The purpose of this page is to describe how the portal is managed with reference to the lawful, correct, relevant, and inexcessive processing of users’ personal data.
The information is also provided pursuant to art. 13 of EU Regulation 679/16 (GDPR) to those who interact with the web services of Hotel della Fortezza Project Shaping Srls by browsing the hoteldellafortezza.com portal and/or by contacting us (by phone, online form or email at the addresses indicated on the site) and/or through our social media pages.
This Privacy Policy pertains only to the aforementioned sites and not for other websites that may be consulted by the user through any links.
The Data Controller is:
Project Shaping Srls
Strada vicinale dei Poggi 6/d 58015 Orbetello (GR)
p.IVA 01560600536
info@hoteldellafortezza.com
projectshapingsrl@legalmail.it
The list of data processors and those authorized to process user data can be consulted at the headquarters of the aforementioned owner.
Project Shaping Srls, as Data Controller, would like to inform you about which data it collects and how, in order to guarantee respect for your fundamental rights and freedoms, with particular reference to the confidentiality and security with which the collected data is treated.
The data processed by Project Shaping Srls consists of:
The computer systems and applications dedicated to the operation of our web portal detect, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) which can potentially be associated with identifiable users. The collected data includes the IP addresses and domain names of the computer of the users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the requests, the method used to submit the requests to the server, the size of the files obtained in response, the numerical code indicating the status of the responses given by the server (successful, error, etc.) and other parameters concerning the operating system, the browser and the IT environment of the user. This data is processed, for the time strictly necessary, for the sole purpose of allowing users to browseand to obtain anonymous statistical information on the use of the site and to check its regular functioning or to ascertain responsibility in the event of computer crimes. The provision of such data is mandatory as it is directly linked to the web browsing experience. The legal basis of this processing is represented by the legitimate interest of the owner to ensure the proper functioning of the computer systems and to proceed with the investigation of alleged computer crimes (also on the basis of the existence of a legal obligation).
Our web portal uses technical cookies and third party cookies which may collect user browsing data. The provision is mandatory with regard to the technical cookies which allow for navigation, while the third-party cookie provision is optional and requires explicit, free and informed consent. Cookies operate in order to analyze the effectiveness of the site and make it easier and more intuitive over time. For more information, go to our “Cookie Policy” page.
The user voluntarily provides its data in the following circumstances:
The optional, explicity and voluntary sending of emails to the addresses indicated on this portal entails the subsequent acquisition of the sender’s address, necessary to respond to requests as well as any other personal data included in the message. The legal basis is represented by the need to carry out pre-contractual measures adopted on the basis of your request.
The optional, explicit and voluntary sending of messages through Whatsapp, Facebook, Instagram, YouTube or other social media channels aimed at receiving information about our business or asking questions entail the subsequent acquisition of such data necessary to provide an answer to what is requested. This type of service allows you to interact with live chat platforms, managed by third parties, directly from the pages of this website. This allows the user to contact the website’s support service, or this website to contact the user while browsing the site’s pages.
In the event that an interaction service with live chat platforms is installed, it is possible that, even if the users engage such service, it collects usage data related to the pages in which it is installed. Additionally, live chat conversations may be recorded.
The legal basis is represented by the need to carry out pre-contractual measures adopted on the basis of user’s request.
The personal data sent in order to subscribe to our newsletter (consisting of the user’s e-mail address, name and surname) will be used for the purpose of periodically sending a newsletter containing information on our activities and projects. The data will be recorded in a protected electronic and/or computerized archive and treated in a completely confidential manner by Project Shaping Srls, the data controller, in full compliance with the law, through personnel specifically authorized to process user data.
For the delivery and management of the Newsletter, we use the service offered by MailChimp (The Rocket Science Group, LLC, 512 Means St., Suite 404 – 30318 – Atlanta, Georigia) and hereinafter simply “MailChimp”.
The collected data is stored on secure MailChimp servers.
Pursuant to the MailChimp privacy policy, your data will never be used directly by MailChimp nor sold to third parties. MailChimp uses appropriately authorized operators to maintain the service and in their exercise of this function they may have access to your data. In any case, the guarantees provided by the MailChimp privacy policy apply.
In relation to the purposes described below, when the administrator sends the newsletter, the data is retrieved using the tools made available by MailChimp and the newsletter will be sent through them.
The legal basis of the processing is your consent: we will use the requested data only with your authorization.
We specify that at any time, the user may exercise the rights recognized by the legislation and specified in the appropriate section called “Rights of the interested parties” by contacting the Data Controller directly. Finally, we remind you that each subscriber has the right to unsubscribe from the Newsletter at any time by clicking on the appropriate link indicated in the body of the Newsletter itself.
