Dear Customer, Hotel Ariston Molino Terme (Owner) collects and processes the personal data of its Customers (Interested) with the utmost confidentiality, in compliance with the provisions of EU Regulation 2016/679 (GDPR).
The Data Controller is Hotel Ariston Molino Terme srl (CF 00066080284), Via Cornelio Augure n. 5, 35031 Abano Terme (PD), contact: email@example.com
Data Protection Manager
The Data Controller has appointed Marco Meneghello, Avv. Marco Meneghello, Galleria Trieste n. 6, 35121 Padua, contact: firstname.lastname@example.org
The personal data collected by the Owner are those of identification and contact (name, address, email, telephone). Payment and billing data may be collected, as well as data concerning the health of interested parties with special needs or Interested parties who wish to undergo treatment.
Data concerning the stay, the activities carried out and the goods purchased are collected. The data may be collected directly by the interested Party or by third parties, such as, for example, the person who made the booking.
The structure, for security reasons, is equipped with a video surveillance system active 24 hours a day, therefore the images of the interested parties are processed. The system keeps recordings of the last 24 hours and these recordings are accessible by the Data Controller in the person of the Legal Representative.
Purpose of the processing and legal basis
The personal data collected will be used for purposes strictly related to the activity of the Owner:
- Management of stays, including activities and related customer service.. The processing may take place with the express consent of the data subject, as regards the receipt of messages and telephone calls. Furthermore, it is necessary for the performance of a contract to which the data subject is a party, i.e. it is necessary to fulfil one or more legal obligations to which the Data Controller is subject (e.g. obligation to identify guests, obligation of physical fitness of the same for treatment, billing obligation).
- Management of therapies. The processing is carried out on the basis of the explicit consent of the data subject, and is also necessary for reasons of public health interest, in addition to being a legal obligation.
- Payment management. The processing is necessary for the performance of a contract to which the data subject is a party, as well as to fulfil one or more legal obligations to which the Data Controller is subject (tax obligations).
- Customer satisfaction analysis. The data processing represents a legitimate interest of the Owner, who always intends to offer the best possible service to its guests and is therefore interested in assessing the degree of satisfaction.
- Analysis and management of the traffic of its website. The processing represents a legitimate interest of the Owner, who intends to offer the best possible navigation experience to its users.
- Promotion and direct marketing. The processing may take place with the consent of the interested party who has requested to receive information and news from the Owner and also represents a legitimate interest of the Owner, who intends to keep its customers updated on the best available offers.
- Statistical analysis of treatments. This treatment takes place under the supervision of the Centro Studi Termali Pietro d’Abano and is a legal obligation.
- Security. The treatment is carried out with the express consent of the person concerned for conclusive facts, by entering the facility.
Categories of recipients of personal data
The data may be communicated to certain categories of recipients, such as employees and collaborators of the Data Controller, professionals appointed as external data processors, for the administrative, fiscal and health purposes mentioned above.
Some data may be communicated to private third parties, if the Data Subject requests to carry out certain recreational or leisure activities. The data relating to therapies may be communicated to the Ministry of Health and the Veneto Region, also through the Pietro d’Abano Spa Study Centre.
The images of the surveillance system will not be disseminated or communicated, unless specifically requested by the FFOO and without prejudice to the Owner’s self-protection reasons.
The data may be transferred to international organisations on the basis of standard contractual clauses (Apple, Expedia) or with the consent of the data subject.
Period of retention
The data is normally kept for 5 years from the last stay. Payment details are deleted on departure. Health and billing data are kept for 10 years after the closure of the activity. Video surveillance images are stored for 24 hours. Save different legal terms.
Rights of the interested party
The interested party has the right to ask the Data Controller for access to personal data and the rectification or cancellation of the same or the limitation of the processing that concerns him/her or her or of
oppose their processing, in addition to the right to data portability, the withdrawal of consent and the right to lodge a complaint to a supervisory authority.
Obligation to provide data
The provision of data is a necessary requirement in order to be able to book stays and services, also because of the legal obligations to which the Owner is subject. Therefore, failure to provide the requested data will make it impossible to use the stay or the services and goods requested.
Effective from 25/5/2018