Privacy Policy
What is this Privacy Policy about?
This Privacy Policy serves as information pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and applies to the personal data relating to you collected and processed by Albergo San Felice S.r.l., headquartered in Capri (NA), Via Li Campi, 13– as the data controller – (hereinafter, “we” or “our”, as applicable) through the website https://www.hotelsanfelice.com/ (hereinafter the “Website”) or whenever you interact with us.
What categories of personal data do we collect?
We may collect the following data:
(1) Identification data such as name, surname, nationality;
(2) Contact data such as email address and phone number;
(3) Information related to your access and use of the Website such as IP address and approximate location of your device, browser used, operating system, web page visited before accessing the Website, pages visited and time spent on those pages, clicked links and other information, including those collected through cookies and other tracking tools;
(4) Any other information you voluntarily provide to us.
For more information on cookies, please see our Cookie Policy.
Providing your personal data is optional but necessary for the purposes listed below; if you do not provide us with your personal data, we will not be able to pursue those purposes.
How do we collect your personal data?
The data we process is provided directly by you, when you browse the Website and, in general, whenever you interact with us.
For what purposes and on what legal basis do we process your personal data?
We may process your personal data to:
(1) Respond to your questions and fulfill your requests for information;
(2) Fulfill contracts entered into with you regarding the purchase or booking of products and services;
(3) Process statistics on the use of the Website by users based on data collected through analytical cookies on the Website;
(4) Fulfill legal or regulatory obligations we are subject to;
(5) Exercise or defend a legal claim;
(6) Prevent fraud and protect the Website;
(7) Enable the integration and display of content from external platforms on the Website, as well as comment on content and interact with social networks;
(8) Conduct customer satisfaction surveys, market research, promotional activities in general, profiling, and analysis of browsing experiences for marketing and promotional purposes.
The processing of your personal data for the purposes in items (1) and (2) does not require your consent as it is necessary to respond to your requests and fulfill contractual or pre-contractual obligations under Article 6(1)(b) of the GDPR. The processing for the purpose in item (3) requires your consent to the use of analytical cookies. The processing for the purpose in item (4) does not require your consent as it is necessary to comply with legal or regulatory obligations under Article 6(1)(c) of the GDPR. The processing for the purposes in items (5), (6), and (7) does not require your consent as it is necessary for the purposes of our legitimate interests under Article 6(1)(f) of the GDPR. Processing for the purposes in item (8) requires your consent under Article 6(1)(a) of the GDPR.
How do we process your personal data?
We adopt appropriate technical and organizational measures to ensure a level of security appropriate to the risk to your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
How long do we retain your personal data?
Your personal data will be retained for different periods depending on the purposes for which they were collected. Specifically:
(1) Data collected to respond to your inquiries will be retained until your request is fulfilled;
(2) Data collected to fulfill contracts with you will be retained for the duration of the contractual relationship and for 10 years thereafter;
(3) Data collected through analytical cookies to compile usage statistics will be retained for 12 months;
(4) Data collected to comply with legal or regulatory obligations will be retained for the time required by applicable legal provisions;
(5) Data collected to exercise or defend a legal claim will be retained for the limitation period of the rights for which processing is necessary;
(6) Data collected to prevent fraud and protect the Website will be retained only as long as necessary to achieve this purpose;
(7) Data collected to enable content from external platforms to be displayed on the Website will be retained only as long as necessary to achieve this purpose;
(8) Data collected for customer satisfaction surveys, market research, promotional activities, and marketing communications will be retained for a maximum of 24 months from collection, while data collected for profiling and browsing analysis for marketing and promotional purposes will be retained for a maximum of 12 months, unless longer retention periods are required by law or necessary to protect our legal rights.
Who do we share your personal data with?
Your personal data may be made accessible to, brought to the attention of, or communicated to the following entities, who will act as authorized processors, data processors, or independent data controllers:
(1) our employees or collaborators, regardless of their role;
(2) public or private entities, individuals or legal entities, who process data on our behalf or to whom we are required to disclose your personal data by legal or contractual obligations, such as lawyers, accountants, banks, service providers we use for the operation of the Website, judicial or law enforcement authorities, communication agencies, etc.
Please note that if any of the recipients of your personal data are located outside the European Economic Area, we will transfer your personal data, in the absence of adequacy decisions and without relying on any of the derogations under Article 49 of the GDPR, on the basis of the standard contractual clauses referred to in Article 46 (2)(c) and (d) of the GDPR.
The identity of the processors who handle your personal data on our behalf can be requested by sending an email to the address provided below.
Your rights under personal data protection law
(1) be informed about the purposes and methods of processing your personal data;
(2) access your personal data and receive a copy of it;
(3) rectify incomplete, inaccurate, or outdated data;
(4) erase your personal data;
(5) restrict the processing of your personal data, where applicable under the GDPR;
(6) object to the processing, in whole or in part, where applicable under the GDPR;
(7) obtain the portability of your personal data, where applicable under the GDPR.
If consent is required for the processing of personal data, you may also withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent given before its withdrawal.
You can exercise the above rights and request any information regarding the processing of your personal data by contacting us at the following email address: info@hotelsanfelice.com.
Furthermore, you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if you believe that your rights under the GDPR have been violated.
Links to other websites
The Website may contain links to external websites. If you click on any of these links, you will be redirected to a site not covered by this Privacy Policy.
Changes to the Privacy Policy
This Privacy Policy is subject to updates. We therefore invite you to consult the latest version available on the Website.