Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS WHO VISIT THE DUPARCSUITES WEBSITE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

With this Privacy Policy, MONTEGLIO S.p.A. wishes to inform visitors to the website "www.duparcsuites.com" (hereinafter the "Website") of the policies adopted regarding the protection of personal data, and to underline its commitment and attention with regard to protecting the privacy of Website users. The Website may be browsed freely and requires no registration. This policy applies only to the Website, to the exclusion of any other websites accessed via external links. Monteglio cannot be held responsible for the personal data provided by users to external subjects or to any websites linked to this Website.

Pursuant to and for the purposes of Regulation (EU) 2016/679, Monteglio S.p.A. hereby provides the following information.

1. Data Controller

The Data Controller is MONTEGLIO S.p.A., with registered offices in Corso Massimo d’Azeglio 21 (Turin), Italy, VAT No. 05699940010, Ph. +39.011.012.00.00 – info@duparcsuites.com (hereinafter "Monteglio").

2. Categories of personal data processed

Monteglio collects and processes the following data of users who access and visit the Website:

2.1 Connection and browsing data

During normal operations, the computer systems and software procedures used to operate this Website acquire some personal data, the transmission of which is an inherent feature of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but, by its very nature, could be processed and matched with data held by third parties, thus leading to the identification of users. Data connected with accessing and browsing the Website (such as the URI-Uniform Resource Identifier addresses of requested resources, the time of request, the method used to submit the request to the server, the returned file size, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters regarding the users' operating system and computer environment) are collected for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct operation, and are deleted immediately after processing.

2.2 Personal data conferred directly by you

• Personal details, contact details and other personal data conferred by you when filling in the forms on our Website (for example, to book a stay, to register for our newsletter, to contact us through the contact form): please read the policies that Monteglio publishes at the bottom of its forms and that contain more detailed information about the processing of personal data carried in that specific context;
• Any contact with Monteglio through Customer Service or through the optional and spontaneous sending of emails or traditional messages to the addresses specified on the Website entails the subsequent acquisition of the email or traditional address of the sender or of his or her telephone number, in order to respond to requests, as well as of any other personal data included in the related communications;

3. Processing purposes

Personal data is collected and processed for the purposes and according to the conditions of lawfulness (the so-called legal bases) specified below:

a) to allow you to browse our Website and use the services offered therein

• To provide you with assistance, whenever requested, by means of our Customer Service and to respond to your requests by email, telephone or WhatsApp Business;
• To manage your contractual relationship with regard to the services requested, to execute pre-contractual measures (such as, for example, requests for information or quotes), to acquire and confirm your booking of accommodation and ancillary services, and to provide the services requested. Legal basis for processing: execution of pre-contractual or contractual services requested. For more information on the use of your personal data for this purpose, please read our specific Privacy Policy [https://www.duparcsuites.com/en/privacy-policy] relating to the booking of accommodation and ancillary services;

b) for administrative purposes, for the fulfilment of legal (accounting, tax) obligations, and for pursuing the demands of the judicial authorities. Legal basis for processing: compliance with legal obligations;

c) marketing

• With your specific consent, to email regular newsletters. Legal basis for processing: consent of the data subject;
• To send customers marketing communications for the direct sale of services identical or similar to those already purchased (soft-spam). Legal basis for processing: legitimate interest of the Data Controller.

d) protection of rights and compliance with the conditions of use of the Website.
To ascertain responsibility in case of hypothetical computer crimes against the Website and to protect our rights in court. Legal basis for processing: the need to pursue our legitimate interests (protection of our rights in court);

e) to provide you with assistance, whenever requested, and to respond to your requests by phone, email, through the "Contacts" form on the Website or WhatsApp Business channel. Legal basis for processing: the execution of a contract and of pre-contractual measures (art. 6.1b of the GDPR) at your request.

4. Optional/mandatory conferral of personal data

Conferral of data as per point 2.1 is not mandatory; however browsing the Website involves the automatic acquisition of same.

Conferral of data as per point 3 a), marked with an asterisk in the aforementioned forms, is mandatory for the purposes of providing the services requested. Failure to provide such data or disclosing data that is either incomplete or untrue will make it impossible to execute the services requested. Conferral of personal data for purposes other than those indicated above is optional; however, any refusal to confer same will result in the impossibility, whether full or partial, to pursue the aforementioned purposes.

Conferral of data as per point 3 b) is mandatory for the purposes of the law, and therefore any refusal to confer data in order to comply with the obligations specified therein will result in the impossibility of executing the services requested.

