INFORMATION ON THE PROCESSING OF PERSONAL DATA OF WEBSITE USERS
The owner of this site, Sultan Palace Hotel Zanzibar, in compliance with the obligations arising from national and EU legislation (GDPR) and subsequent modifications, respects and protects the privacy of users/visitors, putting in place appropriate and proportionate security measures so as not to infringe their rights.
This information applies exclusively to the online activities of this site in particular to the compilation of forms, requests for information or any other form of interaction with the site that involves the communication of personal data by the user. With it, the Owner pursues the objective of providing maximum transparency regarding the information that the site collects and how it uses it.
The treatment will be based on the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability.
Pursuant to articles 13 and 14 of the GDPR and the current regulations, the following information is provided regarding the processing that the owner Sultan Palace Hotel Zanzibar will carry out with personal data:
SUBJECTS OF THE TREATMENT
The owner of the processing of personal data is Sultan Palace Hotel Zanzibar, having its registered office in Pierre limited P.O. box 4074 Zanzibar – Tanzania, contactable by using the e-mail address email@example.com.
METHODS OF TREATMENT AND TYPE OF DATA COLLECTED
The Owner adopts all the technical and organizational measures to secure the personal data processed. In particular. These measures are designed to prevent unauthorized access, disclosure, modification or destruction of data, which will be collected, processed and stored in the archives, both paper and electronic, of the owner and / or authorized internal subjects and external managers expressly authorized for this purpose. The treatment will be carried out with the aid of both paper and computer or electronic tools, with logics of organization and elaboration of the personal data, so as to guarantee their security and confidentiality.
The Owner may process some personal data of the users who interact with the web services of the site, in particular:
- Navigation data: the IP address, URI addresses, the type of browser and the parameters of the device used to connect to the site, the name of the Internet Service Provider (ISP), the web page the visitor comes from and goes to, as well as details relating to the date and time of the visit, the requests sent to the site server and which make it possible to navigate, may be acquired automatically by the computer systems during the use of the site. Navigation data may also be used to compile anonymous statistics that allow us to understand the use of the site and to improve its structure. Surfing data may possibly be used to investigate illegal activities, such as computer crimes, to the detriment of the site;
- Personal contact data (name and surname, e-mail address, company name and telephone number), possibly of an economic and fiscal nature (if, for example, an invoice is requested), necessary for the performance of existing or future contractual relationships with users.
Are not collected and processed in any way “special categories” of personal data, or data classified as sensitive.
PURPOSES OF THE TREATMENT
The data provided by the user or communicated by third parties will be processed for the following purposes:
a) registration to the website, to the services developed or made available by the Owner, use of the related information services, management of contact requests or information;
b) establishment of contractual relationships and consequent administrative, legal and fiscal fulfilments, as well as to allow an effective management of financial and commercial relationships;
c) fulfillment of obligations under EU and national regulations;
d) direct marketing, i.e. sending advertising material, promotional activities, commercial communication of products and/or services offered by the company. This activity may be performed by sending advertising/informative/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users/customers, carried out by means of “automated” contact systems;
e) verification of the correct functioning of the site and for security reasons, in order to block attempts to damage the site itself or to cause damage to other users and in any case to ascertain and repress damaging or criminal activities.
By accessing the “Contacts” section, the site allows the visitor/user to enter messages and other information. The voluntary and explicit sending of such information does not require the request of consent. And the eventual compilation of forms involves the subsequent acquisition of the address and data of the visitor/user, necessary to respond to requests made and/or to provide the requested service.
The information that users will make public through the services and tools made available to them, is provided by the user knowingly and voluntarily. Making the owner exempt from any liability with regard to possible violations that may be committed. In fact, it is up to the user to obtain any permission to enter personal data of third parties or content protected by national and international standards.
LEGAL BASIS OF PERSONAL DATA PROCESSING
The provision of personal data for the purposes referred to paragraphs 3-a) and 3-b) is mandatory, as the treatment is related to a pre-contractual and/or contractual phase or functional to a request of the interested party or required by a specific law. If the interested party fails to provide certain personal data in relation to the above-mentioned purposes, the Data Controller may be unable to provide its services.
