DATA PROTECTION POLICY

Information on the protection of personal data
Article 13 of the EU Reg. 2016/679

Pursuant to Article 13 of EU Reg. 2016/679 "General Regulation on Data Protection" hereafter "Regulation", the   ITI   Srl   hereinafter referred to as "Company", with registered and operative offices at Forum Hotels Investments SRL , via dei Monti Parioli , 6 - cap 001 97 Rome (RM), as Data Controller is required to provide some information concerning the processing of personal data within the domain   WWW.KOLBEHOTELROME.COM   which are carried out directly at the hotel.

For the purpose of this information we intend to: 
1) 'personal data' means any information concerning an identified or identifiable natural person ('concerned'); an individual is identified as identifiable, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social; 
2) "treatment" means any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction; 
3) "treatment limitation" means the marking of personal data retained with the aim of limiting their processing in the future; 
4) «data controller»: the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his designation may be established by Union or Member State law; 
5) "controller" means the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller; 
6) "recipient" means a natural or legal person, public authority, service or another body that receives personal data, whether it is a third party or not. However, public authorities that may receive disclosure of personal data in the context of a specific investigation in accordance with Union or Member State law are not considered to be recipients; the processing of such data by these public authorities complies with the applicable data protection rules according to the purposes of the processing; 
7) "consent of the interested party": any manifestation of free will, specific, informed and unequivocal of the interested party, with which he expresses his assent, through a declaration or unequivocal positive action, that the personal data concerning him / her are object of treatment; 
8) "violation of personal data" means a security breach that involves accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed;  
9) «in charge»:   the natural person authorized to carry out processing operations by the owner or manager; 
10) "domain": the domain, reachable through the world wide web service of the Internet, at the address   WWW.KOLBEHOTELROME.COM , consisting of data, applications, for the transmission and eventual collection of information.

I. THE NATURE OF DATA PROCESSED  


The following personal data may be processed: name, surname, place and date of birth, n. document, telephone numbers, e-mail and other necessary to transit in our structure, with respect to which will be, where the Regulation provides, required consent to treatment. At any time you can express your rights as reported in par.XI

II.   PURPOSE OF THE TREATMENT  


Personal data will be processed for:
management of the relationship with the Company: specifically, in order to design and provide personalized assistance services in our structure;
purposes strictly connected and instrumental to the management of the aforesaid relationship (eg for the acquisition of pre-contractual information and to execute the services and operations, as contractually agreed);
purposes of analyzing the information obtained for the purpose of proposing, by sending promotional information, also electronic, of goods and services deemed of interest to you always with your specific consent);
purposes relating to the control of the performance of relations with customers and contracted services;
purposes related to the legal obligations and the requirements of the Authorities or the Supervisory bodies;
comply with what is required by law.  
The data will be retained only for the closure of the registration procedures and completion of the accounting situation, after which, if the customer has not expressed the desire to remain updated on the activities of our structure, they will be deleted.

III.   DATA PROCESSING METHODS  


In relation to the aforementioned purposes, the data you provide electronically by filling in the forms provided on our website, will be processed electronically and processed by special computer procedures in order to customize the services that the Company is able to offer them. .  
The processing of data will take place in such a way as to guarantee its logical and physical security and confidentiality and may be carried out using manual, computerized and telematic tools designed to store, transmit and share the data to the persons in charge. 
The logics of the processing will be strictly correlated to the illustrated purposes, in particular your data subject to all the treatments envisaged by the contract, will be stored and / or processed by means of specific IT procedures, and processed:  
- by the business units responsible for managing the activities mentioned above, or those authorized to carry out those necessary for the maintenance and / or execution and / or conclusion of the relationship established with you;  
- by natural or legal persons who, by virtue of a contract with the Company, provide specific processing services or perform related, instrumental or support activities to those of the Company itself. 
The data will be processed mainly with manual, electronic, IT and telematic tools with logic strictly related to the purposes indicated above and will be stored both on computer media and on paper and on any other type of support, in compliance with the security measures pursuant to of the articles 32 and 35 of the Rules.

