PRIVACY POLICY


Information on the processing of online data through the Oscar WiFi service
pursuant to art. 13 of the General Regulation on the protection of personal data (RGPD 2016/679) and in accordance with the art. 19 of the new Federal Data Protection Act (nLPD) of Switzerland

WHY THIS INFORMATION

This information describes the management methods of the Oscar WiFi web service, from now on Service, granted free of charge to customers of the activity Grand Hotel San Marino in reference to the processing of personal data of the same, identified or identifiable, that use and interact with it.
The information is provided only for the Oscar WiFi web service and not for other external web pages, which may be consulted by the user via links.

DATA CONTROLLER

Data controller is:
Grand Hotel San Marino S.p.A.
Viale Antonio Onofri, 31 - 47890 San Marino RSM Tel 0549.992400 - Fax 0549.992951 info@grandhotel.sm - www.grandhotel.sm
info@grandhotel.sm

PURPOSE, LEGAL BASIS OF TREATMENT, TYPES OF DATA AND CANCELLATION PERIOD

Should you decide to provide us with your data through the form for accessing the Oscar WiFi service, these may be processed:

1. to provide connectivity to the Internet via the Oscar WiFi service and the services provided in the platform
Legal basis: execution of a contract, legitimate interest of the owner
Cancellation period: 7 days from the last access

2. to perform statistical analysis and to guarantee the security of the WiFi service against unauthorized access or made with the aim of causing damage to the owner or a third
Legal basis: legitimate interest of the owner
Cancellation period: until the user/guest does not exercise the right to object (revocation of consent) or cancellation or at most 60 days from the last access

3. to ensure the efficiency and security of the WiFi service specifically:
to guarantee the efficiency in terms of service quality by managing the available bandwidth in the best possible way.
Legal basis: legitimate interest of the owner
Cancellation period: 7 days from last login date
4. to measure your level of satisfaction in relation to the services you have used and send you service communications (e.g. timetables, unavailability of some services) using the email address :
measure the degree of satisfaction of the user / guest by sending a link via email to a specific area of the Service where, if you wish, you can answer a series of questions regarding your stay and / or to the services present in the structure which it may have used.
Legal basis: legitimate interest of the owner
Cancellation period: until the user/guest does not exercise the right to object (revocation of consent) or cancellation or at most 28 days from the last access

5. to carry out generic mail marketing activities specifically:
send mail marketing messages, related to services similar to those previously used, to the users / guests present or who have visited the structure as customers.
Legal basis: legitimate interest of the owner (opt-out)
Cancellation period: until the user/guest does not exercise the right to object (revocation of consent) or cancellation

6. to carry out email marketing, relating to our services to users / guests present or who have frequented the facility as customers, specifically:
send generic email marketing messages relating to our services to users / guests present or who have frequented the facility as customers.
Legal basis: consensus
Cancellation period: until the user/guest does not exercise the right to object (revocation of consent) or cancellation

7. to carry out mail marketing, targeted through profiling or to send targeted mail marketing messages through profiling specifically :
- by reading the last login field, to users/clients who have no longer attended the facility (eg they are x days who does not come to see us, we are waiting for ...) in a given period of time, or, on the contrary, to send messages of gratitude towards users/guests who have recently visited the structure (eg thanks for visiting us) on day x, we are waiting for you ...);
- by reading the login field, to users/guests present in the structure, thus avoiding to "disturb" those who are not they are present, and not by tracing of the user/guest but in a deductive manner: eg. if the user/guest X has once the last login is made at 10:00 am it is probable, although not certain, that at 11:00 am, the hypothetical time when the Service will send the message, the user/guest X is still in the structure, therefore he will include it among those to send the message;
- by creating n target fields that refer to the interests or habits of the user/guest e then select groups based on interests/habits to send messages to.
Legal basis: consensus
Cancellation period: until the user/guest does not exercise the right to object (revocation of consent) or cancellation, or, at most 12 months

We also remind you that the optional, explicit and voluntary sending of e-mails to the e-mail addresses related to the owner indicated on the Service's web pages entails the subsequent acquisition of the sender's address, necessary for respond to requests, as well as any other personal data included in the message. In general, these data referred to or referable to the user will be deleted when no longer necessary to achieve the stated purposes (respond to user requests). In this case the legal basis for carrying out the processing is execution of pre-contractual measures adopted at the request of the interested party.

To pursue the aforementioned processing purposes we will use common personal data that directly identifies or indirectly the interested party (eg name, surname, email address, MAC address, access session data, username and password, language, interests).

Consequences in cases of failure or opposition to treatment
If, if in the foreseen cases, you do not give us your consent or should exercise your right of opposition in relation to one or more processing purposes, it will not face any consequence, it will still have access to the network internet and may use the Service. However, as you can easily foresee, it will have consequences in relation to the specific purpose for which we ask you to express your will, e.g. if you deny us the processing of your data to show you the best route to reach a place of interest we could not indicate this route. We remind you that at any time you can revoke the intentions expressed with a simple communication addressed to the owner, also using the form that we have put to his layout OMD_01_ModuloEsercizioDiritti to the contact details provided, or through the unsubscribe procedures you will find at the end of the emails we will send you, or by accessing your personal area.

