This page describes how the website is managed with regard to the processing of personal data of users who consult it. This information is also provided pursuant to Article 13 of the EU Regulation 2016/679 applicable from May 25, 2018 - General Regulation for the Protection of Personal Data (hereinafter referred to as GDPR) to those who interact with web services accessible by electronic means from the address https://www.hotelpuntamolinoischia.com/ The information is provided only for the website www.hotelpuntamolinoischia.com and not also for other websites that may be consulted by the user through links for which the company LIATER S.r.l. is not responsible.

DATA CONTROLLER
Pursuant to Article 4 point 7 of GDPR 2016/679, the Data Controller for Punta Molino Beach Resort & Thermal Spa is the company LIATER S.r.l. with registered office in Via Crispi, 75 - 80122 Napoli (NA).

General supervisor of the processing activities on personal data as well as Video Surveillance Manager is the Director of the Hotel.

DATA CONTROLLER
Pursuant to Article 28 of the GDPR 2016/679 LIATER S.r.l. has appointed the company Blastness S.p.A. with registered office in Piazza Castello, 26 20121 Milan, C.F. and P. IVA 01195440118 as the data processor for the management of reservations integrated in the hotel website.

DATA PROTECTION OFFICER
Pursuant to Article 37 of GDPR 2016/679 LIATER S.r.l. has appointed a Data Protection Officer. For any problem related to your privacy you can contact our DPO at the following email references: privacy@puntamolino.it

PLACE OF DATA PROCESSING
The processing operations related to the web services of this site take place at the headquarters of the company indicated above and at the managers identified under Article 28 of the GDPR for booking activities, and are only handled by technical personnel of the service in charge of processing. No data from the web service is communicated or disseminated. The personal data provided by users who submit requests to send informative material are used only for the purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose.
Using third-party cookies, processing may also take place outside the European community by Google and companies that install third-party profiling cookies. In this regard, please refer to the relevant Cookie Policy.

TYPES OF DATA PROCESSED
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, at present the data on web contacts do not persist for more than thirty days.

Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
The voluntary completion of data acquisition forms to request information, register or book activities involves the subsequent processing of personal data provided to ensure the performance of a contract to which the interested party is a party or to the execution of pre-contractual measures taken at the request of the same.
The company has taken specific measures to ensure that data processing is preceded by a voluntary action of the user to have read this privacy policy

COOKIES
Please refer to the Cookie policy
PROCESSING METHODS
Personal data are processed by automated means for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
MINORS
In accordance with Article 8 of GDPR 2016/679, the services on this website are not intended for children under 16 years of age. We do not knowingly collect personal data from minors. However, in cases where it is required, consent to the processing of one's personal data is legitimately expressed directly by the minor only when he or she is 16 years of age or older. In other cases, LIATER S.r.l. requires that consent to the processing be given or authorized by the holder of parental responsibility over the minor.

If we become aware that we have collected Personal Data about a child, we will immediately delete it, unless we are required by law to retain such data.
Please contact us if you believe that the data controller has mistakenly or unintentionally collected information about a minor.

PURPOSE, LEGAL BASIS AND NATURE OF CONFERMENT
The Personal Data you provide through this website will be processed by LIATER S.r.l. for the following purposes:

(a) to request information on activities and services. The legal basis for the processing is based on Article 6 Paragraph 1 letter b) of GDPR 2016/679 i.e. the processing is necessary for the execution of pre-contractual measures at the request of the data subject. Consent Not necessary;

b) for registration to the Hotel's newsletter and receive periodic communications of a promotional and commercial nature. The legal basis for the processing is based on Article 6 par. 1 lett. a) of GDPR 2016/679 i.e. the processing requires the explicit Consent of the data subject;

(c) to make reservations. The legal basis for the processing is founded in Article 6 par. 1 lett. b) of GDPR 2016/679 i.e. the processing is necessary for the performance of contractual measures to which the data subject is party or pre-contractual measures at the request of the data subject. Consent Not necessary;

(d) to join special offers and promotions. The legal basis for the processing is based on Article 6 para. 1 lit. b) of GDPR 2016/679 i.e. the processing is necessary for the performance of contractual measures to which the data subject is party or pre-contractual measures at the request of the data subject. Consent Not necessary;

(e) to book treatments in the wellness center. The legal basis for the processing is based on Article 6 Paragraph 1 lit. b) of GDPR 2016/679 i.e. the processing is necessary for the performance of pre-contractual measures to which the data subject is party. Consent Not necessary;

f) purposes of research and statistical analysis on anonymous aggregate data, aimed at measuring the functioning of the Site, measuring traffic and assessing usability and interest to make it more functional and performant; Consent Not necessary as there is no processing of personal data;

(g) for accounting, tax and administrative purposes. The legal basis is Article 6 par. 1 letter c) of GDPR 2016/679 i.e. the processing is necessary to fulfill a legal obligation to which the data controller is subject. Consent not Required;

(h) purposes related to compliance with laws and regulations. The legal basis is Article 6 Paragraph 1(c) of GDPR 2016/679 i.e. the processing is necessary to comply with a legal obligation to which the data controller is subject. Consent Not Required

(I) purposes necessary to establish, exercise or defend a right in court or whenever judicial authorities exercise their jurisdictional functions. The legal basis is Article 6 Paragraph 1(f) of GDPR 2016/679 i.e. the processing is necessary for the pursuit of the legitimate interest of the controller. Consent not Required

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
The data controller undertakes to circumscribe the areas of circulation and processing of personal data (e.g., storage, archiving, preservation of data on its servers) to countries that are part of the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, i.e., in the absence of protection tools provided by the EU Regulation 2016/679 - CHAPTER V (adequacy decision, Standard Contractual Clauses or explicit consent from the data subject).

