Dear visitor welcome to our website

Dear Visitor welcome to our website…

the attention we pay to our Guests also considers the right of each person to his/her privacy, and we especially wish to guarantee it. For this reason, our organisation takes all appropriate security measures, observing the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the Regulation) on the protection of individuals with regard to the processing of personal data.

 

On this page, we describe how and for what purpose we process the personal data of the Users of this website, so please read our information before providing us with your personal data.

 

Privacy Policy

 

In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected directly from the data subject) of the Regulation, visitors are hereby informed that the processing of personal data is carried out exclusively through this Website https://www.lecalette.it/ and descends from it in terms of the services activated, in any case not through other websites that may be accessible via hyperlinks from this one, for which we suggest that they read the relevant information provided by the respective Data Controllers.

 

1) Controller and Processor of personal data provided by Users 

Pursuant to Art. 4 point 7 of GDPR 2016/679, the Data Controller is the company MIA S.r.l. with registered office in Palermo, Via Sammartino, 89, P.IVA 05854030821, and operational headquarters at Hotel Le Calette – Via V. Cavallaro n. 12 – 90151 Cefalù (PA) Italy. 

The owner can be contacted by email: privacy@lecalette.it or by telephone 0921 424144.

 

The Data Controller and the Web Master (Data Processor for this website) also process the personal data of Users through their own in-house employees, who are specifically designated, instructed and authorised to do so.

 

2) Category of data processed 

Through this site, we may collect and process navigation data, as well as cookies, and personal data entered voluntarily by the User or collected automatically during the use of the site, in more detail:

1. Navigation data

The computer systems and software procedures used to operate this site acquire certain personal data that are then implicitly transmitted when using Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by Users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.). 

These data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation or to identify anomalies and/or abuses, or to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site or third parties.

1. Personal data collected via cookies. 

This Site uses cookies or markers, which are information at an aggregate level relating to the behaviour of users on the Site, sent by a web server (in this case, our Site) to the User’s browser and stored by the latter on his or her device (personal computer, tablet, mobile phone, etc.) and then automatically sent back to the server each time the site is accessed or transmitted to third parties with the User’s explicit consent.

To learn about the types of cookies and the purposes for which they are used by the Controller, to set your preferences and to give your consent where necessary, we invite you to view and use the cookie banner.

voluntarily by Users

During your interaction with the Website you may communicate certain personal data to us through the contact methods indicated on the dedicated pages, through messaging, or by using the special “forms” relating to specific requests, when you make a reservation or to use our services. We specify that the User assumes responsibility for the personal data of Third Parties shared through this website and guarantees that he/she is authorised, or has the right, to communicate them, releasing the Owner from any responsibility towards Third Parties.

In general, the following data may be disclosed: first name, surname, postal and country address, email address, telephone number, billing address, credit card identification data, food preferences or intolerances, etc.

In particular:

• by registering for the Newsletter service, the User’s name, surname and e-mail address will automatically be included in the mailing list of Hotel Le Calette, owned by the Data Controller, which may send you informative e-mails regarding events, offers and promotions of a commercial nature.
• some of Hotel Le Calette’s services and products are available directly on our website, it is possible to check availability, book, purchase on the e-shop by entering name/surname, address and country of origin, telephone, e-mail, number of people, and other details relating to the product/service requested in the appropriate forms. These data will be processed by authorised personnel, according to the methods indicated in the following paragraph, for the execution of the order and the provision of services in response to the request received.
• By reserving a stay, you will provide us with your personal and contact details, dates, and the number of persons in the stay; the reservation can be made to the front-office staff using the contact details published on the Site, by accessing the Simple Booking portal via the link on the home page of our site, or via other tourist service reservation platforms that connect to our reservation portal.

 

In order to book a service, you may need to provide us with certain data classified as ‘special or ex-sensitive’ under Article 9 of the Regulation (e.g. health status, allergies, disabilities, etc.). We remind you that you must explicitly authorise us to process this particular category of data, for which we will record your consent.