Conferral of data as per point 3 c) is not mandatory; however the refusal to confer data for such purposes and any objection to same will result in our being unable to keep you up-to-date on our offers, promotions and events or to send you questionnaires on the quality of the services rendered.

Conferral of data as per points 3 e) is not mandatory and takes place on your own initiative. Failure to provide data for the purposes of point 3 e) will result in our being unable to satisfy your requests.

Finally, you can object to conferring data for the purposes of point 3 d), except in the event of the Data Controller demonstrating a legitimate interest that overrides your fundamental rights and freedoms (article 6.1 (e) of the GDPR).

5. Data processing methods

Data may be processed both electronically and in paper form. Monteglio guarantees the lawful and fair processing of the personal data conferred through the Website, in full compliance with current legislation, as well as the utmost confidentiality of the data provided.

With regard to the transferral of data, Monteglio will store your personal data on servers located mainly within the European Economic Area, for the time strictly required to achieve the purposes indicated above, in compliance with data retention obligations for statutory and fiscal purposes and the limits established by law. However, the Data Controller also reserves the right to make use of services located in non-EU countries (e.g. Website hosting, social plugins such as Facebook, Instagram, TripAdvisor, google+), in which case the service providers are selected among those who provide adequate guarantees pursuant to articles 45 et seq. of the GDPR.

6. Data recipients

Users’ personal data may be accessed, within our organisation, by internal and external personnel requiring access by virtue of their duties in relation to the processing purposes specified in this document. We make sure that these people meet all the necessary security and confidentiality requirements.

The Data Controller also shares personal data with the following external subjects/categories of subjects:

• TRAVELCLICK Inc., Via Augusta 117, 0806 Barcelona (Spain), to process personal data provided by customers for:
  • the purpose of making bookings via the Website through management of the booking engine. More precisely, upon making a booking via the Website, the user will be connected to the booking search engine managed by Travelclick which ensures encrypted and protected login.
  • the provision of professional, technical and organizational services functional to the management of the Site and the activities carried out therein, such as those dealing with the maintenance, updating and security of the Site.
• Marketing companies, to manage the forwarding of email communications, with which we have signed an agreement in compliance with applicable legislations and with Article 28 of the GDPR.

Finally, whenever strictly necessary for the fulfilment of the aforementioned purposes, your personal data may also be communicated to independent third-party data controllers, such as the competent Authorities, and used by the police and by the judicial authorities to ascertain liability in the event of hypothetical computer crimes against the Website.

7. Data retention period

Data connected with accessing and browsing the Website and other parameters relating to the user’s operating system and computer environment are deleted immediately after the browser is closed. For the retention period of cookies, please refer to the specific policy on the Website.

Data processed in order to fulfil our contractual obligation with you may be stored for the entire duration of the contract and for the following 10 years starting from the end of the fiscal year following the one in question, in order to deal with any tax assessment and/or dispute that may arise. In the event of having to defend ourselves or take legal action or even make claims against you or third parties as part of a dispute, we may keep the personal data that we consider to be reasonably necessary for such purposes, for the period of time in which such a claim can be pursued.

For more information on data retention, please see the privacy policies present in the specific areas of the Website that offer the possibility of registering for certain services and in any case until the pursuit of the purposes stated above.

As regards the subscription to the newsletter, your data will be kept until you unsubscribe and in any case requesting your consent again every 4 years.

8. Rights of data subjects

In accordance with current legislation (articles 15 to 22 of the Regulation), users, in their capacity as data subjects, have the right to obtain access to data concerning them (art.15), the right to its rectification or integration (art. 16), the right to its cancellation (the so-called “right to be forgotten”, art.17), the right to restriction of processing (art.18), the right to data portability (art.20), the right to object to the processing of data for particular reasons (art. 21) and the right not to be subject to a decision based solely on automated processing (art.22). Moreover, users are also reminded that they have the right, pursuant to art. 77 of the Regulation, to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it). To exercise these rights, please email privacy@duparcsuites.com, or use the other contact details provided in the "Contact & Location" section of the Website. Data subjects also have the right to revoke, at any time, in full or in part, any consent given for marketing activities such as the sending of promotional and advertising material. In this case, users shall no longer receive any type of communication, by any method, whether electronically or in paper form. If they so wish, users may revoke their consent solely with regard to the sending of email communications, and continue to receive commercial communications exclusively by post or telephone, where contemplated.

9. Review clause

Monteglio reserves the right to review this Privacy Policy at any time. The most recent version of the Privacy Policy is always available on the Website. The full text of Regulation (EU) 2016/679 is available for consultation on the website of the Italian Data Protection Authority www.garanteprivacy.it.

