Full privacy policy - art. 13, 14, 26 EU Regulation 2016/679

Data subjects: Expo and event participants

The All Inclusive Hotels consortium and its member accommodations (a continuously updated list is available at www.allinclusivehotels.it), as joint controllers of your personal data under contractual agreements, in accordance with Article 26 of EU Regulation 679/2016 (hereinafter “GDPR”), inform you that this regulation is designed to protect your personal data. All processing will adhere to the principles of fairness, legality, transparency, confidentiality, and the protection of your rights.

Allocation of processing purposes based on the contractual agreements in place between the joint controllers (pursuant to Article 26 of EU Regulation 679/2016):

The All Inclusive Hotels consortium aims to enhance awareness of the region and promote its tourism offerings through various communication channels, including its website and direct initiatives. Member accommodations join the consortium to leverage its platform for promoting their direct marketing activities, targeting data subjects who request information and quotes via the portal.

Purpose and legal basis

1) To participate in the initiative promoted by the consortium (by completing the paper postcard or the form on the tablet), your personal data is required for identification purposes and to communicate the results to you. The legal basis for the processing is the fulfilment of a contractual obligation.

Optional data processing

2) Direct marketing: Sending information and newsletters about events, initiatives, and tourism-related activities within the region, as well as promotions and updates from the All Inclusive Hotels consortium. This includes direct marketing by the consortium and its members’ accommodations and non-accommodation services, with each acting as independent data controllers.

Communications will be sent via e-mail. The legal basis is consent.

3) Profiling: Sending commercial information for marketing purposes by the All Inclusive Hotels consortium and its members’ accommodation and non-accommodation services, as independent data controllers, based on the information you have provided. Communications will be tailored to your travel preferences and habits. The legal basis is consent.

Retention: Your data will be retained as long as necessary to fulfil the purposes for which it was collected by the data controllers and will be kept until you request its deletion. You may request deletion at any time after receiving communications.

Consequences of withholding consent for optional purposes:

Withholding consent for promotional, direct marketing, or profiling purposes outlined in points 2 and 3 will not affect the processing of data required to provide the essential service necessary for participation in the initiative.

Your personal data will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations set forth therein. Taking into account the Italian Privacy Guarantor’s “Guidelines on Promotional Activities and the Fight Against Spam” dated 4 July 2013 (published in the Official Gazette No. 174 on 26 July 2013).

The processing of functional data for the fulfilment of these obligations (purpose 1 participation in the initiative) is necessary for the correct management of the relationship and their provision is mandatory in order to implement the purposes indicated above. The Data Controllers also inform you that any failure to provide, or incorrect provision of, the contact information mentioned above may result in the inability to ensure the proper and effective processing of your data.

Processing methods:

Your personal data may be processed in the following ways:

– Engaging third parties (managers or sub-processors) to carry out processing activities essential for managing the service, communications, and data processing;

– Collection of data through paper forms, electronically, or on-line via the web.

– Processing using electronic systems and paper-based records;

Technical and organisational measures:

All processing is carried out in accordance with the procedures laid down in Articles 6, 32 of the GDPR and taking the appropriate security measures as required;

Recipients and data transfer to non-EU countries:

Your data will be stored in both paper and electronic formats with server providers through agreements with hosting, cloud, and connectivity service providers. These providers, acting as data processors or sub-processors, are located in both EU countries and non-EU countries (such as the United States), with providers that are participants in the Privacy Shield framework. These systems are managed by system administrators and authorised and educated persons, with the guarantee of adoption of technical and organisational security measures for the protection of personal data with reference to articles 29, 32 of EU Regulation 679/2016 through technical, administrative and commercial staff.

In particular, but not limited to, please note that your data may be processed by the following categories of individuals acting under the authority of the data controllers:

– Administrative staff

– System technicians and administrators

– Sales and marketing representatives

Additional recipients involved in delivering the requested services for the stated purposes, as well as any other parties required to fulfil legal obligations.

Disclosure: Your personal data will never be distributed in any way.

The data protection officer (DPO)

Is designated by the data controller pursuant to art. 37 of the GDPR as Studio Paci &C srl (contact person: Luca Di Leo) Edelweiss Rodriguez Senior, 13 – 47924 – Rimini – Tel. 0541 1795431., mobile 3931019939

Rights of the data subject:

You have the right to request from the Data Controller the deletion (right to be forgotten), restriction, updating, rectification, portability, or objection to the processing of your personal data, as well as to exercise all other rights provided under Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

EU 2016/679 Regulation: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Interested party

1. The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/herself, even if not yet recorded, and its communication in an intelligible form.
2. The data subject has the right to obtain information regarding: the source of the personal data; the purposes and methods of processing; the logic applied in cases of processing carried out using electronic means; the identity of the data controller, the data processor, and the representative designated in accordance with Article 5, paragraph 2; and the subjects or categories of subjects to whom the personal data may be disclosed, or who may become aware of the data as part of their role as representatives in the territory of the State, data processors, or representatives.
3. The data subject has the right to obtain the updating, rectification or, when desired, integration of data; the deletion, transformation into anonymous form or blocking of data processed unlawfully, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; confirmation that the actions described in points a) and b) have been communicated, including their content, to those to whom the data was disclosed or made available, unless such notification is impossible or would require disproportionate efforts in relation to the right being protected.
4. The data subject has the right to object, in whole or in part: for legitimate reasons, to the processing of personal data that is relevant to the purposes for which it was collected; to the processing of personal data for the purposes of sending advertising materials, direct marketing, or conducting market research or commercial communications.

Complaint: The interested parties, if the conditions are met, also have the right to lodge a complaint with the Data Protection Authority (Garante) as supervisory authority according to the established procedures. For any further information, and to assert the rights granted to you by the European Regulation, you can contact the data controller at the contact information referenced above.