Back to top

Privacy

Privacy Policy

 

Information on the protection of personal data

Art. 13 of Reg. EU 2016/679

 

Pursuant to Article 13 of Reg. EU 2016/679 “General Regulation on Data Protection” below “Regulations”, company MASCAGNI S.r.l. with registered office in Via Vittorio Emanuele Orlando n. 90 – Postal code 00185 Rome c/o Hotel Mascagni, as Data Controller, is required to provide some information concerning the processing of personal data carried out within the domains: www.mascagnicollection.com, www.hotelmascagnirome.com, www.mascagnihotelrome.it, www.www.mascagniluxuryrooms.com, and directly in the hotel.

 

For the purpose of this information sheet, the following definitions apply:

1) “personal data“: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2) “processing“: any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;

3) “restriction of processing“: the marking of stored personal data with the aim of limiting their processing in the future;

4) “data controller“: the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his designation may be established by Union or Member State law;

5) “data processor“: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

6) “recipient“: a natural or legal person, public authority, service or another body that receives personal data, whether it is a third party or not. However, public authorities that may receive communication of personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as recipients; the processing of such data by these public authorities complies with the applicable data protection rules according to the purposes of the processing;

7) “data subject’s consent“: any consent of the data subject that is given freely, specific, informed and unambiguous, indication of the data subject’s wishes by which they, via a statement or by a clear affirmative action, agree to the processing of their personal data;

8) “personal data breach“: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

9) “Person in charge of the processing”: the individual authorised to perform processing operations by the data controller or processor;

10) “domain“: the domain, reachable through the world wide web service of the Internet, consisting of data, applications, for the transmission and possible collection of information.

 

I. NATURE OF THE DATA PROCESSED

The following personal data may be processed: name, surname, place and date of birth, document no., telephone numbers, e-mail and other necessary to transit in our establishment, with respect to which your consent to processing will be required, where provided by the Regulation. At any time, you can express your rights as reported in paragraph XI.

 

II. PURPOSE OF DATA PROCESSING

Personal data will be processed for:

1) management of the relationship with the Company: specifically, in order to design and provide personalised assistance services in our establishment;
2) purposes strictly connected and instrumental to the management of the aforesaid relationship (i.e. for the acquisition of pre-contractual information and to execute the services and operations, as contractually agreed);
3) purposes of analysing the information obtained for the purpose of proposing, by sending promotional information, including electronic, on goods and services deemed of interest to you always with your specific consent);
4) purposes relating to the monitoring of relations with customers and contracted services;
5) purposes related to the legal obligations and the requirements of the Authorities or the Supervisory bodies;
6) comply with what is required by law.

The data will be retained only for the closure of the registration procedures and completion of the accounting situation, after which, if the customer has not expressed the desire to remain updated on the activities of our establishment, they will be deleted.

 

III. DATA PROCESSING METHODS

In relation to the aforementioned purposes, the data you provide electronically by filling in the forms provided on our website, will be processed electronically and processed by special computer procedures in order to customise the services that the Company is able to offer you.

Data will be processed in such a way as to guarantee its logical and physical security and confidentiality and may be carried out using manual, computerised and electronic tools designed to store, transmit and share the data to the persons in charge.

The processing logics will be strictly correlated to the illustrated purposes, in particular your data subject to all the processes envisaged by the contract, will be stored and/or processed through specific IT procedures, and processed:

– by the business units responsible for managing the aforementioned activities, or those authorised to carry out those necessary for the maintenance and/or execution and/or conclusion of the relationship established with you;

– by natural or legal persons who, by virtue of a contract with the Company, provide specific processing services or perform related, instrumental or support activities to those of the Company itself.

The data will be processed mainly with manual, electronic, IT and electronic tools with logic strictly related to the purposes indicated above and will be stored both on computer media and on paper and on any other type of support, in compliance with the security measures pursuant to of the articles 32 and 35 of the Regulation.

