This page discusses the ways in which our website is managed, concerning the treatment of personal data belonging to visiting users. This an information is also provided in compliance with art. 13 of EU Regulation 2016/679, applicable from May 25th, 2018 - the so called General Data Protection Regulation (hereinafter referred to as GDPR), to those who interact with Hotel Nazionale's web services, which are electronically accessible at the address:
www.hotelnazionale.it
The information is provided only for the www.hotelnazionale.it website, and not for other websites which may be opened by the user through featured links, and it complies with Recommendation n. 2/2001 concerning minimum requirements for online data collection in the European Union, adopted on May 17th, 2001 by the Article 29 Working Group.

DATA CONTROLLER

In compliance with art. 4 point 7 of the 2016/679 GDPR, the Data Controller for your personal information is the Hotel Nazionale S.r.l. firm, with registered office in Via della Camilluccia, 535 - 00135 Rome; Tel +390669500810 - email: privacy@hotelnazionale.it, through its legal representative.

DATA PROCESSOR

In compliance with art. 28 of the 2016/679 RGPD, the officially appointed firm for both website and bookings management is the Automatic Netware Limited Firm, operating as Bookassist, 35 Fitzwilliam Place, Dublin 2, Ireland

LOCATION OF THE DATA PROCESSING

The processing related to this website's online services takes place at the headquarters of both data controller and responsible, and it is performed exclusively by the service's technical personnel, which was appointed with executing the treatment.

No data originating from the web service will be disclosed or communicated. All personal data provided by users requesting informative material are only used for the purpose of performing the required service or performance, and will only ever be communicated to third parties if such task proves necessary for that particular purpose.tipi di dati trattati

Types of data processed
Navigation Data

During their normal operation, the computer systems and software procedures used to operate this website may acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This information are not collected for being associated with identified interested parties, yet, due to their nature, they may allow for user identification through processing and linking with other third parties-owned data. Such data category includes IP addresses or domain names of computers which users will employ for connecting to the website, the Uniform Resource Identifier (URI) addresses of the requested resources, time of the request, method used to submit it to the server, size of the file received in response, the numerical code indicating response status sent by the server (success, error, etc.) and other parameters related to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website, and for checking its correct functioning, and they will be deleted immediately after processing. Such data could be used to ascertain responsibility in case of hypothetical computer crimes against the website: excluding such case, web contacts will not be kept for longer than thirty days.

DATA WILLINGLY PROVIDED BY THE USER

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is mandatory for answering requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the website pages which were specifically set-up for those particular on-demand services.

METHODS OF PROCESSING

Personal data are processed with automated tools for the time necessary to achieve the purposes of their collection. Specific security measures are implemented in order to prevent data loss, illicit or incorrect use and unauthorized access.

PURPOSE, LEGAL BASIS AND NATURE OF THE ASSIGNMENT

The Personal Data you provide through the Website will be processed by Hotel Nazionale S.r.l. for the following purposes:
a) execution of a contract of which you are party, or of pre-contractual measures initiated on your request (ex: information enquiry in the "Congress Center\Event Request", Booking, Membership for special offers, etc.). Consent Unnecessary;
b) promotional and commercial email purposes, due to your registration as our customer and because of your granted explicit consent, or purposes related to contacts, registration to the website's newsletter, soft spam submission. Explicit consent from the interested party or the exercise of a legitimate interest from the controller (soft spam) are required.
c) purposes of statistical research and analysis on aggregate anonymous data, aimed at measuring the website's operation and traffic, as well as evaluating usability and involvement in order to make it more functional and performing; Consent is not necessary as processing of personal data is not expected
d) purposes related to the fulfillment of laws and regulations; Consent not required
e) purposes which are necessary for assessing, exercising or defending a right in court or whenever jurisdictional authorities exercise their respective duties. Consent not required

TRANSFERS OF PERSONAL DATA TO EXTERNAL COUNTRIES OR INTERNATIONAL ORGANIZATIONS

No personal data belonging to the user shall ever be transferred outside the EU.

