Dear visitor welcome to our website
The attention we pay to our Guests also considers the right of each person to his/her own privacy, and we especially wish to guarantee it. This is why our organisation takes all appropriate security measures, observing the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation) on the protection of individuals with regard to the processing of personal data.
In compliance with Articles 13 (for data acquired from the data subject) and 14 (for data not collected directly from the data subject) of the Regulation, visitors to this Website https://www.lecalette.it/ are hereby provided with information that refers to the processing of personal data carried out exclusively through this Website, and descending from it in terms of the services activated, in any case not through other websites that may be accessible via hypertext links from this one, for which we suggest that they read the relevant information provided by the respective Data Controllers.
1) Data Controller and Data Processor of personal data provided by Users
Pursuant to Art. 4 point 7 of GDPR 2016/679, the Data Controller is the company MIA S.r.l. with registered office in Palermo, Via Sammartino, 89, VAT no. 05854030821, and operational headquarters at Hotel Le Calette – Via V. Cavallaro n. 12 – 90015 Cefalù (PA) Italy.
The Data Processor of the personal data processed through this site, for the purposes of maintenance and technical assistance, management, development and analysis, is the company Digitalmakers S.r.l. Via Vittorio Emanuele n.47, 90123 Palermo – P.IVA 06823260820.
The Data Controller and the Data Processor process the personal data of the Users also thanks to their own in– house employees, specifically designated, instructed and authorised for the processing.
2) Category of data processed
Through this site we may acquire and process navigation data, as well as cookies, and personal data entered voluntarily by the User or collected automatically during the use of the site, in more detail:
a. Navigation data
The computer systems and software procedures used to operate this site acquire certain personal data that are implicitly transmitted when using Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by Users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.). This data is processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation or to identify anomalies and/or abuses, or to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site or third parties.
b. Personal data collected through cookies
To learn about the types of cookies and the purposes for which they are used by the Controller, to set your preferences and express your consent, where necessary, we invite you to view and use the Cookiebot cookie banner.
c. Data provided voluntarily by Users
During your interaction with the Website, you may communicate certain personal data to us through the contact methods indicated on the dedicated pages, through messaging, or by using the specific “forms” related to specific requests, when you make a reservation for a stay or to use other services. We specify that the User assumes responsibility for the personal data of Third Parties shared through this website and guarantees that he/she is authorised, or has the right, to communicate them, releasing the Owner from any responsibility towards Third Parties.
In general, the following data may be requested: first name, last name, postal and country address, email address, telephone number, billing address, credit card identification data.
- By registering for the Newsletter service, the User’s name, surname and e– mail address will automatically be included in the mailing list of Hotel Le Calette, owned by the Data Controller, which may send you informative e– mails relating to events, offers or promotions
- Some of Hotel Le Calette’s services and products are available directly on our site, you can check their availability, book and purchase them on the e– shop by entering your name/surname, address and country of origin, telephone, e– mail, number of people, and other details relating to the product/service requested in the appropriate forms. This data will be processed by authorised personnel, according to the methods indicated in the following paragraph, for the execution of the order and the provision of services in response to the request received.
- By reserving a stay, you will provide us with your personal and contact details and the dates of your stay. Reservations can be made with the front– office staff using the contact details published on the website, by accessing the Simple Booking portal using the link on the home page of our website, or through other tourist service booking platforms.
Lastly, we ask you not to enter information in the forms on the website that may fall under the special categories of personal data pursuant to art. 9 of the GDPR (e.g., health status, allergies, intolerances, etc.).
3) Data processing methods
The personal data acquired through the Site is processed with the support of computer and telematics, and is protected by means of suitable security measures to guarantee their confidentiality, integrity and availability, as well as to prevent the loss of data, unlawful or incorrect use and unauthorised access.
4) Purpose and lawfulness of processing
The Personal Data you provide through this Website may be processed by the Data Controller MIA S.r.l. according to the following purposes and legal bases:
a. To follow up specific requests made to MIA S.r.l. by the User through the Website and its communication tools (e.g.: information, quotes, bookings, checking availability and execution of purchase orders via e– shop, etc.),
The legal basis refers to the application of Article 6(1)(b) of the GDPR, i.e. the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre– contractual measures taken at the request of the data subject, as well as (f) the legitimate interest of the Data Controller;
b. To carry out promotional activities, sending communications and information about initiatives and events following your voluntary registration to the Hotel Le Calette newsletter; legal basis may be art.6 part.1 lett. a) of the GDPR, i.e. it requires the consent of the data subject, or your subscription to the newsletter pursues a legitimate interest of the Data Controller pursuant to Article 6 part.1 lett. f) of the GDPR 2016/679;
c. The evaluation of possible job applications by acquiring CVs at the dedicated e– mail address as per the job proposals presented in the “Work With Us” section.