Your data will be kept for the period prescribed by the legislation in force and, in any case, until the purposes mentioned above are reached, and then they will be deleted. With your explicit consent your data may be stored for a maximum period of 5 years from the last visit for a quicker reception at our establishment.

 
IV. COMMUNICATION OF DATA

Your data will be or may be disclosed to third parties, subject to the relevant consent in accordance with the law, such as:

1) Banks in charge of settling payments according to the agreed methods;
2) Insurance institutions for the definition of any claims for damages;
3) Authorised bodies or agencies for the fulfilment of their obligations within the limits of the provisions of law;
4) organisations belonging to the group to improve the quality of services that the Company is able to offer;
5) Natural or legal persons who, by virtue of a contract with the Company, provide specific processing services or perform related, instrumental or support activities to those of the Company itself.

Our website contains hypertext links that constitute communication to other domains; however, the Company is not liable for any breaches of data protection to your detriment from other sites that may have fraudulently cloned our web page or fail to comply with the provisions of EU Regulation 2016/679.

V. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION

The provision of data is not mandatory, but is essential for the proper fulfilment of pre-contractual or contractual obligations, and in general to perform all the obligations required by law. Any refusal to provide personal data, or to give consent to their processing or their communication to the individuals belonging to the aforementioned categories, will result in difficulties in the execution of any contractual relationships between you and our Company, as well as the use of associated services.

 

VI. PERSONS TO WHOM PERSONAL DATA MAY BE DISCLOSED

Personal data related to the processing in question may be disclosed to:

accounting companies, insurance companies; service companies including those for information technology for internet communication; service companies, including those for renting road vehicles, airline reservations, entertainment, etc. to allow the execution of the services requested by the Customer, for filing procedures, for printing correspondence and for managing incoming and outgoing mail; companies in charge of fraud control, credit recovery and the recognition of credit and insolvency risks, to Public Administrations, pursuant to the law.

Without the data subject’s consent to the disclosure of data to the aforementioned companies and to the related processing, the Company may only proceed with those operations and services that do not require consent since already implicit and authorised by law. No data will be transmitted to outsiders or to non-EU subjects.

 

VII. CHANGES TO DATA PROCESSING

You are entitled at any time to revoke your consent to the processing of your data by activating the cancellation procedure or modifying the processing. Obviously, cases of cancellation may result in termination of the contract and services if in place.

If you would like the processing of your data to be modified above, you can send an email to privacy@hotelmascagni.com or send a fax with a photocopy of your identity document, which will be immediately destroyed, with the following text: “cancellation/restriction/rectification/opposition of consent to the processing of all (or indicate which) my personal data”.

 

VIII. DATA CONTROLLER

The data controller is MASCAGNI S.r.l. with registered office in Via Vittorio Emanuele Orlando n. 90 – Postal code 00185 Rome c/o Hotel Mascagni. The list of the External Companies responsible for particular processes will be kept updated and will be sent to you on specific request. It will also be made available at the offices of the Company.

IX. DATA PROCESSORS

The updated list of persons responsible for specific processing operations referred to above is at your disposal at the offices of the Company.

X. DATA PROTECTION OFFICER – DPO

The company has appointed Mr. Luca Lestingi as DPO (Data Protection Officer). Any report of violation of the rights of the data subject can be communicated to info@progettosavi.eu

 

XI. RIGHTS OF DATA SUBJECTS

In relation to the processing of personal data, the data subject has the right, pursuant to the Regulations (articles fully reported in the annex):
a) The data subject has the right to receive information according to article 13;
b) The data subject has the right to obtain confirmation from the data controller that processing of their personal data is in progress and, in such case, to obtain access to the personal data and information according to art. 15;
c) The data subject shall have the right to obtain from the data controller the correction of inaccurate personal data, concerning him or her, without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement according to art. 16;
d) The data subject has the right to obtain from the data controller the deletion of personal data concerning him or her without undue delay and the data controller is obliged to cancel the personal data according to article 17 without undue delay;
e) The data subject has the right to obtain from the data controller the restriction of processing according to article 18;
f) The data controller shall inform each of the recipients to whom the personal data have been transmitted of any corrections or cancellations or limitations on the processing carried out pursuant to articles 16, 17, 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject about said recipients upon the data subject’s request according to art. 19;
g) The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the original data controller according to art. 20;
h) The data subject has the right to object at any time, for reasons connected with his/her particular situation, to the processing of personal data concerning him/her pursuant to article 6, par. 1, lett. e) or f), including profiling on the basis of these provisions. The Data Controller will refrain from further processing of the personal data except whereby it is possible to demonstrate the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and liberties of the Data Subject or for the assessment, exercise or the defence of a right in court according to art. 21;
i) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her according to art. 22;

