is Human Company S.r.l. - Contact details of the Data protection officer: [email protected] – or, with regards to our Facilities, its subsidiaries:
  • Figline Agriturismo S.r.l. (Via Spadini 31 – Prato - P. IVA 01681640973) for Norcenni Girasole Village and Villa La Palagina

  • Elite Firenze Gestioni S.r.l. (Via Norcenni 7 - Figline Incisa V.no (FI) P.IVA 05813700480) for Plus Florence and Firenze Camping in Town

  • Roma Camping S.r.l. (Via Aurelia 831-Roma - P.IVA 00954081006) for I Pini Family Park e Roma Camping in Town

  • Elite Livorno Gestioni S.r.l. -(Via Norcenni 7 - Figline Incisa V.no (FI) - P.IVA 05813780482) for Park Albatros Village and Montescudaio

  • Delta S.r.l. (Via G.Leopardi 31 - Montevarchi (AR) - P.IVA 01954310510) for Jolly Camping in Town

  • Società Agricola Le Driadi S.r.l. (Via Norcenni 21 - Figline Incisa V.no P.IVA 05627800484) for Fattoria la Palagina

  • Plus Prague S.r.o. (Privozni 1562/1 - Praga - P.IVA CZ699003294) for Plus Prague

  • Adakitalia S.r.l. (Via Norcenni 7 - Figline Incisa V.no (FI) P.IVA 04719560486) for Norcenni Tour and Human Travel

  • Plus Berlin G.m.b.h (Warschauer Platz 6\8 - Berlino - P.IVA DE270699817) for Plus Berlin

  • Elite Veneto Gestioni S.r.l. - Via Norcenni 7 - Figline Incisa V.no (FI) P.IVA 05813690483) for Altomincio Family Park

  • Roma Gestioni S.r.l. (Via Aurelia 831 – Roma - P.IVA 08219321000) for Fabulous Village

  • ECV Shops S.r.l. (Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze) P.IVA e C.F. 06441810485 Management of markets and bazaars

  • La Quarta S.r.l. (Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze) P.IVA e C.F. 06441820484, Management of restaurant and bar activities

  • O’Tel S.r.l. (Via Generale C. A. Dalla Chiesa 9 - 50136 Firenze) [P. IVA 05467430483] | Real estate property - business rental

  • Holding Terza S.r.l. (Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze) C.F. 06438440486, Holding restaurant and market branch

  • La Terra dei Sensi S.r.l. (Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze) C.F. 06717970484, ANTS program management

  • Camping International S.A. (Um Birkelt n.1, Larochette, Lussemburgo) N° TVA: LU13005324, for Camping Birkelt

10. RIGHTS OF THE DATA SUBJECT - CONTACTS

The data subject has the right:

to ask the data controller to access personal data and to correct or delete them or limit the processing of personal data concerning them and to oppose their processing,

if the processing is carried out by automated means (computer) and on the basis of his consent, to receive the personal data concerning him / her and / or to obtain direct transmission in a structured, commonly used and automatically readable format, or to another data controller, if technically feasible.

to withdraw his consent at any time (without prejudice to the lawfulness of the processing based on the consent before the revocation), obviously this for the processing carried out on the basis of this assumption

to lodge a complaint with a supervisory authority: Garante per la protezione dei dati personali - Piazza di Monte Citorio n. 121 00186 ROMA - Fax: (+39) 06.69677.3785 - Centralino telefonico: (+39) 06.696771 - E-mail: [email protected] - posta certificata [email protected]

To exercise their rights, the Guests can send a communication to [email protected] or contact the Director of the accommodation facility where they stay or have stayed, who can be contacted through the reception or the addresses already known to the data subject , bearing in mind that it will not be possible to answer requests received by telephone where there is no certainty about the identity of the applicant.