Data Controller’s identity
The Data Controller for data subjects’ personal information is the Elisabetta Eydallin
Contact information for the Data Protection Manager (RPD)
The Data Controller has appointed the Data Protection Manager, who can be contact at the Data Controller’s offices, or via the email address firstname.lastname@example.org
Your personal information handled by the Controller are not divulged, i.e. is not provided to unspecified subjects in any possible form, including being made available or simple consultation. The information may be communicated to workers who are employed by the Controller and to some external subjects who collaborate with them. It may also be communicated to members of Hotel Stella Alpina, to subsidiaries and other third parties who are a part of the Hotel Stella Alpina. It may also, within the strictly necessary limits, be communicated to subjects who must provide goods for the purpose of processing your requests, or to carry out services requested by the Controller. Lastly, it may be communicated to subjects with the right to access said information due to legislation, regulations or EU legislation. In particular, based on the roles and working duties carried out, workers are authorised to handle your personal information, within the limits of their responsibilities and in compliance with the instructions given to them by the Data Controller. External parties who work under the Controller’s authority may also have been authorised to handle information based on the type of service they provide, the handling carried out and the nature of the information handled. External parties to whom the Controller entrusted the handling of personal information have been appointed as Data Processors.
The Data Controller will not transfer your personal information to other countries or international organisations for any reason. However, we reserve the right to use cloud services; in which case, the service providers will be selected from among those who provide suitable guarantees, as provided for in article 46 GDPR 679/16.
The Data Controller stores and handles your personal information for the time required to fulfil the purposes stated. Subsequently, personal data will be stored, and not handled further, for the time set by the current provisions in civil and taxation law.
Data subject’s rights
In reference to articles 15 – right of access, 16 – right to rectification, 17 – right to erasure , 18 – right to restriction of processing, 20 – right to portability, 21 – right to object, 22 right to object to the automated decision-making process of the GDPR 679/16, you can exercise your rights by writing to the Data Controller at the address provided above, or by email to the address email@example.com, specifying the subject of your request, the right you intend to exercise and attaching the photocopy of an ID document that certifies the legitimacy of your request. Further information about the data subject’s right can be found at the bottom of this section.
Each of you has the right to propose a complaint to the control authority for residency status.
Automated decision-making processes
The Data Controller does not handle information in any case that consists of automated decision-making processes about your data.
Data collection: some information is collected anonymously for a better website management and for statistical purposes. The IT system that supports the website, using specific programmes, produces general, anonymous statistics with aggregate data, that are used to establish which information is of greater or lesser interest, to monitor the system’s service and to identify any crisis areas. Also, for reasons of security and to ensure full availability of services for all users, website traffic control software programmes are used to identify unauthorised entry or information alteration attempts, or any attempts of hacking or damage. In order to offer a quality service, the website requires some information from the browser. Browser preferences, login and pages that are frequently used. This information helps you to understand users’ needs better, to offer an improved service.
Using cookies: the Hotel Stella Alpina website uses third party “technical cookies”. “Technical cookies” are rows of text placed on the user’s computer to allow browsing and website use analysis. Sometimes, third parties may use these cookies to publish advertisements based on previous visits by website users. The information generated by the cookie on website use is sent to corresponding third parties and filed on their servers. Generally speaking, third parties use this information to produce website activity reports, destined for Sauzedoulx.net operators, and do not associated the IP address with other data they possess, thus processing anonymous data. It is possible to refuse to provide browsing data by selecting the appropriate setting on the browser.
Please refer to the information published on the corresponding third-party websites for this matter, (e.g. https://www.google.it/intl/it/policies/privacy/ for the information sheet and https://tools.google.com/dlpage/gaoptout?hl=it, for deactivation).
Information confidentiality:Hotel Stella Alpina does not forward any personal identification information or data to third parties, other than for what is strictly necessary to those who intervene as providers of services or to manage contractual relations and consequent administrative obligations.
Listing of data subject’s rights.
Pursuant to GDPR 679/16, the data subject can exercise specific rights by contacting the Data Controller, including: right to access own personal information; right to request rectification of own personal information; right to request erasure of own personal information, right to request restriction of processing of own personal information; right to request data portability; right to submit a complaint to the relevant data protection control authority. We would like to remind you that if the data subject wishes to have more information about the handling of his/her personal information, or to exercise the above rights, he/she can write to the following address firstname.lastname@example.org
Right of access: each of you has the right to obtain confirmation of the existence or non-existence of personal data regarding yourselves, and in this case, to request access thereto. Access information also includes the purposes for which it is handled, the categories of personal information involved, recipients or categories of recipients to whom personal data has been or will be communicated.
The data subject also has the right to obtain a copy of the personal information undergoing processing. For other requested copies, the Controller can charge a reasonable amount based on administrative expenses.
Right to rectification: each of you has the right to obtain rectification of any incorrect personal data about yourselves. Depending on the purpose of handling, you may have the right to complete your incomplete personal information, also by submitting a supplementary declaration.
Right of deletion (“right to be forgotten”): in certain circumstances, you have the right to have the personal information that concerns you deleted.
Right to limitation of handling: in certain circumstances, you have the right to obtain a limitation of handling of your personal information. In this case, the respective information will be marked and can only be handled by the Controller for certain purposes.
Right to information portability: in certain circumstances, you have the right to receive your personal information, in a commonly used, legible format and you also have the right to send them to another body without impediment.