Privacy policy

Data Controller

Hotel Pinetina Mare, a seaside retreat
Viale Italia, 139
Pinarella di Cervia, 48015 (RA)
Contact us at 0544 987080 or send a fax to 0544 987041. 
Email: prenotazioni@pinetinamare.it
Website: www.pinetinamare.it

Purpose of Processing the Collected Data

We collect User Data to enable the Data Controller to provide their Services, as well as for the following purposes: Statistics, Interaction with social networks and external platforms, and other purposes listed below. To gain a deeper understanding of the processing purposes and the specific Personal Data relevant to each objective, the User can consult the relevant sections of this document. We're pleased toinform you that, in accordance with current data protection regulations (EU Regulation No. 679 of 2016), your personal data is handled with fairness, transparency, and lawful purposes, all while safeguarding your privacy and rights.

The processing is also carried out for the following purposes:

• To acquire and confirm your reservation for accommodation and ancillary services, and to provide the requested services. As these processes are necessary for defining the contractual agreement and its subsequent implementation, your consent is not required, except when providing specific, sensitive data. If you refuse to provide personal data, we will be unable to confirm your reservation or provide the requested services. The processing will cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and in the ways outlined in the following points.
• To fulfill the obligation outlined in the 'Consolidated Law on Public Security' (Article 109 of Royal Decree No. 773 of June 18, 1931), we are required to share the personal details of our guests with the Police Headquarters for public safety purposes, following the procedures established by the Ministry of the Interior (Decree of January 7, 2013). The provision of data is mandatory and does not require your consent. However, if you refuse to provide it, we will be unable to accommodate you in our facility. We do not store the data collected for this purpose unless you provide us with your consent to storage, as outlined in point 4.
• to meet current administrative, accounting, and tax obligations. For these purposes, we process your data without requiring your consent. The data is handled by us and our representatives, and is shared externally solely to comply with legal obligations. If you refuse to provide the necessary data for the aforementioned obligations, we will be unable to provide the requested services. We store the data collected for these purposes for the duration required by the relevant regulations (10 years, and potentially longer in the event of tax audits). 
• to expedite the registration process for your future stays at our facility. To achieve this, with your consent, which you can revoke at any time, we'll store your data for up to 24 months. We'll use it when you return as our guest, as mentioned in the previous points.
• to facilitate the reception of messages and phone calls directed to you during your stay. To achieve this, we require your consent. You can revoke your consent at any time. However, the processing will cease upon your departure.
• to keep you updated on our promotional messages, rates, and offers. With your consent, we will not share your data with third parties for this purpose. You can withdraw your consent at any time.
• To safeguard individuals, property, and company assets, we have implemented a video surveillance system in designated areas of the facility, as indicated by the presence of specific signs. Your consent is not required for this processing, as it serves our legitimate interest in safeguarding individuals and property from potential aggression, theft, robbery, damage, vandalism, and for the purposes of fire prevention and workplace safety. The recorded images are deleted after 24 hours, except for holidays or other instances when the facility is closed, but never later than a week. We do not share this information with third parties, except when required by a specific investigative request from the judicial authority or judicial police.

We'd like to inform you that the European Regulation grants you certain rights, including the right to access, rectify, erase, restrict, or object to the processing of your data, as well as the right to data portability, if applicable (Articles 15 to 22 of EU Regulation 679/2016). You can also file a complaint with the supervisory authority, following the procedures outlined in the current legislation.

Types of Data We Collect 

This Application collects Personal Data, either independently or through third parties, including Cookies and Usage Data.
You can find comprehensive details on each type of data we collect in the dedicated sections of this privacy policy or through specific informative texts displayed before the data is collected.
Users can freely provide their Personal Data, or, in the case of Usage Data, it is collected automatically during the use of this Application.
Unless otherwise specified, all data requested by this Application are mandatory. If the User refuses to share their data, it may be impossible for this Application to provide the Service. When this Application identifies certain Data as optional, Users are free to choose not to share it, without affecting the availability or operation of the Service.
If you're unsure about which Data is required, we recommend reaching out to the Data Controller.
The use of Cookies or other tracking tools by this Application or third-party service providers, unless otherwise specified, is intended to provide the Service requested by the User, as well as any additional purposes outlined in this document and the Cookie Policy, if available.
The User assumes responsibility for any Personal Data of third parties obtained, published, or shared through this Application. The User guarantees that they have the right to communicate or disseminate such data, releasing the Data Controller from any liability towards third parties. 

