This privacy policy describes the methods of managing the website regarding the processing of personal data of visitors and customers who consult it. This is a notice provided pursuant to Article 13 of EU Regulation no. 679/2016 – hereinafter GDPR – to those who interact with the web services of NAMASTE S.R.L., the owner of the website www.ristoranteposillipo.com, accessible electronically from the address: https://www.ristoranteposillipo.com, corresponding to the homepage of the official Hotel Posillipo website. The policy applies only to the website www.ristoranteposillipo.com and not to other websites that the user may visit via links.

The "Data Controller"

Following the consultation of this website, personal data regarding identified or identifiable persons may be processed. The "Data Controller" is HOTEL POSILLIPO of NAMASTE S.R.L., with its legal office at via Archimede 13, 47841 Cattolica (RN) and its operational office at via Dell’Orizzonte 1, 61011 Gabicce Mare (PU), registered with the Rimini Chamber of Commerce.

Location of Data Processing

The processing and collection of personal data related to the web services of this site take place at the company's headquarters NAMASTE S.R.L. using automated tools.

Purpose of Data Processing

Personal data of the user are collected and processed for the time strictly necessary to achieve the purposes for which they were acquired, and in particular:

  • For reasons directly related and instrumental to the provision and management of the room booking services offered by HOTEL POSILLIPO;
  • To gather statistical information on the use of the software and to check its proper functioning;
  • For the possible sending of informational, commercial, and promotional material (for marketing purposes) about the services of HOTEL POSILLIPO, if specifically authorized by the data subject;
  • For surveys on the quality of services and customer satisfaction (surveys carried out with the user’s consent) either directly or in collaboration with specialized operators;

Personal data are also collected and processed by the Data Controller to pursue its legitimate interests, including:

  • Compliance with legal obligations (e.g., transmission of data to the State Police in compliance with the requirements of Article 109 T.U.L.P.S. – Customer registration notification to the Police Headquarters);
  • Protection against fraud;
  • Security measures;
  • Communication of crimes to the judiciary.

Methods of Data Processing

The processing of personal data collected via the HOTEL POSILLIPO website is based on the consent of the data subject, which may always be revoked by a request for deletion. The processing will be carried out in automated and/or manual form, respecting the provisions of Article 32 of the GDPR 2016/679 regarding security measures, by the data controller and in compliance with Article 29 of GDPR 2016/679. In compliance with the principles of lawfulness, purpose limitation, and data minimization, as outlined in Article 5 of GDPR 2016/679, after obtaining the freely and explicitly expressed consent via electronic means on the website www.ristoranteposillipo.com, the personal data will be stored for the period necessary to achieve the purposes for which they were collected and processed. In particular, once collected, the data will be inserted and cataloged in a specific registry, both paper-based and electronic, managed and kept by the Data Controller. Specific security measures are observed by the Data Controller to prevent the loss of data, illegal or improper use, and unauthorized access.

Types of Data Processed

User Personal Data (Registration Data). To use the booking services on the website www.ristoranteposillipo.com, the user must fill out the registration form and provide specific information. The data required for the service are marked with an asterisk. Failure to provide the data marked with the asterisk will prevent the requested services from being executed. Other data, not necessary for the execution of the service, may be requested, but their provision will be entirely voluntary, and refusal to provide such information will not affect the execution of the requested service.

Navigation Data. The IT systems and software procedures for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that is not collected to be associated with identified data subjects, but which by their nature could, through processing and association with data held by third parties, allow for the identification of users. This category of data includes IP addresses or domain names of the computers used by the users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, request time, method used to submit the request to the server, file size obtained in response, numerical code indicating the server's response status (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are used only for anonymous statistical purposes regarding site usage and to check its correct functioning and are deleted immediately after processing.

Data Provided Voluntarily by the User. The optional, explicit, and voluntary sending of emails to the addresses listed on this website involves the subsequent acquisition of the sender's address, necessary to reply to requests, as well as any other personal data included in the message.

Transfer of Personal Data

The personal data collected from users on the website www.ristoranteposillipo.com will not be transferred to EU Member States or third countries outside the European Union.

Existence of Automated Decision-Making, Including Profiling

NAMASTE S.R.L. does not adopt any automated decision-making process, including profiling, as referred to in Article 22, paragraphs 1 and 4 of EU Regulation no. 679/2016.

Scope of Communication and Dissemination

The collected data will never be disseminated and will not be communicated without the explicit consent of the data subject, except for communications necessary to fulfill legal obligations.