 

3) Modalities of data processing

The personal data acquired through the Site are processed with the support of computer and telematic means and are protected by appropriate security measures to guarantee their confidentiality, integrity and availability, as well as to prevent the loss of data, unlawful or incorrect use and unauthorised access.

 

4) Purpose and lawfulness of processing

Personal and special data (food intolerances and the like) that you provide through this Website may be processed by the Data Controller MIA S.r.l. for the following purposes and legal bases:

1. To provide our services, i.e. to follow up on specific requests made to MIA S.r.l. by the User through the Website and its communication tools (e.g.: information, quotations, bookings, checking availability and execution of purchase orders via e-shop, etc.), 

The legal basis refers to the application of Article 6(1)(b) of the GDPR, i.e. the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request; 

it should be noted that the special data of the User and of third parties that may be communicated by the User will be processed only after the express consent to the processing of such information has been obtained,  

The legal basis for the processing in this case is laid down in Article 9(2)(a) of the GDPR.

1. To send you informative and informative content about initiatives and events following your voluntary registration to the Hotel Le Calette newsletter;

legal basis refers to Article 6(1)(a) of the GDPR, i.e. the consent of the data subject;

1. To carry out commercial and promotional activities by subscribing to the newsletter;

legal basis refers to Article 6(1)(a) of the GDPR, i.e. the consent of the data subject;

1. The evaluation of possible job applications by acquiring CVs at the dedicated e-mail address as per the job proposals submitted in the ‘Work With Us’ section. 

In this case, processing is lawful even without the consent of the data subject, as required by Article 111 bis of the Privacy Code, Legislative Decree No. 196/2003, and on the basis of Article 6(1)(b) of the GDPR, if the conditions are met. 

1. Statistical research and analysis, aimed at ensuring and measuring the functioning of the Site, measuring traffic and assessing usability and interest in order to make it more functional and performing; 

the legal basis is the legitimate interest of the Controller, Art. 6(1)(f) of the GDPR.

1. Recover a debt, establish, exercise or defend a right of the Controller in court and/or whenever a judicial authority exercises its jurisdictional function;

legal basis refers to Article 6(1)(f) of the GDPR, i.e. the processing is necessary for the pursuit of a legitimate interest of the data controller;

1. For compliance with laws and regulations; 

the legal basis: Article 6(1)(c) of the GDPR, i.e. the processing is necessary because there is a legal obligation to which the data controller is subject.

 

5) Option of providing data

The provision of personal data is absolutely optional and related to the User’s requests. However, we would like to inform you that failure to provide this data, or providing only part of it, may make it impossible for us to respond to any requests, or to use the services of our Hotel. 

With regard to navigation data, however, what is stated above under 2) a) applies.

 

6) Data recipients 

The personal data collected are processed by the personnel in charge of MIA S.r.l., who act on the basis of specific instructions provided regarding the purposes and methods of processing. 

Should the Data Controller communicate your personal data to third parties in order to provide a service (e.g. booking a stay through Simple Booking, etc.), they will act as Data Processors pursuant to art. 28 of the GDPR; the updated list of Data Processors can be requested at any time from the Data Controller at the contact details indicated above.

Furthermore, your data will be communicated to entities, bodies and authorities to which the communication of data is obligatory by law.

 

7) Online payment service

If you wish to make a payment to our Hotel, you may use the online payment service; if you make a request to our front-office staff, they will send you an email with a personal link and instructions on how to make the payment on the NEXI Site;  

or by purchasing one of our services/products in the dedicated pages of the site, in which case, to finalise your order, you will be invited to select the payment method managed by the NEXI service provider (https://ecommerce.nexi.it/ecomm/payment/CassaQP.jsp).

The provider of this service is the company Nexi Payements S.p.A., with registered office in Corso Sempione no. 55, 20149 Milan – P.IVA 10542790968 (NEXI), and acts as autonomous Data Controller.

