Policy & Privacy
WHAT’S PRIVACY POLICY
This page describes the website’s management methods as concerns the handling of the personal data of users visiting it.
This notice is provided pursuant to UE regulation n.679/2016 – Personal Data Protection Code to those who interact with web services accessible from the address: www.whitehomeroma.it
The information is provided only to the website www.whitehomeroma.it of the Controller company and not to other websites the user may visit via links.
This statement conforms to European Community standards and more precisely to UE regulation n.679/2016 that the European authorities for the protection of personal data, adopted to identify some minimum requirements for the collection of personal data on-line and, in particular, the manners, times, and nature of the information that data controllers must provide to users when the latter connect to web pages, regardless of the purpose of their connection.
THE DATA “CONTROLLER”
Pursuant to UE regulation n.679/2016, Controller of the Data is Mr. Paolo Antenucci, Piazza dei Re di Roma, 3 00183 ROMA hereinafter referred to as the Landlord;
THE DATA “PROCESSOR”
Pursuant to UE regulation n.679/2016, Data Processor is the Landlord.
Pursuant to UE regulation n.679/2016, the external data Controller for the site management and personal data acquisition during booking is the Company E4J s.r.l. owner of the hotel booking engine (www.e4jconnect.com) incorporated into this website.
DATA PROCESSING LOCATION
The processing connected to this site’s web services therefore takes place on the premises of the controller and external processors in the relevant areas.
No data from the web service is communicated by the two companies to third parties unless strictly relevant to the purpose of the processing or imposed by law or regulation.
PURPOSE OF THE DATA PROCESSING.
The personal data provided voluntarily and optionally by users sending requests for information about the apartments’ facilities (rates, availability, etc) are used for the sole purpose of performing the service or provision requested and are not disclosed to third parties unless disclosure is required by law or is strictly relevant and necessary for the fulfillment of the requests.
In particular, personal data provided voluntarily by the parties concerned by the processing shall be collected and processed, including by electronic means directly and/or through delegated third parties (company for the e-mail service, company hosting the website) for the following purposes:
checking the availability of the requested apartment against information in the booking form;
to make and confirm the reservation by providing personal identification data and credit card data as a guarantee;
activating eventual promotional and commercial activities pursuant to UE regulation n.679/2016;
to comply with current administrative, accounting and tax obligations, as well as with laws and regulations;
registering in the newsletter to receive periodic commercial or promotional communications;
for action by the Controller in court or in the preliminary stages leading to possible legal action against abuses arising from illicit use of the website or related services by the User;
statistical purposes in anonymous form (to assess the number of visits, etc.).
BOOKINGS
Personal data for the reservations shall be processed in electronic and paper format for the sole purpose of guaranteeing the rooms are booked in the conditions agreed.
The booking platform is owned by E4J CONNECT, the external processor, which will communicate the data of the party concerned to the web site www.whitehomeroma.it for the normal activities related to managing the accommodation.
The data shall be recorded in our electronic databases accessible to staff properly instructed and trained in personal data security and confidentiality.
To confirm the booking a credit card given as firm guarantee must be provided, it being understood that the customer can choose to pay in cash at the end of the stay.
COMMERCIAL COMMUNICATIONS VIA E-MAIL
The landlord reserves the option of sending promotional and commercial e-mails in accordance with UE regulation n.679/2016:
“if in the context of a sale of goods or of a service the Data Controller uses the customer’s e-mail address, the same address may be used for sending commercial and promotional material without seeking prior consent, provided the customer is duly informed at every mailing of promotional and marketing material and that he is able easily and freely to exercise the right to discontinue this processing.”
In that case, having received the first promotional message the data subject shall be able to cancel his subscription from the hotel newsletter with a simple click.
Sending these messages is entrusted to a third-party provider of email services.
DATA COMMUNICATION AND DISSEMINATION
Personal data collected from the website in question can be treated only by persons officially appointed and trained in the field of personal data privacy and security.
The contexts for communicating data subjects’ personal data may relate to:
Organizations or Public Offices on the basis of legal and / or contractual obligations;
E4j srl companies;
external processors as companies or consultants who carry out activities for the proper functioning of the site and management of the information acquired through the same on the controller’s behalf;
the Postal Police for determining whether any activities may be harmful to the company website;
Personal data shall not be disclosed.
