Informativa sulla privacy

Spot Hotels Srl always pays great attention to the processing of data and security procedures, constantly develops and updates its internal measures to ensure an increasingly high standard to those affected by the treatment. By confirming your data to us you will get continuous updates on the best offers of products and services of our partners, as more below well indicated we will contact you as long as you interact with our communications, opening them or clicking on the links within them, or joining our offers or those of our partners. After 12 months of inactivity you will be automatically removed from our lists and your personal information will be deleted. You will always be able to sign up again. 
Pursuant to Article 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR), SPOT HOLTELS SRL has the obligation to inform the Data Subject, in case of direct collection of his/her data, about the basic elements of the processing, so we inform you about the following:
Identification details of the Owner, the Manager 
The Data Controller is Spot Hotels Srl with registered office at Via Camillo Cavour, 29 – 50129 Florence (FI) and P. IVA 07112600486, contactable at the e-mail address info@spothotels.it. 

Rights of the Interested Party
Your rights under the GDPR include those of:
·       Access to your personal data and information about them 
·       A request to the Data Controller for your personal data in a structured, machine-readable format, including for the purpose of communicating such data to another Data Controller 
·       Correction of inaccurate data or supplementation of incomplete data
·       deletion of personal data about you
·       restriction of the processing of your personal data 
·       Opposition at any time to the processing of your personal data upon the occurrence of special situations concerning you
·       revocation of consent at any time, regarding common personal data (e.g., date and place of birth or place of residence), or sensitive data (e.g., data revealing your racial origin, political opinions, religious beliefs, health status, or sex life); processing based on consent and carried out prior to revocation of consent retains, however, its lawfulness
·       complaint to the Italian Data Protection Authority at protocollo@pec.gpdp.it or specific request to SPOT HOTELS SRL at the e-mail address info@spothotels.it; the Data Controller will analyze the legitimacy of the request and, if necessary, proceed with sending your data in the possession of SPOT HOTELS SRL within 30 days

Type of data processed
·       first and last name
·       contact information (e-mail, phone number)
·       IP address
·       tax code
·       date and place of birth
·       address of residence and/or domicile
·       consumption preferences
·       ID type and number and place of issuance of the document;
·       bank details

Purpose of data processing 
The lawfulness of data processing is the legitimate interest of the Data Controller according to the rules of the European Union and according to Italian law for the following purposes:
·       protection of contractual rights
·       Regulatory obligations, accounting and tax compliance
·       legal protection
The lawfulness of data processing is the express consent of the data subject according to the rules of the European Union and according to Italian law for the following purposes:
·       Commercial and promotional activities that include communications via email, text message, telephone, automated voice call and in general through telematic tools;
Personal data will be processed lawfully, fairly and transparently towards the Data Subject and collected for specified, explicit and legitimate purposes, and subsequently processed in a manner that is not incompatible with those purposes .
 
Methods of data processing
Personal data will be processed in paper, computerized and telematic form and entered into relevant databases that can be accessed by the Authorized Data Processors.
Processing may also be carried out by third parties who provide specific processing, administrative or instrumental services necessary to achieve the above purposes.
All data processing operations are implemented in a manner that ensures the integrity, confidentiality, and availability of personal data.
The data will be processed by the data processors in the same manner and for the same purposes. The Data Controller supervises the work of the data processors.

Consequences of non-disclosure of personal data
Failure to provide personal data prevents the relationship from being finalized, as it is a necessary requirement for the conclusion of the contract itself. Similarly, without your consent we could not perform the service you are registering for as we cannot contact you directly or through our partners.

Data retention
Your personal information, which is processed for the purposes stated above, will be kept as long as you show interest in our and our partners’ communications (including those sent through our data processors). Specifically, such interest is shown by opening emails we send, answering calls, clicking on links in communications, and purchasing products or services.  In the absence of such actions, after a period of twelve months from the last interaction, we will delete your data from our communication lists and, thereafter, we will retain it only for as long as the Data Controller is subject to retention obligations for tax or other purposes, provided, by law or regulation. It is understood that you can always request an early deletion or revoke consent in the ways indicated in this notice.

Target audience
Your personal information may be disclosed to:
·       Consultants, accountants, or attorneys providing functional services for the above purposes
·       Banking and insurance institutions that provide functional services for the above purposes
·       Internal parties within the company who process the data 
·       Subjects external to the company, such as clients/potential clients, customers/giveaways, contractors/suppliers for the purposes envisaged by the processing
·       Judicial or administrative authorities, for the fulfillment of legal obligations
·       Business partners acting as data controllers

Data Profiling and Dissemination
Your personal data are not subject to dissemination or any fully automated decision-making process, including profiling.