DATA STORAGE

Hotel Nazionale will process your Personal Data only for the time necessary for achieving the purposes indicated in this statement.
By way of non-exhaustive example, Hotel Nazionale will process such Personal Data for the newsletter service, as long as you don't decide to unsubscribe, which you can do by simply clicking on the appropriate link in the emails you'll receive.
Despite what above, Hotel Nazionale will process your Personal Data for the time frame allowed by Italian law for the protection of your interests (Art. 2947(1)(3) of the Italian Civil Code.).
You may enquire for more information concerning the times of storage for Personal Data and our criteria for assessing such period by writing to the Data Controller.

CV MANAGEMENT

This information notice, prepared in accordance with art. 13 of the 2016/679 GDPR, can also be used by Hotel Nazionale for any personnel recruitment listing in websites or portals which are not under its control.

The Company will process all received CVs via email or through third-party personnel selection companies (listings on portals, etc.) in order to evaluate potential applications within the company or which could present themselves in the near future.

The processing is performed electronically, made exception for CVs received via ordinary mail.

CVs which will be deemed "interesting" shall be stored at the firm's HQs for 12 months, and will be elaborated in total compliance with the security provisions set forth in art. 32 of the 2016/679 GDPR.
All CVs deemed as non-pertinent, as well as those stored for longer than 12 months, shall be discarded.

All curricula will in any case be kept at the Hotel Nazionale human resources office, and will never be disclosed to unauthorized third parties.
The same may be evaluated by the hotel's department directors which were appointed as Data Processors (as in art. 29 and 32 paragraph 4 of the 2016/679 GDPR).

As for the curricula's content, all candidates are kindly invited to comply with the following rules:
• the CV must be in the European format;
• it should be sent in .pdf format;
• please avoid to include some categories of personal data as defined in article 9 of the 2016/679 GDPR (particularly state of health, as well as religious, philosophical or political beliefs) which are not relevant for the working offer;
• you have to give consent to the processing of particular categories of personal data relating to the state of health, as defined in Article 9 of the GDPR, which are related to the establishment of an employment relationship (for example belonging to protected categories).

The company reserves the right not to discard curricula which will not comply with the above requirements.

The purpose of curricula-management processing will involve activities which are strictly related to evaluation, recruitment or selection of personnel, with objectives or collaboration, fixed or non-fixed term employment, staging, the latter meaning to allow the chosen candidate to prepare his or her own graduate thesis at our Establishment.

-----

SECURITY BOOKING SYSTEM

Bookassist is certified as compliant with the PCI DSS (Payment Card Industry Data Security Standard). All information sent to this website, if in an SSL session, is encrypted and protected against disclosure to third parties.
Bookassist is certified as a service provider through the VeriSign Certification Authority.
This website is hosted in a secure environment: all of its servers/systems are configured with data encryption, decoy systems, technologies and firewalls of industrial level. By entering personal data during a booking process, or during a user registration by email, this data is protected by Secure Socket Layer (SSL) technology in order to ensure secure transmission.

CONFIDENTIALITY ON MINORS AND CONSENT OF PARENTS

The Hotel specifically requires minors to not use this Website, as well as asking them not to send or post information about it. Were the Hotel ever to accidentally acquire personal information or data of other nature belonging to a minor, any and all disclosure by the Hotel of said data to third parties shall be deemed as sole consequence of the minor user autonomously deciding to use the Website and disclose information, without requesting or receiving permission by the Hotel.