The transfer of data to NEXI is made pursuant to Article 6(1)(b) of the GDPR (processing necessary for the performance of the contract). Detailed information on the processing of your personal data is available at https://www.nexi.it/privacy.html.

 

8) Newsletter

On our Site or while booking online a stay in our facility through Simple booking, you can decide to subscribe to our newsletter, your data will be included in our mailing list managed with the support of the service provider Mail Chimp, a company The Rocket Science Group LLC. Your personal data will be processed, including by the provider as data processor and in accordance with the service contract in force, exclusively for the purposes set out in points b) and c) of this policy. 

We would like to remind you that you will be able to revoke the consent you initially gave with your registration at any time, in accordance with Article 7 of the GDPR, without this affecting the lawfulness of the processing based on your consent before revocation. You will also be able to delete your e-mail via the dedicated link in each e-mail communication.

 

9) Social media

This Website may refer or require certain permissions (if activated) linked to the Owner’s pages on social media (Facebook, Instagram, Linkedin), which allow actions to be performed with the User’s personal account, and information, including personal data, to be collected.

The details on permissions can be viewed in the special permissions documentation section available from the societies and the privacy policy adopted by them.

The basic information that may be managed, within the scope of these applications, may concern: id, name, image, gender, language, location information, in some cases contacts and friends connected in relation to the privacy policy that the User has set in his or her profile.

 

10) Place and time of storage of personal data 

Your personal data are processed at the Controller’s premises and at any other place where the parties involved in the processing are located, and are stored on servers mainly located in Europe. 

MIA S.r.l., or on its behalf the company appointed as Data Processor, will keep your personal data for the time strictly necessary to pursue the above-mentioned purposes, in compliance with civil and tax conservation obligations and within the limits provided for by law.

The special data communicated during the booking process will be retained for a maximum period of 60 days from the date you used the service booked, before being deleted from our files.

The personal data provided for subscription to the newsletter will be retained by the Controller and the service provider indefinitely, without prejudice to your right to unsubscribe, which you may exercise at any time by means of the dedicated link in the e-mail communications.

 

11) Transfers of personal data to third countries

Due to the support clouds of certain service providers, some of the data subject’s personal data may be transferred to recipients located outside the European Community, with regard to the adequacy of the level of protection, please refer to the measures taken regarding the application of Chapter V of the GDPR.

 

12) Rights of the Data Subject

As a ‘Data Subject’, pursuant to Articles 7 and 15 to 22 of the GDPR, you have the right at any time to

withdraw consent, where given, at any time and without prejudice to the lawfulness of the processing based on the consent given before the withdrawal (Art. 7 right to withdraw consent); 

receive confirmation of the existence of your personal data, access their content and obtain a copy (Art. 15 right of access); 

update, modify and/or correct your personal data (Art. 16 right of rectification); 

request the deletion or restriction of the processing of data in the cases provided for by the ‘Regulation’, including cases where the data have been processed in breach of the law or where their storage is not necessary in relation to the purposes for which the data were collected or otherwise processed, (Art. 17-18 right to deletion and right to restriction); 

within the limits of the ‘Rules’, receive a copy of the data you have provided in a structured, commonly used and machine-readable format and request that such data be transmitted to another data controller if technically feasible (Art. 20 right to data portability);

object at any time to the processing of your data (Art. 21 right of objection);

to know about the existence of an automated decision-making process, including profiling.

 

Finally, we remind you of your right to lodge a complaint with the Garante per la protezione dei dati personali or another supervisory authority pursuant to Article 77 GDPR.

 

13) Contact details

To exercise your rights and for any questions concerning your personal data, you can write to us or telephone the Data Controller : 

MIA S.r.l. ~ Hotel Le Calette

Via V. Cavallaro n. 12 – 90151 Cefalù (PA) Italy. 

email: privacy@lecalette.it ~ phone number 0921 424144.

 

14) Changes and updates to the privacy policy

This policy may be subject to change over time – including in connection with any new sector regulations, the updating or provision of new services or technological innovations – so please consult this page periodically.

 

Last update: June 2024