This policy is updated as at 12.02.2021

INFORMATION TO DATA SUBJECTS ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679

Dear Client, pursuant to the applicable legislation on the protection of personal data (Regulation (EU) No. 2016/679 and Italian Legislative Decree 196/2003, as amended and supplemented), we wish to inform you that your personal data will be processed by .Monteglio S.p.A., with registered offices in Corso Massimo d'Azeglio 21, (Turin), Italy, VAT No. 05699940010, Data Controller and owner of the Hotel “DUPARC Contemporary Suites”. Pursuant to art. 13 of Regulation (EU) 2016/679, Monteglio S.p.A. hereby provides you with the following information on the processing of personal data.

PROCESSING PURPOSES, LEGAL BASES FOR PROCESSING AND PERSONAL DATA RETENTION PERIOD

Your personal data will be processed for the following purposes and in accordance with the following legal bases and data retention periods:

1. To process and confirm - also on behalf of minors for whom you have parental responsibility - bookings for accommodation and ancillary services, and to provide the services requested. Since processing is required in order to define the contractual agreement and for its subsequent implementation, the legal basis for processing in this case is the fulfilment of a contract to which the data subject is a party and the execution of pre-contractual measures adopted at the request of same (art.6, paragraph 1 b) of the GDPR). Your consent, therefore, is not required, except in the case of your conferring special categories of personal data required for the booking/to make use of the services. In the event of refusing to confer your personal data, we will be unable to confirm the booking or to provide you with the services requested.

Processing will cease upon your departure, but some personal data may or will have to continue to be processed, for the purposes and in line with the procedures specified below.

2. To offer you services aimed at increasing customer satisfaction, carried out at your request, and concerning your particular needs and/or preferences (or those of your family and children). For this purpose, you may decide to confer “special categories of personal data” within the meaning of art. 9 of the GDPR, in order to indicate a particular need with regard to the accommodation or ancillary services requested (e.g. information concerning your health, such as allergies, diseases, food intolerances, or other medical conditions). Such categories of data may only be processed by the Data Controller with your explicit, unequivocal and free consent, expressed in writing at the bottom of this Privacy Policy, and will only be stored for the time strictly required to perform the services requested, unless you consent to our storing them for longer.

3. To fulfil the obligations laid down by the “Consolidated Public Safety Act” (article 109 of Italian Royal Decree no. 773 of 18.6.1931) which, for reasons of public safety, requires us to give the Police the personal details of clients who stay with us in accordance with the rules laid down by the Ministry of the Interior (Decree of 7 January 2013). The legal basis for processing in this case is the fulfilment of legal obligations (art.6 paragraph 1 c) of the GDPR). Conferral of data is mandatory and does not require your consent. Failure to provide data will result in our being unable to host you in our facility. We will not retain the data acquired for this purpose, unless you consent to its storage as provided for in point 5.

4. To fulfil existing administrative, accounting and tax obligations. The legal basis for processing in this case is the fulfilment of legal obligations (art.6 paragraph 1 c) of the GDPR), and processing does not require your prior consent. Data is processed internally, by us and by our Data Processors, and is only communicated externally in compliance with legal obligations. In the event of refusing to confer the personal data required to fulfil said obligations, we will be unable to provide you with the services requested. The data acquired for these purposes will be stored for the period of time prescribed by the respective standards (10 years from the date of last entry, except in the event or disputes or tax assessments, in which case the data will be stored until completion of the proceedings/disputes).

5. To speed up registration procedures in the event of subsequent stays at our facility. The legal basis for processing your data is your explicit, unambiguous and free consent (article 6, paragraph 1 a) of the GDPR), which may be revoked at any time. Your data will be used when you are once more our guest, for the purposes referred to above, and will be store for no more than two years from your last stay.

6. For the direct sale of services, provided by the Data Controller, identical or similar to those already purchased by you. The legal basis for processing in this case is our overriding legitimate interest (art.6 paragraph 1 f) of the GDPR). You can object to such processing any time, either immediately at the time of booking or subsequently, by clicking on the specific link that you will find at the bottom of the emails received (opt-out). For this purpose, your data will be stored until you object (opt-out), at which time it will instantly be erased.

7. To send you our newsletter containing updates on rates, on the events we organise, and on deals relating to our hotel services. The legal basis for processing your data is your explicit, unambiguous and free consent (article 6, paragraph 1 a) of the GDPR), which may be revoked at any time. Upon acquiring your consent, your data will be kept for at most 45 years and will not be communicated to third parties.

