Réservez maintenant


Information regarding processing of personal data

This information will be reviewed and adapted, if necessary, in the event of a regulatory update.

This Privacy Policy is intended to describe the management of this site, with reference to the processing of personal data of users / visitors who consult it. 
This is an information that is also provided pursuant to art. 13 of EU Regulation 2016/679 to those who connect to the website www.hotelgrifonefirenze.it and make use of the relevant web services starting from the address info@hotelgrifonefirenze.it . The information is provided only for the sites mentioned above and not for other websites that may be consulted by the user through special links on the site. 
This informative report respects and complies fully with the Recommendation no. 2/2001 that the European Data Protection Authorities adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online and, in particular, the methods, timing and nature of the information that the owners of treatment must provide users when they connect to web pages, regardless of the purpose of the link. It is specified that the consent mechanisms will be evident, brief and easily understandable; if the original conditions for which consent was requested should be changed, for example if the purpose of data processing changed, further consent will be required pursuant to EU Regulation 2016/679. 
According to the rules of the Regulations, the treatments carried out by GRIMA SRL will be based on the principles of lawfulness, correctness, transparency, purpose and retention limits, data minimization, accuracy, integrity and confidentiality. 
Users / visitors must read this Privacy Policy carefully before submitting any personal information and / or completing any electronic form on the site. 
Pursuant to art. 13 of EU 2016/679 Regulation, GRIMA SRL, Data Controller, informs you that all personal data collected will be processed in compliance with EU Regulation 2016/679.

1. Identity and contact details of the Data Controller

The Data Controller is GRIMA SRL with registered office in Via di Camerata, 23 50133 FLORENCE - VAT no. 03557200486
The following contact information of the Data Controller is listed:

- Telephone number: +39 055 623300

- Fax: +39 055 677628

- Email address: direzione@hotelgrifonefirenze.it

- Website: www.hotelgrifonefirenze.it

- Certified electronic mail: hotelgrifone@legalmail.it

2. Personal data collected
a) Navigation data
The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data that are then implicitly transmitted in the use of Internet communication protocols. 
These data are not collected to be associated with identified interested parties, but which by their nature could, through processing and association with data held by third parties, allow users to be identified. 
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. 
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: apart from this possibility, the data on web contacts do not persist for more than seven days. 
b) Data provided voluntarily by the user
Personal data, such as the data communicated by you through the registration on the website, on the occasion of the conclusion of contracts for the services of the Data Controller, registration and / or participation in events, or in any case voluntarily provided by you, will be collected under appropriate informative and, in the cases foreseen by the law, behind free and express consent and are inherent to: - Identification data (for example: name, surname, address, telephone, fax, email, bank details, payment etc ...);
- Tax data (if required by law, for example: tax code, VAT number, etc);
- Particular data as per art. 9 GDPR;
- Judicial data pursuant to art. 10 GDPR.
c) Personal data entered in the reserved area
The collected data (for example: name and surname, company name, VAT number, address, telephone number, fax number, e-mail address), object of the treatment, let us know through the website in order to register with the portal and access the reserved area, will be used for the sole purpose of providing the services offered through access to the reserved area itself on the site, in full compliance with the right to privacy and protection of personal data, the principle of fairness and the provisions of law in the field.
d) Cookies
We do not use cookies to transmit information of a personal nature, nor are used so-called persistent cookies for which the legislation requires specific consent, or systems for tracking users. 
The use of the so-called session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site. 
The so-called session cookies used on this site avoid the use of other technologies that could compromise the privacy of users' browsing and do not allow the acquisition of personal identification data. 
For more information visit our cookie policy, available at www.hotelgrifonefirenze.it .
e) Plugin Social Network
The www.hotelgrifonefirenze.it site also incorporates plugins and / or buttons for social networks, in order to allow easy sharing of content on favorite social networks. These plugins are programmed so as not to set any cookies by accessing the page, to safeguard the privacy of users. Possibly cookies are set, as required by social networks, only when the user makes the use and voluntary of the plugin. If the user browses being logged into the social network, then you are consented to the use of cookies conveyed via this site when you sign up for the social network.

3. Purposes and methods of treatment
The purposes of processing personal data are as follows:
a) Compliance with legal obligations related to the contractual relationship;
b) Organizational management of the contractual relationship ; 
c) Allow browsing and consultation of the www.hotelgrifonefirenze.it website ;
d) Respond to requests for assistance or information that the Data Controller will receive via e-mail, telephone or chat through the application or through the appropriate form ;

e) Statistical analysis of the service provided ; 
f) Obtaining legal, accounting and tax obligations ;
g) For the exclusive purpose of security and prevention of fraudulent conduct, the holder implements an automatic control system that involves the detection and analysis of user behavior on the site associated with the processing of personal data including the IP address; 
h) Electronic payments and management of customer billing history;
i) Pursuant to art. 7 EU Regulation 2016/679, your data will be processed for the following marketing purposes: communication via e-mail, mail and / or text messages and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered from the Data Controller or surveys of the degree of satisfaction with the quality of the services; send them via e-mail, mail and / or sms and / or telephone contacts commercial communications and / or advertising material on products or services offered by third parties (for example, business partners).

The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) EU Regulation 2016/679 and precisely: collection, registration, organization, structuring, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are not subject to disclosure, with the exception of cases expressly provided for by law, or to any fully automated decision making process, including profiling. Personal data will be processed in paper form, computerized and telematic, with logic strictly related to the same purposes also through the use of fax, telephone, mobile phone, e-mail or other remote communication techniques; personal data will be entered in the relevant databases to which only the Data Controller and its representatives will be able to access. Personal data will be managed by implementing appropriate technical and organizational measures to guarantee a level of security appropriate to the risk pursuant to art. 32 EU Regulation 2016/679. 

