In accordance with and pursuant to Article 13 of Regulation (EU) 2016/679 of 27 April 2016 “on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC” (“Regulation” or “GDPR”),the TOCQ Hotel (hereinafter also “Hotel”), with registered office in Via A. De Tocqueville, 7/D 20154 Milan (MI), as Data Controller, provides you with certain information regarding the methods and purposes of processing your personal data.
Data source and legal basis of processing
As a rule, the hotel collects personal data directly from guests when they register with the hotel or make a reservation. All data are in any case processed in accordance with current legislation.
The legal basis for processing personal data is the contractual relationship existing between you and the Hotel.
Purpose of processing
Personal data are processed within the framework of the Hotel’s normal activity, with the following purposes:
- purposes connected with and instrumental to the management of customer relations (e.g. reservations, acquisition of information prior to the conclusion of the contract, optimisation of the provision of services offered by the hotel based on preferences, requests, suggestions for improving the service and/or complaints);
- purposes connected with the fulfilment of obligations provided for by laws, regulations, Community legislation or provisions issued by competent authorities or supervisory bodies;
The provision of personal data necessary to achieve the purposes referred to in points a) and b) is essential and indispensable for the total or partial execution of the contractual relationship, as well as for the performance of legal obligations; therefore, refusing to provide such data would make it impossible for the Hotel to carry out the aforementioned activities. Personal data processing does not require your consent, as it is carried out for purposes related to the execution of the contractual relationship of which you are a party.
If the Hotel intends to use the personal data collected for any other purpose incompatible with the purposes for which the personal data were originally collected or authorized, the Hotel will inform the customer in advance.
Data processing methods
Personal data is processed by means of manual, computerised and telematic tools, with logic strictly related to the above-mentioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data.
In carrying out its processing activities, the Hotel undertakes to:
- ensure the accuracy and updating of the data processed, and promptly accept corrections and/or additions, if any, requested by the data subject;
- notify the data subject, within the time limits and in the cases provided for by mandatory legislation, of any personal data breaches;
- ensure that processing operations comply with the applicable legal provisions.
The Hotel, moreover, processes the personal data acquired in complete respect of the principle of correctness, lawfulness and transparency. In compliance with the provisions of the GDPR, the Hotel configures or, in any case, undertakes to configure the computer systems and software programs reducing the use of personal data to a minimum, so as to exclude the processing if the purposes pursued can be achieved through, respectively, anonymous data or appropriate methods that allow identification of the person concerned only in case of necessity.
Categories of persons to whom the data may be communicated
The personal data provided will not be disseminated, i.e. they will not be disclosed to unspecified persons, in any possible form, including making them available or simply consulting them. On the other hand, they may be communicated, for the pursuit of the above-mentioned purpose, to well-defined subjects, in full compliance with the provisions of the law. In particular, such persons belong to the following categories:
- public authorities, if legitimately requested by them;
- Companies providing catering services at the hotel;
- Hotel cleaning companies;
- Companies providing maintenance services at the hotel.
The subjects belonging to the above categories act as Data Processors or operate completely independently as separate Data Controllers.
Rights of the data subject
We inform you that, pursuant to Articles 15-22 of EU Regulation 2016/679, the data subject may exercise specific rights by contacting the Data Controller, including:
- Right of access: the right to obtain from the Controller confirmation as to whether or not personal data are being processed and, if so, to obtain access to the personal data and further information on the origin, purpose, category of data processed, recipients of communication and/or transfer of data, etc.
- Right of correction: the right to obtain from the Data Controller the correction of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary declaration.
- Right to erasure: the right to obtain from the Data Controller the erasure of personal data without undue delay in the event that:
- personal data are no longer necessary for the purposes of processing;
- the consent on which the processing is based is withdrawn and there is no other legal basis for the processing;
- personal data have been unlawfully processed;
- personal data must be deleted in order to comply with a legal obligation.
- Right to object to processing: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller.
- Right to restriction of processing: the right to obtain from the Controller the restriction of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing.
- Right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only for cases where processing is based on consent and only for data processed through electronic means.
- Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that processing operations concerning him/her are in breach of the Privacy Law shall have the right to lodge a complaint with the supervisory authority of the Member State in which he/she resides or habitually works, or of the State in which the alleged breach occurred.
Where the processing of data is based on consent, the data subject may revoke this consent at any time, without prejudice to the lawfulness of the processing carried out before the revocation.
If the data subject wishes to receive further information on the processing of his/her personal data, or to exercise the rights indicated above, he/she may send a registered letter with return receipt to: TOCQ Hotel, with registered office in Milan, Via A. De Tocqueville, 7/D. Further information can be obtained from the following e-mail address: firstname.lastname@example.org.
Cookies are used on our website to provide users with a better browsing service and experience.
What are cookies?
Cookies are small text files sent by the Website to the terminal equipment of the data subject (usually the browser), where they are stored and then transmitted to the Website at the same user’s next visit. A cookie cannot retrieve any other data from the user’s hard disk, nor can it transmit computer viruses or acquire email addresses. Each single cookie is unique to the user’s web browser.
What cookies do we use?
Technical session cookies
The cookies used on the www.tocq.it, www.blastnessbooking.com, website have the purpose of performing computer authentication or session monitoring and storing specific technical information about users accessing the servers of Blastness, the operator of the website maintenance service, and the hotel’s reservation services.
According to Article 122, paragraph 1, of the Privacy Code (in the version in force following the entry into force of Legislative Decree 69/2012) “technical” cookies can be used even without the consent of the data subject.
For the purposes of maximum transparency, a number of technical cookies and cases of specific operation on the Website are listed below:
- cookies installed in the user’s/contracting party’s terminal directly (which will not be used for any further purposes) such as, for example, session cookies used for online bookings on the Website, authentication cookies, personalisation cookies (for example, to choose the navigation language); these cookies remain active only for the duration of the session.
- cookies used to statistically analyse accesses/visits to the site (“analytics” cookies), which are used for statistical purposes only (and not for profiling or marketing purposes) and collect information in aggregate form without being able to identify individual users. In these cases, since the legislation in force requires that for analytics cookies the data subject is provided with a clear and adequate indication of the simple ways to object to their installation (including possible mechanisms to anonymise the cookies themselves), we specify below the ways to deactivate the cookies installed. The duration of analytics session cookies is 30 minutes.
How to change cookie settings
Most browsers allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored.
We therefore advise you to follow the instructions on the relevant pages of your browser to remove cookies:
What happens if cookies are disabled?
However, if the user blocks or deletes a cookie, it may not be possible to restore the preferences or personalized settings previously specified and our ability to personalize the user experience will be limited.