Policy pursuant to Art. 13 of EU Regulation 2016/679 for the "Live Help" service
Pursuant to Art. 13 of the EU Regulation 679/2016 (hereinafter referred to as GDPR - GeneralData Protection Regulation) and the legislation on the protection of personal data, the company Starhotels S.p.A. (hereinafter referred to as "Starhotels"), informs you of the processing of your personal data, which will be carried out in compliance with the principles of lawfulness, correctness, transparency, purpose, minimisation, accuracy and limitation of retention.
Pursuant to Art. 4(7) of GDPR 2016/679, the Data Controller is the Company Starhotels S.p.A., with administrative offices in Florence - 50144, Viale Belfiore No. 27. Tel. 055 36921 - fax 055 36924. email: firstname.lastname@example.org
Data Protection Officer
Pursuant to Art. 37 of GDPR 2016/679, STARHOTELS S.p.a. has appointed a company Data Protection Officer (DPO), who can be contacted at the following email address: email@example.com. Certified email (PEC): firstname.lastname@example.org
As part of the real time assistance service on our site (LiveHelp), the Data Controller has formally identified the company LiveHelp S.r.l. with registered office at Via Daste e Spalenga 28 - 24020 Gorle (BG), VAT number 03365340169 as the Data Processor. Where necessary for the execution of its activities, Starhotels may identify and formally appoint additional Data Processors. Data Subjects may, at any time, request the updated list from the Data Controller.
Purpose and legal basis of processing
Personal data will be processed by Starhotels for the following purposes:
- the management of requests for information relating to products, services, commercial, advertising and promotional initiatives provided by Starhotels itself or by its subsidiaries, affiliates or associated companies;
- assistance and support in accessing and/or using our services;
- to pursue a legitimate interest of the Data Controller represented by the verification and confirmation of any commercial conditions shared with the user of the service.
The legal basis for the processing of the data is the specific contractual relationship established to which the data subject is a party or the execution of pre-contractual measures, such as requests for information and insights about our products and services, taken at the request of the data subject (Art. 6(1)(b) of the Regulation). For the protection of the legitimate interest of the Data Controller as defined above, the legal basis is to be found in Art. 6(1)(f) of the Regulation.
Categories of data processed and nature of provision
For the pursuit of the described purposes, the following categories of personal data may be processed:
- so-called "common" data (e.g. first name, surname, email, telephone, accounting data, tax data).
The Data Controller's staff will not require and, for the purposes described, it is not necessary to process special categories of personal data as referred to in Art. 9(1) of the Regulation. If the user of the service voluntarily communicates such data, it will be processed in accordance with the applicable legislation.
Data processing methods
Personal data will be processed by computer or electronic means and with adequate security measures to guarantee the security and confidentiality of your personal data.
Data retention times
Your personal data will be processed and retained for the time strictly necessary for the pursuit of the above-mentioned purposes and, in any event, no longer than 1 year after the use of the service.
Recipients and dissemination of personal data
The data collected will be processed exclusively for the above-mentioned purposes.
Furthermore, your data may be communicated, always in compliance with appropriate security measures, to public authorities and private parties for the fulfilment of specific legal obligations, including those of a fiscal, administrative and financial nature. Personal data will not be disseminated.
Place of data processing and areas of transfer
The data are processed at the headquarters of the Data Controller and at the Data Processors specified in the list held by the Data Controller.
Personal data will be processed within the Italian territory or in any event within the European Union and will not be subject to transfer to non-EU countries or International Organisations.
If, during the course of the relationship, a transfer should become necessary, the data controller guarantees compliance with the provisions of Chapter V of the GDPR.
Rights of the data subject
The Data Controller guarantees the exercise of the rights set out in articles 15 et seq. of the GDPR, in particular:
1. Right of access;
2. Right of rectification;
3. Right to erasure (so-called right to be forgotten);
4. Right of restriction of processing;
5. Right of portability;
6. Right of opposition.
In the event that the personal data relates to deceased persons, the aforementioned rights may be exercised, in accordance with the provisions of Art. 2-terdecies of Legislative Decree 101/2018, by those who have an interest of their own, or are acting to protect the data subject, in their capacity as their representative, or for family reasons worthy of protection.
Requests regarding the exercise of rights should be addressed to the Data Controller at: email@example.com.
Automated processing and profiling
The data controller does not carry out automated processing, including profiling.
Right to complain and protection of the data subject
Finally, we would like to remind you that if you feel that your privacy rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority, with headquarters at Piazza Venezia 11, 00187 - Rome, Tel. (+39) 06 696771, email: firstname.lastname@example.org, Certified email (PEC): email@example.com.