Privacy policy

1. 1. Who we are and purpose of this document

FISGEST S.r.l. is committed to protecting and respecting the personal data of Clients and of anyone who relates to it, ensuring the compliance with current legislation such as the Regulation (EU) 2016/679 - General Data Protection Regulation (“GDPR”).

Where necessary, this notice may be supplemented by a form for the release of your consent pursuant to and for the purposes of art. 7 of GDPR.

2. 
   2. Who will process your Personal data

The company that will process your Personal Data for the purposes referred to in the following article 3 of this Notice and which, therefore, will play the role of data controller according to the relevant definition contained in article 4 at point 7) of the Regulation, ‘’the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data’’ is:

FISGEST S.r.l. (or Boutique Hotel Stresa), Registered Office: Stresa (VB), Corso Umberto I, 21, operational office: Stresa (VB), Corso Umberto I, 21, registered at Italian Business Register of IT-Monte Rosa Laghi Alto Piemonte, tax and VAT number: 02687380036.

3. 
   3. Personal data processing purposes

The Data Controller will process the Personal Data that are necessary for the execution of one or more contracts of which you are a party, or to process your requests even before the conclusion of a contract and to fulfill the legal obligations to which the Data Controller is subject (e.g. administrative, accounting and tax obligations) (GDPR, art. 6.1.c).

4. 
   4. Additional purposes

The Data Controller, subject to express consent, may request additional data for the following purposes:

a. Direct marketing: promotional and marketing activities performed by the Controller, through communications relating to services, products, initiatives and offers similar to those you have already received by the Controller. Communications may also include:

- Invitations to events, meetings and seminars identified as of specific interest to you organized by the Data Controller independently or in collaboration with third parties; in this case the data will also be used for consequent instrumental and/or complementary activities connected with registration for the Event;
- Newsletters, publications as well as any other type of information material of a professional nature identified as of specific interest to you, organized by the Data Controller independently or in collaboration with subjects third parties;
- Carrying out market research, conducting statistical surveys.

b. Indirect marketing: promotional and marketing activities performed by the Controller, through communications relating to services and products provided to you by third parties with whom the Controller has legal relations. Communications may also include:

- invitations to events, meetings and seminars: in this case the data will also be used for the consequent instrumental and/or complementary activities connected with the registration for the Event.
- newsletters, publications as well as any other type of professional information material identified as of its specific interest organized by the Data Controller independently or in collaboration with third parties (eg marketing agencies).
- Performing market research, conducting statistical surveys

c. Profiling: evaluation of your personal preferences, needs and consumer habits, also in relation to market surveys and statistical analysis. This data processing will be done to better understand your needs, to provide you customized offers and services and to offer you ever more relevant and competitive products and services.

Direct and Indirect marketing can be carried out both with traditional methods (e.g. paper mail, call from an operator, etc.) and with automated methods and/or assimilated (es. e-mail).

The processing of personal data for the purposes indicated in points b) and c) will be conditional on obtaining your consent pursuant to article 7 of the Regulations; the processing of personal data for the purposes indicated in point a) may, however, be carried out on the basis of the legitimate interest of the data controller, regardless of consent and in any case up to opposition to such processing.

In any case, to oppose the processing of data for the purposes referred to in the previous points, please refer to the methods referred to in point 11 of this information.

5. 
   5. Personal data processing methods

Your Personal data will be processed:

a. in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency so as to guarantee the security and confidentiality of data, through the adoption of the measures envisaged by article 32 of GDPR in order to preserve the integrity of the processed data and prevent access to the same by unauthorized parties

b. by authorised and specialized persons, by means of paper, IT and electronic tools and with any other type of suitable technology.

1. 6. Categories of Personal data

The data processed by the Controller will be personal data such as: name, surname, e-mail and phone numbers.

7. 
   7. Recipients or categories of recipients of your Personal data

Personal Data will not be disclosed, i.e. it will not be disclosed to indeterminate subjects. Instead, they may be communicated to specific subjects considered recipients pursuant to and for the purposes of art. 4 point 9 of the Regulation.

