HOTEL ARETINO

Book now
Book

Privacy Policy

Hotel Aretino has developed this Internet Privacy Policy in order to align its activities with those of a trusted entity that assures, respects, and maintains the right to privacy of Visitors in the online environment.

Aurora Srl, with registered office at 52100 – Arezzo (AR), Via Pietro da Cortona n. 10, Tax Code and VAT No. 02071050518, registered in the Arezzo Companies Register, PEC: auroraaurora@aruba.it, represented by its legal representative pro tempore (hereinafter “Hotel Aretino”) is the data controller of personal data potentially collected through this website as defined by the European GDPR Regulation 679/2016. The controller will process any data collected through this website (www.laretinohotel.com) for the purposes, in the manner, and according to what is specifically described below.

Hotel Aretino is constantly committed to protecting the online privacy of its users.

This document has been drafted pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter: “Regulation”) in order to allow you to understand our privacy policy, to know how your personal information is managed when you use our website (hereinafter “Site”) and, where applicable, to provide consent to the processing of your personal data in an express and informed manner (validly given only by persons over 16 years of age).

The information and data provided by you or otherwise acquired in the context of using our services on the site – hereinafter “Services” – will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the controller’s activities.

In accordance with the rules of the Regulation, processing carried out shall be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity, and confidentiality.

INDEX

  1. Data Controller
  2. Personal data subject to processing
    • a. Browsing data
    • b. Special categories of personal data
    • c. Data voluntarily provided by the data subject
    • d. Cookies
    • e. Integration of third-party services and content
  3. Purposes of processing
  4. Legal basis and mandatory or voluntary nature of processing
  5. Recipients of personal data
  6. Transfers of personal data
  7. Retention of personal data
  8. Rights of the data subject
  9. Amendments
  10. Specific use of personal data

1. DATA CONTROLLER

The controller of processing carried out through the Site is Aurora Srl, with registered office at 52100 – Arezzo (AR), Via Pietro da Cortona n. 10, Tax Code and VAT No. 02071050518, registered in the Arezzo Companies Register, PEC: auroraaurora@aruba.it, represented by its legal representative pro tempore (also “Hotel Aretino”). For any information regarding the processing of personal data by the controller, including the list of data processors handling data, you may write to: auroraaurora@aruba.it or info@laretinohotel.com

2. PERSONAL DATA SUBJECT TO PROCESSING

Upon browsing the Site, we inform you that the controller will process personal data which may consist of an identifier such as a name, an identification number, an online identifier, a postal address, an email address, a telephone number (landline and/or mobile), or one or more elements characteristic of your physical, physiological, psychological, economic, cultural, or social identity capable of making the data subject identified or identifiable (hereinafter simply “Personal Data”).

Hotel Aretino will collect and process only personal data voluntarily provided by visitors to this site. Visitors are able to browse the site without disclosing personal information or data. Each visitor to the site may choose to provide the Controller with limited personal data as requested in order to obtain information about our services. Once registered, the personal data collected will be used solely for the services indicated in the available policy.

Site visitors may provide their data to:

  • Subscribe to our newsletter
  • Request information on services/products, offers, and quotes
  • Register for events
  • Submit a curriculum vitae
  • Purchase services/products/vouchers

The Personal Data processed through the Site are as follows:

A. Browsing Data

The IT systems and software procedures used to operate the Site acquire, in the course of their normal operation, certain Personal Data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.) and other parameters relating to the user’s operating system and IT environment.

These data are used solely to obtain anonymous statistical information on the use of the Site and to monitor its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the site or third parties: save for this eventuality, the data collected by the site are currently removed within a short period of time.

B. SPECIAL CATEGORIES OF PERSONAL DATA

When using our Site (or submitting via email) for a job application, you may provide Personal Data falling within the special categories of Personal Data referred to in Art. 9 of the Regulation, specifically “[…] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as […] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation.”

