Privacy notice pursuant to Article 13 of the European Union (EU) General Data Protection Regulation (GDPR) 2016/679

Premise

Le Sirenuse Spa, which, in offering its services recognises and respects the right to data privacy as a basic personal right, avails itself of the services of Positioner SA of Lugano, Switzerland, for certain communications activities, in particular with regard to updating the contents of its website and the despatch of its newsletter via email.

Positioner SA, formally appointed Data Processor on behalf of Le Sirenuse Spa, adheres to all norms relating to the protection of personal data, including assigning responsibility, awareness-raising and training of all staff involved in data treatment on behalf of the Hotel.

The following information describes the methods and purposes of personal data processing for recipients of our newsletter service via email.

Data Controller

The Data Controller is Le Sirenuse Spa, with registered office in via San Sebastiano 1, Positano (SA), Italy – email [email protected].

What data is held and for what purpose

Data processing operations use the minimum necessary data for managing the delivery of our newsletter by email. These include, in particular and solely: the name, surname, email address and geographical reference of the recipient.

How data is held and managed

Processing of data is carried out, mainly by electronic means, by duly authorised contractors and staff who operate according to the orders of the Data Controller, strictly for the stated purposes, ensuring at all times the security and confidentiality of the data held.

Specific safety measures have been adopted to reduce to a minimum any risk of destruction or loss, including accidental destruction or loss, of the data we hold; of access by unauthorised persons; or of use for purposes not permitted or not commensurate with the purpose indicated in this notice.

How long data is held

Data is held for no longer than is necessary for the purpose for which is has been gathered or processed, or until such time as we are asked to remove it in accordance with Article 21 of the GDPR.

When time restrictions for the storage of data according to the above-mentioned criteria expire, the Data Controller takes it upon himself to delete or anonymise any data which we are not obliged by specific regulations to keep.

Categories of data users

Your personal data may be shared with

- duly authorised contractors and staff of the Hotel according to their assigned roles
- Positioner SA of Lugano, Switzerland, for the purpose of delivering our newsletter via email

Beyond this, your personal data will not be disclosed, shared, sold or in any way transferred to third parties for illicit purposes, or for any reasons other than those stated. It will never be divulged without informing you and obtaining your consent, save where required by law. We retain the right to disclose your data to judicial or police authorities, according to the law.

Your personal data will not be transferred to countries or international organisations outside the European Union which are unable to guarantee an adequate level of protection certified as appropriate by the European Commission according to the terms of Article 45 of the GDPR.

Your rights

You have a right to access your personal data, and to request a rectification, update, deletion or restriction if the data held is incomplete, incorrect or gathered in violation of the law. You may also object to our holding your data for legitimate reasons, or obtain its portability.

Under the terms of Articles 15-22 of EU regulation 2016/679 you have the right to seek confirmation of the existence or otherwise of data regarding you, including data which has not yet been registered, and to be informed of the content in an intelligible format.

You also have the right to be informed about:

(a) the purpose and methods of the data processing
(b) the methods applied where data is processed by electronic means
(c) the identification of the Data Controller, the Data Processor and the individuals or the categories of individual to whom your data may be communicated as persons authorised for data processing purposes

You have the right to obtain:

a. the updating, rectification or integration of your data;
b. the deletion, anonymization or blocking of data held against the law, including those which are unnecessary for the purpose for which data are being held;
c. the restriction of data processing in situations specified in Article 18 of the GPDR;
d. certification that anyone who has had access to or has shared your data has been informed of operations a. b. and c., except in cases where doing so would prove impossible or where the means necessary would be manifestly disproportionate to the right being safeguarded;
e. the transmission of any data regarding you which you freely consented to provide to the Data Controller for one or more purposes, in a form which is structured, in common use and readable on an electronic device. According to Art. 20 of the GDPR you also have the right to transmit this data without impediment to another Data Controller and, if technically feasible, to transfer personal data directly from one Data Controller to another;
f. where processing is based on mutual consent, revocation of your agreement at any time (Article 7, Paragraph 3 of the GDPR).

You may object, partially or entirely:

a. for legitimate reasons to the processing of your personal data even if they are relevant to the purpose for which they are collected;
b. to automized decision-making which has significant effects on you.

Notwithstanding any other civil or court cases, you retain the right to present a complaint and/or notification to a supervisory authority, in the member state where you are usually resident, where you work, or in the place where the alleged violation occurred.

Pursuing your rights

The above rights can be exercised by sending a request to the Data Controller, directly or by an authorised representative, orally, or by means of an email message, to the following address: [email protected]. Your request is made freely, without formality, and you have the right to receive an appropriate response within a reasonable timescale, commensurate with the circumstances of the case.

In order to know your rights, present a complaint or remain informed with regard to the regulations covering individuals with respect to data processing, information can be obtained from the Italian Guarantor for the Protection of Personal Data (Autorità Garante per la Protezione dei Dati Personali), via the following website: http://www.garanteprivacy.it.