Cookies and other tracking systems
The Service uses session and technical cookies (non-persistent) strictly limited to what is necessary for the safe and efficient navigation; analytics of third parties to collect news in aggregate and anonymous form on the number of users and how they visit the site; third-party profiling cookies that are downloaded to your terminal and used directly by third parties whose services we use (eg Google Maps). For information on the use of cookies and the ability to choose which specific cookies to allow access to the extended information on the use of cookies that can be reached from the following link: cookie policy.

The Service does not use technologies other than cookies to profile the user (eg pixel tags, web beacons etc ...)

DATA ADDRESSEES

The following subjects are recipients of the data collected following the consultation of the Service:

  • - InWYA S.r.l., with headquarters in Viale Giacomo Matteotti 53 / A, 50052 Certaldo (FI) for the construction, supply, maintenance and updating of the Service as well as the archiving and backup of the database integrated in the application, statistical analysis and customer mailing service, which acts, together with the external subjects of which one uses for the provision of some services, as data controller on behalf of the owner;
  • - our authorized personnel for treatment who act on the basis of specific instructions provided (eg employees and collaborators of the owner);

To have a complete list of managers, you can contact the data controller at any time.

TRANSFERRING PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Your data, because we use third-party services, through the controller, are or could be transferred:

  • - the client's messaging service is carried out through the use of a company cloud service AWS (Amazon Web Services, Inc.); the company guarantees an adequate level of security as regards the data protection and provides adequate guarantees through the signing of contractual clauses as responsible for the treatment. The company guarantees an adequate level of security in relation to the transfer of data to foreign offices which is carried out on the basis of standard contractual clauses or binding corporate rules.
  • - the messaging service on the owner's customers is carried out through the use of a service in cloud of the company Twilio Ireland Limited the company guarantees an adequate level of security with regard to data protection and provides adequate guarantees through the signing of contractual clauses as data controllers; the transfer of data to foreign offices is carried out on the basis of the mechanisms of expected transfer and based on the following order of precedence: binding corporate rules, contractual clauses standard.
  • - the statistical analysis activities of the web platform are carried out through the use of a cloud service, Google analytics, from third parties, Google Ireland Ltd based in Europe; the company guarantees an adequate level of security regarding data protection and provides adequate guarantees through the subscription of contractual clauses as data processor. In relation to the dimensions as well as the possibilities relationships that bind the companies collected under the Google brand we cannot claim that personal data does not are transferred to the United States of America or to other foreign locations. However the company still guarantees a adequate level of security with regard to data protection and provides adequate guarantees through the signing of contractual clauses as data processor; the transfer to foreign offices is carried out on the basis of an adequacy decision, if any, or standard contractual clauses.

AUTOMATED TREATMENTS

We carry out treatment based on profiling through the consent of the interested party and we believe that, in relation to the purposes of the processing and the ways in which they can exercise their rights, they cannot produce legal effects against you or may have a significant impact on you.

RIGHTS OF INTERESTED PARTIES

As an interested party you can assert your rights pursuant to art. from 15 to 21 of the RGPD 2016/679 and art.25 of the new Federal Data Protection Act (nLPD) of Switzerland, summarized below, addressing the data controller at any time.
Specifically, you may have access to personal data concerning you, obtain the rectification or cancellation of themselves, limitation of processing, portability of data or object to processing.
To exercise your rights you can:

  • - submit a request to the holder, also through the form we have made available to it OMD_01_ModuloEsercizioDiritti, using the contact details you will find at the end of the document
  • - in the foreseen cases (eg mail marketing) using the unsubscribe procedure that will be found at the end of the messages of e-mail that we will send you
  • - by accessing his personal area from his personal area where he will have, directly, the possibility of exercising the above rights.

CLAIM RIGHT

Interested parties who believe that the processing of personal data referring to them carried out through this site takes place in violation of the provisions of the Regulations they have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of RGPD, or to take the appropriate judicial seats (art. 79 of RGPD).
Similarly, in accordance with the new Federal Data Protection Act (nLPD) of Switzerland, data subjects have the right to lodge a complaint with the Swiss data protection authority and to appeal to the Swiss courts if they believe that the processing of their personal data does not comply with the nLPD.

CONTACT DATA FOR THE RIGHT BY THE INTERESTED PARTY


Grand Hotel San Marino S.p.A.
Viale Antonio Onofri, 31 - 47890 San Marino RSM Tel 0549.992400 - Fax 0549.992951 info@grandhotel.sm - www.grandhotel.sm
info@grandhotel.sm



This page was created in: 0.01 seconds

Copyright 2024 Oscar WiFi

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy. By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies. If you want to know more or withdraw your consent to all or some of the cookies, please refer our Cookie Policy More info