BIANCA MARIA PALACE HOTEL MILANO
PERSONAL DATA PROTECTION NOTICE
This document details the methods and purposes of the personal data processing undertaken by Blu Seven S.r.l., in its capacity as data controller (hereinafter, also as the “Controller” or “BS”), in relation to the booking services supplied via the website www.biancamariapalace.com (“Website”) or via third party’s website, and any additional information required by law, including information on the data subject’s rights and the exercise of those rights.
The Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the “Regulation”) sets rules concerning the protection of natural persons with regard to the processing of personal data, and on the free moment of such data and it protects the rights and fundamental freedoms of the natural persons, particularly with regard to the protection of personal data.
Art. 4, no. 1 of the Regulation defines “Personal Data” as any information relating to an identified or identifiable natural person (hereinafter, “Data Subject”).
On the other hand, “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (art. 4, no. 2, Regulation).
Additionally, pursuant to articles 12 et seq. of the Regulation, the Data Subject is to be provided the appropriate information concerning (i) the Processing activities carried out by the Controller and (ii) the rights of the Data Subject.
- PURPOSES OF THE PROCESSING AND LEGAL BASIS
The purposes of the Processing are the following:
Considering the processing of Personal Data, other than special categories of data, for the purposes listed under the abovementioned points (i), (ii), (iii) is needed for the purposes of performing the service and to fulfill legal obligations, the Data Subject’s consent is not required. The Processing of Personal Data for the purposes listed under point (iv) is deemed allowed pursuant to the resolution of the Italian Data Protection Authority dated 4 July 2013 no. 330.
- Punctual provision of booking services via the website or third parties’ Websites with which the controller entered agreements (“Services”),
- Reply to requests of information received via the Website,
- Fulfill obligations required by law, civil, tax and accounting regulations, as well as compliance with orders by Authorities authorized by law or by supervisory and control bodies,
- Delivery of promotional material, via email to the Data Subjects concerning similar services to those already purchased, provided the right of the Data Subject to request not to receive the abovementioned messages.
- Controller’s delivery via email or communications related to the Controller’s promotional and marketing initiatives, subject to the Data Subject’s express consent.
- METHODS OF PROCESSING AND STORAGE
Pursuant to art. 5 of the Regulation, the Personal Data subject to the Processing are:
Personal Data will be processed by the Controller with automated and non-automated means; the electronic storage of Personal Data occurs in secure servers located in controlled access areas and with restricted access.
- Processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
- Collected and recorded for specified, explicit and legitimate purposes and further processed in a manner compatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Processed in a manner that ensures appropriate security;
- Kept in a form that permits identification of the Data Subject for no longer than is necessary for the purposes for which the personal data are processed.
Specific security measures are observed to prevent data loss, unlawful or inaccurate uses and unauthorized accesses.
- NATURE OF THE DATA COLLECTION. CONSEQUENCES OF REFUSAL TO PROVIDE PERSONAL DATA.
- 3.1 Provision of Personal Data for the purposes listed under paragraph 1, points (i), (ii) e (iii) is mandatory to use the Controller’s services. Accordingly, refusal to provide Personal Data would determine the impossibility for the Data Subject to make use of the services.
- 3.2 Provision of Personal Data for the purposes listed under paragraph 1, point (iv) allows the Controller to send its communications concerning its promotional and marketing initiatives to the Data Subjects. The Data Subject refusal to receive these communications determines the impossibility for the Controller to submit them.
- 3.3 Provision of Personal Data for the purposes listed under paragraph 1, point (v) is optional and, therefore, there are no consequences should the user refuse to provide his/her own Personal Data.
- RETENTION OF PERSONAL DATA.
- 4.1 I Personal Data are retained for the time strictly necessary to fulfill the purposes for which they were collected and processed. With regards to the purposes set out under paragraph 1, points (i), (ii) e (iii), the Personal Data will be retained for the sole purpose of Processing to accurately provide the Services and fulfill the requests for information received via the Website. With regards to the purposes set out under paragraph 1, point (iv), the Personal Data will be process as long as the Data Subject will not exercise the right to object or revoked his/her own consent to the processing. In relation to paragraph 1, point (v), Personal Data will be processed for a period no longer than 24 months.
- 4.2 However, it is understood that once the purposes of the Processing have been satisfied or in case of exercise of the right to object or withdrawal of consent, the Controller will nevertheless be authorized to retain the Personal Data, in whole or in part, for certain purposes, like exercise or defend a right in a proceeding (e.g., in case of possible claims concerning the activities carried out by the Controller).
- DISCLOSURE OF PERSONAL DATA
Personal Data shall be accessible to those mandated to the Processing and to external collaborators.