How and where the collected Data is processed 

Processing methods 
The Data Controller takes necessary security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. 
The processing is carried out using digital and/or electronic tools, with organizational methods and logic that are closely aligned with the stated purposes. In addition to the Data Controller, other parties involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data. These parties may also be appointed as Data Processors by the Data Controller, if necessary. You can always request the latest list of Data Processors from the Data Controller. 

The legal basis for data processing

The Data Controller processes Personal Data related to the User when one of the following conditions is met:

• The User has given consent for one or more specific purposes. Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without the User's consent or another of the legal bases specified below, as long as the user does not object to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on Personal Data protection.
• The processing is necessary for executing a contract with the User and/or carrying out pre-contractual measures.
• the processing is necessary to fulfill a legal obligation that the Data Controller is bound by.
• The processing is necessary for carrying out a task of public interest or for exercising the public powers vested in the Data Controller.
• The processing is necessary to pursue the legitimate interests of the Data Controller or third parties.

You can always ask the Data Controller to explain the specific legal basis for each processing operation. They'll also be able to tell you if the processing is based on the law, required by a contract, or necessary to conclude a contract.

Location

The Data is processed at the Data Controller's operational headquarters and in any other location where the parties involved in the processing are located. For more information, please reach out to the Data Controller.
The User's Personal Data may be transferred to a country other than the one where they are located. To learn more about the location of the processing,the User can refer to the section detailing the processing of Personal Data.
The User has the right to know the legal basis for transferring Data outside the European Union or to an international organization governed by public international law or formed by two or more countries, such as the UN. They also have the right to know the security measures taken by the Data Controller to protect the Data.

If any of the transfers described above take place, the User can refer to the relevant sections of this document or request information from the Data Controller by contacting them using the details provided at the beginning. 

Storage duration

The Data is processed and stored for the duration necessary to fulfill the purposes for which it was collected.
Consequently:

• Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will be retained until the contract is fully executed. 
• Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is fulfilled. The User can find more information about the Data Controller's legitimate interest in the relevant sections of this document or by reaching out to the Data Controller directly. 

When processing is based on the User's consent, the Data Controller may retain Personal Data for a longer period, until such consent is revoked. Additionally, the Data Controller may be required to retain Personal Data for a longer period, as mandated by law or by order of an authority.

Once the retention period has concluded, the Personal Data will be deleted. Consequently, upon expiration of this period, the right to access, delete, rectify, and transfer Data will no longer be available.

User rights in detail

Users can exercise specific rights regarding the Data processed by the Data Controller.
Specifically, the User has the right to:

• withdraw consent at any time. Users can revoke their previously granted consent to the processing of their Personal Data. 
• object to the processing of their personal data. Users can object to the processing of their data when it's done on a legal basis other than consent. You can find more information about the right to object in the section below. 
• access your personal data. The User has the right to obtain information about the Data processed by the Data Controller, specific aspects of the processing, and a copy of the Data processed. 
• review and request corrections. Users can verify the accuracy of their data and request updates or corrections. 
• secure the restriction of data processing. Under certain circumstances, the User may request that the processing of their Data be restricted. In this case, the Data Controller will only process the Data for the purpose of preserving it. 
• request the deletion or removal of your Personal Data. Under certain circumstances, the User may request the Data Controller to delete their Data. 
• access their data or request its transfer to another data controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format. They can also request, where technically feasible, a seamless transfer to another Data Controller. This provision applies when the Data is processed using automated tools and the processing is based on the User's consent, a contract the User is a party to, or contractual measures related to it.
• file a complaint. The User has the option to lodge a complaint with the relevant data protection supervisory authority or take legal action.