4. Legal basis and mandatory or optional nature of the processing
The legal basis of the processing of personal data for the purposes described above is the art. 6 par. 1 lett. b) of EU Regulation 2016/679 as the treatments are necessary for the provision of the contracted services. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to activate the required Services. The purposes related to legal obligations are a legitimate processing of personal data pursuant to art. 6 par. 1 lett. c) of the 2016/679 EU Regulation. Once the personal data have been transferred, the processing may indeed be necessary to comply with legal obligations to which GRIMA SRL is subject. The treatments performed for marketing and newsletter purposes described above are based on the issue of your consent pursuant to art. 6 par. 1 lett. a) of the EU 2016/679 Regulation. The provision of your personal data for these purposes is entirely optional and does not affect the use of the services. Subsequent processing, carried out for purposes of e-mail marketing on products or services similar to those purchased by you, is instead based on its legal basis, pursuant to art. 6 par. 1 lett. f) of EU Regulation 2016/679, in the legitimate interest of GRIMA SRL to promote its products or services in a context in which the interested party can reasonably expect this type of treatment, to which you can also oppose at any time. In fact, if you wish to oppose the processing of your data for these marketing purposes, you may at any time do so through its control panel, or by sending a request to GRIMA SRL at direzione@hotelgrifonefirenze.itor through the mechanism proposed in the same text of the commercial email.

5. Any recipients of the data
Without the need for express consent (Article 6 letter b) and c) EU Regulation 2016/679 the holder may communicate your data for the purposes referred to in this information to: Supervisory bodies, Judicial authorities, as well as those subjects to whom the communication is mandatory by law for the accomplishment of the purposes expressed. These subjects will process the data in their capacity as independent data controllers. 
Your data may be made accessible for the purposes set out in this notice to employees and collaborators of the Data Controller or of the companies related to GRIMA SRL in Italy and abroad, in their capacity as authorized treatment and / or internal data processors and / or system administrators; to third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors. Furthermore, in relation to the purposes referred to in this statement, with the exception of those specified on letter i) (marketing purposes), the data may be communicated to the following subjects or to the categories of subjects indicated below:
- Studies of recognized accountants related to the profession of assistance to companies when the communication is due by law, or is in the interest of the subject (natural or legal person);
- Studies of recognized lawyers related to the profession of assistance to companies when the communication is due by law, regularly in charge of this form of treatment in full compliance with the minimum measures in force, or when the communication is in the interest of the subject (natural or legal person ). Only if you have given a specific consent, your data may be shared with commercial partners for their separate and autonomous purposes. The Data Controller also informs that it does not intend to transfer data to a non-EU third country or to an international non-EU organization. 
The complete list of data processors and data processors is available, constantly updated, at the registered office of the Data Controller and can be viewed by sending a written request to GRIMA SRL to direzione@hotelgrifonefirenze.it

6. Data transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for European Commission.

7. Data retention period
Your personal data will be processed by the Data Controller only as necessary for the pursuit of the purpose referred to in this statement. In particular, your personal data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of EU Regulation 2016/679, ie until the termination of the contractual relations between you and the Data Controller, without prejudice a further retention period that may be imposed by law, as also foreseen by Recital 65 of EU 
Regulation 2016/679. Beyond this period, personal data will be stored anonymously or destroyed. 

8. Rights of the interested party
With regard to the data themselves, the interested party, or a person delegated in writing, can exercise the following rights: 

- the right of access, expressly provided for by art. 15 of EU Regulation 2016/679, ie the possibility to access all personal information concerning him;
- the right of rectification, expressly provided for by art. 16 of EU Regulation 2016/679, ie the possibility of obtaining the updating of inaccurate personal data concerning him without justified delay;
- the right to be forgotten, expressly provided for by art. 17 of EU Regulation 2016/679, consisting of the right to cancel personal data concerning the individual concerned;
- the right to limit processing when one of the hypotheses provided for by art. 18 of the 2016/679 EU Regulation; 
- the right to data portability, expressly provided for by art. 20 of EU 2016/679 Regulation, ie the right to obtain their data and / or the right to receive their personal data in an interoperable format to another data controller without hindrance by this Company;
- the right to object to the processing of personal data, expressly provided for by art. 21 of the 2016/679 EU Regulation;
- the right of withdrawal of consent at any time, expressly provided for by art. 7 of the 2016/679 EU Regulation;
- the right to lodge a complaint with a supervisory authority;
- the right to bring a judicial remedy in case of unlawful processing of data, even against acts taken by the Guarantor pursuant to Article 78 of the 2016/679 EU Regulation.

To exercise your rights you can contact the Data Controller at the contact points indicated in this statement.

9. Nature of the provision 
The provision of personal data necessary for the provision of the services requested by the user is optional, but any failure to provide it makes it impossible to activate the services requested. 
With respect to the data that the owner is obliged to know in order to fulfill the obligations established by law, regulations and community legislation, or by provisions issued by Authorities legitimated by the law and by supervisory and control bodies, their failure to provide on the part of the user implies the impossibility of establishing or continuing the relationship, within the limits in which such data are necessary for the execution of the same. 
The provision of personal data for marketing and newsletters, as described in this statement, is entirely optional and does not affect the use of the services requested.

10. Changes to this privacy policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please periodically consult this page or section of the Site, taking as reference the date of the last modification indicated above. 
In case of non-acceptance of the changes made to this Privacy Policy, the user is required to cease use of the Site and may request the Data Controller to remove their personal data.

11. Complaints
Finally, we inform you that if you believe that your rights have been violated by the Data Controller and / or a third party, you have the right to lodge a complaint with the Personal Data Protection Authority and / or with another competent Supervisory Authority. of the EU Regulation n. 2016/679.