8. To protect people, property and company assets through a video surveillance system in certain areas of the facility, easily identifiable by the presence of special signs. Processing in this case does not require your consent, as the legal basis is our legitimate interest (art. 6, paragraph 1 f) of the GDPR) to protect people and assets from possible aggression, theft, robbery, damage and vandalism and for the purposes of fire prevention and safety in the workplace. Recorded images are deleted after 24 hours, except during holidays or other periods when the facility is closed, and in any case at most after one week. Recorded images are not disclosed to third parties, except when requested to help in the investigations of the judicial authorities or the judicial police.

CATEGORIES OF DATA RECIPIENTS

Your personal data may be shared, for the purposes specified above, with:

• Persons authorised by the Data Controller to process personal data in order to fulfil activities closely related to the provision of the accommodation and ancillary services booked by you, who duly comply with legal confidentiality obligations and who process personal data within their sphere of competence and in accordance with the instructions provided by the Data Controller;
• Companies providing assistance and maintenance for the ERP systems used by the Data Controller to manage hotel bookings and for accounting purposes;
• Companies providing the ancillary services (spa, food & beverage) included in the client’s booking;
• Companies entrusted with managing and processing data for marketing purposes on behalf of the Data Controller;
• Credit institutions and payments companies to manage payment services;
• Other parties carrying out activities on behalf of the Data Controller, such as: persons, companies or professional firms providing technical assistance and consultancy services to the Data Controller with regard to legal, accounting, tax and insurance matters;
• IT companies entrusted by the Data Controller with managing the maintenance, assistance, safety and technological upgrading of its IT and electronic systems and of the website www.duparcsuites.com;
• Companies, associations and professionals providing any ancillary services requested by the client;
• Public administrations, supervisory authorities and judicial authorities, in order to fulfil the obligations of laws, rules and relevant national or EU regulations or to defend the Data Controller in court.

PROCESSING METHODS AND DATA TRANSFER

Your personal data may be processed either manually (in paper form) or electronically (in automated form) in a manner closely correlated to the purposes set out below and applying appropriate security measures such as to ensure compliance with the principles of lawfulness, fairness, transparency, storage limitation, data minimisation, accuracy, integrity and confidentiality, in accordance with the GDPR and applicable national regulations.

Monteglio stores personal data on servers located mainly within the European Economic Area, for the time strictly required to achieve the purposes indicated above, in compliance with data retention obligations for statutory and fiscal purposes and the limits established by law. However, the Data Controller also reserves the right to make use of services located in non-EU countries (e.g. the Travelclick online booking engine), in which case the service providers are selected among those who provide adequate guarantees pursuant to articles 45 et seq. of the GDPR.

RIGHTS OF DATA SUBJECTS

1.    The data subject has the right to obtain confirmation of the existence or otherwise of their personal data, even if not yet registered, and their communication in an intelligible form.

2. The data subject has the right to be informed of:
a.    the origin of their personal data;
b.    the purposes and methods of processing;
c.    the logic applied in case of processing carried out with the aid of electronic instruments;
d.    the identification details of the controller, processors and the data protection officer appointed pursuant to Article 5, paragraph 2;
e.    the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of such data in a capacity as data protection officers in the territory of the State, processors or persons appointed to carry out processing.

3. The data subject has the right to obtain:
a.    the updating, rectification or, when interested, the integration of data;
b.    the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including the retention of data not necessary in relation to the purposes for which the data were collected or subsequently processed;
c.    a statement that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, to subjects to whom the data have been communicated or disseminated, except in the event that such obligation proves impossible or involves the use of means manifestly disproportionate to the protected right;
d.    data portability.

4. The data subject has the right to object wholly or in part:
a.    for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose for which the data were collected;
b.    to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

5. The data subject has the right to request the restriction of processing.

You may exercise your rights by sending an email to privacy@duparcsuites.com or by sending a written request to the addresses specified above.

Pursuant to Article 77 of the GDPR, data subjects also have the right to lodge a complaint with the competent supervisory authority (the Italian Data Protection Authority) or to file a complaint pursuant to Article 144 of Italian Legislative Decree 101/201, whenever they consider that the processing of their personal data infringes applicable legislation.

The Data Controller reserves the right to amend this policy from time to time.

This policy is updated as at March 7th, 2023

FULL VIDEO-SURVEILLANCE PRIVACY POLICY
pursuant to art. 13 of Regulation (EU) 2016/679

Dear Visitor, In accordance with the provisions of the Italian Data Protection Authority and of current legislation on the processing of personal data, please note that the Hotels “DUPARC Contemporary Suites”, situated in Corso Massimo d’Azeglio 21, and “Belfiore Appartamenti”, situated in Via Belfiore 53, both in the city of Turin (Italy), have adopted an image-recording video surveillance system to protect corporate assets and personal safety. In accordance with Regulation (EU) 2016/679 (hereinafter the “EU Regulation), such processing of data is based on the principles of minimisation, purpose limitation, fairness, lawfulness and transparency, as well as on protecting your privacy and rights. Pursuant to art. 13 of the EU Regulation, therefore, we hereby provide you with the following information on the processing of personal data.

