Privacy policy
This page describes the methods of managing the site with regards to the processing of personal data of users who consult it. It is an informative document that is also provided in accordance with Article 13 of the EU Regulation 2016/679, applicable from May 25, 2018 - General Data Protection Regulation (GDPR), to those who interact with the web services of Hotel Nazionale, accessible online at the following address:
www.hotelnazionale.it
This information is provided only for the website www.hotelnazionale.it and not for any other websites that may be consulted by the user through links. It complies with Recommendation No. 2/2001 on the minimum requirements for collecting personal data online within the European Union, adopted on May 17, 2001 by the Article 29 Working Party.
INDEX
1) DATA CONTROLLER
2) DATA PROCESSOR
3) TYPES OF PROCESSED DATA
4) PROCESSING METHODS
5) PURPOSE, LEGAL BASIS, AND NATURE OF DATA PROVISION
6) TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
7) DATA RETENTION
8) CURRICULUM MANAGEMENT
9) INFORMATION ON PERSONAL DATA PROCESSING DURING CONGRESS EVENTS
10) BOOKING SYSTEM SECURITY
11) MINORS' PRIVACY AND PARENTAL CONSENT
12) RIGHTS OF THE DATA SUBJECTS
13) COOKIES
- Technical cookies
- Analytical cookies
- Profiling cookies
- List of cookies used on this website
- How to disable cookies
14) UPDATES AND REVISIONS
DATA CONTROLLER
According to Article 4(7) of the GDPR 2016/679, the data controller of your personal data is Hotel Nazionale S.r.l., with registered office at Via degli uffici del Vicario, 35 - 00186 Rome; Tel +390669500810 - email: amministrazione@hotelnazionale.it through its legal representative.
DATA PROCESSOR
According to Article 28 of the GDPR 2016/679, the officially appointed company for the management of the website and reservations is Automatic Netware Limited, operating as Bookassist, 35 Fitzwilliam Place, Dublin 2, Ireland.
Location of data processing
The processing related to the web services of this site takes place at the headquarters of the data controller and data processor and is handled only by technical staff in charge of processing. No data derived from the web service is communicated or disclosed. The personal data provided by users who submit requests for informative material are used only to perform the requested service or provision and are communicated to third parties only if necessary for this purpose.
TYPES OF PROCESSED DATA
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information about the use of the site and to ensure its proper functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, currently the data on web contacts do not persist for more than thirty days.
Data voluntarily provided by the user
The optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Brief summary information will be progressively reported or displayed on the pages of the site specifically prepared for particular services on request.
PROCESSING METHODS
Personal data is processed using automated tools for the time necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent the loss of data, illegal or incorrect use, and unauthorized access.
PURPOSE, LEGAL BASIS, AND NATURE OF DATA PROVISION
The Personal Data you provide through the Website will be processed by Hotel Nazionale S.r.l. for the following purposes:
a) purposes related to the performance of a contract of which you are a party or the execution of pre-contractual measures taken at your request (e.g., request for information in the "Congress Center Event Request" section, Reservation, Subscription to special offers, etc.). Consent Not Required;
b) purposes related to the sending of promotional and commercial materials via email, as you are registered as our customer and have given explicit consent or based on contacts, registration for the site's newsletter, exercise of soft spam. Requires explicit consent from the data subject or the exercise of a legitimate interest of the data controller (soft spam)
c) purposes of research and statistical analysis on aggregated anonymous data, aimed at measuring the functioning of the Website, measuring traffic, and evaluating usability and interest to make it more functional and performant; Consent not required as it does not involve the processing of personal data
d) purposes related to compliance with laws and regulations; Consent not required
e) purposes necessary to establish, exercise, or defend a right in court or whenever judicial authorities exercise their judicial functions. Consent not required
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
No personal data of the user is transferred outside the EU.
DATA RETENTION
Hotel Nazionale will process your Personal Data for the time strictly necessary to achieve the purposes stated in this information.
By way of example and not exhaustively, Hotel Nazionale will process the Personal Data for the newsletter service until you decide to unsubscribe from the service by simply clicking on the received email.
Subject to the above, Hotel Nazionale will process your Personal Data for the time permitted by Italian law for the protection of its interests (Art. 2947(1)(3) c.c.).
More information regarding the retention period of Personal Data and the criteria used to determine such period can be requested by writing to the data controller.
