HOUSEIN S.R.L. (the Data Controller) has always considered of fundamental importance the protection of personal data of its Customers and Users thus ensuring that the processing of collected personal data will be in full compliance with the European Data Protection Regulation no. 2016/679 (General Data Protection Regulation, hereinafter referred to as “GDPR”) and the additional applicable rules on the protection of personal data. With the term “personal data“, pursuant to art. 4 paragraph 1) of the GDPR, reference is made to “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”(hereinafter the” Personal Data “).
The GDPR provides that, before proceeding with the “processing” of Personal Data – with this term having to be understood, pursuant to art. 4 in paragraph 2) GDPR ” any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (hereinafter the”Processing”) – the Data Controller shall adequately inform the owner of Personal Data, i.e. “data subject“, about the reasons such data are requested for, how they will be used and whom they will be destined to.
For this reason, this Policy Privacy has the purpose of providing the User / Customers, in a simple and transparent manner, with all useful and necessary information so that the same can give his / her Personal Data in an informal manner, requesting and obtaining, at any time, clarifications and / or adjustments to the processing. In particular, in compliance with the Art. 13 GDPR, below we provide information on the Personal Data processing of Users/Customers, with the precise indication of the use that is made, of the parties to which the personal data are disclosed (“Recipient”), as well as the rights of Users. This Policy Privacy relates solely to the processing of data communicated by the User or otherwise obtained as a result of using the website with URL https://www.houseinmilano.com. The Policy is provided only for this Site and not for other websites that may be consulted by the User through links.
WHO WILL PROCESS PERSONAL DATA ?
The aforementioned addresses are those that you may use in order to exercise the “rights of control” over the Processing of your personal data, pursuant to Articles 15 to 22 of the GDPR, as better explained below.
FOR WHAT PURPOSE AND ACCORDING TO WHICH LEGAL BASIS THE PERSONAL DATA WILL BE PROCESSED?
The processing concerns the data of natural persons issued by the User / Customer for the purposes listed below.
Purpose, conditions for lawfulness and legal basis of reference:
Personal Data collected through this Site will be processed for the following purposes:
- management and execution of the relationship with the users of the Site / Customers (interested in searching for properties for short stays) and with Customers-Owners (interested in managing their property to the Data Controller): personal data voluntarily provided in e-mail and within the appropriate sections of the Site (name, surname, e-mail, telephone), as well as those provided voluntarily during calls made by the User / Customer to the contacts of the Data Controller, are acquired and processed as necessary to respond to requests sent and / or to be able to proceed with the provision of the booking / purchase services offered by the Data Controller, manage the related payments, execute the terms and conditions of the services offered (Article 6, paragraph 1, letter b) GDPR);
- fulfillment of legal obligations (tax,, accounting): in case of purchase of the services offered by the Data Controller and possible invoice request by Users / Customers, data (name, location, Tax code, VAT number, email, any data related to payments made and / or payment intermediaries) will be processed to comply with legal obligations on the matter (Article 6, paragraph 1, letter c) GDPR), for the subsequent registration of sales and invoices and the necessary requirements;
- obligations provided for by the “Consolidated Law on Public Security” (Article 109 RD 18.6.1931 No. 773 and subsequent amendments): the Data Controller is obliged to inform the Police Headquarters, for purposes of public security, the generality of the clients accommodated at their facility, according to the procedures established by the Ministry of the Interior (Decree of 7 January 2013);
- fulfillments required by the “Tourism 5” system, pursuant to Regional Law n. 27/15, art. 38 “Common provisions for hotel and non-hotel accommodation”, paragraph 8, which identifies the obligation for hotel and non-hotel accommodation facilities, including accommodation or portions of the same leased data for tourism purposes pursuant to the law of 9 December 1998 , n. 431, communication of tourist flows according to regional indications “: the Data Controller has the obligation to communicate to the Lombardy Region and ISTAT the personalities of customers staying at the facilities made available by the owner (in particular, nominative subject that books, citizenship, date of birth, nominative additional guests), according to the procedures established by law.
WHOM WILL THE PERSONAL DATA BE DISCLOSED TO?
It is specified that Personal Data may be disclosed in order to perform correctly all processing activities required to pursue the aforementioned purposes, not only to “Data Processors”, pursuant to art. 28 GDPR, since they perform part of the Processing activities on behalf of the Data Controller, but also to individuals (employees, trainees and/or collaborators) “authorized” by the Data Controller to process personal data, and to other third parties, including, beyond those already indicated in the Table, as a non-limiting example:
- service providers: Accountant, external consultants for management of the commercial and administrative sector, Lawyer, Insurance companies and insurance brokers, Service companies for the management programmes, IT manager, Provider for management of the IT system and telecommunications networks (including email, certified email), Server/cloud provider, Internet provider/Webmaster, Postal and transport services, Banks and payment intermediaries, third parties that cooperate with the Data Controller in carrying out the activity (including business partners);
- any Data Protection Officer (DPO) where appointed, the Company’s shareholders, the legal representative and/or members of governing bodies and, in any case, the managers designated by the Company (all, confined to their respective function and/or role); where required by law or by the Authorities, your data may be disclosed to public bodies or the Judicial Authority.
