The Data Controller is the party who decides for what purposes the Data Subject's data are to be processed, according to what legal basis, for how long, and to whom they can be transmitted.
The Data Controller is Xenia Hotellerie Solution S.p.A., with registered office in Guardiagrele (Chieti), Via Antonio Gramsci 79, VAT No. and Taxpayer Code 01691390692. For all matters concerning the processing of your personal data, you can contact the Data Controller by regular mail to the above address, or by sending an email to: firstname.lastname@example.org.
The Data Controller does not have to name a DPM (Data Protection Manager), since the legal requirements making it obligatory do not apply.
A purpose is a reason for which we process your personal data. Below is a list of our purposes. Each and every purpose has one or more legal bases.
Viewing and browsing the website
Legal basis: use of a service requested by the data subject, Art. 6.1.b) GDPR.
Viewing and browsing the website entail, for reasons intrinsic to the use of ICT protocols, an exchange of technical information between the Controller's ICT system and yours. The information transmitted consists, for example, of the following: operating system used, browser and its version, time of the request, information flow size.
The data are immediately deleted at the end of the browsing session, unless they are necessary for the exercise or defence of rights (see below).
The Data Controller uses the Google Analytics service to collect aggregate data on the site's performance. See the section on analytic cookies below for more information.
Management of user request form (accesses)
At the present time, the site supports:
requests for access to the reserved area. We only collect the data that are strictly necessary for permitting the authentication of users in order to allow them access to the reserved area.
The personal data transmitted by filling in the above-said forms are used solely for the above-said purposes; they are not processed for marketing purposes, nor for profiling or any other purpose other than those indicated. They are not transmitted to third parties. For their processing, the Controller might rely on processors within its company organization. They are deleted once the customer's request has been met. The authentication logs are deleted at the end of the session.
Verification, exercise, and/or defence of a right Purpose: defence of rights.
The Controller's legitimate interest is to exercise rights and defend itself both judicially (including pre-litigation) and extrajudicially with regard to third parties (including public authorities) and to data subjects.
The personal data collected for this purpose are kept for 10 years, as envisaged by the ordinary limitation period (Art. 2946 of the Italian Civil Code), except in the case of interruption of the limitation period.
The decision to provide your personal data is optional and voluntary. The only consequence if you refuse to provide your personal data will be the impossibility for you to browse the website or for us to provide you with the services you request.
We will transmit the personal data collected through the website to:
hosting, housing, and cloud providers;
providers of information communication platforms or channels;
providers of remote payment services (where applicable);
consultants and professionals who assist us (also in legal and commercial matters, if necessary);
public and police authorities if it becomes necessary to involve them;
judicial authorities in the exercise of their functions when deemed necessary or when required by law;
persons authorized by the Controller to process the data who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (e.g. employees and consultants).
We use back office services also located in other countries EU/EEA (Albania). This processing is carried out in compliance with the applicable legislation, through the recourse to legal guarantees, i.e. standard contractual clauses approved by the European Commission. You may obtain a copy of said clauses by contacting the Controller.Back
Rights: You may exercise the following rights: access, rectification, erasure ("right to be forgotten"), limitation, objection, and portability pursuant to Articles 15, 16, 17, 18, 20, and 21, of the GDPR.
Complaint: You also have the right to lodge a complaint with the competent supervisory authority (for Italy: Garante per la protezione dei dati personali: Personal Data Protection Authority) for any violation of the legislation on the processing of personal data (GDPR).
Withdrawal of consent: Consent may be withdrawn at any time, without any formalities. For example, you may always withdraw your consent to the newsletter; see above.
What are cookies ?
Cookies are small text files stored on the user's device. They are temporary markers containing information that makes it possible to keep track of the user's activities, until the cookies are deleted. They may contain log-in information (which will therefore not have to be re-entered by the user every time, unless the specific cookie is deleted), the user's language preferences, the contents of their shopping cart, the information necessary for permitting communication between websites or for improving it, etc.
Cookies can be used for purely technical purposes, and in that case no consent is required from the user; or they can be used for different purposes, typically for profiling and marketing, and in that case the user's consent is required.
They may be either first-party cookies, i.e. cookies of this website's Data Controller, or third-party cookies, such as the cookies Google uses for its analytics.
Characteristics, purpose, legal bases, storage
Purpose: to permit the correct functioning and use of the website.
Legal basis: Art. 5 of Directive 2002/58/EC
Storage: session cookie, removed after the browser is closed;
NB: These cookies do not require consent. If technical cookies are disabled, the site could present functioning problems.
Third-party analytic cookies (Google, with anonymization):
Purpose: statistical processing on the use of the website; for more information: https://policies.google.com/technologies/types?hl=it
Legal basis: data rendered anonymous, GDPR not applicable
NB: The anonymization procedure is described here: https://support.google.com/analytics/answer/2763052?hl=it
Third-party profiling cookies
Third party: Adobe Systems Inc., website: https://typekit.com/about/
Legal basis: consent, as per Art. 13 of Directive 2002/58/EC
We limit our intervention to obtaining, as intermediaries, your possible consent for the third party to set third-party cookies on your device.
In particular, you give your consent to the setting of third-party cookies if: you click on "I accept" on the banner on the first page or if you perform any of the operations indicated on the banner.
You may withdraw your consent at any time. You must notify your intention to withdraw your consent directly to the third party.
It is, in any case, always possible to: delete the cookies stored on your device; set your browser to disable the setting of cookies (see details below); use third-party extensions to disable cookies, even selectively. It is recommended that you use open-source extensions.
How to set your browser to prevent the setting of cookies
It is possible to disable the setting of cookies through your browser settings. Below are links to the specific instructions for the main browsers:
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer- delete-manage-cookies
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and- privacy