INFORMATIVA PER IL TRATTAMENTO DEI DATI PERSONALI
INFORMATION FOR THE PROCESSING OF PERSONAL DATA EX ART. 13 EU Regulation 2016/679
This document describes the methods through which Get Me Out processes personal data provided by users through the room reservation form on the website www.getmeoutescaperoom.it.
Personal data provided by users will be processed in accordance with the provisions of EU Regulation 2016/679 (GDPR) and, in particular, in compliance with the principles of need, transparency, lawfulness, accuracy and proportionality of the processing of personal data.
The Data Controller of the data collected on this site is GET ME OUT Srl, P. IVA 09490820967, with legal residence in Milan, Via Balduccio da Pisa n. 7, in the person of its present legal representative Mrs Lucia Meleleo (hereinafter referred to as "GetMeOut"): the Data Controller decides autonomously on the purposes and methods of the processing, as well as on the security procedures to be applied to ensure confidentiality, integrity and the availability of data.
Object of the treatment
The Data Controller processes the personal data, identifying and non-sensitive data communicated by you during the booking of the rooms on the website www.getmeoutescaperoom.it and/or to be able to receive the newsletter offered by the Data Controller.
Modality and storage of your data
The processing of your personal data is carried out through the operations indicated in art. 4 n. 2) GDPR and in compliance with the principles of lawfulness, accuracy and transparency, and the other principles indicated in art. 5 GDPR.
The Data Controller will process your data for the purposes of service, pre-contractual and contractual, for the time necessary to fulfill the purposes of the processing and in any case for no more than 10 years from the termination of the relationship for contractual, tax and accounting purposes. The data for marketing/newsletter purposes, where your specific consent has been given, will be kept for the time necessary to pursue the purposes of the processing or before if the User withdraws the specific consent.
As soon as personal data are no longer necessary for the purposes for which they were collected, GetMeOut deletes them, unless the law establishes storage obligations or the user has not consented to the processing for a longer time or that they are archived.
Purposes of processing, legal basis of processing, need for consent and consequences of non-consent
The data is processed exclusively for the purposes for which it was collected, described below.
GetMeOut uses the data provided by the interested parties for the following purposes:
For all the aforementioned purposes, GetMeOut may entrust external suppliers to whom only the data strictly necessary for the performance of the assignment is transmitted.
Mandatory or optional nature of providing data
The provision of data for the purposes referred to in points n. 1 and 2, as necessary to fulfill specific user requests, is mandatory and the refusal to give consent to the treatment makes it impossible to perform the required services or to follow up the requests made.
The provision of personal data in the fields marked with the symbol * is optional, but necessary to submit the contact request or for other specific features and the failure to provide such data may result in the inability to obtain what is required or to use the services of the Data Controller. The provision of personal data in fields not marked with *, however, is optional and the failure to fill in these fields does not have negative outcomes on the use of the services provided by the Data Controller.
The consent to the processing of data for the purposes referred to in point 4 - that is for promotional purposes, commercial communication and/or marketing in general by GetMeOut - is always optional and the refusal to give consent to the processing will make it impossible to be updated about commercial initiatives and/or promotional campaigns, to receive offers or other promotional material and/or to send personalized offers to the user. In case of consent, GetMeOut may send the user advertising or promotional messages, using the e-mail address provided, within the limits of the GDPR and without prejudice to the user's right to deny at any time such use. In the absence of consent, the Data Controller may in any case provide the services referred to in points 1 and 2 and the user may nevertheless complete the other functions and benefit from the services provided by the Data Controller.
Subjects or categories of subjects to whom your data may be disclosed
Your data will be communicated to third parties only with your express consent, except in cases where communication is mandatory by law or is required for purposes established by law, for the pursuit of which the consent of the interested party is not required; in such cases, the data may be made available to third parties who will treat them autonomously and solely for the aforementioned purposes (for example, in the event of a request made by the police or by the judiciary or other competent bodies or to fulfill obligations arising from the contract with you concluded). Your data will not be disseminated in any way.
Individuals that can process your personal data
GetMeOut may use third parties to process your personal data for certain activities. The third parties who perform these operations have been adequately selected and have experience, capacity and reliability and offer a suitable guarantee of full compliance with the current provisions on treatment, including the profile of data security.
These third parties will be appointed "Data Processors" for this purpose and will carry out their activities according to the instructions given by GetMeOut and under its control. Periodically, we verify that those responsible have promptly fulfilled the tasks entrusted to them and continue to provide suitable guarantees of full compliance with the provisions on the protection of personal data. The updated list of Data Processors can always be requested to the Data Controller. Your data is then processed by our persons in charge of the individual services
However, GetMeOut cannot guarantee its users that the measures taken for website security and the transmission of data and information on the website limit or exclude any risk of unauthorized access or dispersion of data by devices belonging to the user: We recommend that you ensure that your computer is equipped with appropriate software for the protection of data transmission online, both incoming and outgoing (as up-to-date antivirus systems) and that your Internet service provider has taken appropriate measures for the security of data transmission over the network (such as firewalls and antispam filters).
The rights of the interested parties
As an interested party, you can exercise the rights referred to in Articles from 15 to 22 GDPR, in particular the right to access data, to correct or delete it, to request the limitation or to oppose the processing, in addition to the right to data portability. You also have the right to submit a complaint to the competition authority.
In case of violation of the personal data of the interested party, considering the provisions of art. 34 GDPR, the Data Controller will notify the interested party of the violation.
Contacts for exercising the rights of the interested party
You can exercise your rights at any time by sending an e-mail to firstname.lastname@example.org
Date of update: 1stof June 2018