The complete list of recipients is available at the Data Controller’s offices, at the addresses indicated above.
HOW LONG PERSONAL DATA WILL BE STORED?
The Personal Data storage period is determined as follows:
- for the purposes referred to in points 1), the Personal Data of Users collected through this Site will be kept for 6 months from when the requested information has been provided, unless the further storage of data is necessary in order to proceed with the execution of the contract for the sale of services offered by the Data Controller and comply with legal obligations;
- for the purposes referred to in points 2), in case of purchase of the services offered by the Data Controller, the Personal Data processed to execute the contract and to fulfill legal obligations in the tax area will be retained up to 10 years from the conclusion and, in each case, from the tax return of the incomes to which the documents containing the data refer. In the case of judicial disputes, they will be retained up to 10 years from the relative conclusion with a judgment that has become final; in any case, any legitimate causes of suspension and / or interruption of the statutory limitation periods of law are reserved;
- for the purposes referred to in points 3) and 4) above, the Personal Data will be retained only for the time necessary to comply with legal obligations, including in the field of public security.
IS IT POSSIBLE TO REVOKE THE GIVEN CONSENT?
The User / Customer, pursuant to art. 7 co. 3 GDPR, has the right to revoke, at any time, the consent given for one or more specific purposes, without prejudicing the lawfulness of the treatment based on the consent given prior to the revocation. The withdrawal procedures are very simple: just contact the Data Controller using the contacts listed in this Policy.
WHAT ARE THE RIGHTS OF THE USER?
The User / Customer has the right to ask the Data Controller, in accordance with Articles 15/22 GDPR, to access to Personal Data, rectification, erasure (“right to be forgotten”), restriction of processing, oppose their processing, in addition to portability. The related requests, as well as any other questions related to this Policy, may be sent to the contacts of the Data Controller, as indicated above, attaching an identity document of the requesting party, for the purpose of their identification by the Data Controller.
The Users /Customers are entitled to lodge a complaint with the Data Protection Authority, the Supervisory Authority for the Protection of Personal Data (please see https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali)
WHERE AND HOW ARE THE PERSONAL DATA PROCESSED?
Personal Data will be processed within the territory of the European Union, at the offices where the Data Controller exercises his activity and they will not be transferred to a third country or an international organization. Should, for technical and/or operational reasons, or for the pursuit of legitimate interests, it become necessary to make use of subjects located outside the EU, we hereby inform you that the transfer of the personal data will be confined to the performance of specific activities and any transfer to non-EU Countries, in addition to cases in which this is guaranteed by the adequacy decisions of the European Commission, will be made in such a way as to provide appropriate and opportune guarantees pursuant in accordance with Articles 46, 47 and 49 of the GDPR.
Personal Data will not be subject to dissemination or to any fully automated decision making process, including profiling.
The processing of Personal Data will also take place with the aid of electronic means, as well as with the adoption of appropriate security measures for the protection of the Personal Data pursuant to Article 32 of the GDPR.
DOES THE USER HAVE THE OBLIGATION TO PROVIDE PERSONAL DATA?
The User / Customer must necessarily provide the Personal Data requested while surfing the Site for the purposes referred to in points 1), 2), 3) and 4), in order to receive the information he / she wishes and / or proceed shopping.
Please note that the Policy Privacy may be modified due to the introduction of new regulations and, consequently, Users/Customers are invited to periodically check this page.
Cookies are small text strings that the sites visited by the User send to his terminal (usually the browser), where they are recorded before being re-transmitted to the same sites at the next visit of the same user.
While surfing a site, the user can also receive cookies on their terminal sent from different websites or web servers (so-called “third parties”), on which some elements may exist (such as, for example, images, maps, sounds, specific links to pages of other domains) on the site that he is visiting. At each subsequent visit, cookies are sent back to the website that originated them (first-party cookies) or to another site that recognizes them (third-party cookies).
Cookies are useful because they allow a website to recognize the user’s device or the user, for example when accessing an IT system with authentication credentials.
Based on the function and purpose of use, the Privacy Authority has divided this computer tool into three types: technical cookies, profiling cookies, third-party cookies.
This site uses only technical cookies: they do not require the consent of the User. Among these, we point out the use of the following essential cookies:
– session cookies;
– cookies containing functions, without which it would not be possible to fully use the site;
– cookies for statistical purposes;
– cookies to store user choices such as the choice of data consent.
These cookies are used exclusively by us and therefore fall within the first-party cookies.
Essential cookies are used for example when accessing the private area (if any) or when selecting “Stay connected” before access. These cookies also facilitate the transition from http to https when changing pages, thus guaranteeing the security of transmitted data.
Also included in the sphere of technical cookies are those used to statistically analyze accesses or visits to the site, also called “analytics”, which only pursue statistical purposes (but not also marketing or profiling) and collect information in aggregate form. without the possibility of identifying the individual user.
These cookies can be deactivated and / or deleted through the settings of the system in use.