RIGHTS OF INTERESTED PARTIES

All subjects to which personal data belong have the right at any given time to obtain confirmation of their existence or lack thereof, as well as requesting knowledge of their content and origin, verifying their existence or requiring their integration or update, or rather rectification (Index III of the 2016/679 GDPR). In compliance with that same article, you have the right of requesting cancellation, transformation into anonymous form or blocking of data elaborated in violation of the law, as well as opposing in all cases, for legitimate reasons, to their processing.
In compliance with Index III of the 2016/679 GDPR, you have the right of requesting, at all times, access to your Personal Data, their rectification or cancellation, limitation of their processing, as well as obtaining them in a structured format, commonly used and readable by automated devices. Furthermore, you have the right of opposing yourself to data profiling, as well as issuing a complaint to the Control Authority.

You also have the right of revoking your consent at any given time, without compromising the processing's lawfulness based on the consent you gave before revoking it. For a complete and exhaustive list of all rights granted to the interested party, please see art. 15-23 of the 2016/679 GDPR.

Requests should be sent via e-mail to: privacy@hotelnazionale.it, or you may also reach out to the data controller directly, at the following contacts:
Via Umbria, 7, 00187 Rome, Italy
+39 06 42016280
+39 06 42390432
rome@bookassist.com

COOKIEs

Technical Cookies
These cookies are technical in nature, allowing the website to function properly. This category includes cookies which are essential for the website's proper functioning, as well as functional cookies which allow the user to tailor his or her browsing experience based on personal choices (i.e. language choice, etc.).
We also use technical cookies for tracking consent given by users at receiving third-party profiling and analytics cookies, in accordance with the current legislation.
The use of permanent technical cookies, or session cookies (meaning that they are not stored permanently on the user's computer and are deleted when the browser is closed) is strictly limited to the technical provision of the service requested by the user, and to the transmission of session identifiers (consisting of random numbers generated by the server) which are necessary for allowing a safe and efficient experience while browsing the website and its applications.
The technical cookies used on this website avoid the use of other technologies which could compromise the browsing privacy of users.


Analytical Cookies
These cookies help us understand, through data collected and aggregated anonymously, how users interact with our website by providing information on visited pages, time spent on the website, type of platform used, number of clicks on a given page, any malfunctions, etc.
Statistical cookies help website owners into understanding how visitors interact with sites, by collecting and sending information in an anonymous form.
We use Google Analytics for anonymously collecting and analyzing information on the website's use behaviours, for statistical purposes, without acquiring the user's personal identification data. Due to their use from us, such cookies are all-in-all identical to technical cookies, therefore explicit consent from the interested party is not needed.

Profiling Cookies
We use third-party profiling cookies in order to record and produce reports on the user's actions on the website, for assessing the efficacy of certain advertisements and presenting users with targeted marketing material.
In particular, we reserve the right to perform remarketing, meaning that every time a new visitor accesses our website, the code sends an anonymous persistent cookie to the browser (Internet Explorer, Firefox, Chrome, Safari, etc.). Subsequently, when the visitor traced by remarketing cookies surfs the web, the cookie allows the remarketing provider to show ads promoting our services, ensuring that they are shown only to those who have already visited the concerned website.
The aim of this practice is that of showing ads which are pertinent and inclusive for the single user, in line with previous browsing experiences, in order to "follow" the user during the browsing session even after he (or she) leaves our website.

3. List of cookies used on this website

Cookie Name: First-party technical cookies
Type / Purpose: First-party technical cookies which are essential for the website's correct functioning.
In line with the related European legislation, we use a technical cookie for tracking the user's consent on the use of third parties and profiling cookies.
Expiration: at the end of the browsing session.