CURRICULUM MANAGEMENT
This information notice, prepared in accordance with Article 13 of the GDPR 2016/679, can also be used by Hotel Nazionale for any job postings published on websites or portals not directly managed by the company.
The Company will process the resumes received via email or through third-party personnel selection companies (publications on portals, etc.) to evaluate potential applications within the company or that may arise in the near future.
The processing is carried out electronically, excluding resumes received by regular mail.
The resumes considered "interesting" will be kept at the company's headquarters for a period of 12 months and will be processed in full compliance with the security measures provided for in Article 32 of the GDPR 2016/679.
Resumes deemed irrelevant, as well as those resumes whose retention period has exceeded 12 months, will be deleted.
The resumes will be kept at the human resources office of Hotel Nazionale and will not be disclosed to unauthorized third parties.
They may be evaluated by department heads of the hotel appointed as data processors (pursuant to Article 29 and Article 32(4) of the GDPR 2016/679).
For resume submission, candidates are kindly requested to follow these rules:
• fill in their resume using the European format;
• submit the resume in PDF format;
• avoid including in their resume special categories of personal data as defined in Article 9 of the GDPR 2016/679 (relating, in particular, to health status, religious, philosophical, or political beliefs) that are not relevant to the job offer;
• give consent to the processing of special categories of personal data concerning health status as defined in Article 9 of the GDPR, relevant to the establishment of an employment relationship (e.g., belonging to protected categories).
The company reserves the right not to delete resumes that do not comply with the above requirements.
The purpose of the processing related to curriculum management will involve activities strictly related to the evaluation, recruitment, or selection of personnel, with the aim of collaboration, temporary or permanent employment, internships, or to allow the selected candidate to prepare their thesis at our headquarters.
INFORMATION ON PERSONAL DATA PROCESSING DURING CONGRESS EVENTS
Personal data acquired following the signing of a commercial contract will be processed in paper and electronic form exclusively to follow up on the provision of the service, namely to guarantee the reservation of the conference room, allow for the proper execution of any related conference services (catering, etc.), and to fulfill any accommodation obligations (room reservations) for event guests. The legal basis for the processing is Article 6(1)(b) of the GDPR 2016/679, according to which the processing of personal data is necessary to fulfill pre-contractual and contractual obligations. The purposes of the processing include accounting and administrative tasks, normal customer management, legal obligations, supervision and control activities, as well as marketing and commercial activities via email, for which we reserve the right to register you in our electronic database with your explicit consent.
With regard to the provisions of the General Data Protection Regulation EU 2016/679 (hereinafter GDPR), the parties mutually acknowledge that the personal data, which are mandatory for the conclusion of this contract, will be used exclusively to fulfill contractual obligations, manage administrative, accounting, and tax obligations, relationships with public administrations and authorities, and all obligations deriving from national or European laws and/or regulations. Except for legal obligations, Hotel Nazionale S.r.l. will not disclose the data to third parties and will implement all organizational and technical measures to ensure adequate security by officially authorized personnel. The customer's personal data will be stored at the headquarters of Hotel Nazionale S.r.l. and processed by authorized personnel. The same personal data may be communicated to debt collection companies and banking institutions for the management of collections and payments, and finally to companies or consultants collaborating with us solely to follow up on the provision of the service or to fulfill accounting and administrative purposes. Except for the aforementioned cases, the customer's personal data will not be communicated in any way or form to others, except for subjects to whom communication is linked to legal obligations. The personal data will be processed for the entire duration of the contractual relationship and even afterwards to fulfill all legal obligations. The retention periods are 10 years for contractual documentation and accounting records (Article 2220 of the Civil Code); contact data for marketing purposes will be retained until consent is revoked. Both parties will act as individual data controllers and undertake to comply with the provisions of the GDPR 2016/679. For any issues related to the processing of personal data or the exercise of the rights provided for in Articles 15 and following of Chapter III of the GDPR 2016/679, you can contact our data protection officer at the following email address: segreteria@hotelnazionale.it
Confidentiality clause
In the event that the client organization (company, association, or nonprofit entity) rents multimedia equipment on the occasion of the event, the client company is responsible for ensuring that no documents in paper or electronic format, such as data, company information, or programs stored on external media (USB drives, etc.) or on the laptop provided by our hotel, remain in our premises. In accordance with EU Regulation 2016/679 (hereinafter referred to as the GDPR), the Industrial Property Code (Legislative Decree 30/2005 and Legislative Decree no. 131/2010), and legislation on industrial espionage (Articles 621, 622, and 623 of the Italian Penal Code), Hotel Nazionale is not responsible for any loss, damage, or unauthorized acquisition of personal data and company information on paper or electronic media "forgotten" due to negligence, carelessness, or lack of skill in the hotel's conference rooms or in any computer equipment provided by the hotel.
