PRIVACY POLICY AND INFORMATION NOTICE ON PERSONAL DATA PROCESSING
1. Privacy policy
Hotelyo SA, a company under Swiss law with headquarters in C.so San Gottardo 30, 6830 Chiasso – Switzerland, recognises the importance of protecting the privacy and rights of Users accessing its Website and Services. The Internet is potentially an extremely powerful tool for circulating personal data and Hotelyo accepts the serious commitment of complying with rules relating to the protection of personal data and security in order to guarantee safe, controlled and confidential browsing. Changes may be made in future to this information notice in order to ensure constant compliance with the applicable rules of law, in the event that they are changed or updated.
We invite Users carefully to read the rules that we apply to the collection and processing of personal data in order to continue to provide a satisfactory service.
This information notice, provided in accordance with the regulations in relation to the protection of personal data, describes the procedures for handling and processing the personal data of:
(i) Users who consult and use the Website, and
(ii) Users who use the Services.
Users are obliged to provide truthful, accurate and updated personal data in order to create and manage their contractual relationship with the Controller and to proceed correctly with the purchase of the chosen tourist service.
Users acknowledge that in the event that they fail to provide truthful, accurate and updated personal data, the Controller will be unable to provide its services.
2. Processing Controllers
The processing controllers are Hotelyo SA (hereafter the “Controller”) and the companies with subsidiary and associated relationships with it (hereafter the “Controllers”). The complete and updated list of companies in subsidiary and associated relationships with Hotelyo may be requested at the following e-mail address: info@hotelyo.com.
3. Information notice on personal data processing
Pursuant to Federal Law dated 19 June 1992 on data protection (LPD), we inform the User that his/her personal data is stored and processed by Hotelyo using the procedures and for the purposes listed below, in accordance with the procedures and purposes permitted by the LPD.
The personal data of Users are collected:
- from Users by its direct provision electronically through completion of the registration form present on the Website or by telephone. It includes data such as name, surname, address, e-mail address, telephone number, etc. required for the purposes of selecting and purchasing the stay at desired hotels or other tourist establishments and for the other purposes set out in the general sales conditions;
- by computer systems and software procedures used to operate the Website during normal operation, implicitly, through the use of Internet communication protocols. This is information that is not collected in order to be associated with identified Users, but by its very nature could, through processing and association with data held by third parties, allow for Users to be identified. This category of data includes IP addresses or domain names of computers used by Users that connect to the website, URIs (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code identifying the status of the response data from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of Users. This data is used only for the purpose of collecting anonymous statistical information on use of the website and for checking its correct operation. The data may be used to ascertain liability in the case of hypothetical computer crimes against the website;
- from the Website by the use of cookies. Cookies are information, often contained in an anonymous, unique identification code, which are sent to the browser by a web server and are subsequently memorised on the hard drive of the User’s computer. Cookies are then re-read and recognised by the website that sent them in the case of subsequent connections. Hotelyo may use cookies to memorise and sometimes track some data provided by Users in order to provide the Services more attentively to the Users themselves. Any data obtained from cookies is used directly by the Controller or via companies which collaborate with it, in order to ensure a simpler, more immediate and rapid access to the Website and use of the Services, simpler navigation of the Website itself by Users, as well as for marketing purposes related to the Controller’s services. All of the users’ data that is not collected by direct communication from the Users themselves is used solely for statistical purposes relating to website traffic and is not linked to the individual Users. The receipt of cookies used on this Website may be stopped at any time by Users simply by altering the settings on their browser.
The processing of Users’ personal data will occur by manual or electronic means appropriate to guarantee, in relation to the purposes for which it was communicated and collected, its security and confidentiality, as well as to avoid unauthorised access to the data itself, for the time strictly required to complete the purposes for which it was collected.
The data processing will take place at the registered and operational headquarters of the Controller and at their server farm sites in Milan (Italy), San Antonio (Texas), Anaheim(California) and Boulder (Colorado), as well as at the premises of the entities to which the data may be communicated.
4. Processing Purposes
Aside from what has been specified for browsing data, the personal data provided by Users is used for the following purposes:
A. collection, storing and processing for purposes of establishing and operationally and administratively managing the contractual relationship relating to provision of the Services;
B. use of data to conduct communications via e-mail, telephone or SMS relating to the conduct of the established contractual relationship;
C. fulfilment of legal or regulatory obligations;
D. collection, storing and processing of data to complete statistical analyses in anonymous and/or aggregate form;
E. sending by Hotelyo, unless refused by the User, of information and publicity material via e-mail relating to products or services similar to or related to the services or products offered on the Website;
F. subject to express consent from the User, sending by the Controllers via e-mail, telephone, post, SMS or MMS of sales offers relating to products offered by the Controllers themselves or by their commercial Partners, subject to the provisions of letter E) above.
Any failure to provide personal data may lead to the User being unable to access the services required in relation to the purposes contained at points A) and B) and the impossibility of the Controller properly to provide the Services and to fulfil the contractual obligations set out in the general sales conditions. The processing of that data for the purposes identified at points A), B), C), D) and E), does not require the request for consent of the interested party.
The provision of data for the purposes referred to in point F) is optional. The processing of that data for the purpose identified at point F) requires the request for consent from the interested party. Any failure to provide the data or failure to provide consent by Users for that purpose shall involve, without prejudice to the provision of letter E), the Controllers not being able to send to Users the sales offers referred to in letter F) of this article.
5. Security and Confidentiality
The Controller undertakes to ensure that the personal data of which it becomes aware is not disseminated and is processed using appropriate procedures to guarantee its safety and confidentiality, as well as to avoid unauthorised access to the same. The personal data and information provided by Users may be communicated, for the purposes referred to above, to the following categories of entities:
- employees and/or collaborators who provide support and consultancy activities to the Controller in the areas of administration, product, legal issues, customer care, IT systems, as well as by employees involved in maintaining the company network and the hardware and software equipment in use;
- to the hotel establishments, insurance companies, tour operators and all other entities to whom the transmission of the data is necessary for implementing the contract;
- entities with the right to access the data in accordance with the provisions of law or by order of the authorities;
- entities delegated and/or instructed by the Controllers to complete activities related to provision of the Services.
The list of named individuals to whom the personal data of Users may be communicated is available from Hotelyo, by writing to info@hotelyo.com.
6. Rights of the User
Each User may exercise, by written request to be sent to the Controller, the following rights: (i) obtain from the Controller confirmation of the existence of their personal data; (ii) be informed of the origin of the data, the processing purposes and procedures, along with the logic applied in the case of processing conducted with the use of electronic tools; (iii) obtain the identification details of the Controller and the processing officers, if appointed; (iv) know of the entities or categories of entities to which the personal data may be communicated or which may come to know of it in the capacity of appointed representative in the State territory, of managers or officers; (v) obtain the deletion, transformation into anonymous form or block on data processed in breach of the law, as well as the update, rectification or, if necessary, addition to the data and (vi) evidence that the operations referred to in point (v) above have been brought to the attention, also as regards their content, of those to whom the data has been communicated or disseminated, except in the case that such operation is found to be impossible or involves the use of manifestly disproportionate means compared to the protected right; (vii) object to the processing in whole or in part, for legitimate reasons; (viii) object to the processing for the purposes of sending advertising material or direct sales or for conducting market research or sales communication.
The requests referred to above should be made to Hotelyo SA at e-mail address info@hotelyo.com.
The User is also entitled, again subject to express written request via e-mail, to obtain the rectification of any inexact or inaccurate personal data or to obtain its deletion, within the limits set out by law.