Information on the right to object 

When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their specific situation.
Users are reminded that, if their data is processed for direct marketing purposes, they can object to the processing without providing any reason. To determine if the Data Controller processes data for direct marketing purposes, Users can consult the relevant sections of this document.

How to exercise your rights

To exercise their rights, Users can submit a request to the Data Controller's contact details, as provided in this document. Requests are submitted free of charge and processed by the Data Controller as soon as possible, typically within a month.

Additional information on data processing

Legal defense
The User's Personal Data may be utilized by the Data Controller in legal proceedings or during preparatory stages for potential legal action. This is to defend against any misuse of this Application or related Services by the User.
The User acknowledges that the Data Controller may be required to disclose the Data by order of public authorities.
Detailed information 
Upon request, this Application may provide the User with additional and contextual information regarding specific Services or the collection and processing of Personal Data, in addition to the information contained in this privacy policy. 
System logs and maintenance 
For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User's IP address. 
Additional information not covered by this policy 
You can request additional information regarding the processing of Personal Data from the Data Controller at any time, using the provided contact details.
Response to 'Do Not Track' requests This Application does not support 'Do Not Track' requests.
To determine if any third-party services you use support them, we recommend consulting their respective privacy policies. 
Changes to this privacy policy The Data Controller reserves the right to make changes to this privacy policy at any time. They will inform Users on this page and, if possible, on this Application. If technically and legally feasible, they will also send a notification to Users through one of the contact details they have. Please check this page regularly, referring to the last modified date at the bottom.

If the changes involve processing that requires consent, the Data Controller will seek the User's consent again, if necessary.

For any additional information, and to assert your rights under the European Regulation, you can reach out to:

Hotel Pinetina Mare – prenotazioni@pinetinamare.it   +39 0544987080 

Definitions and legal references 

Personal Information (or Data)
Personal data refers to any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identifiable or identified. 
Usage Data This Application (and any third-party applications integrated within) automatically collects certain information, including: IP addresses or domain names of the computers used by Users connecting to the Application, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, and the size of the file obtained in response. The numerical code indicating the server response status (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal aspects of the visit (for example, the time spent on each page), and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters related to the operating system, and the User's IT environment.
User
The individual using this Application, who, unless otherwise specified, is the same as the Data Subject.
The individual concerned
The individual to whom the Personal Data belongs.
The Data Processor (or Manager)
The individual, legal entity, public administration, or any other entity that handles personal data on behalf of the Data Controller, as outlined in this privacy policy.
Data Controller (or Controller) 
The individual or legal entity, public authority, service, or other body that, alone or with others, decides on the purposes and methods of processing personal data and the tools used, including security measures related to the operation and use of this Application. Unless otherwise specified, the Data Controller is the owner of this Application.
This Application
The hardware or software tool that collects and processes Users' Personal Data. 
Service 
The Service provided by this Application, as outlined in the relevant terms (if any) on this site/application.
The European Union (or EU) 
Unless otherwise specified, any mention of the European Union in this document is intended to encompass all current member states of the European Union and the European Economic Area.
Cookies
A small piece of data stored on the User's device.

Legal references 
This privacy policy is drawn up on the basis of multiple legislative systems, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy policy applies exclusively to this Application. 

Data Processing 

Hotel Pinetina Mare
Viale Italia 139
48015 Pinarella di Cervia (RA)
Tel. 0544987080 – Fax 0544987041 
E-mail: prenotazioni@pinetinamare.it
Website: www.pinetinamare.it

Purposes of Data Collection and Processing

The User's Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Interaction with social networks and external platforms and for other purposes listed below. To obtain further detailed information on the purposes of the processing and on the Personal Data that are concretely relevant for each purpose, the User can refer to the relevant sections of this document. We wish to inform you that, pursuant to current legislation on the protection of personal data (EU Regulation no. 679 of 2016), the processing of your personal data is carried out with correctness and transparency, for lawful purposes and protecting your privacy and your rights.
The processing is also carried out for the following purposes: 

