We inform you that the European Regulation n. 679 of 27 April 2016 on the processing of personal data provides for the protection of individuals in relation to the processing of personal data.
According to Article 13 of the Regulation (EU) 2016/679, we provide you the following information:
1. Identification details of the Owner
The Owner of data processing is LUXREST VENICE S.a.s. di Barbara Cristina Carron & C., in the person of the pro tempore legal representative, with legal residence in Venice, Castello 5990 Ponte del Pistor, who can be contacted by e-mail at the following address: firstname.lastname@example.org or by telephone at the following number: +39 041 2960561.
The Owner has not named any data protection officer (DPO).
2. Purpose of processing personal data
Personal data may be processed for the following purposes:
a) performance of the contract;
b) fulfillment of legal obligations related to the contractual relationship;
c) protection of contractual rights;
d) sending newsletters by e-mail, paper mail or instant messaging.
The legal basis for the processing is the contract or the explicit consent.
3. Data processing methods
Personal data will be processed on paper, or with IT or telematic tools and stored in relevant databases that can only be accessed by the data processing officers.
The processing may also be carried out by third parties who provide specific processing, administrative or instrumental services necessary to achieve the aforementioned purposes. All the data processing operations are managed in order to guarantee the integrity, confidentiality and availability of personal data.
4. Data retention period
Data will be processed for the duration of the contract, or for a period of time not exceeding the achievement of the purposes for which they are processed ("principle of conservation limitation" Art. 5, EU Reg. 2016/679) or on the basis of the deadlines established by law. Data will be kept (except for explicit consent that can be withdrawn at any time) for a period of time not exceeding what is strictly necessary to achieve the established purpose and, however, for a maximum period not exceeding 10 years from the data collection. Data will be used for the purposes referred to in the previous points, in order to speed up the registration procedures in the event of subsequent contacts with our organisation if you will be our guest in the future.
5. Transfer of personal data outside the European Union
The data collected will not be transferred to non-European countries.
6. Categories of third parties to whom the data may be communicated
The Owner of data processing may communicate your personal data to the following categories of subjects: banking, insurance and legal institutes; offices and companies providing assistance and professional consultancy services; IT technicians and maintenace operators. If necessary, the indicated subjects will be appointed as Officers of the data processing, in compliance with current legislation. The list of the DPO can be requested by means of the contact details of the Owner referred to in point 1.
7. Rights pursuant to Articles 15, 16, 17, 18, 20, 21 and 22 of the EU Reg. 2016/679
We inform you that, as a data subject, in addition to the right to file a complaint with the supervisory Authority, you also have the rights listed below, that you can enforce by making a specific written request to the Owner of data processing or to the DPO, as referred to in point 1.
Art. 15 – Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the data processing information.
Art. 16 – Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Art. 17 – Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay
Art. 18 – Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Art. 20 – Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Art. 21 – Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Art. 22 – Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.