In particular, in order to carry out the Processing correctly and pursue the purposes described above, the Personal Data may also be processed by the following recipients:

• Third parties who carry out part of the data processing and / or activities related to them on behalf of the Controller, including for example: studies or companies in the context of assistance and consultancy relationships, agencies external for managing marketing/commercial campaign; prior to processing, these third parties will be appointed as “Data processors”.
• Employees, collaborators or individual consultants of the Controller, to whom specific processing activities have been assigned; these persons are identified as “Authorised persons”.
• Legal authorities and other public authorities, where required by law.

8. 
   8. Where the Personal data are processed. Transfer of Personal data to third countries or international organisations.

Personal data will be processed by the Controller within the EU.

In the event that any technical and/or operational reasons makes it necessary, it may be necessary to make use of subjects which are outside the EU. In this case, the Controller will designate these subjects as “Personal data Processor” as per GDPR, art. 28. Any transfer of Personal data outside EU will be done in compliance with the applicable laws. To protect your Personal data, appropriate guarantees will be adopted, including the “Adequacy Decisions” and the “Standard Contract Terms” approved by the European Commission.

9. 
   9. Retention period of your Personal data

Data will be retained by the Controller to the extent necessary and sufficient for the accomplishment of the purposes described in Art. 3 above, or until the termination of the relationship / withdrawal of consent with the Controller.

With reference to the purposes described in Art. 4 above, the Controller will process your Personal data until you communicate your will to revoke your consent to one or all of the purposes for which it was requested.

10. 
    10. Your data protection rights

Under GDPR, you have rights we need to make you aware of. They are described in GDPR, art. 15-22. Here is a summary:

• Your right of access (art. 15 GDPR). You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access your personal data and ask to us a copy of your personal data.
• Your right to rectification (art. 16 GDPR). You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure (art. 17 GDPR). You have the right to ask us to erase your personal information in certain circumstances (“right to be forgotten”).
• Your right to restriction of processing (art. 18 GDPR). You have the right to ask us to restrict the processing of your information in certain circumstances.
• Your right to data portability (art. 20 GDPR). This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
• Your right to object to processing (art. 21 GDPR). You have the right to object to processing for legitimate reasons, including, direct and indirect marketing, surveys, profiling.
• Your right to not be subject to a decision based solely on automated processing, including profiling, in certain circumstances (art. 22 GDPR).
• Your right to withdraw your consent at any time (art. 7, para 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before the withdrawal.

Your object to processing your Personal data for marketing purposes by automated means (e.g. email), will also be extended to the traditional means (e.g. paper mail), unless specific requests.

To execute any of these rights, please contact the Controller.

• by e-mail: amministrazione@bhstresa.it
• by phone: +39 0323 086753

Finally, you have the right to lodge a complaint with a supervisory authority and the right to brigde if you think that the processing of your personal data is not compliant with the relevant laws.

11. 
    11. Further methods to object to processing your Personal data for marketing purposes

It is always possible to withdraw your consent to receive commercial information from us by sending a written communication to the Controller by sending an email to: amministrazione@bhstresa.it

If the interested party identifies a violation of their rights, they can contact the competent supervisory authority pursuant to article 77 of the GDPR, without prejudice to the possibility of contacting the judicial authority directly.

12. 
    12. Contacts

Data Controller: FISGEST S.r.l. (or Boutique Hotel Stresa), Registered Office: Stresa (VB), Corso Umberto I, 21 operational office: Stresa (VB), Corso Umberto I, 21, registered at Italian Business Register of IT-Monte Rosa Laghi Alto Piemonte, tax and VAT number: 02687380036.

Email: amministrazione@bhstresa.it

The list of data processors and of authorised persons is kept at the Controller’s offices

This Privacy Notice may be changed. For update, we invite you to consult our websites and other channels made available by society.