 

XII. CONTACTS

If you would like more information on the processing of your personal data, or want to report a problem or file a complaint, you can send an email to privacy@hotelmascagni.com. You can contact us at the same address or by phone at +39 06 48904040 also to have answers regarding the management of information by the Company. Before providing answers, we will need to verify your identity and have you answer some questions. Our reply will be provided as soon as possible.

 

Rome, 25.05.2018

 

 

Reg. EU 2016/679

Article 4 – Definitions

For the purposes of this Regulation, the following definitions shall apply:

1) “personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2) “processing”: any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction; […]

11) “data subject’s consent”: any consent of the data subject that is given freely, specific, informed and unambiguous, indication of the data subject’s wishes by which they, via a statement or by a clear affirmative action, agree to the processing of their personal data; […]

 

Article 6 – Lawfulness of processing
1. Processing shall be lawful only if and to the extent that at least one of the following applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by a controller or third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. [ … ]

 

Article 13 – Information to be provided upon data collection from the data subject
1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
a) the identity and the contact details of the controller and, where applicable, of the controller’s representative;
b) the contact details of the data protection officer, where applicable;
c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
d) where the processing is based on point (f) of Article 6, paragraph 1, the legitimate interests pursued by the controller or by a third party;
e) the recipients or categories of recipients of the personal data, if any;
f) where applicable, the intention of the controller to transfer personal data to a third country or to an international organisation and the existence or absence of an adequacy decision by the Commission or, in the case of transfers referred to in Article 46 or 47, or the second sub paragraph of Article 49, the reference to appropriate or opportune safeguards and the means of obtaining a copy of such data or the place where it was made available.
2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
b) the data subject’s right to request the Data Controller for access to and rectification or erasure of personal data or the restriction of processing the data concerning the data subject or to object to the processing, as well as the right to data portability;
c) where the processing is based on article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to such withdrawal;
d) the right to lodge a complaint with a supervisory authority;
e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data;
f) the existence of an automated decision-making procedure, including profiling and per article 22, paragraph 1 and 4 and, at least in such cases, significant information regarding the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.

 

Article 15 – Right of access by the data subject
1. The data subject has the right to obtain confirmation from the data controller that processing of their personal data is in progress and, in such case, to obtain access to the personal data, and the following information:
a) purposes of processing;
b) categories of personal data concerned;
c) recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations;
d) wherever possible, storage period of personal data provided, or if that is not feasible, the criteria used to determine said period;
e) the existence of the right of the data subject to request the data controller’s rectification, deletion of personal data, or restriction of processing of the personal data concerning him/her, or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) whereby the personal data is not collected from the data subject, any available information regarding its source;
h) the existence of an automated decision-making procedure, including profiling and per article 22, paragraph 1 and 4 and, at least in such cases, significant information regarding the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data is transferred to a third country or international organization, pursuant to Article 46 of the Regulation, the Data Subject shall have the right to be informed of the existence of appropriate safeguards relating to such transfer.
3. The Data Controller shall provide a copy of the personal data undergoing processing.

