Follow us Facebook Instagram

Call us +39 0461 772000

Write us +39 334 694 10 39

CUSTOMER INFORMATION 

pursuant to Article 13 of the GDPR – General Data Protection Regulation EU 2016/679

Version updated on 29/01/2025 

 

Dear Customer,

in compliance with Art. 13 and 14 of Regulation (EU) 2016/6791 – General Data Protection Regulation (GDPR), we would like to provide you with the following information regarding the processing of your personal data by Casa Raphael.

 

Data source

Data are provided directly by the data subject to the Data Controller or collected through other parties such as:

        OTA (Online Travel Agency);

        Traditional travel agencies;

        Associations, organisations, companies or individuals organising events or stays in our facility.

 

Data Controller

The data controller is RAPHAEL S.R.L., with head office in Piazza de Giovanni, 4 – 38050 Roncegno (TN)

Contacts:

  •       Email: info@casaraphael.com
  •       PEC [certified address]: casaraphael@pec.it
  •       * Telephone +39 0461/772000.

 

Data Protection Officer

The Data Protection Officer (DPO) designated, pursuant to Art. 37 of Reg. EU 2016/679, is Giovanni Poletto, at Studio Gadler S.r.l. – Via Graberi 12/A – 38057 Pergine Valsugana (TN)

Contacts:

  •       Email: dpo@studiogadler.it
  •       Telephone: +39 0461-512522

 

PURPOSE AND LEGAL BASIS OF PROCESSING

Data is processed for the following purposes: 

      Management of stay and legal obligations: the data collected are necessary to fulfil legal obligations, including the registration of guests with public security authorities (art. 109 of the T.U.L.P.S.).

      Check of availability and managing bookings: processing of quotes, management of accommodation requests.

      Management of registration and mandatory communications: registration activities at the facility and fulfilment of communications to public safety authorities.

      Execution of the requested services: provision of the hotel reception service and related contractual operations.

      Tax and accounting requirements: issuing receipts, invoices and related fulfilments.

      Surveys and evaluations: activities to collect feedback on the quality of services.

      Statistical reporting: legal requirements in the field of statistics.

      Litigation management: management of any legal disputes.

 

In order to provide the most appropriate services to meet specific needs, data of a special nature (formerly sensitive data), in particular relating to health conditions, may also be processed if communicated voluntarily by the guest. Such data may concern, for instance, special dietary needs, allergies, illnesses or accessibility requirements. In addition, guests are asked to report any specific illnesses to enable the provision of appropriate treatment and management of special health conditions.

 

Legal basis for processing
The processing of personal data is based on one of the following legal bases, pursuant to Article 6 of the GDPR:

    Performance of a contract: Personal data are required for the performance of a contract or for the adoption of pre-contractual measures (Art. 6 (1) (b) of the GDPR).

    Fulfilment of legal obligations: Personal data are processed to fulfil legal obligations to which the Data Controller is subject, such as registration with public security authorities (Art. 6 (1) (c) of the GDPR).

    Explicit consent: In the case of processing special data, such as health data, the explicit consent of the guest will be required (Art. 6 (1) (a) and Art. 9 of the GDPR).

    Legitimate interest of the Data Controller: The processing of data is necessary for the protection of the rights and legitimate interests of the Data Controller in the event of legal disputes (Art. 6 (1) (f) GDPR).

 

DATA PROCESSING AND STORAGE METHODS

Personal data will be processed electronically and manually, using appropriate methods to ensure data security and confidentiality. Data will be retained for as long as necessary to fulfil contractual and legal obligations and to resolve any disputes. In any case, the data will not be kept beyond the time limits provided for by the regulations in force.

 

RECIPIENTS OF PERSONAL DATA
Personal data may be communicated to external parties for the performance of activities instrumental to the management of the stay and related services, including:

    Public safety authorities, for the fulfilment of legal obligations (e.g. guest registration).

    Providers of technological services, e.g. online booking platforms, which process data exclusively on behalf of the Data Controller.

    Entities for tax, accounting or insurance obligations.

    Doctors or health personnel, in case of health emergencies, with the explicit consent of the guest.

 

Data retention

The data collected will be retained for a period of time necessary for the performance of the service and in any case for a period of time not exceeding the fulfilment of the purposes for which the data was collected (“retention limitation principle”, Art. 5, GDPR) and/or in accordance with the deadlines provided for by the applicable regulations and/or in accordance with specific requests, including the detection and protection against fraud or other illegal activities. A check on the obsolescence of retained data in relation to the purposes for which they were collected is carried out at least every year-end.

 

Place of processing.

Personal data will generally be processed within the European Union. The Data Controller will have the right to move the location of its computer archives to other non-European countries, guaranteeing from the outset that the transfer of data outside the EU will only be made to states that are able to offer a level of protection adequate to the standards laid down by the relevant legislation, in compliance with Art. 45, 46 and 49 of Reg. EU 2016/679.

 

Data subject’s rights with regard to data processing

Pursuant to Articles 15, 16, 17, 18, 19, 20, 21, and 77 of the EU Regulation, the Data Subject is hereby informed that 

      has the right to request access to, rectification, deletion or restriction of personal data concerning them, or to object to the processing of same, and the transfer to another data controller in the cases provided for; 

      any rectification or deletion or restriction of processing carried out at the request of the data subject – unless this proves impossible or involves a disproportionate effort – will be communicated by the writer to each of the processors to whom the personal data have been transmitted;

      has the right to lodge a complaint with the Privacy Authority, following the procedures and instructions published on the Authority’s official website at www.garanteprivacy.it

 

The exercise of rights is not subject to any formal constraints and is free of charge. 

Casa Raphael Whatsapp