This Privacy Policy intends to describe the management methods of the Website www.ghmilano.it with reference to the processing of personal data of users/visitors who consult it.
The Privacy Policy is provided only for this Website and not for any other websites that may be accessed by the user through specific links.
Grand Hotel Milano SRL guarantees compliance with the law on the protection of personal data (Legislative Decree 196/03 and Regulation 2016/679/EU). Users/visitors of this Website should therefore read this Privacy Policy carefully before sending any personal information and/or filling out any electronic form posted on the Website itself.
Grand Hotel Milano SRL, with registered office in Viale Roma 46, 53042, Chianciano Terme (Siena) – Italy and email info@ghmilano.it, is the Data Controller for the processing of Personal Data (hereinafter, the “Data Controller”).
The computer systems and software procedures used to operate this Website acquire, during normal operation, some personal data that is then transmitted implicitly in the use of internet communication protocols.
This is information which, by its very nature, could identify users/visitors (e.g. IP address, domain names of computers used by users/visitors connecting to the Website, etc.) through processing and association with data held by third parties.
This data is only used for statistical information and to monitor the proper functioning of the Website.
In any event, web contact data is not retained for more than seven days, except when it is necessary to monitor instances of criminal activities against the Website.
No data deriving from the web service is communicated or disclosed.
If users/visitors connecting to this Website submit their personal data in order to access certain services or to make requests through email, they are aware that this involves the Data Controller’s acquisition of the sender’s address and/or any other personal data which, in turn, will be processed exclusively to respond to the request or to provide a service to the sender.
The personal information provided by users/visitors will be disclosed to third parties only if such disclosure is necessary to comply with requests made by users/visitors themselves or to satisfy legal obligations or public authorities.
In addition to the data expressly provided to the Data Controller, other data may be stored deriving from the user’s browsing on the Website. Indeed, upon user access, the Website can send the user a “cookie”. A “cookie” is a small text file that the Website can automatically send to the user’s computer when viewing pages on this Website. The “cookies” are used to make browsing more convenient, as well as to obtain information on the individual user’s navigation within the Website and to allow the operation of some services that require identification of the user’s browsing through different pages of the Website. For any access to the Website, regardless of the presence of a “cookie”, the Website records the type of browser (i.e. Internet Explorer, Chrome, Firefox), the operating system (i.e. Windows, Macintosh) and the host and the URL of origin of the user-navigator, in addition to data on the requested page. This data can be used in an aggregated and anonymous form for statistical analyses on usage of the Website. For the complete management of cookies, consult the “Cookie Policy” page of this Website.
Data is processed via automated means (i.e. using electronic procedures and electronic devices) and/or manually (i.e. hard copies) for the time strictly necessary to achieve the purposes for which the data was collected, albeit in accordance with the legal provisions in force.
In addition to those indicated in the individual policies that precede the completion of the forms of the different sections of the Website, the purposes of the processing performed by the Data Controller must be understood as:
The legal basis of the processing of the Website users/visitors’ data (the “Data Subjects”) performed by the Data Controller through the Website is constituted:
In some cases, in addition to the Data Controller, certain categories of managers and authorized parties involved in the business organization of the Website may have access to the data, including – by way of mere example – administration, sales, marketing, legal, system administrators (jointly referred to as the “Data Processors”). Furthermore, the Data Controller may use external parties (such as third-party technical service providers, carriers, hosting providers, cloud services, IT companies, communication agencies) who may be appointed as external Data Processors. The updated list of Data Processors can be requested to the Data Controller via the email indicated below.
For the services offered by the Website, the Data Controller uses servers located in Italy and thus, on the basis of Regulation 2016/679/EU, is to be considered as falling within the EU.
Data processed by the Data Controller will never be disclosed.
The processing related to the services of the Website takes place at the registered office of the Data Controller and is handled only by the technical staff in charge of processing
It is acknowledged that:
Without prejudice to what specified for navigational data that automatically acquires data, users/visitors are free to provide their personal data or otherwise. Failure to provide the data can merely render it impossible to obtain the requested service.
Pursuant to Regulation 2016/679/EU, the Data Subjects whose personal data is collected have the right at any time to obtain confirmation of the existence of such data and to know its content and origin, verify its accuracy or request its integration, updating or correction.
In relation to the processing of the aforementioned data, the user/visitor has the right to obtain from the Data Controller:
The subjects to whom the personal data refer also have the right to object for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection, to request portability, exercise the right to be forgotten, as well as contact the Supervisory Authority responsible for the protection of personal data for any breach that the Data Subject believes to have suffered.
The Data Controller contact details are as follows:
Grand Hotel Milano SRL
Viale Roma, 46
53042 Chianciano Terme (Siena) – Italy
Email: info@ghmilano.it
The Italian Data Protection Authority is as follows:
Italian Data Protection Authority
Piazza Venezia, 11, 00187, Roma
e-mail garante@gpdp.it
fax 06 696773785.
No automated decision-making processes are carried out on the aggregated data collected, if not for the best management of the Website.