With this document we aim to provide you with the necessary information regarding the processing of personal data supplied by you, regarding the purpose and method of processing your personal data, as well as the communication and diffusion of it, the nature of the data in our possession, their contribution and retention period.
This document intends to accurately describe the methods of management of the processing of your personal data collected during the navigation of the website or in the use of the services offered by it. The information is not valid for other websites that may be visited through links on the website of the Data Controller, which is not in any way responsible for the websites of third parties.
The Data Controller of the data collected on this website is GET ME OUT Srl, P. IVA 09490820967, with legal residence in Milan, Via Balduccio da Pisa n. 7, in the person of its present legal representative Mrs Lucia Meleleo (hereinafter referred to as "GetMeOut"): the Data Controller decides autonomously on the purposes and methods of the processing, as well as on the security procedures to be applied to ensure confidentiality, integrity and the availability of data.
Type of data processed
Personal and identification data
Personal data is any information related to a natural person, identified or identifiable, even indirectly, by reference to any information, including a personal identification number; Identification data are personal data that allow the direct identification of the interested party (for example, name, surname, date of birth, address, e-mail address, telephone number, on-line identification, etc…).
Special categories of personal data
Processing of personal data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions; membership toparties, unions, religious/philosophical/political associations or organizations, and personal data concerning health, sex life or sexual orientation shall be prohibited.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information is not collected to be associated with identified interested parties, but due to their nature could, through processing and association with data held by third parties, allow to identify the users.
This category of data includes IP addresses or domain names of the computers utilized by users connecting to the website, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment.
Defense of legal claims
The User's Personal Data may be used by the Data Controller for the defense in court or in the previous stages, from abuses by the user in the use of the website or related services. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.
The User's Personal Data may be processed with additional methods and purposes related to maintenance.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website and/or the compilation of data collection forms, involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data inserted.
Specific information could be presented on the pages of the website in relation to particular services or processing of the data provided by the user
Object of the treatment
The Data Controller processes personal, identifying and non-sensitive data (in particular, name, surname, email address, telephone number - hereafter, "personal data" or even "data") that you have provided when booking rooms or using the services present on the website offered by the Data Controller.
Modality and storage of your data
The processing of your personal data is carried out through the operations indicated in art. 4 n. 2) GDPR and in compliance with the principles of lawfulness, accuracy and transparency, and the other principles indicated in art. 5 GDPR.
The Data Controller will process your data for the purposes of service, pre-contractual and contractual, for the time necessary to fulfill the purposes of the processing and in any case for no more than 10 years from the termination of the relationship for contractual, tax and accounting purposes. The data for marketing/newsletter purposes, where your specific consent has been given, will be kept for the time necessary to pursue the purposes of the processing or before if the User withdraws the specific consent.
Purposes of processing, legal basis of processing, need for consent and consequences of non-consent
The specific purposes for which the data are processed are summarized, on a case-by-case basis, in the information notice pursuant to art. 13 GDPR, which is presented to the user when releases personal data.
In general, personal data voluntarily provided will be processed for the following purposes, up to your opposition:
- for navigating this website;
- for the use of the services offered by GetMeOut;
- for the evasion of bookings and related activities;
- management of your requests: technical, commercial, on the progress of reservations and requests for information in a broad sense;
- for the eventual compilation of data collection fields in dedicated areas;
- administrative-accounting activities in general. For the purposes of the application of the provisions regarding the protection of personal data, the processing performed for administrative-accounting purposes are those related to the performance of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, information activities.
B) – subject to explicit and specific written consent, to receive promotional e-mails from GetMeOut and/or other direct marketing activities to receive promotional, commercial and/or advertising material through automated e-mail, traditional mail or other means of communication related to products and services offered, as well as commercial initiatives that will be organized by GetMeOut;
Mandatory or optional nature of providing data
Apart from what specified as navigation data, the User is free to provide or not personal data.
The provision of personal data for the purposes referred in point A) is optional, but necessary to use the services requested each time to the Data Controller and to improve the specific features. Failure to provide such data may make it impossible to obtain what has been requested or to use the services of the Data Controller.