NAVIGATION DATA
During their normal operation software applications designed to run this website acquire some personal data whose transmission is implicit in the normal IP protocol of Internet communication.
While it is not collected to be associated directly with the data subjects, by its very nature through processing and subsequent correlation with data held by third parties (providers) this information could allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, the date and time of the request, the URI (Uniform Resource Identifier) of requested resources, the size of the files obtained in reply from the server, the digital code indicating the status of the response from the server (ok, error, etc..) and other parameters regarding the operating system and computer environment.
This data is used only to obtain anonymous statistical information about website usage and to check the site is functioning correctly; they are deleted immediately after processing.
This site may disclose personal data which, if required in accordance with law, may be communicated to the judicial authorities for the purposes of defending the State or the prevention, detection or suppression of crime, serve to ensure the protection of the personal data of data subjets’ enjoying on-line services of the site, for eventual defensive investigations as per UE regulation n.679/2016, or in any event to assert or defend a legitimate right and interest of the Controller in court while still complying with the principles of relevance and proportionality with respect to the processing’s purpose.
NON-OBLIGATORY NATURE OF THE DATA PROVISION
Unless otherwise specified as concerns navigation data, the user is free to provide personal data to make an on-line reservation.
The advancement of the on-line booking procedure implies the data subject’s consent to the processing of his personal data following the privacy policy of this website.
The possible acquisition of other personal data via dedicated forms (e.g. recording in the newsletter) shall require the data subject’s explicit awareness of the information as authorization for processing his personal data.
Failure to provide the personal information provided by the website may make it impossible to fulfill the request.
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
PROCESSING METHODS
The perrsonal data are processed in paper format and/or by automated tools for the time strictly necessary for the purpose for which they have been collected.
In order to prevent data loss, abuse, incorrect use, and unauthorized access specific security measures are observed.
DATA VOLUNTARILY PROVIDED BY THE USER
Sending an optional, explicit, and voluntary e-mail to the addresses indicated on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
COOKIES
Cookies are small files stored on your hard drive. This allows easier navigation and makes the site easier to use.
Cookies usually allow access to information already stored on the computer of the person concerned for purposes which may be of a commercial nature (e.g. profiling) or technique (to ensure proper operation of the site visited).
According to UE regulation n.679/2016no explicit consent shall be required for the use of cookies because only session cookies will be used, or cookies for the proper functioning of the website.
Cookies for transmitting personal information shall not be used, nor the so-called persistent cookies of any kind, that is user tracking systems.
The use of the so-called session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site.
The so-called session cookies used in this website avoid using other computer techniques that potentially impair the confidentiality of user browsing data and which do not allow the user’s personal identification data to be acquired.
DATA SUBJECT RIGHTS
The data subjects have the right, at any time, to obtain confirmation of the existence or non-existence of the data concerned and to be informed of its content and origin, verify its accuracy or request it to be integrated, updated, or corrected.
Pursuant to the same article, the data subjects have the right to request the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, and in any event, to refuse its processing on legitimate grounds.
Requests should be addressed to the Controller of the personal data.
Below are the data subject’s rights in full.
– Right to access personal data and other rights
1. The data subject has the right to obtain confirmation of the existence or not of any personal data concerning him, even though not yet recorded, and to have them communicated in an intelligible form.
– Right to be forgotten:
2. The interested party has the right to obtain the cancellation of their personal data
3. The data subject has the right to obtain the following information:
a) the source of the personal details;
b) the purposes and procedures of the processing;
c) the logic applied in case of processing with electronic instruments;
d) the identity details of the controller, processors, and designated representative in the meaning of UE regulation 679/2016;
e) of the parties or categories of parties to whom the personal data may be communicated, or who can come to know them as appointed representatives in the territory of the State or as managers or employees.
4. The data subject has the right to obtain:
a) the updating, editing or, when he has an interest, the integration of the data;
b) the deletion, anonymisation, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it has been collected or subsequently processed;
c) certification that the operations under letters a) and b) have been notified, including as concerns their content, to the persons to whom the data have been communicated or disseminated, except where such performance proves to be impossible or entails an employment of resources obviously out of all proportion to the right protected.
The data subject has the right to object, in whole or in part:
a) on legitimate grounds to the processing of personal data concerning him, even if pertinent for the purposes for which they have been collected ;
b) to the processing of personal data concerning him for the purposes of sending advertising material, direct sales, for carrying out market research or commercial communications.