We invite you not to publish such data unless strictly necessary. Indeed, we remind you that in the event of transmission of special categories of Personal Data without a specific expression of consent to process such data (which in any case obviously still allows you to send a curriculum vitae), the controller cannot be held responsible under any circumstances, nor can any objection of any kind be raised, since in such a case the processing will be permitted as it concerns data manifestly made public by the data subject, in accordance with Art. 9(1)(e) of the Regulation. We nonetheless emphasise the importance, as already noted above, of expressing explicit consent to the processing of special categories of Personal Data, should you decide to share such information.

We also inform you that, for selection purposes, the controller may analyse professional social profiles freely available on the Internet (e.g. LinkedIn).

C. DATA VOLUNTARILY PROVIDED BY THE DATA SUBJECT

When using certain Services on the Site (for example, the request/contact/booking form), processing of Personal Data of third parties submitted by you to the controller may occur. In such cases, you act as an independent data controller, assuming all legal obligations and responsibilities. In this regard, you grant the broadest possible indemnity against any claims, demands, requests for compensation for damages from processing, etc. that may be received by the controller from third parties whose Personal Data has been processed through your use of the Site’s functions in violation of applicable personal data protection regulations. In any case, should you provide or otherwise process Personal Data of third parties when using the Site, you hereby guarantee – assuming all related responsibility – that such specific processing is based on an appropriate legal basis pursuant to Art. 6 of the Regulation that legitimises the processing of the information in question.

D. COOKIES

General information on cookies.

Cookies are small text files that, through a web page and via the browser, are stored on the computer’s hard drive to store small amounts of information about the page for a limited period of time. There are different types of cookies. Some are essential for the functioning of the site, such as navigation cookies or shopping cart cookies. In addition, there are so-called analytics cookies, which collect information such as the number of visitors to the website and the path visitors take to reach the site. Functional cookies allow the site to remember the selection made (for example, selected filter settings or the language setting of a site).

There are also so-called profiling cookies, which record the user’s preferences and actions. Based on this information, a user profile is created. This serves to match advertising messages with the user’s interests and therefore enables more targeted advertising for specific target groups. In many cases, the site operator uses third-party cookies to deliver personalised advertising.

MANDATORY CONSENT FOR COOKIES

Visitors to the site must actively consent to the use of cookies that are not essential for the functioning of the website and have the right to withdraw their consent at any time.

This website uses a technology called CMP (Consent Management Platform) to manage this right. When accessing the site, a banner appears informing the user about the use of cookies, offering various consent options (accept all cookies, individual categories of cookies, or each individual cookie separately) and providing detailed information about the different types. The CMP stores the user’s choices and applies them on the next visit to the site.

How to prevent the installation of cookies directly through the browser:

FIREFOX

  1. Click on the menu and then on Settings.
  2. Select the Privacy panel.
  3. In the History section, select Use custom settings.
  4. In the options that now appear, uncheck “Accept Cookies.”
  5. Click OK. For more detailed information, visit: https://support.mozilla.org/it/kb/Bloccare%20i%20cookie

GOOGLE CHROME

  1. Click on the menu and then on Settings.
  2. At the bottom, click Show advanced settings.
  3. In the Privacy section, click Content settings.
  4. In the Cookies section, select Storage of cookies and site data.
  5. Click Done. For more detailed information, visit: https://support.google.com/chrome/answer/95647?hl=it

SAFARI

  1. In the Settings section, select Privacy.
  2. Under Accept Cookies, you can define whether and how Safari should store cookies from sites. For more information, click the help panel, represented by a question mark. For more detailed information, visit: https://support.apple.com/kb/PH5042?locale=en_US

E. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT

Google Analytics, Google IP Locator, Google Maps, Google Maps Distance API, Google reCAPTCHA Owner: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

YouTube Content Owner: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA

Facebook Social Network Owner: Facebook Inc., Menlo Park, California, USA

Instagram Social Network Owner: Facebook Inc., Menlo Park, California, USA

Twitter Social Network Owner: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland

Vimeo Owner: Vimeo Inc., 555 West 18th Street, New York, New York 10011

Hotjar Owner: Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta

Additional external content may be loaded through widgets and iframes. To access this list of external content, please send an email to auroraaurora@aruba.it or info@laretinohotel.com

3. PURPOSES OF PROCESSING

The processing we intend to carry out, with your specific consent where required, has the following purposes:

a. to enable the provision of the Services you have requested; b. to respond to requests for assistance, information, or bookings; c. to review CVs and re-contact candidates who have submitted their application; d. to fulfil any legal, accounting, and tax obligations; e. marketing purposes: the data provided may be processed, subject to explicit and specific consent, for the sending of promotional and marketing communications, including newsletters and market research, through automated tools (SMS, MMS, email, push notifications) and non-automated means (postal mail, telephone with operator). The legal basis for processing your data for such purposes is Art. 6(1)(a) of the Regulation. Direct marketing processing is optional and depends on your free choice; therefore, failure to provide your consent for this purpose will not affect your ability to use the services.

4. LEGAL BASIS AND MANDATORY OR VOLUNTARY NATURE OF PROCESSING

The legal basis for the processing of Personal Data for the purposes referred to in section 3 (a-b-c) is Art. 6(1)(b) of the Regulation (performance of a contract), as the processing is necessary for the provision of Services or to respond to requests from the data subject.

The provision of Personal Data for these purposes is optional, but failure to provide it would make it impossible to activate the Services provided by the Site, respond to requests, or evaluate CVs. With specific reference to purpose 3.c and the related analysis of professional social profiles freely available on the Internet referred to in section 2.b, the legal basis for processing is Art. 6(1)(f) of the Regulation, namely the legitimate interest of the controller in verifying any risks regarding the candidate’s suitability for the specific open position.

The purpose referred to in section 3.d constitutes lawful processing of Personal Data pursuant to Art. 6(1)(c) of the Regulation (compliance with a legal obligation). Once Personal Data has been provided, the processing is indeed necessary to fulfil a legal obligation to which the controller is subject.

The legal basis for processing for the purposes referred to in section 3.e is Art. 6(1)(a) of the Regulation (user consent). For processing carried out for the same purposes involving the direct sending of the controller’s own advertising or direct sales material, or for the carrying out of the controller’s own market research or commercial communications in relation to products or services analogous to those you have purchased, the Controller may use, without your consent, email and postal addresses, pursuant to and within the limits permitted by Art. 130(4) of the Code and the provision of the Italian Data Protection Authority of 19 June 2008. The legal basis for processing your data for this purpose is Art. 6(1)(f) of the Regulation (legitimate interest).

5. RECIPIENTS OF PERSONAL DATA

Personal data will not be communicated to other companies without your explicit consent, with the exception of associated companies. Personal data may however be sent to public bodies and institutions for the fulfilment of legal obligations.

Hotel Aretino does not deliberately collect, through the website, sensitive or judicial personal data.

Sensitive data, pursuant to Art. 4 of European GDPR Regulation 679/2016, includes personal data capable of revealing racial and ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of parties, trade unions, associations, or organisations of a religious, philosophical, political, or trade union nature, as well as personal data capable of revealing health status and sexual life. Judicial data, also pursuant to Art. 4 of European GDPR Regulation 679/2016, includes personal data capable of revealing measures referred to in Art. 3(1), letters a) to o) and r) to u) of Presidential Decree No. 313 of 14 November 2002, concerning the criminal records register, the register of administrative sanctions arising from offences and related pending charges, or the status of accused or suspect pursuant to Articles 60 and 61 of the Code of Criminal Procedure. We recommend that you do not provide such information through our site. Should this be necessary (for example, in the case of belonging to protected categories when submitting a curriculum vitae for employment purposes, in response to a job advertisement or when expressing interest in working with us), we invite you to send us by registered letter a statement expressing your written consent to the processing of this information.

