PRIVACY POLICY
PURSUANT TO EUROPEAN REGULATION No. 2016/679 (“GDPR”)
Please read this policy carefully (hereinafter, “Privacy Policy”) which is provided to users who request a quote, pursuant to Articles 13 and 14 of the GDPR, in which we provide you with all the details relating to the processing of your data and its use.
1. DATA CONTROLLER AND DPO
Corso Italia S.r.l., with registered office in Milan (MI), via San Paolo n. 7, VAT number 11678740967 (hereinafter “Data Controller” or “Corso Italia”), who can be contacted at the e-mail address corsoitaliasrl-mi@legalmail.it.
For matters relating to privacy, in addition to the Data Controller, you can contact the Data Protection Officer (“DPO”) by writing to: Privacy.Corsoitalia@StudioDiRevisori.it
2. SUBJECT, PURPOSE AND LEGAL BASIS OF THE PROCESSING
The Data Controller will process your name, surname, telephone number, e-mail address, residential address and any other personal data you voluntarily provide via the “Request a quote” form (hereinafter collectively referred to as “Personal Data” or “Data”) for the following purposes:
a) to respond to your request for a quote, submitted via the appropriate form on the Website;
b) upon your free, specific and informed consent, to send you promotional communications (e.g. newsletters) and to update you on our commercial and advertising initiatives regarding events, initiatives or partnerships of the Data Controller, to conduct market and user satisfaction surveys, in accordance with the provisions of the Italian Data Protection Authority’s “Guidelines on promotional activities and combating spam - 4 July 2013 [2542348]”. If you decide to give your consent, we inform you that these activities may be carried out, as provided for by current regulations, by post, telephone contact via an operator (“traditional methods”), e-mail (newsletters), text messages, push notifications and the use of social networks (“automated methods”). In this regard, we specify that we will collect a single consent for the marketing purposes indicated above, in accordance with the aforementioned Guidelines;
c) to ensure compliance with the legal obligations, regulations and EU provisions to which the Data Controller is subject;
d) ascertain, exercise or defend a right or interest of the Data Controller in court and/or out of court, against any competent authority or body.
With reference to the purposes referred to in letter a), the legal basis for the processing is Article 6(1)(b) of the GDPR, ‘performance of a contract or pre-contractual measures’.
With regard to the purposes referred to in letter b), the legal basis for the processing is Article 6(1)(a) of the GDPR, ‘consent of the data subject’.
With regard to the purposes referred to in letter c), the legal basis for the processing is Article 6(1)(c) of the GDPR, “compliance with a legal obligation to which the controller is subject”.
With regard to the purposes referred to in letter d), the legal basis for the processing is Article 6(1)(f) of the GDPR, “pursuit of the legitimate interests of the controller or of a third party”. With particular reference to this purpose based on the legitimate interests of the Data Controller or of a third party, it is specified that the legitimate interests of the Data Controller in processing the data are fairly balanced with your interests, rights and fundamental freedoms.
3. NATURE OF DATA PROVISION
The provision of Personal Data, as referred to in point 2, is necessary in order to allow the Data Controller to follow up on your request for a quote and fulfil the related obligations. Any refusal to provide the aforementioned Data would make it impossible for the Data Controller to respond to your request.
Please note that, with reference to the Personal Data collected for the purposes referred to in point 2 b), the provision of such data is entirely optional and free. Failure to provide such data will not affect the processing of your request in any way.
Personal Data is collected through a channel managed by a partner of the Data Controller and used to send the latter a request for a quote.
4. DATA RECIPIENTS AND DATA TRANSFER
Your Personal Data may be shared with:
a) subjects acting as independent data controllers, data processors and/or sub-processors (e.g., companies responsible for managing the facility and/or other third parties operating at the same);
b) persons authorised by the Data Controller to process personal data who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality;
c) persons delegated and/or appointed by the Data Controller to carry out activities strictly related to the pursuit of the above purposes, duly appointed, where necessary, as data processors;
d) persons, companies or professional firms that provide assistance and advice to the Data Controller, duly appointed as data processors where necessary.
Outside of the above cases, your personal data will not be disclosed except to subjects, entities or authorities to whom disclosure is mandatory under the provisions of law or regulations.
Your personal data may be transferred outside the European Economic Area only if the requirements set out in Articles 44 et seq. of the GDPR are met.
5. DATA RETENTION PERIOD
The Data Controller will process personal data for the time strictly necessary to fulfil the purposes referred to in point 2 above.
With particular reference to the purpose referred to in point 2 a), your data will be retained for the period of time strictly necessary to process your request for a quote.
Your personal data processed for direct marketing purposes, as referred to in point 2 b), will be retained until the date of withdrawal of consent. In any case, the Data Controller will periodically and in specific circumstances (such as, for example, verification of the User’s inactivity) assess the User’s current interest in remaining updated on events and initiatives promoted by the Data Controller and in receiving related commercial and marketing communications.
With regard to personal data processed for the purposes referred to in point 2 c), your data will be processed until the time required by the specific obligation or applicable law.
With regard to personal data processed for the purposes referred to in point 2 d), we inform you that your data will be processed for the period strictly necessary to allow the Data Controller to ascertain, exercise or defend a right or interest in court and/or out of court. The pursuit of the Data Controller’s legitimate interest is fairly balanced with the user’s interest, as the processing of personal data is limited to what is strictly necessary for the performance of these activities. Processing for legitimate interest purposes is not mandatory and the user may object to such processing in the manner described in this Privacy Policy, in which case the Data Controller will not be able to process the Personal Data for that purpose, unless the Data Controller demonstrates the existence of legitimate prevailing reasons.
6. DATA PROTECTION
Your personal data is processed by the Data Controller in full compliance with current legislation. In particular, to ensure the security of your personal data, taking into account the state of the art and the costs of implementation, as well as the nature, scope, context and purposes of the processing, and the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller has adopted technical and organisational measures to ensure a level of security appropriate to the risk.
7. RIGHTS OF THE DATA SUBJECT AND WITHDRAWAL OF CONSENT
In accordance with the provisions of the GDPR, where the legal requirements are met, you have the right to request the Data Controller, at any time, to access your personal data, to correct or delete it, or to object to its processing. The law also allows you to exercise the right to request the restriction of processing in the cases provided for in Article 18 of the GDPR.
In the cases referred to in Article 20 of the GDPR, the data subject has the right to obtain their data in a structured, commonly used and machine-readable format and, where technically feasible, to transmit it to another controller without hindrance.
You also have the right, pursuant to Article 7(3) of the GDPR, to withdraw your consent at any time for specific purposes (e.g. direct marketing). In any case, the withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.
Requests relating to your rights and/or aimed at obtaining further clarification can be addressed to the Data Controller at the following email address: Privacy.Corsoitalia@StudioDiRevisori.it
Finally, we remind you that you always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force.
Via Magenta 6, 50123, Florence
Italy
General Manager: Francesco Marzola
CIN CODE: IT048017B4OQASL2T5
T. +39 055 01721
Hotel Contacts: teatro.fi@starhotels.it
Reservation Requests: reservations.teatro.fi@starhotels.it
Starhotels Finanziaria S.r.l. con socio unico
Viale Belfiore, 27 - 50144 Firenze Italia T +39 055 36921 F +39 055 36924
Sede legale in Milano (MI) 20121, Via Turati 29 - Capitale sociale Euro 10.000.000,00 i.v.
Codice fiscale, Partita IVA e numero di iscrizione al Registro delle Imprese di Milano Monza Brianza Lodi n. 05201490967 - R.E.A. n. 2657539