DATA CONTROLLER
With reference to the images processed as above, please note that the Data Controller is the company Monteglio S.p.a. with registered offices in Corso Massimo d'Azeglio 21, (Turin), Italy, VAT No. 05699940010.

PROCESSING PURPOSES
The company has installed a video surveillance system on its premises for the purpose of protecting its corporate assets. Recordings are made in compliance with current personal data protection rules and in particular with the EU Regulation, the video surveillance measures issued by the Italian Data Protection Authority, and the Workers’ Statute (Italian Law 300/1970). This system has been authorised by the Labour Inspectorate with Authorisations no. ITL_TO/0029004/dg and ITL_TO/0029005/dg dated 31 May 2019, available on request. The legal basis for processing is the legitimate interest of the Data Controller to protect the company’s assets (Art. 6(f) of the GDPR).

PROCESSING METHODS
The processing shall be conducted in compliance with the methods and data requirements laid down by art. 5 of the EU Regulation as well as with the provisions of the applicable measures issued by the Italian Data Protection Authority, and shall include all the operations or sets of operations required for the processing in question, including communication to the subjects referred to below (see “Communicating Data”). Processing shall occur through the use of a video recorder, and shall be managed by purposely authorised staff. The areas covered by the video cameras are: the entry gate and external perimeter areas, stairways and garages. The company has put in place special security procedures for accessing areas subject to video surveillance. Said areas are indicated by signs informing visitors of the presence of a video surveillance system. These signs are positioned in such a way as to inform visitors before being recorded and allow anyone not wishing to be recorded to act accordingly.

STORING IMAGES
Images are stored for 24 hours after being recorded, except during holiday periods and when the company is closed or when requested to help in the investigations of the judicial authorities.

COMMUNICATING DATA
The personal data relating to the processing in question, for the purposes indicated above, may be communicated to companies or professionals entrusted by the Data Controller to ensure the maintenance and security of the video surveillance system or to the judicial authorities and/or the law enforcement agencies when requested for the prevention/investigation of criminal offences. In such cases, access to images will be strictly limited to the execution of the task entrusted by us to the subjects specified above. In particular, the images may come to the attention of authorised parties operating under the direct authority of the Data Controller or Data Protection Officers in accordance with the instructions imparted. Moreover, the images may occasionally come to the attention of external companies and undertakings entrusted with the maintenance and repair of video equipment and cameras.

MANDATORY/OPTIONAL NATURE OF THE CONFERMENT OF DATA AND CONSEQUENCES OF FAILING TO CONFER SAME
The recording of images is not mandatory, however it is necessary for the purposes of security and to protect the company’s assets. Consequently, should you object to the recording, you will not be guaranteed entry to the Hotel.

RIGHTS OF DATA SUBJECTS

1.    The data subject has the right to obtain confirmation of the existence or otherwise of their personal data, even if not yet registered, and their communication in an intelligible form.
2. The data subject has the right to be informed of:
a.    the origin of their personal data;
b.    the purposes and methods of processing;
c.    the logic applied in case of processing carried out with the aid of electronic instruments;
d.    the identification details of the controller, processors and the data protection officer appointed pursuant to Article 5, paragraph 2;
e.    the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of such data in a capacity as data protection officers in the territory of the State, processors or persons appointed to carry out processing.
3. The data subject has the right to obtain:
a.    the updating, rectification or, when interested, the integration of data;
b.    the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including the retention of data not necessary in relation to the purposes for which the data were collected or subsequently processed;
c.    a statement that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, to subjects to whom the data have been communicated or disseminated, except in the event that such obligation proves impossible or involves the use of means manifestly disproportionate to the protected right;
d.    data portability.
4. The data subject has the right to object wholly or in part:
a.    for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose for which the data were collected;
b.    to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.
5. The data subject has the right to request the restriction of processing.

You may exercise your rights by sending an email to privacy@duparcsuites.com or by sending a written request to the addresses specified above.

Pursuant to Article 77 of the GDPR, data subjects also have the right to lodge a complaint with the competent supervisory authority (the Italian Data Protection Authority) or to file a complaint pursuant to Article 144 of Italian Legislative Decree 101/201, whenever they consider that the processing of their personal data infringes applicable legislation. 

This policy is updated as at March 7th, 2023