Privacy - Holiday in Harmony in Val d'Ultimo at Hotel St. Pankraz in South Tyrol

Go to content

Privacy

Info & Privacy
Privacy
EFFECTIVE DATE: 25/05/2018

Pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, we inform you that we process personal data of customers and suppliers, as well as data of persons who voluntarily communicate their personal data to us (in person, by phone, fax, or email) and data of persons whose data have been acquired from third parties, such as during external data collection for commercial information, public lists, etc., in the latter case dealing exclusively with common/ordinary personal data.
Our company guarantees, within the framework of legal provisions, that the processing of personal data occurs in respect of the rights and fundamental freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity, and the right to personal data protection.
Purpose and Objectives of Data Processing:
  • Compliance with legal obligations, regulations, community norms, and civil and fiscal laws
  • Fulfillment of any contractual obligations towards the data subject
  • Fulfillment of activities related to our company's business, such as internal statistics, accounting, and customer/supplier account management
  • Commercial purposes, such as sending commercial information and advertising material (by mail, fax, and email), marketing, and market research
  • Credit protection and debt management
  • Insurance purposes, particularly credit insurance
Data Communication and Dissemination:
In relation to the above purposes, your personal data may be communicated, if necessary, to:
  • Public administrations and authorities, if required by law
  • Credit institutions with which our company has commercial relations for credit/debit management and financial intermediation
  • All those natural and/or legal, public and/or private persons (legal, administrative, and fiscal offices, courts, chambers of commerce, etc.), when the communication is necessary or functional to our business
  • Suppliers/manufacturers for order fulfillment
Personal data processed by our company are not subject to dissemination.
What Information Do We Collect From You and For How Long?
Information Provided by the User and Collected Automatically: Personal data stored by our company are collected directly from customers or from third parties, such as when the company acquires data from external companies for commercial information, market research, direct offers of products or services. For this type of data, information is provided at the time of their registration or in any case no later than the first communication. Furthermore, our company may possess data classified as "sensitive" by law concerning specific operations requested by the customer. The law requires specific consent for their processing. On each visit to our platforms, we may collect, in accordance with applicable laws and, if necessary, with your consent, information related to the devices and networks used to access our services. This may include the following information: IP address, login information, browser type and version, browser plug-in types and versions, operating system and platform, advertising ID, visit information including clickstream URL to, through, and from our websites, products viewed or searched, download errors, visit duration to certain pages, page interaction, and any phone number used to call our customer service. We collect this information using various technologies, including cookies (for more information, see our Cookie Policy).
Data Storage: The processing of data may occur with or without the aid of electronic means, in any case, automated, and includes all necessary operations for processing in question. In any case, data processing occurs in compliance with all security measures ensuring their security and confidentiality.
Online Advertising:
To offer interest-based advertising and display targeted online advertisements using cookies, we may combine data collected through cookies with other data we have collected. If you do not want information processed through the use of cookies, refer to our Cookie Policy to learn how to review and disable these options. Please note that opting out of interest-based advertising does not prevent the display of non-interest-based advertisements.
Third parties acting as processors for such contractual processing guarantee not to retain the data received from the data controller and not to use them for other purposes. Our contractual partners are contractually obligated to use the same data protection and security standards, and we ensure these are adhered to.
Browsing Data: The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data subjects but, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the request time, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server's response (successful, error, etc.), and other parameters related to the user's operating system and computer environment. These data are used solely to obtain anonymous statistical information on site usage and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data Transfer Abroad: We may need to transfer your data to service providers in countries outside the European Economic Area (EEA). The EEA includes the EU countries and Switzerland, Iceland, Liechtenstein, and Norway, which are considered to have equivalent data protection and privacy laws. Such data transfers may occur if our servers (where we store data) or our providers and service providers are based outside the EEA, or if you use our products and services while in countries outside this area. An updated list of third countries to which the company may transfer data is available upon request from the data controller. If such transfer occurs, we ensure it is in compliance with this Privacy Policy and governed by standard contractual clauses approved by the European Commission, ensuring adequate protection for data subjects.
Data Subject Rights: Regulation (EU) 2016/679 grants data subjects specific rights. In particular, the data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet registered, and their communication in an intelligible form. The data subject has the right to obtain:
  • The origin of personal data
  • The purposes and methods of processing
  • The logic applied in case of processing carried out with the aid of electronic instruments
  • The identification details of the data controller, data processors, and the representative designated under Article 5(2)
  • The entities or categories of entities to whom the personal data may be communicated or who may become aware of it as designated representative in the State's territory, data processors, or persons in charge
The data subject has the right to obtain:
  • The updating, rectification, or, when interested, the integration of data
  • The deletion, anonymization, or blocking of data processed in violation of the law, including data not required to be kept for the purposes for which the data were collected or subsequently processed
  • Certification that the operations under points a) and b) have been notified, including their content, to those to whom the data were communicated or disseminated, except where such compliance is impossible or involves a manifestly disproportionate effort compared to the protected right
The data subject has the right to object, in whole or in part:
  • For legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection
  • To the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication
Additionally, from May 25, 2018, the data subject will have the right to data portability. For more information, please contact the data controller.
If you believe your rights have been violated, you have the right to lodge a complaint with the competent supervisory authority (Data Protection Authority) or take legal action.
The rights can be exercised by the data subject or by a person delegated by them through a request to the data controller at Hotel St. Pankraz - Widumanger 3, I-39010 St. Pankraz (BZ) - via registered letter or email.
Data Controller's Email: info@hotel-st-pankraz.com
Personal Data Retention Periods
Data processing occurs as indicated in this Privacy Policy. Regarding the retention of data we process, we inform you of the following retention periods:
  • 5 years from the last data processing related to the established commercial relationship
  • 5 years from the expiry of the validity period of the communicated offer
The following categories of personal data may be retained for different periods:
  • Financial data (e.g., payments, refunds, etc.) are retained for the period required by applicable tax and accounting laws
  • All user-generated content (e.g., comments and reviews) is anonymous but remains available on our platforms
Minor Visitors (16 years): The website governed by this Privacy Policy is not intended for use by minors. We recognize the need to protect minors' data, especially online. Therefore, we do not knowingly collect or retain data from minor visitors.

SUDTIROL-GUEST-PASS
  • Purpose
    The personal data provided will be transmitted to the single coordinating body of the Guest Pass in order to enable the creation and use of the Guest Pass and to provide the associated services.
  • Recipient
    In connection with the issue of the Guest Pass, your data will be transmitted to the Mobilitätskonsortium, VAT Nr. 02735170215, which acts as the cardholder and unified coordinating body and assumes the role of autonomous data controller in processing the transferred data. For further information regarding the processing to which the data will be subjected, you can send an email to privacy@moko.bz.it.
  • Legal basis
    The legal basis for processing is Art. 6 (1) (b) of the GDPR.

Back to content