Privacy policy

Data Subjects: Browsers

Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation”), this page describes the methods for processing the personal data of users who browse the websites accessible online.
This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the sites, but which refer to resources outside the Data Controller’s domain.
It should be noted that the Privacy Policy may be modified from time to time, as a result of the activation of new services or following updates to applicable law, so it is advisable to periodically check the above-mentioned site for any new information on the matter. This page describes how the site is managed with regard to the processing of the personal data of the users who browse it. This information is also provided, pursuant to Art. 13 of the Regulation (EU) on the protection of natural persons with regard to the processing of their personal data, to those who interact with the web services of “Grand Hotel Des Bains srl” accessible online at the following address info.reception@grandhoteldesbains.com. Any further or possible data processing is defined in the information and cookie policy corresponding to the home page of the official website  www.grandhoteldesbains.com.
This information is provided for the “Grand Hotel Des Bains srl” site alone and not for any other websites that may be accessed via links. The information is also based on Recommendation no. 2/2001 that the European personal data protection authorities, brought together in the Group established by art. 29 of Directive no. 95/46/CE, adopted on 17 May 2001 in order to identify certain minimum requirements for the collection of personal data online, and, in particular, the manner, timing and nature of the information that Data Controllers must provide to users when they connect to web pages, regardless of the purpose of connection.

The Data Controller
After browsing this site, data relating to identified or identifiable subjects may be processed.
The “Data Controller” is “Grand Hotel Des Bains srl”, with head office at Viale Gramsci 56, 47838 Riccione, Italy, VAT number/Tax code: 03191120405

Legal basis of processing
The personal data indicated on this page are processed by Grand Hotel Des Bains srl sas in order for it to perform its activities. Consent, execution of a contract and fulfilment of a legal obligation, as well as the pursuit of a legitimate interest, are the legal bases that shall be pursued, depending on the data processing carried out on the above-mentioned website.

Place of data processing
Data processing connected to the web services of this site takes place in ITALY on the server Farm XT System, Via Macanno, 38/N 47924 Rimini; the latter are suppliers of Edita Srl with registered office at Via Flaminia, 138, 47923 Rimini (ITALY).
Data processing for website maintenance and management operations are carried out by Edita srl, which is the Data Processor (Art. 28 GDPR). Edita srl is a web agency that guarantees compliance with the GDPR.

Types of data processed and purposes of processing
Navigation data
During their normal operation, the computer systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
These data, necessary in order to use the web services, are also processed for the purpose of:

  • obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
  • checking the proper functioning of the services offered.

Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact addresses of Grand Hotel Des Bains srl, as well as the filling in and forwarding of the forms present on the site www.grandhoteldesbains.com, entail the acquisition of the sender’s contact details, necessary for replying, as well as all the personal data included in the communications.
Specific information shall be published on the pages of the site www.grandhoteldesbains.com set up to provide certain services.
Cookies and other tracking systems
We do not use cookies for user profiling
Instead, session (non-persistent) cookies are used, strictly limited to what is necessary for safe and efficient navigation of the sites. The storage of session cookies in the user’s terminal or browser is under the user’s control, where on the servers, at the end of HTTP sessions, information relating to cookies remains recorded in the service logs, with retention times specific to each third-party service provider. The data that may be acquired through cookies, and the methods for their management, are fully described in the «cookie policy» document.
Navigation data
These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The information collected automatically may be used by “Grand Hotel Des Bains srl” to ascertain responsibility in the event of hypothetical computer crimes against the site, for statistical purposes and to improve navigation and site content. Any data acquired through cookies is described in full in the «cookie policy» document.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of data input onto the data collection forms, or the sending of emails to the email addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary in order to reply to any request, as well as any other personal data included in the message. Please note that the personal and/or business data input onto the forms on the site www.grandhoteldesbains.com, are protected by “Grand Hotel Des Bains srl” and used to respond to user queries, in order to provide the information and services requested.

Optional provision of data
Apart from what has been specified for navigation data, the user is free to provide personal data contained in the information request forms to “Grand Hotel Des Bains srl ”, whenever such data is requested, specific information shall be provided and, where necessary, consent requested.

Processing methods
Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are complied with in order to prevent data loss, illicit or incorrect use and unauthorised access. Please note that, in order to provide a complete service, there are links to other websites managed by other data controllers. We decline any responsibility in the event of errors, content, cookies, publication of unlawful immoral content, advertising, banners or files that do not comply with applicable regulations and with the Privacy Law by sites not managed by us to which reference is made.

Data recipients
The recipients of the data collected following browsing of the above-mentioned sites are the following subjects appointed by Grand Hotel Des Bains srl, pursuant to Article 28 of the Regulation, as Data Processors:
— ÈDITA as provider of development and maintenance services for the web platform;
— ÈDITA in relation to the site as provider of the services relating to the development, delivery and operational management of the technological platforms used.
The personal data collected are also processed by Grand Hotel Des Bains srl, personnel, who act on the basis of specific instructions concerning the processing purposes and methods.

Transfer of data aboard
Third countries:
data are not communicated to third countries.

Rights of the data subject
The data subject has the right to obtain from the Data Controller the erasure (possible right to be forgotten), limitation, updating, rectification and portability of his or her personal data and object to their processing, as well as, in general, to exercise all the rights provided for in Articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR, where applicable with respect to the purposes of data processing.

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21 and 22 — Rights of the data subject

  1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, even if not yet recorded, and communication of such data in intelligible form.
  2. The data subject has the right to be informed on:
    1. the origin of the personal data;
    2. the purposes and methods of processing;
    3. the logic applied in the event of processing carried out with the aid of electronic instruments;
    4. the identity of the Data Controller, Data Processors and representative appointed pursuant to Article 5 (2);
    5. the subjects or categories of subjects to whom the data may be communicated or who may learn about the data as appointed representative in the territory of the state, processors or appointees.
  3. The data subject has the right to obtain:
    1. the updating, rectification or, where interested in so doing, integration of the data;
    2. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
    3. certification to the effect that the operations as per letters a) and b) have been notified, also in relation to their content, to those to whom the data were communicated or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right being protected;
    4. data portability.
  4. The data subject has the right to object, in whole or in part:
    1. for legitimate reasons, to the processing of personal data concerning him or her, even if relevant to the purpose of collection;
    2. the processing of personal data concerning him or her for the purpose of sending advertising or direct sales material or for conducting market research or commercial communications.

Right of complaint
Data subjects who believe that the processing of personal data relating to them carried out through this website is in breach of the provisions of the Regulation have the right to lodge a complaint with a Supervisory Authority, as provided for by Art. 77 of the Regulation itself, or to take legal action (Art. 79 of the Regulation).