Personal data protection code for USERS of the service
We wish to thank you for the trust placed in us by choosing VIVAFIRENZE.IT for your online hotel reservations. We guarantee the utmost commitment in safeguarding and protecting the privacy of your personal data (including your credit card details).
This personal data protection code is applied to all our services (accessible or available on our website).
WHICH DATA WILL BE PROCESSED
Upon booking a room in a hotel (or any other kind of incoming structure), you will be asked to fill out the on-line form with the following information:
- data needed to complete the reservation (your first name, surname, home or office address, valid email address, telephone number and your credit card details);
- any additional information to be sent to the incoming structure for special requests or for satisfying special requirements of the user or accompanying persons. With regard to this second point it may happen that the user enters data referring to a subject that is identified and classified as “sensitive data” (“data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical political or trade-unionist character, as well as personal data disclosing health and sex life”), for which the regulations (art. 26 of Legislative Decree 196/2003) establishes special protection and for this reason consent is requested.
The data you communicate during your contacts with VIVAFIRENZE will also be added to the information indicated above.
WHY YOUR DATA IS PROCESSED
The processing will be carried out for the following purposes:
a) to comply with an obligation imposed by a law, regulation or Community legislation;
b) to comply with the obligations resulting from a contract and to comply with your requests and guarantee reliable and personalised services;
c) to establish or defend a right both out-of-court and in legal or administrative proceedings;
d) for purposes connected to public relations and commercial activities: marketing, advertising, promotional activities and user-satisfaction surveys. More specifically, the contact numbers, and postal and email addresses provided may be used to send courtesy communications and/or commercial information or advertising material relating to service offered by websites similar to those requested and purchased on VIVAFIRENZE.IT. It is understood that you have the right to oppose the above-mentioned processing at any time.
Your email address may also be used to send updates, newsletters or news regarding the activities of the VIVAFIRENZE.IT portal; you may communicate your decision not to receive emails of this type on the relative link at the bottom of each newsletter or communication sent, or by sending a message to the email email@example.com
HOW YOUR DATA ARE PROCESSED
In relation to the aforementioned purposes, the processing of personal data will be carried out prevalently with the help of computerised or telematic means selected according to the criteria of feasibility, security, efficacy and speed in the ongoing search for the best service standards for protecting the User.
We save your credit card data for a maximum of 15 days after the date of booking. Once this period has elapsed, the data will be deleted.
We instead save the other data you communicate to us but always with the guarantee of absolute confidentiality, pertinence and minimisation for the aforementioned purposes.
PROTECTION AND SECURITY OF YOUR CREDIT CARD INFORMATION
In order to protect and safeguard the personal data you provide us with, we have implemented and avail of suitable work tools and procedures. For example, your credit card details will be transmitted by means of a server network protocol that encrypts all your personal and credit card data. The encrypting system used is the Secure Socket Layer (SSL) protocol. The supplier of the certified SSL is indicated in the certificate that can be viewed by clicking on the lock symbol on the browser. In addition, we have implemented and make use of security procedures and technical and physical restriction techniques for the access and use of personal data.
Our server and our network are protected against unauthorised access by firewalls and we have an anti-intrusion detection system that monitors and detects any unauthorised access attempts or improper use of our servers.
WHO CAN PROCESS THIS DATA
Data may be processed for the aforementioned purposes by the following categories of assigned persons and/or data controllers: persons in charge of managing the service and relations with the user, persons in charge of maintenance of the computer systems, and limited to the data strictly necessary for their specific tasks, other subjects (companies/consultants) we appoint as persons in charge who need to access your data for purposes pertaining to the management of the relationship between VIVAFIRENZE and its users, within the limits strictly necessary for performing their assigned tasks, such as the management of the user assistance service, the management of computer systems, and customer-satisfaction surveys.
TO WHOM YOU DATA MAY BE DISCLOSED
Your personal data may be disclosed to:
- the incoming structures with whom you have requested a reservation;
- the public authorities as requested;
- any clients/suppliers but only ever in relation to the aforementioned purposes;
- other third parties who need to access your data for purposes pertaining to the management of the relationship between VIVAFIRENZE and its users, within the limits strictly necessary for performing their assigned tasks such as the management of the user assistance service, the management of computer systems, and customer-satisfaction surveys.
All the aforementioned communications will obviously be limited to the sole data necessary for the intended body/office (that shall remain the independent Controller of all the subsequent processing) for performing their specific tasks and/or achieving the purposes connected to the same communication.
WHEN YOU ARE OBLIGED TO PROVIDE YOUR PERSONAL DATA
The disclosure of your personal data is always optional, however in the absence of certain information it will not be possible to provide users with the services requested; in particular, if the data marked with an asterisk is missing on the form to be filled out on-line it will not be possible to make the reservation.
WHO CAN I CONTACT FOR MORE INFORMATION
The data controller is COMI SpA, a joint-stock company governed by Italian law with registered office in Via del Giglio 10, 50123 Florence (FI) Italy; in order to exercise your rights as envisaged by art. 7 of Legislative Decree 196/2003, that we have listed in full below for your convenience, simply send an email to firstname.lastname@example.org
Legislative Decree no. 196 dated 30 June 2003 (Personal data Protection Code).
Section. 7 (Right to access Personal Data and Other Rights):
1. A data subject [the person or entity to whom the data relates] has the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed:
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning the controller, data processors and the representative designated as per Section 5 (2);
e) of the entities or categories to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative in the State’s territory, data processor(s) or person(s) in charge of the data processing..
3. A data subject shall have the right to obtain:
a) updating, rectification, or where interested therein, integration of the data;
b) erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys..
This document is drafted for use by COMI S.p.A. It is prohibited to reproduce and/or transfer it to third parties, or for unauthorised subjects to use or copy it, even partially. In all cases, reproduction is only permitted if this clause is included.
Agg.to 21.03.2011 – Translated by Lexis