IV.   DATA COMMUNICATION 


Your data will be or may be communicated to third parties such as:
Banks in charge of settling payments according to the agreed methods;
Insurance institutions for the definition of any claims for damages;
Authorized bodies or bodies for the fulfillment of their obligations within the limits of the provisions of law;
organizations that are part of the ITI group to improve the quality of services that the Company is able to offer them;
Natural or legal persons who, by virtue of a contract with the Company, provide specific processing services or perform related, instrumental or support activities to those of the Company itself.
Our website contains hypertext links that constitute communication to other domains; however, the Company is not liable for any breach of data protection in your damage from other sites that may have fraudulently cloned our web page or that do not comply with the provisions of EU Regulation 2016/679.

V.   OBLIGATORY OR OPTIONAL NATURE OF DATA SUPPLY  


The provision of data is not mandatory, but is essential for the proper fulfillment of pre-contractual or contractual obligations, and in general to perform all the obligations required by law. Any refusal to provide personal data, or to give consent to their processing or their communication to the subjects belonging to the aforementioned categories, will result in difficulties in the execution of any contractual relationships between you and our Company, as well as the use services connected to it.

VI.   SUBJECTS TO WHICH PERSONAL DATA WILL BE DISCLOSED 


Personal data relating to the treatment in question can be communicated: 
accounting company, insurance company; service companies including those for information technology for internet communication; service companies including those for renting boats, roads, airplanes, entertainment, etc. to allow the execution of the services requested by the Customer, for filing procedures, for printing correspondence and for managing incoming mail and in departure; companies responsible for fraud control, credit recovery and credit and insolvency risks; to Public Administrations, pursuant to the law. 
Without the data subject's consent to the disclosure of data to the aforementioned companies and to the related processing, the Company may only process those operations and services that do not require consent because it is already implicit and authorized by law.  
No data will be transmitted to outsiders or to non-EU subjects.

VII.   CHANGES TO DATA PROCESSING 


You are entitled at any time to revoke your consent to the processing of your data by activating the cancellation procedure or modifying the processing. Obviously, cases of cancellation may result in the termination of the contract and services if in place. 
If you wish the processing of your data to be modified above, you can send an email to the address   info@kolbehotelrome.com   or send a fax with a photocopy of your identity document, which will be immediately destroyed, with the following text: "cancellation / limitation / rectification / opposition consent to the treatment of all (or say what) my personal data".

VIII.   TITULAR SUBJECT   OF THE TREATMENT 


The owner of the data processing is FORUM HOTELS INVESTMEN TS Srl with registered and operative office in via dei Monti Parioli , 6 - cap 00 197 Rome (RM) . The list of the External Companies responsible for particular treatments will be kept updated and will be sent to you on specific request. It will also be made available at the offices of the Company.

IX.   RESPONSIBLE FOR TREATMENT 


The updated list of persons responsible for specific processing operations referred to above is at your disposal at the offices of the Company.

X.   DATA PROTECTION MANAGERS - RPD (DATA PROTECTION OFFICER - DPO) 


The company has appointed Mr. Carlo Izzo as RPD / DPO (Data Protection Officer / Data Protection Officer). Any report of violation of the rights of the interested party may be communicated to   info@kolbehotelrome.com

XI.   RIGHTS OF THE INTERESTED 


In relation to the processing of personal data, the interested party has the right, pursuant to the Regulations (articles fully reported in the annex):
The interested party has the right to receive information according to article 13;
The interested party has the right to obtain from the data controller confirmation that the processing of personal data concerning him or her is in progress and, in this case, to obtain access to personal data and information according to art.15 ;
The data subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration according to article 16;
The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data in accordance with article 17 without undue delay;
The interested party has the right to obtain from the data controller the limitation of treatment according to article 18;
The data controller shall inform each of the recipients to whom the personal data have been transmitted of any corrections or cancellations or limitations on the processing carried out pursuant to articles 16, 17, 18, unless this proves impossible or involves a disproportionate effort. The data controller informs the recipient of these recipients if the person requests it according to the art.
The data subject has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning him / her provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the data controller who supplied them according to article 20;
The interested party has the right to oppose at any time, for reasons connected with his particular situation, to the processing of personal data concerning him / her pursuant to article 6, par. 1, lett. e) of), including profiling on the basis of these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court according to art. 21;
The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or that significantly affects his person according to art.22;

