Privacy Policy

This privacy policy contains important information on the processing and protection of personal data of users of the site https://www.lofthospitality.com

The data collected through the site are processed according to the principles of correctness, lawfulness, transparency, purpose limitation and conservation, minimization and accuracy, integrity and confidentiality, as required by EU Regulation 679/2016 (GDPR).

Data Controller
The data controller is Francesco Tesoro, email info@lofthospitality.com

Website
Francesco Tesoro is the owner of the site https://lofthospitality.com from now on “Site”.
The Site is hosted on hosting managed by Aruba – https://aruba.it/

What personal data is collected and why (type of data, purpose and legal basis)
By browsing this Site, personal data may be collected, as better specified below.
Cookies are also installed, as you can read in the cookie policy.

Navigation Data
The site’s computer systems implicitly collect, during their operation, some personal data (provided for by Internet communication protocols). These are not associated with specific subjects, except through a complex and complicated system of processing and association with other data held by third parties. This category of personal data includes the IP addresses or domain names of the computers used by users who connect to the site, the browsers and parameters of the computer system used to connect to the site, navigation data, including time of request and response obtained from the server.
Data processed: IP addresses or domain names of the computers used by users who connect to the site, browsers and parameters of the computer system used to connect to the site, navigation data, including time of the request and response obtained from the server.
Purpose: use of the site, anonymous statistics on the use of the Site.
Legal basis: legitimate interest of the Data Controller.

Contact form
If completing the contact form on the Site, the user is required to provide his/her name and email address, which are necessary for the Owner to follow up on the request received.
Data processed: name and email address.
Purpose: booking a room following a request received from the user.
Legal basis: consent, expressed at the bottom of the form.

In most cases, user data is collected through the use of cookies.
In the Site’s cookie policy you will find further information, including on how to disable some cookies.

Treatment and conservation methods
The data processing is carried out automatically and/or manually, in compliance with the provisions of the art. 32 of the GDPR 2016/679 regarding security measures; that is, the data are processed and managed in such a way as to avoid or in any case limit as much as possible the risks of loss, destruction, theft and in such a way as to allow their restoration, if one of the cases described were to occur.
Based on the provisions of the art. 4 of the GDPR 2016/679, the data provided may be: collected, recorded, organised, stored, consulted, processed, modified, selected, extracted, compared, used, interconnected, blocked, communicated, deleted and destroyed.
Suitable data protection systems have been adopted (use of antivirus, passwords, locked archives for storing paper forms).
The data is processed and archived in electronic form on a PC.

Data retention period
Personal data is stored for the time necessary to manage the answers to user questions, in case of filling out the form on the site.

In any case, the user has the right to request the destruction or deletion of the data provided.
The data may also be stored for a longer period, to fulfill fiscal obligations or the order of an Authority.
At the end of the period necessary for conservation, the data will be deleted and no longer recoverable.

Communication and dissemination of data
Personal data will never be disclosed and will not be communicated without the user’s explicit consent.

Data access
The data could be made accessible due to a legal obligation, which may involve the transfer of data to public bodies, judicial authorities, insurance bodies.
The data may be visible to an IT consultant/technician who needs to repair/maintain IT tools.
The names and contact details of the consultant or IT technician may be communicated upon simple request via email to the address: info@lofthospitality.com.

Transfer of personal data
The data will not be transferred either to member states of the European Union or to third countries not belonging to the European Union

Special categories of personal data
The Site does not collect or process data that can be classified as “special categories of personal data”, pursuant to articles 9 and 10 of the GDPR 2016/679.

Rights of the interested party
At any time, the user may exercise, pursuant to articles 15 to 22 of the GDPR 2016/679, the right to:

• ask for confirmation of the existence or otherwise of personal data concerning him;
• obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
• obtain the rectification and deletion of data;
• obtain the limitation of processing;
  obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without impediments;
• object to processing at any time and also in the case of processing for direct marketing purposes;
• oppose an automated decision-making process relating to natural persons, including profiling;
• ask the data controller to access personal data and to rectify or delete them or limit the processing that concerns them or to oppose their processing, in addition to the right to data portability;
• revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
• lodge a complaint with a supervisory authority.

Methods of exercising rights
To exercise the aforementioned rights or to receive clarifications or other information regarding the processing of personal data, you can write to the e-mail address info@lofghospitality.com and a response will be given within 30 days.

If you intend to lodge a complaint with the Guarantor Authority, you can visit the website https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali for any information.