WHY THIS POLICY?
With this document, as provided by current legislation (art. 13 General Regulation on Data Protection, hereinafter also referred to as RGPD), we provide users who access the site www.bolognarooms.com with information regarding the processing of their data.
WHO IS THE OWNER
The Company Biancospino Srl, with registered offices at Via G.Mazzini 4 7, 40138, Bologna, Italy, VAT NUMBER: IT02143131205, hereinafter also referred to as “Biancospino”.
WHICH DATA IS PROCESSED
The data processed is the navigation data and the data provided spontaneously by the user.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, enable users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and the user’s IT environment.
Data provided directly by the user
This category includes all personal data provided voluntarily by the user (for example, when requesting for information by calling the numbers provided on the website or writing to the e-mail addresses indicated on the site).
WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?
Navigation data: purposes and legal bases
Navigation data is used only to obtain anonymous statistical information on the use of the website, for site security purposes and to verify its proper functioning and could be used to determine responsibility in the event of possible cyber crimes against the website.
The legal basis for the processing of such data is the legitimate interest and the legal obligation in case of requests by the authorities.
Data provided directly by the user: purposes and legal bases
The personal data provided by the user on an optional basis are used only to process any requests made and to implement legal obligations and/or pre-contractual obligations and/or contractual obligations arising from the relationship about the case in question.
The legal bases for the processing of such data are therefore: a legal obligation and the execution of pre-contractual and contractual obligations.
In the areas of the site dedicated to specific services, specific information is provided, which the user must read before providing the data, in which all the information on the processing of data is indicated in detail.
HOW IS THE DATA MANAGED?
The collected data is processed with IT tools and only in a residual way with paper methods. Adequate security measures are adopted to prevent the loss of data, illegal or incorrect use and unauthorized access.
As indicated in the General Conditions of Use of the website, for the processing of data connected to the services of the website, certain services are used which determine the transfer of data abroad. This is the hosting : https://hosting.aruba.it/en/terms-conditions.aspx and the service used to manage the newsletter (//mailchimp.com/legal/privacy/). In the latter case, however, the provider of the aforementioned service is an American company that adheres to the European Commission’s adequacy decision known as ” Privacy Shield “, thereby ensuring compliance with the personal data being processed.
The data provided directly by the person concerned is kept for the time strictly necessary to process the requests of the person concerned and then deleted, except in cases of booking confirmation (against which the data can be maintained for the duration of the relationship and according to legal obligations) and defensive requirements (which may require further retention).
The navigation data does not last for more than seven days and is deleted immediately after aggregation unless it is necessary for the judicial authorities to investigate crimes.
WHAT HAPPENS IF THE DATA IS NOT PROVIDED?
With the exception of the navigation data necessary to implement computer and telematic protocols, the provision of data by users through the various methods made available is free and optional.
However, failure to provide the same data will make it impossible to proceed with requests submitted or which the user intends to submit.
WHO CAN ACCESS THE DATA?
The data will be processed by the Company’s employees and by collaborators authorized by the latter to process the data. The data may also be accessed by consultants or companies providing IT supply and assistance services for purposes related to the activities carried out on behalf of the owner and by consultants for the management of litigation and legal assistance in the event of any disputes that may require their involvement.
The person concerned may request the list of external subjects who carry out their activities as data controllers.
WHAT ARE THE RIGHTS OF THE PERSON CONCERNED?
The law accords the person concerned the right to ask the data controller for access to personal data and their rectification or deletion or to limit the processing of personal data concerning him or her or to object to their processing, in addition to the right to data portability.
The interested party may assert his/her rights at any time, without formality, by contacting Biancospino SRL via the email address firstname.lastname@example.org
The rights recognized by current legislation on the protection of personal data are described in details below.
- The right of access,e the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her is being processed and, if so, to obtain access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if they are recipients in third world countries or international organizations; (d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; (e) if there is the right of the interested party to request the data controller to rectify or delete his or her personal data or to limit the processing of his or her personal data or to object to the processing of his or her personal data; f) the right to lodge a complaint with a supervisory authority; g) if the data is not collected from the person concerned, any available information as to their source; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the envisaged importance and consequences of such processing for the person concerned. Where personal data is transferred to a third world country or an international organization, the person concerned shall then have the right to be informed of the existence of appropriate safeguards relating to the transfer.