BOOKING SYSTEM SECURITY
Bookassist is certified as compliant with PCI DSS (Payment Card Industry Data Security Standard). All information sent to this site, if in an SSL session, is encrypted and protected against disclosure to third parties.
Bookassist is certified as a service provider through VeriSign Certification Authority.
This site is hosted in a secure environment: the Site's servers/systems are configured with data encryption, camouflage, technology, and industrial-level firewalls. By entering personal data during a booking process or when registering as a user by email, this data is protected by Secure Socket Layer (SSL) technology to ensure secure transmission.
MINORS PRIVACY AND PARENTAL CONSENT
The Hotel specifically requests that minors do not use this Site and do not send or post information on it. In the event that the Hotel inadvertently acquires personal information or data of a different nature belonging to a minor, it should be noted that any disclosure of such data by the Hotel to third parties would depend solely on the fact that the minor user has used the Site and disclosed personal information without requesting or obtaining permission from the Hotel.
RIGHTS OF THE DATA SUBJECTS
Individuals to whom the personal data refer have the right at any time to obtain confirmation of the existence of such data and to know their content and origin, verify their accuracy, or request their integration, updating, or rectification (Chapter III GDPR 2016/679). In accordance with the same article, they have the right to request the erasure, anonymization, or blocking of data processed in violation of the law, as well as to object in any case, for legitimate reasons, to their processing.
In accordance with Chapter III of the GDPR 2016/679, you have the right to request access to your Personal Data, their rectification or erasure, or to object to their processing, as well as the right to data portability. You also have the right to object to profiling and to lodge a complaint with the supervisory authority.
Furthermore, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal. For a complete and exhaustive list of the rights exercisable by the data subject, please refer to Articles 15-23 of the GDPR 2016/679.
Requests should be addressed via email to the following address: privacy@hotelnazionale.it, or you can directly contact the data controller at the following contact details:
Via Umbria, 7, 00187 Rome, Italy
+39 06 42016280
+39 06 42390432
rome@bookassist.com
COOKIES
Technical Cookies
These cookies are of a technical nature and allow the website to function properly. This category includes essential cookies for the correct functioning of the website and functional cookies that enable the user to enhance the browsing experience based on their choices (e.g., language selection, etc.).
We also use technical cookies to keep track, in accordance with applicable regulations, of the consents given by users for the receipt of third-party profiling and analytics cookies.
The use of permanent technical cookies or session cookies (i.e., cookies that are not stored persistently on the user's computer and are deleted when the browser is closed) is strictly limited to the technical provision of the service requested by the user and the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient browsing of the website and its applications.
The technical cookies used on this website prevent the use of other potentially harmful computer techniques that could compromise the privacy of users' browsing.
Analytical Cookies
These cookies help us understand, through anonymously and aggregated data, how users interact with our website by providing us with information about visited pages, time spent on the site, the type of platform used, the number of clicks on a specific page, any malfunctions, etc.
Statistical cookies assist website owners in understanding how visitors interact with the sites by collecting and transmitting information anonymously.
We use Google Analytics to collect and analyze information about the website usage behavior for statistical purposes, without acquiring personally identifiable information of the user. In terms of how we use these cookies, they are effectively equivalent to technical cookies, and therefore the explicit consent of the user is not required.
Profiling Cookies
We use third-party profiling cookies to record and generate reports on user actions on the site in order to measure the effectiveness of an advertisement and present targeted advertising to the user.
In particular, we reserve the right to use remarketing, which means that whenever a new visitor accesses our site, the code releases a persistent anonymous cookie to the browser (Internet Explorer, Firefox, Chrome, Safari, etc.). Subsequently, when the visitor tracked by the remarketing cookie browses the web, the cookie allows the remarketing provider to display ads promoting our services, ensuring that these ads are shown only to people who have already visited your site.
The aim is to display relevant and engaging ads to individual users in line with their previous browsing experiences, "following" the user even after they have left our website.
List of cookies used on this website
Cookie Name: First-party Technical Cookies
Type / Purpose: First-party technical cookies that are instrumental and essential for the proper functioning of the website.
In accordance with European cookie regulations, we use a technical cookie to track the user's consent to the acceptance of third-party and profiling cookies.
