Boutique Hotel Stresa

Privacy Policy

PRIVACY INFORMATION PURSUANT TO ART. 13 and ART. 14 – EU REGULATION 2016/679

1. Who we are and what is the purpose of this document

Fisgest S.r.l., the brand under which Boutique Hotel Stresa operates, guarantees that the processing of personal data takes place in full compliance with the regulations set up for this purpose, as most recently with Regulation (EU) 2016/679.
If necessary, this information may be supplemented by a form for the release of consent pursuant to and for the purposes of art. 7 of the Regulation, prepared on the basis of the use that will eventually be made of the Personal Data.

2. Who will process the Personal Data

The company that will process the Personal Data for the purposes referred to in the following article 3 of this Information and which, therefore, will play the role of Data Controller according to the relative definition contained in article 4 at point 7) of the Regulation, « the person natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data » is:
FISGEST S.r.l. (hereinafter also BOUTIQUE HOTEL STRESA) with registered and operational headquarters in Stresa (VB), Corso Umberto I, 21, registered with the Mone Rosa Laghi Chamber of Commerce, Industry, Crafts and Agriculture Upper Piedmont, Tax Code and VAT number n. 02687380036 (hereinafter the « Data Controller »).

3. The main purpose of using Personal Data – Legal basis for processing

The Data Controller, in order to allow the execution of one or more contracts or to allow the use of a specific service, needs to collect and process Personal Data. In particular, Personal Data will be processed for the purpose of correct management of the contractual relationship/service provision and, where envisaged, of the related obligations (administrative management, fulfillment of legal, accounting, tax and any other obligations in any case connected to the purposes above).

4. Additional purposes – Legal basis for processing

The Data Controller, subject to express consent, may request additional data for the following purposes:

  1. Direct marketing purposes: i.e. the will to carry out promotional and marketing activities through communications relating to services and products similar to those already used, initiatives and related offers. Communications may also include:
    • invitations to events: in this case the data will also be used for the consequent instrumental and/or complementary activities connected to the Event;
    • newsletters, publications as well as any other type of information material of a professional nature identified as of specific interest to you, organized by the Data Controller independently or in collaboration with third parties (e.g. marketing agencies);
    • carrying out market research, conducting statistical surveys.
  1. Indirect marketing purposes: i.e. the will to carry out, also through external communication agencies, promotional and marketing activities on behalf of third parties through communications relating to services and products provided by other subjects and with which the Data Controller maintains legal relationships. Communications may also include:
    • invitations to events: in this case the data will also be used for the consequent instrumental and/or complementary activities connected to the Event;
    • newsletters, publications as well as any other type of information material of a professional nature identified as of specific interest to you, organized by the Data Controller independently or in collaboration with third parties (e.g. marketing agencies);
    • carrying out market research, conducting statistical surveys.
  1. Profiling purposes: i.e. the desire to profile you through the evaluation of your preferences, needs and consumption habits, also in relation to market surveys and statistical analyses. This allows you to better understand the needs of your interlocutors, provide personalized, high-performance offers and services and, last but not least, offer increasingly relevant and competitive products and services.

With regard to these purposes, it is specified that marketing actions can be managed both through so-called methods. traditional (e.g. paper mail, telephone calls with an operator, etc.) and with automated and/or similar methods (e.g. e-mail).

The processing of personal data for the purposes indicated in points b) and c) will be conditional on obtaining your consent pursuant to art. 7 of the Regulation; the Processing of Personal Data for the purposes indicated in point a) may, however, be carried out on the basis of the legitimate interest of the Data Controller, regardless of consent and in any case up to opposition to this Processing.

In any case, to oppose the processing of data for the purposes referred to in the previous points, please refer to the methods referred to in point 11 of this information.

5. Methods of collecting Personal Data

Data processing:

  • will take place in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency in order to guarantee the security and confidentiality of the data, through the adoption of the measures envisaged by article 32 of the Regulation in order to preserve the integrity of the data processed and to prevent access to them by unauthorized parties.
  • it will be carried out by appointed and specialized personnel with paper, IT, electronic tools and with any other type of technologically deemed suitable support.

6. The categories of personal data collected

The Personal Data collected and processed by the Data Controller are data of a personal nature (by way of example and not limited to: name, surname, e-mail address, telephone number).

7. Possible communication of Personal Data

Personal Data will not be disclosed, i.e. it will not be disclosed to indeterminate subjects. Instead, they may be communicated to specific subjects considered recipients pursuant to and for the purposes of art. 4 point 9 of the Regulation.

In particular, in order to carry out the Processing correctly and pursue the purposes described above, the Personal Data may also be processed by the following recipients:

  • third parties who carry out part of the processing activities and/or activities connected to the same on behalf of the Data Controller, including for example: studies or companies in the context of assistance and consultancy relationships, external agencies for the management of marketing campaigns: before treatment, these subjects will be appointed as data processors;
  • employees, collaborators or consultants of the Data Controller who have been entrusted with specific Personal Data processing activities and identified as such, pursuant to art. 4 point, « Authorised Persons »;
    to judicial authorities or public bodies, where required by law.

8. Place of treatment and possible transfer outside the EU

Personal Data will be processed by the Data Controller within the territory of the European Union. If for technical and/or operational reasons it is necessary to make use of subjects outside the EU, the Data Controller will appoint them as data processors pursuant to and for the purposes of art. 28 of the Regulation, ensuring from now on that any transfer of data from outside the EU will take place in compliance with the applicable legal provisions. To protect the data in the context of these transfers, appropriate safeguards will be put in place, including adequacy decisions and standard contractual clauses approved by the European Commission.

9. Retention and deletion of data

Personal Data will be kept by the Data Controller only for what is necessary for the pursuit of the purpose described in point 3 above, or until the termination of the relationship / withdrawal of consent from the Data Controller.

10. What are the rights of the interested party

The interested party may at any time exercise the rights provided for by the articles from 15 to 22 EU Regulations 2016/679 including:

  • receive confirmation of the existence of your personal data, learn about the purposes of the processing or their scope of circulation and access their content;
  • update, modify and/or correct your personal data;
  • request cancellation, transformation into anonymous form, blocking of any data processed in violation of the law or limitation of processing;
  • oppose for legitimate reasons the processing of data, including profiling;
  • oppose the processing of data for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication;
  • revoke the consent, where given, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
  • receive a copy of the data provided and request that such data be transmitted to another data controller.

It should be emphasized that the interested party’s right to object to the processing of their personal data for commercial and marketing purposes carried out through automated contact methods also extends to traditional ones, without prejudice to the possibility for the interested party to exercise this right in part or, in this case, by opposing, for example, only to the sending of promotional communications made through automated tools.

To exercise the aforementioned rights, simply contact the Data Controller in the following ways:

11. How to withdraw consent

It is always possible to revoke consent by sending a written communication to the Data Controller by sending an e-mail to amministrazione@bhstresa.it.

If the interested party notices a violation of his rights, he can contact the competent supervisory authority pursuant to art. 77 of the GDPR, the possibility remains to apply directly to the judicial authority.

12. Contacts

The Data Controller is FISGEST S.r.l. (hereinafter also BOUTIQUE HOTEL STRESA) with registered and operational headquarters in Stresa (VB), Corso Umberto I, 21, registered with the Mone Rosa Laghi Chamber of Commerce, Industry, Crafts and Agriculture Upper Piedmont, Tax Code and VAT number n. 02687380036 – E-mail: amministrazione@bhstresa.it.

The list of data processors and data processors is kept at the headquarters of the Data Controller.

This information may be subject to changes. For each update, we invite you to consult our websites and the other channels made available by the company.