Privacy Policy for the Processing of Personal Data

This Privacy Policy outlines which data is collected and how it is used, disclosed, transferred, and/or stored in accordance with Article 13 of Legislative Decree no. 196 dated 30.06.2003 (hereinafter, the “Privacy Code”) and Article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”).

Subject of Processing

The Data Controller processes personal, identifying, and non-sensitive data (including but not limited to: name, surname, company name, VAT number, address, telephone number, e-mail – hereinafter, “personal data” or “data”) provided by you when:

  • registering on the Data Controller’s website Hotellerie.cloud (hereinafter, the “Website”),
  • participating in opinion or satisfaction surveys,
  • filling out registration forms via the Website for events organized by the Data Controller,
  • submitting online requests for clarification or support, and
  • subscribing to the newsletter.

Purpose of Data Processing

Your personal data is processed:

  1. A) Without your express consent (Art. 24 letters a), b), c) of the Privacy Code and Art. 6 letters b), e) of the GDPR) for the following Service Purposes:
  • managing and maintaining the Website;
  • enabling you to use services requested by you;
  • processing contact requests;
  • complying with legal obligations, regulations, EU legislation, or orders from authorities;
  • fulfilling contractual obligations with customers;
  • preventing or detecting fraudulent activity or abuse harmful to the Website;
  • exercising the Data Controller’s rights (e.g., in legal proceedings).
  1. B) Only with your specific and separate consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR) for the following Additional Purposes:
  • sending you via e-mail: opinion and satisfaction surveys, newsletters, invitations to events, or subscribing you to events organized or sponsored by the Data Controller.

Processing Methods

The processing of your personal data is carried out through the operations listed in Article 4 of the Privacy Code and Article 4(2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.

Your data is processed both in paper and electronic and/or automated formats, using a website or IT infrastructure hosted on Hetzner Online GmbH data centers in Germany.

The Data Controller will process your personal data for the time necessary to fulfill the purposes outlined above, and in any case:

  • no longer than 10 years after termination of the relationship for Service Purposes,
  • no longer than 2 years from the date of collection for Additional Purposes.

Data Security

The Data Controller has adopted various security measures to protect your data from loss, misuse, or alteration, including:

  • measures in compliance with Articles 32–34 of the Privacy Code and Article 32 of the GDPR,
  • AES standard data encryption technologies,
  • secure data transmission protocols such as HTTPS.

Data Access

Your data may be made accessible for the purposes set out in Articles 2.A and 2.B:

  • to employees and collaborators of the Data Controller, in their capacity as internal data processors and/or system administrators;
  • to third-party companies or other entities (including, for example, Hetzner Online technical staff, e-payment service providers, suppliers, hardware/software support technicians, shipping and logistics services, banks, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors.

Data Disclosure

Without your express consent (pursuant to Art. 24 letters a), b), d) of the Privacy Code and Art. 6 letters b), c) of the GDPR), the Data Controller may disclose your data for the purposes referred to in Article 2.A to supervisory bodies, judicial authorities, and all other entities to whom communication is mandatory by law. In all other cases, your data will not be disclosed.

Data Transfer

Data management and storage will take place within Europe, specifically on servers located in Germany and managed by the Data Controller and/or third-party companies duly appointed as Data Processors.

Nature of Data Provision and Consequences of Refusal

Providing data for the purposes of Article 2.A is mandatory. Failure to provide such data will result in the inability to register on the Website or access the services mentioned in Article 2.A.

Providing data for the purposes of Article 2.B is optional. You may choose not to provide any data or to later deny permission to process already provided data. In that case, you will not receive invitations to events, newsletters, or satisfaction surveys via e-mail. However, you will still be entitled to access the services under Article 2.A.

Data Subject Rights

As a data subject, you have the rights set forth in Article 7 of the Privacy Code and Articles 15–22 of the GDPR, including the right to:

  1. obtain confirmation of the existence of personal data concerning you, even if not yet recorded, and receive such data in an intelligible format;
  2. be informed of:
    • the source of the personal data,
    • the purposes and methods of processing,
    • the logic applied in case of processing with electronic tools,
    • the identity of the data controller, processors, and any designated representative,
    • the entities or categories of entities to whom personal data may be disclosed or who may become aware of it;
  3. request:
    • the updating, rectification, or, when interested, integration of data;
    • the deletion, transformation into anonymous form, or blocking of unlawfully processed data;
    • confirmation that the above operations have been communicated to those to whom the data was disclosed, except where this proves impossible or requires disproportionate effort;
  4. object, in whole or in part:
    • for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of collection;
    • to the processing of your personal data for marketing purposes using automated systems (e-mail, phone without an operator) and/or traditional marketing methods (phone calls, postal mail).

It is noted that the right to object to direct marketing using automated systems also extends to traditional methods. You may also choose to object only partially, e.g., to receive only traditional or only automated communications.

Where applicable, you also have the rights provided by Articles 16–21 of the GDPR (right to rectification, erasure, restriction of processing, data portability, and objection), as well as the right to lodge a complaint with the supervisory authority.

How to Exercise Your Rights

You may exercise your rights at any time by sending an email to: privacy@hotellerie.cloud.

Minors

This Website and the Data Controller’s services are intended for legal entities with a valid VAT number and are not directed to minors under 18 years of age. The Data Controller does not knowingly collect personal information from minors. If such information is inadvertently collected, it will be promptly deleted upon user request.

Data Controller

The data controller is Hotellerie.Cloud.

Changes to this Privacy Policy

This Privacy Policy may be subject to changes. We recommend regularly reviewing this Privacy Policy to ensure you are aware of the most up-to-date version.

HOTELLERIE.CLCLOUD
Email: info@hotellerie.cloud