Information Notice for Customers/Suppliers

Information notice on data processing pursuant to Articles 13 and 14 of GDPR 2016/679

1. PURPOSES OF THE PROCESSING
This information notice is to inform data subjects that their personal data shall be processed for purposes relating to the establishment and fulfillment of our commercial/contractual relationships, including:
a. the fulfillment of contractual obligations;
b. legal obligations in relation to rules of civil law, fiscal and accounting regulations, as well as obligations deriving from EU regulations and requirements;
c. financial and credit purposes, as well as credit monitoring and protection purposes;
d. the transposition of pre-contractual information notices, either directly or through competent agencies;
e. commercial and functional purposes relating to our company business, with reference to the goods/services the data subject normally purchases;
f. promotional initiatives relating to the goods/services offered by our company, other than those specified in the previous item.

2. MODALITIES OF THE PROCESSING
The personal data under examination may be processed using paper, computerized and online tools, taking safety measures to safeguard the privacy of the data subject, to whom data are referred, and to prevent unlawful access by third parties or unauthorized individuals. The personal data of the data subject shall in any case be processed according to the law, in compliance with the principles of lawfulness and fairness, and in such way as to safeguard his/her privacy.

3. NATURE OF DATA PROVISION
Data provision is mandatory to fulfill all legal and contractual obligations. The provision of data for any other purpose than specified in this information notice is optional. The denial, either partial or total, to provide mandatory data shall make it objectively impossible to establish or carry out any relationship with the data subject. No negative consequence shall apply to optional data, excepting failure to manage the information required to handle the relationships between the parties.

4. DISCLOSURE OF DATA
Personal data relating to the processing herein shall be disclosed by our company, for reasons exclusively connected to the purposes above, to sales agents, suppliers, customers, external warehouses and forwarders, consultants, banks and banking institutions, public administrations, credit collection companies, commercial information companies, factoring companies, insurance companies, professional firms (legal and commercial firms), data processing companies, and audit firms.

5. DISSEMINATION OF DATA
Personal data processed shall not be disseminated to undefined subjects in any manner whatsoever.

6. DATA TRANSFER TO A FOREIGN COUNTRY
Any personal data processed shall not be transferred to a foreign country, whether this is inside or outside the EU.


7. RIGHTS OF DATA SUBJECTS

The data subject is granted the following rights:

  • to lodge a complaint with the supervisory authority (Articles 13-14 of GDPR 2016/679);
  • to know the personal data we process, their source, the purposes and the modalities of processing (Article 15 of GDPR 2016/679); 
  • to submit a request for rectification to the Controller (Article 16 of GDPR 2016/679);
  • to submit a request for erasure (right to be forgotten) of the data managed by the Controller (Article 17 of GDPR 2016/679);
  • to submit a request for restriction of the processing (Article 18 of GDPR 2016/679);
  • to submit a request for objection where the processing falls under Article 21 of GDPR 2016/679.

8. DURATION OF THE PROCESSING 
The duration of the processing shall not be longer than required to fulfill the purposes for which the data were collected.
However, whenever the data subject deems, for any reason whatsoever, that the purpose of the processing has expired, s/he shall notify the Controller below in writing, and the Controller shall immediately take action to erase the information.

9. DATA CONTROLLER
The Data Controller is the company whose name is specified in connection with the services listed in the website which the data subject has visited.


10. DATA PROTECTION OFFICER
The Data Protection Officer (DPO) has not been designated because we do not process data of categories falling under the definition laid down in Article 37 of Regulation (EU) 2016/679.

11. DATA PROCESSOR
Any information relating to the external Data Processor may be requested from the contact person in charge of contract services.

SHARE YOUR MOMENTS IN THE MARCEGAGLIA HOTELS & RESORTS
#MarcegagliaHotelsResorts