In the contact area or in dedicated areas for filling out forms, the provision of personal data in the fields marked with the symbol * is optional, but necessary to submit the contact request, to complete the reservation request or for other specific features and the failure to provide of such data may make it impossible to obtain what has been requested or to use the services of the Data Controller. The provision of personal data in fields not marked with *, however, is optional and failure to fill in these fields does not have negative outcomes on the use of the services provided by the Data Controller.
The consent to the processing of data for the purposes B) - that is for promotional purposes, commercial communication and/or marketing in general by GetMeOut - is always optional. In the absence of this, the Data Controller may in any case provide the services referred to in point A) and the user may in any case complete the other functions and use the services provided by the Data Controller - point A) (e.g., send a reservation request, etc.)
Subjects or categories of subjects to whom your data may be disclosed
Your data will be communicated to third parties only with your express consent, except in cases where communication is mandatory by law or is required for purposes established by law, for the pursuit of which the consent of the interested party is not required; in such cases, the data may be made available to third parties who will treat them autonomously and solely for the aforementioned purposes (for example, in the event of a request made by the police or by the judiciary or other competent bodies or to fulfill obligations arising from the contract with you concluded). Your data will not be disseminated in any way.
Individuals that can process your personal data
GetMeOut may use third parties to process your personal data for certain activities. The third parties who perform these operations have been adequately selected and have experience, capacity and reliability and offer a suitable guarantee of full compliance with the current provisions on treatment, including the profile of data security.
These third parties will be appointed "Data Processors" for this purpose and will carry out their activities according to the instructions given by GetMeOut and under its control. Periodically, we verify that those responsible have promptly fulfilled the tasks entrusted to them and continue to provide suitable guarantees of full compliance with the provisions on the protection of personal data. The updated list of Data Processors can always be requested to the Data Controller.
Your data is then processed by our persons in charge of the individual services; the categories of employees who perform these activities depend on the purposes for which the data has been provided and are always indicated in the information we provide to you when your personal data is submitted.
However, GetMeOut cannot guarantee its users that the measures taken for website security and the transmission of data and information on the website limit or exclude any risk of unauthorized access or dispersion of data by devices belonging to the user: We recommend that you ensure that your computer is equipped with appropriate software for the protection of data transmission online, both incoming and outgoing (as up-to-date antivirus systems) and that your Internet service provider has taken appropriate measures for the security of data transmission over the network (such as firewalls and antispam filters).
Links to other websites
The rights of the interested parties
As an interested party, you can exercise the rights referred to in Articles from 15 to 22 GDPR, in particular the right to access data, to correct or delete it, to request the limitation or to oppose the processing, in addition to the right to data portability. You also have the right to submit a complaint to the competition authority.
In case of violation of the personal data of the interested party, considering the provisions of art. 34 GDPR, the Data Controller will notify the interested party of the violation.
Contacts for exercising the rights of the interested party
You can exercise your rights at any time by sending an e-mail to email@example.com
To know your rights and always be up-to-date on the legislation concerning the protection of persons regarding the processing of personal data, we recommend you visit the website of the Guarantor for the protection of personal data at http: //www.garanteprivacy. it
Social plugins and social networks
Our web pages may contain social network plug-ins (e.g., Facebook, Twitter, Instagram, etc.). If you access one of our web pages equipped with a similar plug-in, the internet browser connects directly to the servers of the social network and the plug-in is displayed on the screen thanks to the connection with the browser. If an interested user of a social network visits our web pages, while connected to their social account, their personal data may be associated with the social account. Even if the plug-in functions are used, the information will be associated with the social account. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the privacy of the interested party in this context, are present on the social network pages of the account, on the protection of data. If the person concerned does not wish to associate the visit to our web pages with their social account, must log-off from the social network before visiting them.
Personal Data is collected for the following purposes and using the following services: Interaction with social networks and external platforms. These services allow interaction with social networks or other external platforms. The interactions and information acquired are in any case subject to the User's privacy settings related to any social network. In the case where an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, it collects traffic data related to the pages in which it is installed.
Date of update: 1stof June 2018