Your Personal Data may be shared, for the purposes referred to in section 3 above, with:

a. subjects acting typically as data processors, namely: i) persons, companies, or professional firms providing assistance and consultancy to the controller in accounting, administrative, legal, tax, financial, debt recovery, marketing, and communications matters in relation to the provision of Services; ii) subjects with whom it is necessary to interact for the provision of Services (such as hosting providers); iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communications networks); (collectively “Recipients”); b. subjects, bodies, or authorities to whom your personal data must be communicated by virtue of legal provisions or orders of authorities; c. persons authorised by the controller to process Personal Data necessary to carry out activities strictly related to the provision of Services or the other purposes referred to in section 3 above, who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. the controller’s employees).

6. TRANSFER OF PERSONAL DATA

Some of your Personal Data is shared with Recipients who may be located outside the European Economic Area. The controller ensures that the processing of your Personal Data by these Recipients is carried out in compliance with the Regulation. Transfers may be based on an adequacy decision, on the Standard Contractual Clauses approved by the European Commission, or on another appropriate legal basis. Further information is available from the controller by writing to: auroraaurora@aruba.it or info@laretinohotel.com

Links to third-party sites

Please note that www.laretinohotel.com may contain links to other sites which are not governed by this privacy policy.

7. DATA RETENTION

The information and personal data of Visitors collected by this site, including data freely provided in order to receive informational material or other communications by writing in the contact forms on this site, will be retained solely for the purpose of providing the requested service and for the duration necessary for that same purpose. Once the service is completed, all personal data will be destroyed in accordance with data retention policies, unless otherwise required by authorities or where retention is required by law, or as per your explicit requests.

Personal Data processed for the purposes referred to in section 3(a-b) will be retained for the time strictly necessary to achieve those same purposes. In any case, as these are processing activities carried out for the provision of Services, the controller will process Personal Data for the time permitted by Italian law to protect its own interests (Art. 2946 of the Civil Code et seq.). With regard to CVs submitted through the Site or via email referred to in section 3.c, Personal Data will be retained for a period deemed appropriate in relation to the purpose for which the data was collected. The controller reserves the right to re-contact the candidate shortly before the indicated expiry date to request an extension of this retention period.

Personal Data processed for the purposes referred to in section 3.d will be retained for the time provided for by the specific applicable legal obligation or regulation.

Personal Data processed for the purposes referred to in section 3.e will instead be retained until the data subject withdraws their consent, or, in the absence of such withdrawal, for a maximum period deemed appropriate.

Further information regarding the data retention period and the criteria used to determine such period may be requested by writing to the controller at: auroraaurora@aruba.it or info@laretinohotel.com

8. RIGHTS OF DATA SUBJECTS

Pursuant to Articles 15 et seq. of the Regulation, you have the right to request from the controller, at any time, access to your Personal Data, rectification or erasure thereof, or to object to their processing. You have the right to request restriction of processing in the cases provided for by Art. 18 of the Regulation, as well as to obtain, in a structured, commonly used, and machine-readable format, the data concerning you, in the cases provided for by Art. 20 of the Regulation. Requests must be addressed in writing to the controller at: auroraaurora@aruba.it or info@laretinohotel.com

In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (Italian Data Protection Authority – Garante per la Protezione dei Dati Personali), pursuant to Art. 77 of the Regulation, if you consider that the processing of your Personal Data is contrary to applicable regulations.

9. AMENDMENTS

This privacy policy has been in force since 21 June 2021. The controller reserves the right to modify or simply update its content, in part or in full, including as a result of changes in applicable legislation. The content of the site and of this privacy policy may be subject to changes; therefore, the Controller invites you to visit this section regularly to become aware of the most recent and updated version of the privacy policy, so as to always be informed about the data collected and how it is used.

SPECIFIC USE OF PERSONAL DATA

Below we provide specific information regarding the operation of particular sections of this website: hotelaretino.it

SECTION: CONTACT REQUEST

The “contact request” section of this site offers the possibility of requesting information on services, products, events/courses, and requesting quotes. If you choose to submit your personal data, it will be processed exclusively for these purposes by specially appointed staff and in accordance with normal internal procedures.