Pursuant to Article 4, Paragraph 7, and Article 26 of the GDPR, the Co-Controllers of the processing of personal data are: Uvet Hotel Company S.r.l. and Uvet Dyoniso S.r.l. (jointly referred to as “Uvet Hotels” or the “Co-Controllers”), both with their registered offices at Bastioni di Porta Volta 10, 20121 Milan, Italy.
The Co-Controllers have jointly determined the purposes and means of the processing and have transparently defined, through an internal agreement, their respective responsibilities concerning compliance with the obligations arising from the GDPR, the content of which is communicated to the data subjects as follows.
Purpose of the Processing
Uvet Hotels informs users that the processing of personal data collected directly from the website is aimed at:
Fulfilling the specific request submitted by the User via a message sent through the Contact form. This may involve the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the message.
Enrolling the user, with their consent, in the Uvet Hotels programme newsletter, in order to receive information, promotions, and special offers related to Uvet Hotels’ properties and initiatives.
Managing internal control and organisational activities, by transmitting relevant data within the Uvet Group, of which the Co-Controllers are part.
With prior consent, using the email address to send commercial communications, promote events, and advertise activities and projects related to travel and tourism, promoted by other companies within the Uvet Group, to which the Co-Controllers belong.
Legal Basis of the Processing and Data Provision
Pursuant to Article 6 of the Regulation (EU), the processing is lawful as it is necessary for the correct and complete execution of the request submitted, or because it is necessary for the performance of contractual or pre-contractual obligations undertaken towards the data subject, and as such does not require consent for data processing. The provision of data is necessary to execute the request made by the data subject.
Pursuant to Article 6, Paragraph 1, letter f) of the Regulation (EU), the processing for purpose 3 is based on the legitimate interest of the Controller, who, in accordance with Recital 47 of the Regulation (EU), has carefully conducted a balancing test of its interests with the fundamental rights and freedoms of the data subjects involved in the processing activities, considering the relationship between the data subject and the Co-Controllers. In particular, the processing is carried out in accordance with Recital 48 of the Regulation (EU), concerning the Controller’s membership in a corporate group.
For the purposes outlined in points 2 and 4, pursuant to Article 6, Paragraph 1, letter a) of the Regulation (EU), the processing is based on the consent of the data subject. The provision of data for marketing purposes is optional; refusal to provide data will not have any consequences, except for the inability to receive promotional communications. The data subject may withdraw consent for promotional purposes at any time.
Type of Personal Data Collected
The personal data collected through the website specifically concern identifying data (name and surname), contact details (email address and phone number, optionally provided by the user), and any other personal data entered in the free-text “Message” field provided by the User in the Contact form.
In addition to the common data provided directly and intentionally by the User, the IT systems and software procedures responsible for the operation of this website acquire, in the course of their normal operation, some personal browsing data, the transmission of which is implicit in the use of Internet communication protocols.
This data is not collected with the intention of associating it with the identity of the data subject, but due to its nature, it could, through processing and associations with data held by third parties, allow the identification of users. This category of data includes IP addresses or domain names of computers used by users connecting to the site, as well as other parameters related to the user’s operating system and computing environment. This data is used solely to gather anonymous statistical information about website usage and to monitor its correct functioning. The data may also be used to establish responsibility in the event of hypothetical cybercrimes involving the site.
For more information on this matter, please refer to the dedicated Cookie Policy.
The Co-Controllers do not intentionally collect any special categories of data via this website.
Methods of Processing
Personal data processing means collecting, recording, organising, storing, processing, modifying, selecting, extracting, comparing, using, interconnecting, blocking, communicating, disseminating, deleting, and destroying data, or the combination of two or more of these operations, also through automated tools designed to store, manage, and transmit the data, using methods suitable for ensuring security and confidentiality.
Regarding security, we inform you that the database is accessible only by personnel specifically authorised by the Controller, as well as for the related operations described above. The processing of your data will be carried out using methods and tools that ensure confidentiality and may be conducted through electronic or automated means, or through non-automated methods (paper archives), both equipped with appropriate security measures, as required by Regulation (EU) 2016/679 on the protection of personal data, to prevent data loss, unlawful or incorrect use, and unauthorised access.
Data Recipients
The parties that may become aware of personal data, to the extent strictly necessary to fulfil the purposes outlined above, are individuals authorised to process personal data by Uvet Hotels.
To perform the above-mentioned purposes, as well as for the execution of certain corporate management functions, the Co-Controllers engage third-party companies and/or external organisations to which they send the necessary data, specifically: • Third-party companies managing the ICT infrastructure of the Controller. • Hotel facilities, as requested in the user’s contact request. • Companies within the Uvet Group for activities related to the control of organisational and technological management systems.
A list of appointed external data processors is available at the Controller’s office.
Transfer of Personal Data to Third Countries or International Organisations
The Co-Controllers of the processing do not transfer personal data to third countries or international organisations. However, Uvet Hotels ensures compliance with appropriate safeguards, such as: transfer of data to countries considered adequate by the EU Commission; entering into standard contractual clauses for the transfer of data outside the EU, as defined by the EU Commission, in order to ensure secure and lawful data transfer and processing outside the EU; or other approved international transfer mechanisms in accordance with applicable laws.
Links to Third-Party Websites and Social Media Use
Users should be aware that the website may provide links to other sites not covered by this privacy policy, or to social media platforms leading to servers operated by individuals or organisations over which the Co-Controllers have no control. The Co-Controllers make no representations and assume no responsibility for the accuracy or any other aspect of the information available on such sites. A link to a third-party website does not imply validation, either by the Controller or the third party, of the products and services of others, nor does it imply endorsement of such third parties. Uvet Hotels makes no statements or guarantees regarding the use or storage of user data on third-party websites.
Users are encouraged to carefully review the privacy policy of any third-party websites linked to this site to obtain a complete understanding of the possible use of their personal data.
Data Retention
Personal data provided through this website will be retained for the period necessary to fulfil the user’s request. Data provided for promotional purposes will be retained for a period reasonable for that purpose, not exceeding 5 years from the date of the user’s last interaction with Uvet Hotels, without prejudice to the data subject’s right to withdraw consent at any time.
Rights of Data Subjects
Under the European Regulation, data subjects have the right to request the Controller access to their personal data (Article 15), rectification (Article 16), deletion or erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), or to object to processing (Article 21), as well as the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly affect the data subject (Article 22). If the processing is based on consent, pursuant to Article 7, Paragraph 3 of the Regulation, the data subject has the right to withdraw their consent at any time.
The data subject also has the right to lodge a complaint with the competent supervisory authority (Article 77 of the Regulation) if they believe that the processing carried out by the Controller is not compliant.
Requests may be exercised by the data subject towards the Controller in the following ways:
Data Protection Officer Address: Bastioni di Porta Volta 10, 20121 Milan, Italy. Phone: +39 02 818381 Email: dpo@uvet.com
Changes to this Policy
Uvet Hotels reserves the right to modify this privacy policy as necessary.
We encourage users to periodically check this page to stay informed of any updates.