- The right of rectification, i.e the right of rectification: the right to obtain from the data controller for the rectification of personal data relating to him or her which are inaccurate without unjustified delay. Taking into account the purposes of the processing, the person concerned has the right to obtain the integration of incomplete personal data, including providing a supplementary statement.
- The right to erasuree the right to obtain from the data controller the erasure of personal data concerning him or her without unjustified delay if: a) the personal data is no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the person concerned revokes the consent on which the processing is based and if there is no other legal basis for the processing; c) the person concerned opposes the processing carried out because it is necessary for the execution of a task in the public interest or in the exercise of official authority vested in the owner or for the pursuit of legitimate interest and there is no overriding legitimate reason for carrying out the processing or opposes the processing for purposes of direct marketing; d) the personal data has been processed unlawfully; (e) the personal data must be deleted in order to fulfil a legal obligation under Union law or the law of the Member State to which the data controller is subject; (f) the personal data has been collected in connection with the provision of information society services to minors. However, a request for erasure cannot be accepted if the processing is necessary: a) for the exercise of the right to freedom of expression and information; (b) for the fulfilment of a legal obligation requiring the processing provided for by Union law or the law of the Member State to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; (c) for reasons of public interest in the field of public health; (d) for purposes of filing in the public interest, scientific or historical research or for statistical purposes, in so far as erasure would seriously jeopardise or render impossible the achievement of the objectives of such processing; or (e) for the establishment, exercise or defence of legal claims.
- The right of limitation,e the right to obtain that the data be processed, except for storage, only with the consent of the person concerned or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State if such processing is carried out on the basis of the consent of the person concerned: a) the person concerned disputes the accuracy of the personal data within the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the person concerned opposes the erasure of the personal data and requests instead that its use be limited; c) although the data controller no longer needs the data for the purposes of processing, the personal data are necessary for the person concerned to ascertain, exercise or defend a legal claim; d) the person concerned opposes the processing because it is necessary for the execution of a task carried out in the public interest or in the exercise of public authority vested in the data controller or for the pursuit of the legitimate interest of the data controller or third parties, pending verification of whether the legitimate reasons of the data controller prevail over those of the person concerned.
- The right to portability, i.e the right to receive in a structured format, commonly used and machine-readable, personal data concerning him/her provided to the data controller and has the right to transmit such data to another data controller without hindrance by the data controller to whom he/her has provided them, as well as the right to obtain direct transmission of personal data from one data controller to another, where technically feasible, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right shall be without prejudice to the right to erasure.
- The right to object,e the right of the person concerned to object at any time, for reasons connected with his/her particular situation, to the processing of his/her personal data carried out because it is necessary for the execution of a task carried out in the public interest or in the exercise of official authority vested in the data controller or in the pursuit of the legitimate interests of the data controller or of third parties. Where personal data are processed for the purposes of direct marketing, the person concerned shall have the right to object at any time to the processing of personal data relating to him/her carried out for such purposes, including profiling insofar as it is related to such direct marketing.
The person concerned is then informed that the law gives him or her the possibility to assert their rights by appealing to the Privacy Guarantor or before the judicial authority.
The company Biancospino SRL, registered office at via G. Mazzini 4, 40138, Bologna , Italy VAT number: 02143131205 as Data Controller, wishes to inform you that, pursuant to art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of natural persons with regard to the processing of personal data – for reasons of protection of the company’s assets- internal accesses of the company’s buildings – duly indicated by the requested signage by the Guarantor for the Protection of Personal Data – are supervised by a video surveillance system.
DESCRIPTION OF THE VIDEO SURVEILLANCE SYSTEM:
Fixed optics cameras, equipped with infrared for night vision.