For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

 

Article 16 – Right to rectification

The data subject shall have the right to obtain from the data controller the correction of inaccurate personal data, concerning him or her, without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

Article 17 – Right to erasure (“right to be forgotten”)
1. The data subject shall have the right to obtain the cancellation of personal data concerning him or her by the data controller without undue delay and the data controller must delete such personal data without undue delay where one of the following grounds applies:
a) personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) the data subject withdraws the consent on which the processing is based, according to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), and where there is no other legal purpose for the processing;
c) The data subject objects to the processing pursuant to article 21, paragraph 1, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, paragraph 2;
d) personal data has been unlawfully processed;
e) personal data must be deleted for compliance with a legal obligation, required by the Union or Member State law, to which the data controller is subject;
f) personal data has been collected in relation to the offer of services of the information company referred to in article 8, paragraph 1.
2. The data controller, if he/she has made public personal data and is obliged, pursuant to paragraph 1, to delete them, taking into account the available technology and implementation costs, takes reasonable measures, including technical ones, to inform data controllers who are processing personal data of the request of the data subject to delete any link, copy or reproduction of his/her personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) For exercising the right of freedom of expression and information;
b) For the fulfilment of a legal obligation requiring processing required by Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest, or in exercising the official authority vested in the data controller;
c) for reasons of public interest in the area of public health in accordance with letters (h) and (i) of article 9, paragraph 2 as well as article 9, paragraph 3;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 paragraph 1 in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise, or defence of legal claims

 

Article 18 – Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the interested party opposes the erasure of the personal data and requests instead the restriction of their use;
c) although the data controller no longer needs the personal data for processing purposes, the personal data are required by the data subject to ascertain, exercise or defend a right in court;
d) the data subject is opposed to the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the data controller’s legitimate reasons to override those of the data subject.
Where the processing has been restricted pursuant to paragraph 1, such personal data shall, with the exception of conservation, only be processed with the data subject’s consent or for the establishment, exercise, defence of legal claims, protection of the rights of another natural or legal person, or for reasons of significant public interest of the Union or a Member State.
A data subject who has obtained a processing restriction, pursuant to paragraph 1, shall be informed by the data controller before the processing restriction is lifted

 

Article 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing

The data controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with article 16, article 17, paragraph 1, and article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about said recipients upon the data subject’s request.

 

Article 20 – Right to data portability
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) The processing is based on consent pursuant to article 6, paragraph 1, letter a), or article 9, paragraph 2, letter a), or on a contract pursuant to article 6, paragraph 1, letter b); and
b) the processing is carried out by automated means.
In exercising his or her right to data portability according to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
The exercise of the right referred to in paragraph 1 of this article shall not affect the provisions of article 17. Such right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others

 

Article 21 – Right to object
1. At any time, the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is based on article 6, paragraph 1, letters e) or f), including profiling based on those provisions.

The data controller will refrain from further processing of the personal data except whereby it is possible to demonstrate the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and liberties of the data subject or for the assessment, exercise or the defence of a right in court.

2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information no later than the time of the first communication with the data subject.
5. Within the context of the use of information services company, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
6. Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89, paragraph 1, the data subject, based on his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

For the full text of EU regulation 2016/679 consult the website of the Data Protection Authority.

promotions
Do not miss the opportunity to stay in the center of Rome at the best rates: take advantage of our unbeatable offers!
Long Stay Offer
Mascagni Dependance
Rome wasn't built in a day! Take advantrage of our "long stay offer" to live in relax the Eternal City. Minimum stay 5 nights, prepaid rate, non-refundable.
Long Stay Offer
Mascagni Hotel
Rome wasn't built in a day! Take advantrage of our "long stay offer" to live in relax the Eternal City. Minimum stay 5 nights, prepaid rate, non-refundable.
Early Booking Offer
Mascagni Dependance
Special Early Booking Offer.
Early booking Offer
Mascagni Hotel
Special Early Booking Offer. Minimum stay 3 nights. This rate is non-refundable.
Now or never
Mascagni Dependance
A special price for our Suite in the Luxury Dependance: 30% off on the third night.
Honeymoon Package
Mascagni Dependance
A memorable day, in the Eternal City.
Vatican Museum Package
Mascagni Dependance
Honeymoon Package
Mascagni Hotel
A memorable day, in the Eternal City.
Vatican Museum Package
Mascagni Hotel