• to acquire and confirm your booking of accommodation services and ancillary services, and to provide the requested services. Since this processing is necessary for the definition of the contractual agreement and for its subsequent implementation, your consent is not required, except in the case in which particular, so-called sensitive data are provided. In case of refusal to provide personal data, we will not be able to confirm the reservation or provide the requested services. The processing will cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and in the manner indicated in the following points;
• to fulfill the obligation established by the "Consolidated Law on Public Security" (Article 109 of the Italian Royal Decree no. 773 of 6/18/1931) which requires us to communicate to the Police Headquarters, for public security purposes, the personal details of customers accommodated according to the procedures established by the Ministry of the Interior (Decree of 1/7/2013). The provision of data is mandatory and does not require your consent, and in case of refusal to provide them we will not be able to accommodate you in our facility. The data acquired for this purpose are not stored by us, unless you provide us with the consent to storage as provided in point 4; 
• to comply with current administrative, accounting and tax obligations. For these purposes, the processing is carried out without the need to acquire your consent. The data are processed by us and our representatives, and are communicated externally only in compliance with legal obligations. In case of refusal to provide the data necessary for the aforementioned obligations, we will not be able to provide you with the requested services. The data acquired for these purposes are stored by us for the time required by the respective regulations (10 years, and even more in the case of tax assessments); 
• to speed up registration procedures in the event of subsequent stays at our facility. For this purpose, after obtaining your consent, which can be revoked at any time, your data will be kept for a maximum period of 24 months, and will be used when you are our guest again for the purposes referred to in the previous points; 
• to carry out the function of receiving messages and phone calls addressed to you during your stay. For this purpose, your consent is required.You may revoke your consent at any time. The processing will cease upon your departure; 
• to send you our promotional messages and updates on rates and offers. For this purpose, after obtaining your consent, your data will not be disclosed to third parties. You may revoke your consent at any time; 
• for the protection of people, property and company assets through a video surveillance system of some areas of the facility, identifiable by the presence of specific signs. For this processing, your consent is not required, as it pursues our legitimate interest in protecting people and property with respect to possible aggression, theft, robbery, damage, vandalism and for the purposes of fire prevention and job security. The recorded images are deleted after 24 hours, excepting holidays or other cases of closure of the facility, and in any case for not more than a week. They are not disclosed to third parties, except in cases where it is necessary to adhere to a specific investigative request by the judicial authority or the judicial police. 

We also wish to inform you that the European Regulation recognizes certain rights, including the right of access and rectification, or cancellation or limitation or opposition to processing, in addition to the right to data portability, if and as applicable (Articles 15 to 22 of EU Regulation no. 679 of 2016). You can also file a complaint with the supervisory authority, according to the procedures established by current legislation.

Types of Data collected 

Personal Data collected by this Application, either independently or through third parties, includes: Cookies and Usage Data.
Full details on each type of data collected are given in the relevant sections of this privacy policy or in specific information displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
Unless otherwise specified, all the Data requested by this Application are mandatory. If the User refuses to communicate them, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain Data as optional, Users are free to refrain from disclosing such Data, without this having any consequence on the availability of the Service or its operation.
Users in doubt as to what Data is mandatory are encouraged to contact the Data Controller.
Any use of Cookies - or other tracking tools - by this Application or by the owners of third-party services used by this Application, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the additional purposes described in this document and in the Cookie Policy, if available.
The User assumes the responsibilities for Personal Data of third parties he/she obtains and publishes or shares through the Application, and guarantees that he/she has the right to disclose or disseminate such data, releasing the Data Controller from any liability to third parties. 

Method and location of the Data processing

Processing Methods 
The Data Controller shall take appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. 
Processing is carried out by means of information technology and/or telematic tools, with organisational methods and logics strictly related to the stated purposes. In addition to the Data Controller, in some cases, other parties involved in the organization of this Application (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Data Protection Officers can always be requested from the Data Controller. 

