Hotel Ariston Molino Terme collects and processes the personal data of its Users and Customers in compliance with the provisions of EU Regulation 2016/679 (GDPR).
The data controller is:
Hotel Ariston Molino Terme srl
Fiscal Code and VAT reg.00066080284
Via Cornelio Augure n. 5
35031 Abano Terme (PD)
Data Protection Officer (DPO)
Legal Representative: Marco Meneghello
Types of personal data collected
The Data Controller collects personal data relating to individual identification and to contact details (name, address, email, telephone number). Data may also be collected in relation to payment (credit card details, IBAN code) and invoicing (tax identification number, VAT reg.), and with regard to the health of interested parties with special needs, or those parties who wish to execute treatment. Data is also collected in relation to the accommodation, activities, and material goods that are subject to purchase.
The data can be collected directly from the interested party or from a third party: for example, from the person who has made the reservation.
Purpose and legal basis of the processing
The personal data collected will only be used for purposes directly or indirectly related to the activities of the Data Controller, and therefore for:
- Management of requests for information from customers or potential customers. The processing is based on the implicit consent of the interested party, and to carry out operations at his/her request prior to entering into a contract.
- Management of bookings. The processing is based on the implicit consent of the interested party, and is required in order to enter into a contract with said party.
- Management of stays at the premises, including activities, therapies, and related customer services. The processing is based on the implicit consent of the interested party, and is required in order to enter into a contract with said party. This processing is also required by the Data Controller in order to fulfil one or more of the legal obligations to which he is subject (for example, the obligation to identify guests or their physical suitability for therapies, and the obligation to provide invoices).
- Handling of payments. The processing is based on the implicit consent of the interested party, and is required in order to enter into a contract with said party, in order to fulfil one or more of the legal obligations to which the Data Controller is subject (tax obligations).
- Analysis of customer satisfaction. The processing in this case represents a legitimate interest on the part of the Data Controller, who always intends to offer the best possible service to his guests and therefore wishes to assess their level of satisfaction.
- Analysis and management of traffic on the website. The processing in this case represents a legitimate interest on the part of the Data Controller, who wishes to offer the best possible browsing experience to users of the site.
- Promotion and direct marketing. Processing can be undertaken in this case with the consent of the interested party, when he/she has asked to receive information and news from the Data Controller, and also represents a legitimate interest on the part of the Data Controller, who wishes to keep his customers updated with the best available offers.
Categories of recipients of personal data
The data may be disclosed to certain categories of recipients, such as employees and collaborators of the Data Controller, and professionals appointed as external processors for the aforementioned purposes of administration, taxation and health.
The data will be stored for 5 years from the time of the guest’s last stay. Credit card details are deleted at time of departure. Health and invoicing data are kept for at least 10 years, as required by law.
Rights of the interested party
The party concerned has the right to ask the Data Controller for access to their personal data, the right to correct or cancel them and to limit or object to their processing, as well as the right to data portability and to withdrawal of consent and the right to lodge a complaint with a supervisory authority.
Obligation to provide data
The provision of data is essential if you wish to book stays and services, also in view of the legal obligations which the Data Controller has to fulfil. Failure to provide the necessary data therefore makes it impossible to access the accommodation, services and facilities requested.
Effective from 25/5/2018