DATA RETENTION.
LIATER S.r.l. will process your Personal Data for the time strictly necessary to achieve the purposes set out in this Policy.
By way of example and without limitation, LIATER S.r.l. will process Personal Data for the newsletter service until you decide to unsubscribe from the service by simply clicking in the email you receive (unsubscribe link). Unsubscribe messages will be deleted within 15 days of receiving them. Notwithstanding the above, LIATER S.r.l. will process your Personal Data for as long as permitted by Italian law to protect its interests (Art. 2947(1)(3) c.c.). More information regarding the retention period of your Personal Data and the criteria used to determine this period may be requested by writing to the DPO.

COMMUNICATION OF DATA
Personal data acquired through this website may be communicated to:

- persons authorized to the processing of the company LIATER S.r.l.;
- company F&DE GROUP S.r.l. external responsible for corporate supervision and marketing activities;
- company Blastness S.p.a. External data processor owner of the booking platform integrated into the site;
- to Public Bodies or Offices in accordance with legal and/or contractual obligations;
- to debt collection companies and banking institutions for the management of collections and payments arising from the execution of the stay;
- to any consultants and external companies specifically appointed to carry out tax and fiscal consulting activities on our behalf;
- to collaborators or companies providing services when the communication is necessary for the use by the interested party of the hotel's services;
- third-party companies that install profiling cookies.

At the DPO you can request the updated list of external data controllers appointed under Article 28 of GDPR 2016/679.

CURRICULA MANAGEMENT
This information notice drafted in accordance with Art. 13 of GDPR 2016/679, can also be used by LIATER S.r.l. for any advertisements published for personnel recruitment on sites or portals not directly managed by it.
The Company will process curricula received by email or through third-party recruitment companies (publications on portals, etc.) to evaluate potential applications within the company or that may arise in the near future.
Processing is done electronically with the exclusion of resumes received by regular mail. Resumes considered "interesting" will be stored at the company's headquarters for a period of time of 12 months and will be processed in full compliance with the security measures provided for in Article 32 of GDPR 2016/679.
Resumes deemed irrelevant as well as those resumes whose retention time has exceeded 12 months will be trashed.
However, resumes will be stored at LIATER S.r.l.'s human resources department and will not be disclosed to unauthorized third parties.

The same may be evaluated by department heads of the spa appointed as authorized persons for processing (ex art. 29 and 32 paragraph 4 of GDPR 2016/679 and art. 2-quaterdecies of Legislative Decree 196/2003).
For the compilation of the resume, we invite the kind candidates to respect the following rules:
- compile your resume in European format;
- transmit the resume in pdf format;
- avoid including in their resume special categories of personal data as defined by Article 9 of GDPR 2016/679 (relating, in particular, to health status, religious, philosophical or political beliefs) that are not relevant in relation to the job offer;
- give consent to the processing of special categories of personal data concerning health status as defined by Article 9 of the GDPR relevant to the establishment of an employment relationship (e.g., membership in protected categories).

The company reserves the right to eliminate resumes that do not meet the above requirements.
The purpose of the processing related to the management of curricula, will involve activities strictly related to the evaluation, recruitment or selection of personnel, with the objectives of collaboration, fixed-term or open-ended recruitment, internship, or to allow the successful candidate to prepare their thesis at our Head Office.
Pursuant to Art. 111-bis of Legislative Decree 196/2003, the information referred to in Art. 13 of the GDPR, in cases of receipt of resumes spontaneously transmitted by interested parties for the purpose of establishing an employment relationship, is provided at the time of the first useful contact, following the sending of the resume.
In accordance with the specified purposes, pursuant to Article 6(1)(b) of the GDPR, the consent of the data subject for the processing of personal data in resumes is not required.

AUTOMATED PROCESSING AND PROFILING
The Data Controller does not perform automated processing including profiling on the personal data acquired.
Regarding any profiling activities carried out through cookies, please refer to the relevant Cookie Policy.

RIGHTS OF THE INTERESTED PARTIES
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of those data and to know their content and origin, verify their accuracy or request their integration or update, or rectification (Chapter III GDPR 2016/679). Pursuant to the same article, you have the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, their processing.
The user may freely exercise the rights set forth in Articles 15 et seq. of GDPR 2016/679, which we quote in full, namely:

- Revoke consent at any time. The User may revoke the previously expressed consent to the processing of his/her Personal Data;
- object to the processing of their Data. The User may object to the processing of its Data when it is done on a legal basis other than consent;
- access their Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed;
- verify and request rectification. The User may verify the correctness of its Data and request its update or correction;
- obtain the restriction of processing. When certain conditions are met, the User may request the limitation of the processing of its Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation;
- Obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of their Data by the Data Controller;
- receive their Data or have their Data transferred to another Data Controller. The User has the right to receive its Data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transferred unimpeded to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User's consent, a contract to which the User is a party or contractual measures related thereto;
- object to profiling to a decision based solely on automated processing, including profiling, that produces legal effects concerning him or her or that significantly affects him or her in a similar way.

Requests should be addressed to the Data Protection Officer contacted at e-mail: privacy@puntamolino.it

RIGHT TO COMPLAIN
Data subjects who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).

UPDATE AND REVISION
The privacy policy was updated on April 19, 2024 and may be subject to future revisions.