In this case, the processing is lawful according to art.4 par.11 of the GDPR and if the purposes set out in art.6, par.1, lett. b) of the GDPR are met, consent to the processing of personal data in the curricula is not required as prescribed by art.111 bis of Legislative Decree 196/2003.
d. Research and statistical analysis, aimed at ensuring and measuring the functioning of the Site, measuring traffic and assessing usability and interest to make it more functional and performing;
the legal basis is configured in the legitimate interest of the Owner, art.6, par.1, lett. f of the GDPR.
e. To recover a debt, ascertain, exercise or defend a right of the Controller in court and/or whenever a judicial authority exercises its jurisdictional function; legal basis for the processing: Article 6(1)(f) of the GDPR, i.e. processing is necessary for the pursuit of a legitimate interest of the Controller, and Recital 20 of the GDPR.
f. For compliance with laws and regulations; the legal basis: Art.6 par.1 lett.c) of the GDPR, i.e., the processing is necessary for compliance with a legal obligation to which the Controller is subject.
5) Optional provision of data
The provision of personal data is absolutely optional and related to the User’s requests; however, we inform you that failure to provide this data or providing only part of it may make it impossible to respond to any requests, or to use the services or products of our Hotel. With regard to navigation data, what is stated above in point 2) a applies instead.
6) Data recipients
The personal data collected are processed by the staff of MIA S.r.l., who act on the basis of specific instructions on the purposes and methods of data processing.
If the Controller should communicate your personal data to third parties in order to guarantee a service (e.g.: booking a stay through Simple Booking), they will act as Data Processors pursuant to art. 28 of the GDPR; the updated list of Data Processors can be requested at any time from the Controller at the contact details indicated above.
Furthermore, your data will be communicated to subjects, entities and authorities to whom disclosure of the data is required by law.
7) Online payment service
In order to make a payment to our Hotel, you may use the online payment service; either by making a request to our front– office staff, who will send you an email with a personal link and instructions for making the payment on the NEXI website
or by purchasing one of our services/products on the dedicated pages of the site, in which case, to complete your order, you will be invited to select the payment method managed by the NEXI service provider (https://ecommerce.nexi.it/ecomm/payment/CassaQP.jsp).
The provider of this service is the company Nexi Payments S.p.A., with registered office at Corso Sempione no. 55, 20149 Milan, Italy – VAT no. 10542790968 (NEXI), and acts as the independent Data Controller.
The transfer of data to NEXI is carried out pursuant to Article 6(1)(b) of the GDPR (processing necessary for the performance of the contract). Detailed information on the processing of your personal data is available at https://www.nexi.it/privacy.html.
On our Site or while booking online a stay in our facility through Simple booking, you can decide to subscribe to our newsletter, your data will be included in our mailing list managed with the support of the service provider MailChimp, a company of The Rocket Science Group LLC. Your personal data will be processed, including by the provider as a data processor and in accordance with the service contract in force, exclusively for the purposes set out in point b) of this policy. We would like to remind you that you will be able at any time to revoke the consent initially given with your registration, pursuant to Article 7 of the GDPR, without this affecting the lawfulness of the processing based on the consent before revocation.
9) Social media
This Website may refer to or require precise permission (if activated) linked to the Owner’s pages on social media (Facebook, Instagram, LinkedIn), which allow the performance of actions with the User’s personal account, and to collect information, including personal data.
10) Place and time of storage of personal data
Your personal data is processed in the Data Controller’s offices and in any other place where the parties involved in the processing are located, and are stored on servers mainly located in Europe. MIA S.r.l., or on its behalf the company appointed as Data Processor, will keep your personal data for the time strictly necessary to pursue the purposes indicated above, in compliance with civil and tax conservation obligations and within the limits provided for by law. The personal data provided for subscription to the newsletter will be kept by the Data Controller and the service provider indefinitely, without prejudice to your right to cancellation, which you may exercise at any time.
11) Transfers of personal data to third countries
Due to the support clouds of certain service providers, some of the data subject’s personal data may be transferred to recipients located outside the European Community, with regard to the adequacy of the level of protection, please refer to the measures taken regarding the application of Chapter V of the GDPR.
12) Rights of the Data Subject
As a “Data Subject”, pursuant to Articles 7 and 15 to 22 of the GDPR, you have the right at any time to:
- revoke consent, where given, at any time and without prejudice to the lawfulness of the processing based on the consent given before revocation (art. 7 right to revoke consent);
- receive confirmation of the existence of your personal data, access their content and obtain a copy (Art. 15 right of access);
- update, modify and/or correct your personal data (Art. 16 right of rectification);
- request the deletion or limitation of the processing of your data in the cases provided for by the “Regulations”, including cases where the data has been processed in breach of the law or where its storage is not necessary in relation to the purposes for which the data was collected or otherwise processed, (Art. 17– 18 right to deletion and right to limitation)
- within the limits of the ‘Regulations’, receive a copy of the data you have provided in a structured, commonly used and machine– readable format and request that such data be passed on to another data controller if technically feasible (Art. 20 right to data portability);
- object at any time to the processing of your data (Art. 21 right to object);
- to know about the existence of an automated decision– making process, including profiling.
Finally, we remind you of your right to lodge a complaint with the personal data protection Supervisor or another supervisory authority pursuant to Art. 77 GDPR.
13) Contact details
To exercise your rights and for any questions concerning your personal data you can write to us or telephone the Data Controller:
MIA S.r.l. ~ Hotel Le Calette
Via V. Cavallaro n. 12 – 90015 Cefalù (PA) Italy.
Last update: November 2022