Expiration: End of the browsing session.
---
Cookie Name: Google Analytics
Type / Purpose: Third-party analytical cookies. Google Analytics is a Google analysis tool that helps website owners understand how visitors interact with the content of their website (pages visited, browsing time, etc.) by providing useful statistics to optimize and improve the website's navigation without identifying the visitor. This cookie is used solely to collect information in an aggregated and anonymous form about the number of users and how they visit the site. We use this cookie anonymously by anonymizing the user's IP address and not cross-referencing this information with third parties.
Expiration:
_utma - 2 years
_utmt - 10 minutes
_utmb - 30 minutes
_utmc - until the end of the session
_utmz - 6 months
_utmv - 2 years
Link to the third-party Privacy Policy: Google Analytics Privacy Policy
---
Cookie Name: Double Click
Type / Purpose: Third-party profiling cookies. DoubleClick is an advertising platform that connects advertisers, media centers, creative agencies with publishers worldwide to create, manage, and develop digital advertising campaigns. Used by Google DoubleClick to record and produce reports on user actions on the site in order to measure the effectiveness of advertising and allow us to do remarketing by presenting targeted advertising to the user.
Expiration: Ide - 2 years
Link to the third-party Privacy Policy: https://www.google.com/policies/technologies/types/
How DoubleClick uses cookies: https://support.google.com/dfp_premium/answer/2839090?hl=en
---
Cookie Name: Hotjar
Type / Purpose: Third-party profiling analytical cookie. Hotjar focuses on studying the behaviors of website visitors to understand how the site is used and identify any problems in order to resolve them and improve and optimize the browsing experience. For example, information is collected about the most frequently visited pages and any error messages you may receive. The information collected by these cookies is anonymous. They do not collect information that can personally identify you.
You can disable the HotJar service at the following address: https://www.hotjar.com/opt-out.
---
Cookie Name: Facebook
Type / Purpose: Third-party social and profiling cookies. Allows integration of the website with the user's Facebook social account and perform profiling activities with custom audience segments, allowing the hotel to target its ads to a specific group of people with whom it has already established a relationship on/from Facebook.
Expiration:
Facebook custom audience
Facebook Connect
Facebook Social Graph
Link to the third-party Privacy Policy: https://www.facebook.com/policies/cookies/
---
Cookie Name: Google AdWords
Type / Purpose: Third-party profiling cookies. Google stores a cookie on the user's device that records the visit made in order to show the user (e.g., through banners) advertisements for related products, through the search engine and/or third-party publisher networks affiliated with Google Inc.
Expiration:
ads/ga - End of the session
collect - End of the session
Link to the third-party Privacy Policy:
https://www.google.com/adwords/
https://www.google.com/policies/technologies/types/
How to disable cookies
For more information about cookies and to manage your preferences regarding third-party profiling cookies, we invite you to visit http://www.youronlinechoices.com
The cookies we use allow us to improve our website and provide a more personalized service to our users.
If you do not wish to activate cookies, you can change the settings in your browser. The Help function in your browser will explain how to change these settings. You can also visit www.aboutcookies.org, which contains all the information on how to manage cookies on a wide range of browsers.
Most browsers accept cookies automatically, but you can also choose not to accept them or to limit their use.
Disabling cookies may cause issues with website navigation or limit your access to all the services on the site (e.g., reservations, etc.). To remove cookies, we invite you to follow the instructions on the dedicated pages of various browsers:
• If you are using Internet Explorer
In Internet Explorer, click on "Tools" and then "Internet Options." In the Privacy tab, move the slider up to block all cookies or down to allow all cookies, and then click OK.
• If you are using Firefox
Go to the browser's "Tools" menu and select "Options." Click on the "Privacy" tab, uncheck the box that says "Accept cookies from sites," and click OK.
• If you are using Safari
From the Safari browser, select the "Edit" menu and choose "Preferences." Click on "Privacy." Set the "Block cookies" option to "Always" and click OK.
• If you are using Google Chrome
Click on the Chrome menu in the browser toolbar. Select "Settings." Click on "Show advanced settings." In the "Privacy" section, click on the "Content settings" button. In the "Cookies" section, select "Do not allow any site to store data" and check "Block third-party cookies and site data," then click OK.
If you are using any other browser, please refer to the browser's settings for cookie management.
UPDATES AND REVISIONS
The Privacy & Cookie policy has been updated on 24-05-2018 and may be subject to future revisions.