FISGEST S.r.l. is committed to protecting and respecting the personal data of Clients and of anyone who relates to it, ensuring the compliance with current legislation such as the Regulation (EU) 2016/679 - General Data Protection Regulation (“GDPR”).
Where necessary, this notice may be supplemented by a form for the release of your consent pursuant to and for the purposes of art. 7 of GDPR.
The company that will process your Personal Data for the purposes referred to in the following article 3 of this Notice and which, therefore, will play the role of data controller according to the relevant definition contained in article 4 at point 7) of the Regulation, ‘’the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data’’ is:
FISGEST S.r.l. (or Boutique Hotel Stresa), Registered Office: Stresa (VB), Corso Umberto I, 21, operational office: Stresa (VB), Corso Umberto I, 21, registered at Italian Business Register of IT-Monte Rosa Laghi Alto Piemonte, tax and VAT number: 02687380036.
The Data Controller will process the Personal Data that are necessary for the execution of one or more contracts of which you are a party, or to process your requests even before the conclusion of a contract and to fulfill the legal obligations to which the Data Controller is subject (e.g. administrative, accounting and tax obligations) (GDPR, art. 6.1.c).
The Data Controller, subject to express consent, may request additional data for the following purposes:
a. Direct marketing: promotional and marketing activities performed by the Controller, through communications relating to services, products, initiatives and offers similar to those you have already received by the Controller. Communications may also include:
- Invitations to events, meetings and seminars identified as of specific interest to you organized by the Data Controller independently or in collaboration with third parties; in this case the data will also be used for consequent instrumental and/or complementary activities connected with registration for the Event;
- Newsletters, publications as well as any other type of information material of a professional nature identified as of specific interest to you, organized by the Data Controller independently or in collaboration with subjects third parties;
- Carrying out market research, conducting statistical surveys.
b. Indirect marketing: promotional and marketing activities performed by the Controller, through communications relating to services and products provided to you by third parties with whom the Controller has legal relations. Communications may also include:
- invitations to events, meetings and seminars: in this case the data will also be used for the consequent instrumental and/or complementary activities connected with the registration for the Event.
- newsletters, publications as well as any other type of professional information material identified as of its specific interest organized by the Data Controller independently or in collaboration with third parties (eg marketing agencies).
- Performing market research, conducting statistical surveys
c. Profiling: evaluation of your personal preferences, needs and consumer habits, also in relation to market surveys and statistical analysis. This data processing will be done to better understand your needs, to provide you customized offers and services and to offer you ever more relevant and competitive products and services.
Direct and Indirect marketing can be carried out both with traditional methods (e.g. paper mail, call from an operator, etc.) and with automated methods and/or assimilated (es. e-mail).
The processing of personal data for the purposes indicated in points b) and c) will be conditional on obtaining your consent pursuant to article 7 of the Regulations; the processing of personal data for the purposes indicated in point a) may, however, be carried out on the basis of the legitimate interest of the data controller, regardless of consent and in any case up to opposition to such processing.
In any case, to oppose the processing of data for the purposes referred to in the previous points, please refer to the methods referred to in point 11 of this information.
Your Personal data will be processed:
a. in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency so as to guarantee the security and confidentiality of data, through the adoption of the measures envisaged by article 32 of GDPR in order to preserve the integrity of the processed data and prevent access to the same by unauthorized parties
b. by authorised and specialized persons, by means of paper, IT and electronic tools and with any other type of suitable technology.
The data processed by the Controller will be personal data such as: name, surname, e-mail and phone numbers.
Personal Data will not be disclosed, i.e. it will not be disclosed to indeterminate subjects. Instead, they may be communicated to specific subjects considered recipients pursuant to and for the purposes of art. 4 point 9 of the Regulation.
In particular, in order to carry out the Processing correctly and pursue the purposes described above, the Personal Data may also be processed by the following recipients:
Personal data will be processed by the Controller within the EU.
In the event that any technical and/or operational reasons makes it necessary, it may be necessary to make use of subjects which are outside the EU. In this case, the Controller will designate these subjects as “Personal data Processor” as per GDPR, art. 28. Any transfer of Personal data outside EU will be done in compliance with the applicable laws. To protect your Personal data, appropriate guarantees will be adopted, including the “Adequacy Decisions” and the “Standard Contract Terms” approved by the European Commission.
Data will be retained by the Controller to the extent necessary and sufficient for the accomplishment of the purposes described in Art. 3 above, or until the termination of the relationship / withdrawal of consent with the Controller.
With reference to the purposes described in Art. 4 above, the Controller will process your Personal data until you communicate your will to revoke your consent to one or all of the purposes for which it was requested.
Under GDPR, you have rights we need to make you aware of. They are described in GDPR, art. 15-22. Here is a summary:
Your object to processing your Personal data for marketing purposes by automated means (e.g. email), will also be extended to the traditional means (e.g. paper mail), unless specific requests.
To execute any of these rights, please contact the Controller.
Finally, you have the right to lodge a complaint with a supervisory authority and the right to brigde if you think that the processing of your personal data is not compliant with the relevant laws.
It is always possible to withdraw your consent to receive commercial information from us by sending a written communication to the Controller by sending an email to: amministrazione@bhstresa.it
If the interested party identifies a violation of their rights, they can contact the competent supervisory authority pursuant to article 77 of the GDPR, without prejudice to the possibility of contacting the judicial authority directly.
Data Controller: FISGEST S.r.l. (or Boutique Hotel Stresa), Registered Office: Stresa (VB), Corso Umberto I, 21 operational office: Stresa (VB), Corso Umberto I, 21, registered at Italian Business Register of IT-Monte Rosa Laghi Alto Piemonte, tax and VAT number: 02687380036.
Email: amministrazione@bhstresa.it
The list of data processors and of authorised persons is kept at the Controller’s offices
This Privacy Notice may be changed. For update, we invite you to consult our websites and other channels made available by society.