Hotel Privacy Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR THE HOTEL HOSPITALITY SERVICE
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation or GDPR), as well as Article 19 of the Swiss Federal Data Protection Act of 25 September 2020 (nLPD).
Dear Customer,
Thank you for using our services and for the trust you have placed in us. The same care and attention that we take in meeting your needs we take in protecting your personal data or that of the individuals working on your behalf.
In this regard, LUGANODANTE wishes to inform you about the purposes and methods of processing of such data in accordance with the GDPR and the nLPD.
Ownership, purpose of the processing and nature of the main data processed
The Data Controller of your personal data is LUGANODANTE with registered office in Piazza Cioccaro 5, 6900 Lugano (Switzerland). We process your personal data exclusively for the following purposes
1. contractual purposes, inherent to the establishment and management of the contractual relationship;
2. administrative purposes, inherent to the management of administrative relationships related to the existing contractual relationship and related legal obligations;
3. purposes of access to the Internet connection service via wi-fi
4. purposes of configuring the hotel hospitality service, with regard only to personal data useful to make your future stays at our facility better
5. purposes of improving future contractual services of hotel hospitality, in relation to the storage of copies of your identity and payment documents useful to streamline the administrative procedures of your future stays at our facility
6. commercial and promotional communication purposes.
The nature of the personal data processed: mainly personal or contact details, stay preferences, some special personal data relating to your food intolerances or your needs in relation to your stay at facilities such as ours, copies of identity and payment documents, and some necessary technical data (IP address, MacAddress, connection logs, etc.) to carry out the service of Internet access via wi-fi.
Main data processing methods
We minimise the collection and processing of personal data to what is strictly necessary in relation to the various purposes pursued.
The data may be processed in both paper and computerised form.
After assessing the risks and where applicable the impact on the protection of personal data related to the loss of confidentiality, availability and integrity of the processed information, we plan and take the necessary technical and organisational measures to minimise these risks. This is also in order to guarantee the resilience of the IT systems used and the security of the processing carried out as part of the more general need to ensure the continuity of the services provided.
Legal basis of the processing
The processing of personal data for contractual and administrative purposes (points 1 and 2) is necessary in order to establish and manage the contractual relationship and to fulfil the related legal obligations.
The processing of data for the purpose of granting connection to the Wi-Fi service (point 3) is necessary in order to establish and manage the contractual relationship. However, subscribing to this service is optional, so that failure to subscribe to the service also means that the data in question will not be processed. This data will only be processed through the use of electronic and automated tools (e.g. WiFi Hotel Software).
In addition, in order to make our guests' future stays more pleasant, we ask for your consent to authorise the Hotel to process data relating to your preferences (point 4), including any special personal data such as food intolerances, or recurring administrative data (point 5), so that LUGANODANTE can always provide simplified and personalised services; this data will also be processed through the use of electronic and automated tools (e.g. Personal Concierge Software or PassportScan Software).
The refusal of one or both of the two consents to the processing does not in itself prejudice the provision of the service, but it does imply the impossibility of establishing and maintaining the high standard that LUGANODANTE intends to offer its Guests, and therefore in such a case Hotel LUGANODANTE may choose not to provide the service.
The processing of personal data for commercial and promotional communication purposes (point 6) is optional and your consent is required. Refusal to grant consent does not affect the provision of the hospitality service.
It should be noted that all consents pursuant to Art. 7 of the GDPR and Art. 6.6 of the nLPD are collected and managed via the relevant personal data management APPs.
Access to data by authorised persons
Your data may be made accessible for the aforementioned purposes to employees and collaborators of LUGANODANTE, the Data Controller, in their capacity as authorised processors and contractually bound to strict confidentiality. In addition, they will be passed on to the Cantonal Police authorities in accordance with the law.
Processing by third parties
We may use third parties (‘Processors’) for the processing of your data within the scope of the purposes listed above, such as:
1. providers of administrative services, such as accountants;
2. providers of technical assistance services on IT systems
3. suppliers of software services in SAS (Software as a Service) mode.
In this case, we arrange for these parties to process your personal data exclusively for the purpose of carrying out their activities that are strictly related to the previously defined purposes and in compliance with appropriate technical and organisational data protection measures.
All data processors have been appointed in writing, in compliance with the requirements of Art. 28 of the GDPR and in any case in accordance with Art 9 of the nLPD.
Communication or dissemination of processed data
We do not disclose or communicate your personal data to third parties for purposes other than those outlined above. Your data is processed at the headquarters of LUGANODANTE in Switzerland as well as at the headquarters of our service providers who are based in Switzerland or in the European Economic Area (EEA: European Community, Norway, Iceland and Liechtenstein).
Should it become necessary to transfer your personal data outside the territory of Switzerland or the EEA during one or more processing operations, LUGANODANTE will provide you with an updated information notice specifying the guarantees taken, the legal basis on which the transfer is based and your rights as a data subject.
Information on your rights as a data subject
We would like to inform you of your rights as a data subject under the GDPR and the nLPD. These rights are set out in Article 13 of the GDPR, and Chapters 4 and 5 of the nLPD; in particular:
1. the data subject's right to request access to personal data from the data controller (Art 15 GDPR and Art 25 nLPD);
2. the data subject's right to request from the controller and rectification or erasure of personal data or restriction of processing (Art. 16 and 17 GDPR, and Art. 32 nLPD)
3. the data subject's right to object to their processing, including automated processing (Articles 18 and 21 GDPR and Art. 21 nLPD);
4. the data subject's right to data portability (Art. 20 GDPR and Art. 28 nLPD);
5. the data subject's right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
Personal data retention period and criteria
LUGANODANTE retains the personal data processed with reference to the following criteria:
1. compliance with the requirements applicable to the duration of the existing contractual relationship: retention of personal data for 2 (two) years;
2. compliance with administrative and tax requirements as per applicable regulations: retention of personal data for 5 (five) years;
3. personal data collected for the purpose of granting connection to the Wi-Fi service and until the expiry of the maximum terms provided by Swiss law for criminal investigations: retention of personal data for 1 (one) year following the last access
4. personal data, including special personal data, collected to offer a particularly high level of service to your Guest: retention of personal data for 2 (two) years after your last stay;
5. personal data, including particular personal data, collected for the improvement of future contractual services of hotel hospitality: conservation of personal data for 2 (two) years after the last stay made;
6. personal data collected for commercial and promotional communication purposes: retention of personal data for 18 (eighteen) months following the last contact made.
Contacts for the exercise of rights
The Data Controller of your personal data is LUGANODANTE with registered office in Piazza Cioccaro 5, 6900 Lugano (Switzerland). For any request for information on the processing of your personal data or to exercise your rights, please contact the following e-mail address: privacy@luganodante.com.
An up-to-date list of the External Data Processors and of those authorised to process data is kept at the registered office of the Data Controller.
Hotel Lugano Dante Center SA
Translated with Deepl.com (original version in Italian)