Legal basis for data processing 

The Data Controller processes Personal Data relating to the User if one of the following conditions exists: 

• the User has given consent for one or more specific purposes. Note: in some judicial systems the Data Controller may be authorised to process Personal Data without the User's consent or on any other of the legal bases specified below, unless the User objects to such processing (opt out). However,this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data; 
• processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures; 
• the processing is necessary to fulfill a legal obligation to which the Data Controller is subject; 
• the processing is necessary for the execution of a task of public interest or for the exercise of any public authority vested in the Data Controller; 
• processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties. 

However, the Data Controller may be asked to clarify the specific legal grounds for any processing and to specify in particular whether the processing is for legal purposes, in execution of a contract or necessary for the performance of a contract. 

Location

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller.
The User's Personal Data may be transferred to a country other than the one where the User is located. More information on the place of processing is available in the section on details of Personal Data processing.
The User is entitled to obtain information on the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or formed by two or more countries, such as the UN, as well as on the security measures adopted by the Data Controller to protect the Data. 

In the event that one of the transfers described above takes place, the User may refer to the respective sections of this document or request information from the Data Controller by contacting him at the addresses indicated herein. 

Retention period 

Data is processed and stored for the time required by the purposes for which it was collected.
Therefore: 

• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of that contract is completed. 
• Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is met. The User may obtain further information on the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller. 

When the processing is based on the User's consent, the Data Controller may keep the Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority. 

At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period the right of access, cancellation, rectification and the right to portability of the Data may no longer be exercised. 

User rights in detail

Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User has the right to: 

• withdraw consent at any time. Users may revoke their consent to the processing of their Personal Data as described above. 
• object to the processing of their Data. The User may object to the processing of his/her Data when it is done so on a legal basis other than consent. More details on the right to object are given in the section below.
• access their Data. The User has the right to obtain information on what Data is processed by the Data Controller and on particular aspects of the processing, and to obtain a copy of any Data processed.
• verify and request rectification. The User may check that their Data is correct and ask for it to be updated or corrected. 
• obtain restriction of processing. When certain conditions are met, the User may request that the processing of their Data be limited. In this eventuality, the Data Controller may not process the data for any purpose other than for its storage. 
• obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User may 
• request the cancellation of their Data by the Data Controller. 
• receive their Data or have it transferred to another Data Controller. The User has the right to receive the Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance. This provision is applicable when the data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures related thereto. 
• lodge a complaint. The User may lodge a complaint with the competent supervisory authority responsible for Personal Data protection, or take legal action. 

Details on the right of objection 

When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Controller or in pursuit of a legitimate interest of the Data Controller, Users have the right to object to the processing on grounds relating to their particular situation.
Users are reminded that, if their Data is processed for direct marketing purposes, they may object to the processing without giving any reason. To find out whether the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document. 

How to exercise rights 

In order to exercise their rights, Users may send a request to the Data Controller using the contact details indicated in this document. Requests shall be filed free of charge and processed by the Data Controller as soon as possible and in any event within one month. 

Additional information on processing 

Legal defence 
The User's Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages for its possible establishment to defend against misuse of this Application or related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities. 
Specific information 
Upon request of the User, in addition to the information contained in this privacy policy, this Application may provide Users with additional and contextual information about specific Services, or the collection and processing of Personal Data. 
System logs and maintenance 
This Application and any third-party services used by it may collect system Logs, which are files that record interactions and may also contain Personal Data, such as the User IP address, for operational and maintenance purposes. 
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the aforementioned contact details. 
Response to "Do Not Track" requests This Application does not support "Do Not Track" requests.
To find out whether any third-party support services have been employed, Users are invited to consult the respective privacy policies.
Changes to this privacy policy The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Application as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Please consult this page regularly, referring to the last modification date indicated at the bottom. 

If the changes involve processing where the legal basis is consent, the Data Controller will acquire the User's consent a second time, if necessary. 

For any further information, and to assert the rights recognized by the European Regulation, you can contact:  

Hotel Pinetina Mare – prenotazioni@pinetinamare.it – 0544987080