Operating times, registration, data storage:
The cameras are designed for 24-hour operation, with recording on an integrated micro SD card. The system does not include any monitor for display, nor NVR (or DVR) equipment with hard disk ready for recording.
Images recorded on a Micro SD card will be kept for the next 48 hours, after which they will be automatically deleted.
The cameras in question can be viewed in real time via the application provided by the mobile device manufacturer of the sole owner of Biancospino S.r.l.
The camera will be connected to the existing internet at the unit.
Each software access to the camera is password protected, kept by the owner and administrator of Biancospino S.r.l.
HOLDER OF THE TREATMENT
The data controller is Biancospino SRL in the person of the legal representative pro-tempore, registered office via G. Mazzini 4, 40138 Bologna, Italy, VAT number 02143131205.
PURPOSE OF THE TREATMENT
The images, like the names, are personal data subjected to the protections provided for by the Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of natural persons. Therefore these particular personal data are acquired and stored by Biancospino SRL for the time strictly necessary in order to allow the protection of the company assets, all in compliance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council and the prescriptions imposed. by the Office of the Guarantor for the processing of personal data. The adopted system does not carry out the connection, the crossing or the comparison of the images collected with other personal data or with possible identification codes.
STORAGE PERIOD OF PERSONAL DATA
The Data Controller proceeds to the conservation of the images deriving from the video surveillance activity for a period of time not exceeding that necessary for the attainment of the purposes for which they are treated, in fact Biancospino SRL provides for the automatic destruction of the data collected within the term of 48 hours, subject to special requirements for further preservation in the event of adhering to a specific investigative request by the Judicial or Judicial Police. The use of images for other purposes is not foreseen and in particular the purpose of remote control of the working activity is excluded.
CATEGORIES OF RECIPIENTS OF DATA
The processed data will not be disclosed to third parties. However, they can learn about your data, in relation to the processing purposes previously set forth:
– subjects that can access the data according to the provision of Law provided for by the law of the European Union or by that of the Member State to which the Data Controller is subject;
– our employees, as long as they are previously designated as a subject acting under the authority of the Data Controller, pursuant to art. 29 of the European Regulations, or as System Administrator;
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The data controller does not intend to transfer your personal data to third countries. The entire processing of personal data, in fact, takes place within the borders of the Italian territory or within the territory of the European Union.
RIGHTS OF THE INTERESTED PARTY
In relation to the processing of your personal data, in accordance with the European Regulation, you have the right to:
withdraw your consent to the processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation, as provided for by the art. 7, paragraph 3, of the European Regulation;
ask the Data Controller to access your personal data, as required by art. 15 of the European Regulation;
to obtain from the Data Controller the rectification and integration of your personal data deemed inaccurate, even providing a simple supplementary declaration, as required by art. 16 of the European Regulation;
to obtain the deletion of your personal data from the Data Controller if there is even only one of the reasons provided by the art. 17 of the European Regulation;
to obtain from the Data Controller the limitation of the processing of your personal data if one of the hypotheses envisaged by the art. 18 of the European Regulation;
Receive from the Data Controller the personal data concerning you in a structured format, commonly used and readable by an automatic device, as well as having the right to transmit such data to another data controller without hindrance, as required by art. 20 of the European Regulation; oppose at any time, for reasons connected to your particular situation, to the processing of your personal data carried out pursuant to art. 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions, as required by art. 21 of the European Regulation; not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that concern you or that significantly affect your person, if they have not previously and explicitly consented to, as provided for by art. 22 of the European Regulation. By way of a non-exhaustive example, this category includes any form of automated processing of personal data aimed at analyzing or predicting aspects concerning consumption and purchase choices, the economic situation, interests, reliability, behavior; make a complaint to a supervisory authority, if it considers that the treatment concerning you is in violation of the European Regulation. The complaint can be proposed in the Member State in which he habitually resides, works or in the place where the alleged violation occurred, as envisaged by the art. 77 of the European Regulation.
To exercise each of your rights, you can contact the data controller at the registered office of Biancospino SRL in street G. Mazzini 4 , 40138 Bologna, Italy, at each of the company’s facilities or by email at email@example.com