7°C
7°C

Privacy

The Data Controller is:

Thomas Sparer
Unteralberweg 4
39057 Eppan (BZ)
South Tyrol – Italy
Web: www.ansitz-grustdorf.it
Email: info@ansitz-grustdorf.it
VAT No.: IT02611340213

Privacy notice and consent pursuant to EU Regulation 679/2016 (General Data Protection Regulation – GDPR) – Guests

Dear Guest,

In accordance with Art. 13 GDPR, we hereby inform you how your personal data will be processed.

Controller of the data processing:

Thomas Sparer

Purpose and subject of the data processing:

We process your personal data and that of any fellow travelers (to whom this notice must also be presented) in compliance with applicable data protection laws in order to provide our services, including the issuing and delivery of the South Tyrol Guest Pass and/or to accommodate you. The following data may be processed:

  • Personal data such as name, address, contact details, date of birth, nationality
  • ID card and travel documents
  • Payment details
  • Duration of stay
  • Vehicle license plate number
  • Personal preferences & additional services (e.g. type of room)
  • Tax code (only for Italian guests), for electronic invoices
  • Relevant health data, e.g. allergies (if voluntarily provided)

The provision of data is voluntary. However, if you do not provide the necessary data, we will be unable to fulfill our pre-contractual or contractual obligations and therefore cannot accommodate you.

Recipients of personal data:

Where necessary for the provision of our services and/or legally required, your personal data may be disclosed to third parties such as the LTS. Due to reporting obligations, your personal data will be forwarded to public authorities (e.g. ASTAT or the Police Headquarters). In connection with the issuance of the South Tyrol Guest Pass, your data will be transmitted to the Mobility Consortium, which, as the card issuer and central coordinating body, acts as the independent data controller of the transmitted data. For more information regarding data processing, you can write to privacy@moko.bz.it. The full privacy notice can be found at https://www.moko.bz.it/datenverarbeitung-guest-pass.

Your data will not be transferred outside the EU. Automated decision-making, including profiling, is not used.

External suppliers, such as IT service providers or software suppliers, may also have access to personal data. Data processors have been appointed in writing in accordance with Art. 28 GDPR.

Legal bases of data processing:

  • Fulfillment of pre-contractual/contractual obligations (Art. 6 para. 1 b GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c GDPR), e.g. reporting duties
  • Consent voluntarily given (Art. 6 para. 1 a GDPR), e.g. newsletters
  • Legitimate interests of the controller (Art. 6 para. 1 f GDPR), e.g. internal system processing
  • Consent voluntarily given (Art. 9 para. 2 a GDPR) for processing of relevant health data, such as allergies or intolerances, to protect health

Storage period of personal data:

The duration of storage of your personal data is determined by legal obligations and the length of our business relationship. Fiscally relevant data will be kept for 10 years.

Your rights:

You may exercise the following rights at any time free of charge: Right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR). You may also withdraw your consent at any time.

To exercise your rights, please contact the data controller mentioned above.

You also have the right to lodge a complaint with the Italian Data Protection Authority (“Garante per la protezione dei dati personali”).

Privacy information of the business regarding the Touristmanager system

1.1 The Business and the Touristmanager

The business Thomas Sparer, Unteralberweg 4 – 39057 Eppan, +39 339 810 7645 – info@ansitz-grustdorf.it(“Business”), is the data controller with regard to the processing of personal data in the Touristmanager system, which it uses for guest management.

The business respects and protects the right to privacy and data protection and takes all legally required measures to safeguard the personal data of its guests.

This privacy information provides you with a quick and simple overview of which personal data of yours, as an interested party and/or guest, is processed for which purposes and on which legal basis. You are also informed of your rights as a data subject.

1.2 Data processing in the Touristmanager

With the Touristmanager system, the business manages and processes, in particular, the data of its (potential) guests, such as name, address, services used, related documents and correspondence, date of birth, gender, nationality, country of birth, document details, accounting and payment data, disclosed interests, disclosed intolerances, disabilities or other health data, possibly the vehicle license plate, registration and stay data.

The business may also handle the payment of the local tax, the mandatory registration of accommodated persons (police registration), and the required statistics. If the relevant data is not provided, the services of the business generally cannot be rendered.

The legal basis of processing is, on the one hand, the necessity to fulfill the contract between the business and the guest or to carry out pre-contractual measures at the request of the guest (Art. 6 para. 1 b GDPR) and – particularly regarding health data – the respective (explicit) consent (Art. 6 para. 1 a GDPR and Art. 9 para. 2 a GDPR). Consent may be withdrawn at any time from the business in accordance with the process specified at the time of consent. Withdrawal may also be communicated to the LTS via email at gdpr@LTS.it, and the LTS will promptly forward the withdrawal to the business.

Processing based on contractual purposes continues until the contractual purposes cease or statutory retention obligations (in particular under tax and/or company law) expire. Processing based on consent continues until withdrawal.

For the technical operation of the Touristmanager, the business makes use of the IT services of LTS – Landesverband der Tourismusorganisationen Südtirols, Gerbergasse 60, 39100 Bolzano, Tel. +39 0471 978060, Fax +39 0471 977661, Email: info@LTS.it, Web: www.LTS.it (“LTS”), which may have access to the above data. The business has concluded the legally required agreements with LTS to ensure that the data is processed lawfully and securely.

2. Information about your rights as a data subject

2.1 Notes on the rights of the data subject

The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed; if so, they have the right to access this personal data and the information listed in Art. 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them and, where appropriate, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, where one of the grounds in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the purposes for which it was collected (right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing.

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and they have the right to transmit those data to another controller without hindrance, under certain circumstances, e.g. where processing is based on consent and carried out by automated means (right to data portability, Art. 20 GDPR).

The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them. The controller shall then no longer process the personal data unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21 GDPR).

Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR (Art. 77 GDPR). In Italy, the competent authority is the Garante per la protezione dei dati personali.

2.2 Rights of the data subject

According to Art. 7 of Legislative Decree 196/2003 and Articles 15 to 22 of EU Regulation 679/2016, you may exercise your rights at any time:

a) To request confirmation of the existence or non-existence of personal data concerning you;
b) To obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be disclosed, and, where possible, the retention period;
c) To obtain the rectification or erasure of data;
d) To obtain restriction of processing;
e) Where applicable, to request data portability, i.e. to receive the data from a data controller in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance;
f) To object to processing at any time, including processing for direct marketing purposes;
g) To object to automated individual decision-making, including profiling;
h) To request from the data controller access to your personal data, their rectification, erasure, or restriction of processing, or to object to processing, in addition to the right to data portability;
i) To withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
j) To lodge a complaint with the Data Protection Authority in Rome, Piazza Venezia 11, official website: www.garanteprivacy.it.

The exercise of rights requires no particular form and is free of charge.