Privacy Policy
Information on personal data pursuant to Art. 13 of GDPR 679/2016
Data Controller
M.S SRL (hereinafter referred to as the Data Controller), with registered office at Via Lungomare Italia, 56 64014 Villa Rosa di Martinsicuro (TE), VAT No. 00522470673, tel. +39 0861712620, is the controller of the personal data collected through the Website. The Data Controller independently determines the purposes and means of processing.
Email address: info@hotelmaxims.it
Place of data processing
The main processing operations related to the web services of this website take place in ITALY.
Security and methods of data processing
As required by Art. 32 GDPR, the processing of personal data is carried out using IT tools suitable to guarantee a level of security appropriate to the risk. Communications to and from the web server take place using secure communication protocols with TLS/SSL encryption algorithms.
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out using IT and/or automated telematic tools, with organizational methods and logic strictly related to the stated purposes. In addition to the Data Controller, other parties involved in the organization of this Website (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data and may be appointed as Data Processors. The updated list of Data Processors may always be requested from the Data Controller.
Why do we collect your data?
We use your information to provide our services, for example to process your requests for information/quotes/bookings, to offer holiday packages, and to keep you informed about the best offers and/or news related to our facility. Data is collected when one of the following conditions applies:
- The User has given consent for one or more specific purposes;
- The processing is necessary for the performance of a contract with the User and/or pre-contractual measures;
- The processing is necessary to comply with a legal obligation to which the Data Controller is subject;
- The processing is necessary for the pursuit of the legitimate interest of the User;
- The data are necessary for the technical functioning of the website and/or anonymous statistical purposes;
It is always possible to request the Data Controller to clarify the specific legal basis of each processing activity and in particular to specify whether the processing is based on the law, provided by a contract, or necessary to conclude a contract.
Types of data processed
Browsing data
Among the data collected by this Website, either independently or through third parties, there are: Cookies and usage data. This information is not collected to be associated with identified individuals, but could, through processing and association with data held by third parties, allow users to be identified. These data are collected to obtain anonymous statistical information on website usage, to check its correct functioning, and in some cases to comply with legal obligations. This category includes IP addresses, browser identifiers (user agent), URI addresses of requested resources, request time, method used to submit the request, numerical code indicating the status of the server response, and other parameters related to the user's operating system and IT environment.
Data voluntarily provided by the user
To provide certain services through the website, the user may be asked to enter personal data such as first name, last name, phone number, email address and other types of data. Mandatory or optional data are specified in the relevant forms and mandatory fields are marked with an asterisk (*). Failure to provide mandatory data may make it impossible to provide the requested service.
Optional nature of data provision
Except for browsing data, the user is free to provide personal data. Failure to provide mandatory data will make it impossible to use the service. The user assumes responsibility for third-party personal data shared through the Website.
Data retention period
Data are processed and stored for the time required by the purposes for which they were collected and for an additional period of 24 months. For accounting and tax purposes (e.g. online transactions), data are retained for 10 years.
For technical data such as cookies, retention periods are defined by their technical characteristics.
How we use your information
Personal data are processed mainly by electronic means for purposes related to the use of the Website and its services.
In particular:
- Information and/or booking requests;
- Subscription to specific services such as newsletters;
- Sending promotional and marketing communications;
- Market research and statistical analysis.
Activities under points b), c) and d) require explicit consent and may be carried out via mail, internet, phone, email, SMS or MMS within the European Union.
Rights of data subjects
Data subjects may exercise their rights pursuant to Articles 15 to 22 of the GDPR, including:
- Data deletion;
- Data rectification;
- Processing restriction;
- Data portability;
- Right to object to automated decision-making (profiling).
Complaints may be submitted to the competent Data Protection Authority.Additional information
The Data Controller reserves the right to modify this Privacy Policy at any time.
Last update: 14/04/2021