XII.   CONTACTS   


If you would like more information on the processing of your personal data, or want to report a problem or file a complaint, you can send an email to the address   info@kolbehotelrome.com   . You can contact us at the same address or by phone at n.tel   06 6798866 also to have answers regarding the management of information by the Company. Before providing answers you will need to verify your identity and answer a few questions. Our response will be provided as soon as possible.

EU Reg. 2016/679 
Article 4 - Definitions 
For the purposes of this Regulation: 
1) 'personal data' means any information concerning an identified or identifiable natural person ('concerned'); an individual is identified as identifiable, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social;  
2) "treatment" means any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, preservation , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction; [...] 
11) "consent of the interested party": any manifestation of free will, specific, informed and unequivocal of the interested party, with which he expresses his assent, through a declaration or unequivocal positive action, that the personal data concerning him / her are object of treatment; [...]
Article 6 -   Lawfulness of the processing 
1. Processing is lawful only if and to the extent that at least one of the following conditions occurs: 
a) the interested party has given his consent to the processing of his personal data for one or more specific purposes; 
b) processing is necessary for the performance of a contract of which the party concerned is a party or for the execution of pre-contractual measures taken at the request of the same;  
c) the processing is necessary to fulfill a legal obligation to which the data controller is subject; 
d) the processing is necessary for the safeguard of the vital interests of the interested party or of another physical person; 
e) processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the data controller; 
f) processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or the fundamental rights and freedoms of the data subject who request the protection of personal data do not prevail, in particular if the data subject he is a minor. [...]
Article 13 -   Information to be provided if personal data are collected from the person concerned 
1. In the event that the data subject collects information from the data subject, the data controller shall provide the data subject, at the time the personal data are obtained, with the following information: 
a) the identity and contact details of the data controller and, where applicable, of his representative; 
b) contact details of the data protection officer, where applicable; 
c) the purposes of the processing for which the personal data are intended as well as the legal basis of the processing; 
d) if the treatment is based on Article 6, paragraph 1, letter f), the legitimate interests pursued by the data controller or by third parties; 
e) any recipients or any categories of recipients of personal data; 
(f) where applicable, the intention of the controller to transfer personal data to a third country or to an international organization and the existence or absence of an adequacy decision by the Commission or, in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49, the reference to appropriate or appropriate safeguards and the means of obtaining a copy of such data or the place where it was made available. 
2. In addition to the information referred to in paragraph 1, when the personal data are obtained, the controller shall provide the data subject with the following additional information necessary to ensure correct and transparent processing: 
a) the retention period of personal data or, if this is not possible, the criteria used to determine this period; 
b) the existence of the right of the data subject to request the data controller to access personal data and to correct or delete them or limit their processing or to oppose their treatment, in addition to the right to portability some data; 
(c) where the processing is based on Article 6 (1) (a) or Article 9 (2) (a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation; 
d) the right to lodge a complaint with a supervisory authority; 
e) if the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and if the data subject is obliged to provide personal data as well as the possible consequences of not communicating such data; 
(f) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the interested party. 
3. If the data controller intends to further process the personal data for a different purpose than that for which they were collected, before such further processing provides the data subject with information on this different purpose and any additional relevant information referred to in paragraph 2. 
4. Paragraphs 1, 2 and 3 shall not apply if and to the extent that the data subject already has information.
Article 15 - Right of access of the interested party 
1. The data subject has the right to obtain from the data controller confirmation that the processing of personal data concerning him or her is in progress and, in this case, to obtain access to personal data and the following information: 
a) the purposes of the processing; 
b) the categories of personal data in question; 
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; 
(d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; 
e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; 
f) the right to lodge a complaint with a supervisory authority; 
g) if the data are not collected from the data subject, all information available on their origin; 
(h) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party. 
2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer. 
3. The data controller provides a copy of the personal data being processed. 
