privacy policy en

The present information is provided in compliance with Article 13 of Regulation 2016/679 (GDPR), pursuant to Article 13 of Legislative Decree no. 196/2003 (Personal Data Protection Code), and relates to all personal data processed in the manner indicated below. Data Controller The Data Controller of the Personal Data collected is: Mina srl Operating Office:VIA DI TIGLIO 109 –55100 – LUCCA (LU) Email address of the Data Controller:info@hotelbernardino.com Types of Data Collected Complete details on each type of data collected are provided in the dedicated sections of this privacy policy. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the site. Unless otherwise specified, all Data requested is mandatory. If the User refuses to provide them, it may be impossible to provide the Service. In cases where some data is optional, Users are free to refrain from communicating such Data without affecting the availability of the Service or its operation. Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller. Any use of Cookies or other tracking tools by the site or the third-party service owners used by this site, unless otherwise specified, is intended to provide the Service requested by the User. The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through the site and guarantees that they have the right to communicate or disseminate them, relieving the Data Controller of any responsibility towards third parties. METHODS AND LOCATION OF DATA PROCESSING Purpose of Data Collection User data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Newsletter, Personalized Advertising, Accounting, Content and Functionality Performance Testing, Interaction with Social Networks and External Platforms, Viewing Content from External Platforms, and Interaction with Data Collection Platforms and other Third Parties. To obtain further detailed information on the purposes of the processing and on the Personal Data relevant to each purpose, the User may refer to the relevant sections of this document. Processing Methods The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to external parties (such as administrative, commercial, marketing, legal personnel, and system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) appointed as Data Processors by the Data Controller if necessary. The updated list of Data Processors can always be requested from the Data Controller. Legal Basis of Processing The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

• The User has given consent for one or more specific purposes;
• The processing is necessary for the execution of a contract with the User and/or for pre-contractual measures;
• The processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
• The processing is necessary for the performance of a task carried out in the public interest or the exercise of public authority vested in the Data Controller;
• The processing is necessary for the legitimate interest pursued by the Data Controller or by third parties.

It is always possible to request the Data Controller to clarify the concrete legal basis of each processing and, in particular, to specify whether the processing is based on the law, provided by a contract, or necessary to conclude a contract. Location The Data is processed at the operational headquarters of the Data Controller and in any other location where the parties involved in the processing are located. For further information, contact the Data Controller. The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the location of the processing, the User may refer to the section relating to details on the processing of Personal Data. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization of public international law or constituted by two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data. If any of the transfers described above takes place, the User can refer to the respective sections of this document or request information from the Data Controller by contacting them at the contact details provided at the beginning. Retention Period Data is processed and stored for the time required by the purposes for which it was collected:

• Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will be retained until the execution of that contract is completed.
• Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until the satisfaction of that interest. The User may obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the processing is based on the User’s consent, the Data Controller may retain Personal Data longer until such consent is revoked. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, Personal Data will be deleted. Therefore, at the end of this period, the right of access, deletion, rectification, and the right to data portability can no longer be exercised. Details on the Processing of Personal Data Personal Data is collected for the following purposes and using the following services:

• Mailing List or Newsletter By registering to the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, may be sent. The User’s email address may also be added to this list as a result of registering on the site or after requesting a quote. Personal Data collected: email, first and last name.
• Contact Form By filling out the contact form with their Data, the User consents to its use to respond to requests for information, quotes, or any other nature indicated by the form’s header. Personal Data collected: first and last name, email (mandatory data), phone, and various types of Data.
• Registration for Access to Reserved Area By filling out the registration form with their Data, the User consents to its use to create a unique account that can be used for various site functions (responding to requests for information, quotes, or e-commerce). Personal Data collected: first and last name, email (mandatory data), phone, and various types of Data.
• Interaction with Social Networks and External Platforms This type of service allows interaction with social networks or other external platforms directly from this site. The interactions and information acquired are, in any case, subject to the User’s privacy settings related to each social network. In the event that a service for interacting with social networks is installed, it is possible that, even if Users do not use the service, it collects traffic data relating to the pages on which it is installed.
  • Facebook Social Widgets (Facebook Inc.) Facebook social widgets are interaction services with the Facebook social network, provided by Facebook, Inc. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy.
  • YouTube Social Widgets (Google Inc.) YouTube social widgets are interaction services with the YouTube platform, provided by Google Inc. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy.
• Remarketing and Behavioral Targeting This type of service allows this site and its partners to communicate, optimize, and serve advertisements based on the User’s past use of this site. This activity is carried out by tracking Usage Data and using Cookies, information that is transferred to the partners that manage remarketing and behavioral targeting activities.
  • Google Analytics for Display Advertising (Google Inc.) Google Analytics for Display Advertising is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity carried out by Google Analytics and its Cookies with the AdWords and Doubleclick advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy – Opt Out.
• Statistics The services contained in this section enable the Data Controller to monitor and analyze web traffic.