For online booking we use the “Beddy” booking engine, which is essential to check availability and allow autonomous booking of the services of interest. The Beddy software is owned by the Zucchetti Group, consisting of Zucchetti Spa and the subsidiaries, associates, investees thereof, and their relevant parent companies (via Solferino n. 1 – 26900 Lodi (LO), tel: 0371/5941; email: ufficio.privacy@zucchetti.it).
The personal data sent during the online booking (consisting of your e-mail address, telephone, name and surname, country, payment method) will be used for the sole purpose of completing your booking. The legal basis is represented by the need to carry out pre-contractual measures adopted on the basis of your request.
For credit card transactions, Beddy uses the SSL * secure payment system.
The collected data is stored on Beddy’s secure servers.
Your credit card details will be transferred, via a secure connection in SSL (Secure Socket Layer) encryption, for authorization and debit.
This system ensures that no one can in any way read the information sent over the Internet.
Pursuant to Beddy’s privacy policy, your data will never be used directly by Beddy nor sold to third parties. Beddy uses appropriately authorized operators to maintain the service and, in the exercise of this function, they may have access to user data. In any case, the guarantees provided by Beddy’s privacy policy apply.
The structure is equipped with a self check-in and home automation system called Keesy. Thanks to this service, you can check-in online from the comfort of your home and use the Keesy app to access the facility. Just download the app on your smartphone and you can enter whenever you want, in complete autonomy. The Keesy software is owned by the Zucchetti Group, consisting of Zucchetti Spa and the subsidiaries, associates, investees thereof, and their relevant parent companies (via Solferino n. 1 – 26900 Lodi (LO), tel: 0371/5941; email: ufficio.privacy@zucchetti.it).
The personal data sent during the online check-in (consisting of the user’s e-mail address, telephone, name and surname, country, payment method, and identity documents) will be used for the sole purpose of carrying out checks on the user’s identity, allowing the user to access the facility automatically with a mobile phone and paying the tourist tax. The legal basis is represented by the need to carry out pre-contractual measures adopted on the basis of your request.
For credit card transactions, Keesy uses the SSL * secure payment system.
The collected data is stored on secure Keesy servers.
Your credit card details will be transferred, via a secure connection in SSL (Secure Socket Layer) encryption, for authorization and debit.
This system ensures that no one can in any way read the information sent over the Internet.
Pursuant to Keesy’s privacy policy, user data will never be used directly by Kees, nor sold to third parties. Keesy uses appropriately authorized operators to maintain its service and, in the exercise of this function, they may have access to user data. In any case, the guarantees provided by the Keesy privacy policy apply.
The legal basis of the treatments indicated above is the user’s express and unambiguous consent, in the legitimate interest of the owner, in the fulfillment of legal and/or contractual obligations (pursuant to Article 6 of the GDPR) as specified above.
The collection and processing of the user’s personal data will be carried out exclusively for purposes strictly connected and instrumental to the evasion of requests promoted by email, telephone, contacts via social media channels as well as for potential fulfilments and obligations provided for by laws, regulations, community regulations or by provisions issued by authorities legitimated by law and by supervisory and control bodies and for anonymous and aggregate statistical purposes
User data will be processed using suitable tools to ensure its confidentiality, integrity and availability. The processing is carried out on paper and through information and/or automated systems and will include all the operations or set of operations provided for in art. 4 of the GDPR and necessary for the processing in question, including communication to the subjects in charge of the processing itself. The data in question will not be disseminated; instead, it may be communicated to subjects, public or private, operating within the scope of the purposes described above.
User data can only be accessed by authorized persons within the scope of the duties assigned by the Data Controller. For the purposes indicated, the data – or some of them – may also be accessible or may be communicated to subjects to whom the right to access personal user data is recognized by provisions of law or secondary or community legislation or as service providers. strictly connected to the management of the website (as Data Processors).
The management and storage of personal user data will take place on paper, duly stored in special locked archives and/or on servers located within the European Union by the Data Controller and third-party companies appointed and duly appointed as Data Processors. The data provided will not be transferred to third countries or international organizations and will not be disseminated.
The transmission of the user’s browsing data is mandatory to continue browsing this site.
The provision of user data to process the requests made by the user is necessary for this purpose.
The provision of data for the purpose of sending our newsletters is optional.
The provision of data resulting from the notification of an issue is optional.
If the user believes that we have not respected the rights regarding the protection of personal data, the user can contact the Guarantor Authority for the protection of personal data. Alternatively, if residing in another country, a user may contact the local Data Protection Authority.
This information may be subject to changes. Any substantial changes will be communicated by email or through our website.
Last updated 05/03/2022
Hotel della Fortezza
Piazza Cairoli, 9
58010 Sorano (GR)