In the event of further copies requested by the data subject, the data controller may charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format. 
4. The right to obtain a copy referred to in paragraph 3 shall not affect the rights and freedoms of others.
Article 16 - Right of rectification 
The data subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Article 17 - Right to cancellation ("right to be forgotten") 
1. The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists: 
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; 
(b) the data subject revokes the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing ; 
(c) the data subject opposes the processing pursuant to Article 21 (1) and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21 (2); 
d) personal data have been processed unlawfully; 
e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the controller is subject; 
(f) the personal data have been collected in relation to the information society service offer referred to in Article 8 (1). 
2. The controller shall, if he / she has made personal data public and is obliged, pursuant to paragraph 1, to delete it, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform the data controllers 
who are processing personal data of the request of the person concerned to delete any link, copy or reproduction of his personal data. 
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: 
a) for exercising the right to freedom of expression and information; 
(b) for the fulfillment of a legal obligation requiring treatment under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority of which the data controller is invested; 
(c) for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3); 
(d) for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 risks making it impossible or to seriously affect the achievement of the objectives of this treatment; or 
e) for the assessment, exercise or defense of a right in court.
Article 18 - Right of limitation of treatment 
1. The data subject has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs: 
a) the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data; 
b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited; 
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; 
d) the interested party has opposed the treatment pursuant to Article 21 (1), pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. 
2. If the processing is restricted pursuant to paragraph 1, such personal data shall only be processed, except for storage, with the consent of the data subject or for the establishment, exercise or defense of a right in court. or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State. 
3. The data subject having obtained the processing restriction pursuant to paragraph 1 shall be informed by the controller before the limitation is revoked.
Article 19 - Obligation to notify in case of rectification or cancellation of personal data or limitation of processing 
The controller shall inform each of the recipients to whom the personal data have been transmitted of any correction or cancellation or limitation of the processing carried out in accordance with Article 16, Article 17 (1) and Article 18, unless proves impossible or involves a disproportionate effort. The data controller informs the recipient of these recipients if the data subject requests it.
Article 20 - Right to data portability 
1. The data subject shall have the right to receive personal data concerning him / her provided to a data controller in a structured, commonly used and readable form by automatic device and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom he has provided them if: 
(a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract within the meaning of Article 6 (1) b); is 
b) the treatment is carried out by automated means. 
2. In exercising its rights relating to the portability of data in accordance with paragraph 1, the data subject shall have the right to obtain direct transmission of personal data from one controller to another, if technically feasible. 
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right does not apply to the treatment necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority as the data controller is invested. 
4. The right referred to in paragraph 1 must not affect the rights and freedoms of others.
Article 21 - Opposition law 
1. You have the right to object at any time, for reasons connected with your particular situation, to the processing of your personal data pursuant to Article 6, paragraph 1, letters e) of), including profiling on the basis of these provisions. 
The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court. 
2. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him / her for such purposes, including profiling in so far as it is related to such marketing direct. 
3. If the data subject objects to processing for direct marketing purposes, personal data are no longer processed for these purposes. 
4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the interested party and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject. 
5. In the context of the use of information society services and without prejudice to Directive 2002/58 / EC, data subjects may exercise their right to object by automated means using technical specifications. 
6. Where personal data are processed for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1), the data subject shall have the right to object to the processing of personal data for reasons connected with his particular situation concerning him, unless the processing is necessary for the performance of a task in the public interest.

For the full text of EU regulation 2016/679 consult the website of the Data Protection Authority.

Contact

Kolbe Hotel Rome
Via di San Teodoro, 48 - 00186 Rome, Italy

Tel. +39 06 679 8866
Fax +39 06 679 4975
Email info@kolbehotelrome.com

Website designed & Maintained by: Fisheyes Ltd