With regard to point 3-d) (direct marketing), personal data are entered voluntarily by the interested party. The consent must be expressed through an unequivocal positive act, moreover it must be free, specific, optional and always revocable without consequences on the usability of the services, except for the impossibility for the Owner to provide some of them. In any case, the user may exercise at any time the right to object (see paragraph 9. “Rights of the interested party”).
The data collected and processed for the purposes of site security and prevention of abuse and illegal activities referred to in paragraph 3-e), as well as data for the analysis of site traffic in aggregate form, are processed on the basis of the legitimate interest of the Owner to protect the proper functioning of the site and to protect the users themselves. In such cases, the user may exercise the right to object at any time (see paragraph 9. “Rights of the interested party”).
For information on the cookies used, as well as on the management, setting and deactivation of cookies, users can consult the relevant section of the site and follow the procedures specifically provided.
RECIPIENTS OF PERSONAL DATA
The data will not be disclosed by the owner, giving knowledge to undetermined subjects in any way.
The data will be stored at the Owner and may instead be communicated to certain subjects:
– authorized subjects involved in the organization of the site;
– external subjects delegated for this purpose to specific processing activities and properly identified as Data Processors pursuant (article 28 of the Regulation), in accordance with applicable legislation and limited to the purposes of the professional services required and needed;
– subjects whose right to access the data is recognized by law or by orders of the authorities;
– any third countries or international organizations, if for technical and/or operational reasons it is necessary to transfer some collected data to technical systems and services managed in the cloud and located outside the European Union. In this case, the processing will be regulated in accordance with the provisions of Chapter V of the GDPR and authorized on the basis of specific decisions of the European Union and the Italian Data Protection Authority.
The complete list of all the persons in charge and authorized to process personal data can be requested by writing to the e-mail address firstname.lastname@example.org or by ordinary mail to Pierre limited P.O. box, 4074 Zanzibar – Tanzania.
PLACE OF TREATMENT
The data collected from the site are processed at the headquarters of the data controller and at the datacenter of Web Hosting. The Web Hosting (Serverplan s.r.l.) as Responsible of the treatment, treats personal data on behalf of the owner in accordance with European standards.
PERIOD OF RETENTION OF PERSONAL DATA
The collected data will be processed exclusively for the above mentioned purposes and stored for the time strictly necessary to provide the requested service. In any case, this period of time will not exceed 10 years, after which the Owner will proceed to the automatic cancellation of the personal data collected.
RIGHTS OF THE INTERESTED PARTY
The Regulations reserve specific rights to users/interested parties. In particular, the interested party may exercise at any time the right to:
– access your personal data, obtaining confirmation as to whether or not personal data concerning him are being processed. In this case, to be informed about the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the storage period, the existence of automated decision-making processes.
– obtain the rectification of inaccurate personal data concerning him without undue delay.
– obtain, in the cases provided for, the cancellation of personal data concerning him without undue delay.
– obtain, in the cases provided for, the limitation of treatment.
– request the portability of the data he has provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format. Also to transmit such data to another Data Controller without impediment from the Data Controller to whom he provided them within the limits established by article 20 of the Regulation.
– object at any time, for reasons related to his particular situation, to the processing of personal data concerning him, in the cases provided for by the Regulation.
– withdraw your consent at any time.
– propose a complaint to the Guarantor Authority for the Protection of Personal Data.
– obtain all available information on the origin of personal data, if these have not been collected from the data subject himself.
– be informed without undue delay in the event of a “data breach”, i.e. if the violation of his personal data presents a high risk to his rights and freedoms.
– be informed of the existence of adequate safeguards, if personal data are transferred to a third country or to international organizations.
All of the above rights may be exercised at the request of the interested party by writing directly to email@example.com.
This information notice may be subject to periodic updates.
Owner of the treatment of personal data
Sultan Palace Hotel Zanzibar
 Legislative Decree n. 196/2003, Code regarding the protection of personal data, amended by Legislative Decree n. 101/2018.
 European regulation for the protection of personal data n. 2016/679.
 Uniform Resource Identifier.
 pursuant to art. 4 of the Code and of the art. 9 of the GDPR.
 SMS and/or MMS, email, interactive applications.
 employees of the Data Controller and possibly of the Data Processor, including administrative and commercial staff and system administrators.
 third party technical service providers, hosting providers, IT companies, communication agencies.
 in particular with Google, Facebook, Instagram, Twitter, Microsoft, LinkedIn, through social plugins and the Google Analytics service.