- DISSEMINATION OF PERSONAL DATA.
The Personal Data are not subject to dissemination.
- TRANSFER OF PERSONAL DATA ABROAD.
The Personal Data shall not be transferred outside European Union member States.
- RIGHTS OF THE DATA SUBJECT.
The Data Subject may at any time access the Personal Data for the purpose of correcting or deleting the data and, in general, of exercising the rights expressly granted by the applicable laws on the protection of Personal Data. Those rights are: to confirmation of the existence of the Personal Data and to receive the data in an intelligible manner, to know the source of the data and the purposes and the methods of its Processing; to obtain the contact information of the Controller, of the data processors and of the individual or the categories of individuals the Persona Data may be disclosed to; to verify the accuracy of the Personal Data and to have them completed, updated or rectified; to ask for erasure, conversion into anonymous form or the blocking of access to Personal Data processed in violation of the law, and, in any case, to object, in whole or in part, for legitimate reasons to their Processing; to Personal Data portability, and the right to lodge a complaint with, or report or submit a claim to, the Italian Data Protection Authority, where appropriate. In addition, the applicable law gives a Data Subject the right to object to Personal Data processing for the purposes set forth in points (iii) and (iv) of paragraph 1 of this privacy notice, and to withdraw consent to such Personal Data Processing at any moment, without affecting, however, the lawfulness of the Processing carried out by the Controller based on consent before its withdrawal.
- DATA CONTROLLER.
The Controller is Blu Seven S.r.l., with place of business in 6 Piazza Cadorna, 20123, Milan, Italy.
- COMMUNICATIONS AND EXERCISES OF THE DATA SUBJECT’S RIGHTS.
To exercise the rights listed under paragraph 8, the Data Subject may contact at any moment the Controller, by sending an email to firstname.lastname@example.org
- Cookies are used on our website to give users a better browsing service and experience. What are cookies?
Cookies are small text files sent from the website to the terminal of the party concerned (usually the browser), where they are stored before being referred back to the website upon the same user's next visit. A cookie cannot retrieve any other data from your hard drive, pass on computer viruses or capture email addresses. Each cookie is unique to the user's web browser.
What cookies do we use?
Technical session cookies
The cookies used on the website www.biancamariapalace.com and https://www.blastnessbooking.com/ are used for computer technology authentication or to monitor sessions, and to store specific technical information regarding the users that access the server of Blastness, the website maintenance and hotel booking service provider.
Pursuant to Article 122, paragraph 1, of the Privacy Code (in the formulation in force after the entry into force of legislative decree 69 / 2012), "technical" cookies can be used even in the absence of consent.
For maximum transparency, below we provide a number of technical cookies and specific cases of activity on the website:
• Cookies implanted in the user/contracting party's terminal directly (that will not be used for other purposes) such as session cookies used for on-line booking on the website, authentication or customisation cookies (for example, the choice of the browsing language); these cookies remain active only for the duration of the session.
• Cookies used to statistically analyse accesses/site visits (the so-called "analytic" cookies) that are exclusively used for statistical purposes (not for profiling or marketing) and to collect aggregate information without the possibility of tracing back to the identification of the individual user. In these cases, since current legislation requires that, when using analytic cookies, the user is given clear and adequate instructions to easily oppose implementation of such (including any mechanisms to make the cookies anonymous), we give instructions on how to disabled installed cookies below. The duration of analytic technical cookies is 30 minutes.
Third-party cookies are code parts set by a website different than the website you are currently browsing.
This involves the transmission of cookies from third parties. Management of information collected from “third parties” is goverend by the relative information notices to which we ask you to refer. For greater transparency and for convenience, we provide the information on the types of cookies used by third party service providers, purposes, retention period and the third parties who retain and access the information on our websites:
Google Analytics is a Google analysis tool that helps website and app owners understand how visitors interact with the contents of their website (pages visited, browsing time, etc.) by providing useful statistics designed to optimise and improve the browsing of the website without identifying the browser
_utma 2 years
_utmt 10 minutes
_utmb 30 minutes
_utmc until the session is closed
_utmz 6 months
_utmv 2 years
Favours the research on Google services offered by the hotel without collecting or monitoring information capable of personally identifying a user
How to modify settings on the cookies
Most browsers allow to clear cookies from your computer hard drive, block acceptance of cookies or receive a warning before a cookie is stored.
Therefore, to remove cookies we encourage you to follow the instructions on the pages of the various browsers:
Fire fox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9
What happens if the cookies are disabled?
Nevertheless, if you block or erase cookies, it may not be possible to reset previously specified preferences or customised settings, and our capacity to customize the user experience will be limited.