Cookies

NAMASTE S.R.L. uses cookies on its website, which are alphanumeric identification elements created by the browser and stored on the user’s computer, suitable for recognizing the user’s device and useful for optimizing the use of the website and its associated services. Specifically, the site may include the following types of cookies:

  • Strictly Necessary Cookies: Used to provide the requested services and essential for the user to navigate the site and use its features. Without these, some services (e.g., room bookings) cannot be provided.
  • Functional Cookies: Allow remembering choices made (e.g., name, language, region, text size, etc.) and provide optimized and personalized features to improve the online experience.
  • Technical/Analytical Cookies: Collect anonymous information about the pages visited for statistical purposes.
  • Persistent Cookies: Used to track users and personalize and enhance site usage.
  • Session Cookies: (Which are not persistently stored on the user’s computer and disappear when the browser is closed) are limited to the transmission of session identifiers (random numbers generated by the server) to ensure the secure and efficient navigation of the site and avoid the use of other techniques that might compromise the confidentiality of user navigation.

Social Media and Third-Party Cookies and Widgets: During site usage, you may notice information not belonging to HOTEL POSILLIPO but from third-party companies that may send their own cookies. On the website www.ristoranteposillipo.com, the following third-party cookies may be present: Google, Tripadvisor, Facebook. The company does not have access or control over these cookies, and users are directed to the privacy policies of these respective companies.

Rights of the Data Subjects

- Right of Access and Rectification: Data subjects, in relation to their personal data processed by the controller, have the right to:

  • Access such data;
  • Rectify or delete it;
  • Limit its processing;
  • Object to its processing.

- Right to Deletion: Data subjects also have the right to request the immediate deletion of their personal data, exercising the right to be forgotten under Article 17 GDPR, if one of the following conditions applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The data subject withdraws consent on which the processing is based under Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a) GDPR, and there is no other legal basis for processing;
  • The data subject objects to the processing under Article 21, paragraph 1, and there is no overriding legitimate reason for proceeding with the processing, or objects under Article 21, paragraph 2 GDPR;
  • The personal data have been unlawfully processed;
  • The personal data must be deleted to comply with a legal obligation under Union or Member State law to which the controller is subject;
  • The personal data were collected in relation to the offer of information society services aimed at minors.

The data controller, if personal data have been made public and is required to delete them, adopts reasonable measures, including technical ones, to inform data controllers processing the personal data of the data subject's request to delete any link, copy, or reproduction of their personal data. The Right to be Forgotten cannot be exercised if the processing is necessary:

  1. For the exercise of the right to freedom of expression and information;
  2. For compliance with a legal obligation requiring processing under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. For public health purposes in accordance with Article 9, paragraphs 2, letters h) and i), and Article 9, paragraph 3 GDPR;
  4. For archiving purposes in the public interest, scientific or historical research, or statistical purposes under Article 89, paragraph 1 GDPR, where the right to be forgotten risks making it impossible or seriously impairing the achievement of the objectives of such processing;
  5. For the establishment, exercise, or defense of a legal claim.

- Right to Restriction of Processing: The data subject has the right to obtain from the data controller the restriction of processing under Article 18 GDPR when they contest the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data; the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that its use be restricted; although the data controller no longer needs the personal data for the purposes of processing, the personal data are necessary for the data subject for the establishment, exercise, or defense of a legal claim; the data subject has objected to the processing pending verification of the possible overriding legitimate grounds of the data controller over those of the data subject.

- Right to Data Portability: The data subject also has the right to data portability under Article 20 GDPR, meaning the right to receive their personal data in a structured, commonly used, and machine-readable format and the right to transmit those data to another data controller without hindrance from the controller to whom the data were provided, provided that the processing is based on consent for one or more specific purposes and is carried out by automated means.

- Right to Object: The data subject finally has the right to object under Article 21 GDPR at any time, on grounds related to their particular situation, to the processing of personal data concerning them and provided by them to the controller for one or more specific purposes.

Requests for the Exercise of Data Subject Rights

Requests for the exercise of rights should be directed to the data subject at the email address: info@hotelposillipo.com or by registered mail to HOTEL POSILLIPO of NAMASTE S.R.L., located at VIA DELL’ORIZZONTE 1, 61011 GABICCE MARE (PU).

Complaint to the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, the data subject who believes that the processing of their personal data violates the GDPR has the right to file a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place where the alleged violation took place, according to Article 77 GDPR. For the purposes of this privacy policy, pursuant to Article 4, paragraph 1, no. 23) GDPR, the processing of personal data carried out on this site by HOTEL POSILLIPO of NAMASTE S.R.L. takes place within the activities of a single establishment within the European Union and substantially affects or may substantially affect data subjects in more than one Member State. Therefore, in the case of a data subject residing in a Member State other than that of the establishment, they may appeal to the supervisory authority of the EU country where they habitually reside.