according to section 13 of the European Regulation 2016/679 (GDPR)
this document, which also refers to the short information presented for check-in on a tablet in the Hotel, gives you all the information related to the processing of your personal data at our Hotel.
The Data Controller of information you provided, related to your stay, is Le Sirenuse S.p.A., Albergo Le Sirenuse, via San Sebastiano, 2– 84017 Positano SA, represented by the Hotel Manager Giovanni Ciccone, who can be contacted at the Hotel in via Cristoforo Colombo, 30 Positano. This processing, carried out by persons who, under the direct authority of the controller, are authorised to process personal data using both manual and i.t. tools, is based on principles of lawfulness, fairness, and transparency, to guarantee your rights and your confidentiality.
The provision of contractual and administrative data is necessary for the following purposes:
a(1). comply with the contractual commitments aimed at the provision of our services, including the management of the pre-contractual relationship, the administrative and accounting management, as well as the fulfilment of the related tax obligations, also by making use of other subjects who carry out specific tasks of technical and organizational nature. They are, for example, companies / consultants in charge of managing reservations, web-check-in, accounting and payments processing, debt collection and recovery, auditing and certification of financial statements;
a(2). manage further activities following your stay, such as requests for documentation or lost and found items;
a(3). make available, to the companies that manage credit cards and other means of payment other than cash, payment data proving charges in the event of a dispute or fraud;
a(4). fulfil obligations relating to the communication to Public Security Authorities of the persons housed;
a(5). comply with Police and other Public Authorities legitimate requests;
a(6). make the documentation relating to the payment of the tourist tax available to the Municipality of Positano.
The processing of your data for the previous purposes is lawful as it is necessary for the performance of the hotel hospitality contract to which you are party (a(1), a(2)), for the purposes of the legitimate interests pursued by the controller (a(3)) and for compliance with a legal obligation to which the controller is subject (a(4), a(5), a(6)), therefore it does not require your consent. The unavailability of such data would prevent us from hosting you.
Personal data collected for contractual and administrative purposes are kept for a period equal to the duration of the residence contract and for the following ten years, except in cases where retention of data for a further period is required for disputes, requests from the competent authorities or under applicable law.
We can make your stay with us even more enjoyable if you allow us to:
- store the data relating to your stay after your departure, to offer future services tailored to your preferences, when you'll decide to be our guest again;
- forward telephone calls, messages, correspondence, parcels, gifts or other communications from which it is possible to find out that you are staying at the hotel;
- manage, at your request, additional internal and external services that involve the communication of your personal data;
- contact you, directly or through third parties, after your departure, to know your opinion about your stay and to propose our offers and other our benefits.
To provide you with additional services, we need your consent to process your personal data for clauses "b" to "e", which you are kindly requested to provide as without your permission, these services cannot be managed.
We do not collect sensitive data, defined as data that allow the disclosure of your health conditions, racial or ethnic origin, religious beliefs or political opinions, sexual life or sexual orientation, if not spontaneously communicated by the guest when booking or during the stay. In this case, our staff will use this data exclusively to provide a service that meets the specific needs for which they were communicated.
Personal data collected for clauses "c" and "d" are kept only as long as you stay at the hotel. The data referred to in the "b" clause may be stored up to seven years, while for those at the "e" clause the storage lasts, unless different company strategies, until the request for cancellation by the data subject.
About personal data collected for the purpose of "e" clause, if the service involves transfer to a third country, this can only take place in compliance with the appropriate guarantees of protection for the purposes of the transfer itself, such as the standard contractual clauses of data protection, in accordance with applicable legislation and in particular with articles 45 and 46 of the Regulation.
The third parties, to whom the data can be communicated for contractual finalizing and administrative purposes or for the management of further services, at the explicit request of the customer during the stay, may access the same data as data controllers or data processors operating in an official capacity, under official circumstances. The complete and updated list of subjects who may process data in such a role as data processors is available on request from the Hotel Management.
In no case will personal data be disseminated unless with further explicit consent of the data subject in this regard.
We conclude by informing you that you have the right to obtain access to your personal data, to obtain rectification, erasure, portability, restriction or object to processing, as defined in sections 15 to 22 of GDPR, and to lodge a complaint with supervisory authority, according to current procedures. The interested party has the right to contact the Hotel Data Protection Officer (DPO) directly, by contacting him via email at the address [email protected].
Thanking you for your kind cooperation, we wish you a pleasant stay.
The Hotel Manager.