---

Cookie Name: Google Analytics
Type / Purpose: Third-party analytical cookie. Google Analytics is a Google analysis tool which helps website owners understand how visitors interact with their website content (pages viewed, browsing time, etc.), providing useful statistics aimed at optimizing and improving navigation on the website, without identifying the user. This cookie is used for the sole purpose of collecting information in aggregate and anonymous form, on the number of users and on how they visit the website. Our use of this cookie is strictly anonymous, with the user's IP address being rendered totally impersonal and not having any third parties come into contact with such information.
Expiration:
_utma - 2 years
_utmt - 10 minutes
_utmb - 30 minutes
_utmc - until the session is closed
_utmz - 6 months
_utmv - 2 years

Third Party Privacy Policy Link: Google Analytics Privacy Policy

---

Cookie Name: Double Click
Type / Purpose: Third party profiling cookie. Doubleclick is an advertising platform which connects advertisers, media centers and creative agencies with publishers all over the world, allowing them to create, manage and develop digital advertising campaigns. We use Google DoubleClick for recording and reporting on user actions on the website, in order to measure an advertising's effectiveness and for allowing us to perform remarketing, by presenting targeted advertising to the user.
Expiration: Ide - 2 years


Third Party Privacy Policy Link: https://www.google.com/policies/technologies/types/
How Double click uses cookies: https://support.google.com/dfp_premium/answer/2839090?hl=en

---

Cookie name: Hotjar 
Type / Purpose: Third-party profiling analytical cookie Hotjar focuses on studying user behaviour on the website, in order to understand how the website is being used, and to identify any problems with the aim of solving them, therefore improving and optimizing the browsing experience. Namely, information is collected about the pages you visit most often and about the error messages you might receive. All data collected by these cookies are anonymous. They do not collect personal identification data.
 

You can deactivate the HotJar service at: https://www.hotjar.com/opt-out

---

Cookie name: Facebook
Type/Purpose: Social and third-party profiling cookies. Allows for integrating the website with its Facebook social account, performing profiling activities with customized audiences and allowing the hotel to direct its ads to a specific group of people, with which a Facebook related-originated relationship has already been established.
Expiration:
Facebook custom audience
Facebook Connect
Facebook Social Graph
 

Third Party Privacy Policy Link: https://www.facebook.com/policies/cookies/

---

Cookie name: Google Adwords 
Type / Purpose:  Third party profiling cookies. Google saves a cookie on the user's terminal which records single visits, in order to show him/her (i.e. through banners) related advertising in the future, both through Google's affiliated search and engine and/or its third parties publishers network.
Expiration:
ads/ga - At the end of the session
collect - At the end of the session

Third Party Privacy Policy Link:

https://www.google.it/adwords/
https://www.google.com/policies/technologies/types/


4. HOW TO DISABLE COOKIES

For more information on cookies and on managing your preferences on third-party profiling cookies, please visit http://www.youronlinechoices.com
All of the cookies we use allow us to improve our website, providing a growingly customized service to our users.

If you don't want to enable cookies, you may as well change your browser settings, its Help function will explain how to change these settings. You can also visit www.aboutcookies.org, which features all the information on how to manage cookies on a wide range of browsers.

Most browsers accept cookies automatically, but you can also choose not to accept them, or limit their use.

Disabling cookies may lead to problems while browsing the website, or limitations in the use of all of its services (e.g. booking, etc.). In order to remove cookies, please follow the instructions on the dedicated pages of all browsers:

• If you use Internet Explorer
In Internet Explorer, click on "Tools" then "Internet Options". On the Privacy tab, move the cursor up to block all cookies, or down to allow them, then click OK.

• If you use Firefox
Go to the "Tools" menu of the browser and select the "Options" menu. Click on the "Privacy" tab, uncheck the "Accept cookies" box and click OK.

• If you use Safari
From Safari, select the "Edit" menu and then "Preferences". Click on "Privacy". Set the "Block cookies" option on "always" and click OK.

• If you use Google Chrome
Click on the Chrome menu in the browser toolbar. Select "Settings". Click on "Show advanced settings". In the "Privacy" section, click on the "Content settings" button. In the "Cookies" section, choose "Don't allow websites to store data" and check "block cookies and third-party websites data", then click OK.

If you use any other browser, look in the browser settings for how cookies are managed.

UPDATE AND REVISION

The Privacy & Cookie policy has been updated on 24-05-2018, and it may be subject to future revisions.