Data Protection and Confidentiality Policies

This document describes the Privacy Policy for the use of the iperbooking online booking platform used by Hotel Croce di Malta

Data Holder:
Hotel Croce di Malta
via Biglieri, 2a - 28100
Novara

Data Processing Manager:
iper.net srl
via Flaminia 248
47924 Rimini (RN)

Data Collation and Objectives
The information acquired throughout the booking or as part of the request for availability is limited to that which is strictly necessary to correctly advise Hotel Croce di Malta and the personnel in charge, being the data relating to the personal details of the person making the booking and any information for the management of the reservation guaranteed as per that displayed on the form.
Hotel Croce di Malta uses the iperbooking platform as a technical tool for online bookings and the management of requests and communications with users of the website. The data owner is: Hotel Croce di Malta whilst iper.net srl, the company that technically manages and develops iperbooking, is responsible for processing
The data collected is used exclusively to provide the booking service, for the realisation of accommodation offers upon availability as per the request, and for statistical purposes within the accommodation facility. In the specific case whereby the user has explicitly requested the optional registration to receive the newsletter, the structure will be authorised to send any promotional newsletters, the sending of which the user can request to be blocked at any time, along with the removal of the email address.
The data acquired is: name, surname, address, email, telephone number, occupants, period of stay and any additional information of use in managing the regular booking process within the structure and whereby the data necessary to complete the registration is explicitly requested.
For security purposes, the IP address of the device utilised by the user and the time spent viewing the pages are also collected.

Data Protection
iper.net srl, on behalf of Hotel Croce di Malta, uses the best technologies and services relative to the security of information stored on our servers, including:
- data centre with biometric access and 24x7x365 surveillance, along with the following certifications
HIPAA, HITECH, Privacy Act, ISO 9001, SOC 1/2/3, PCI DSS Level 1 (more information can be found at the following links https://www.rackspace.com/compliance / https://www.rackspace.com/information/legal/securitypractices;
- the servers are protected by the latest generation of Firewall and powerful Antivirus systems;
- all communication regarding sensitive data takes place in protected SSL/VPN mode;
- checks are regularly carried out by external companies for PCI certification and the security of the IT infrastructure.

Storage, Access, Modification and Deletion of Data
At any point in time, the user has the right to request information from Hotel Croce di Malta regarding what data has been stored and can also request its modification or complete cancellation. This activity must be completed by the structure within 30 days from receipt of the communication. The request can be made by contacting us here: info@crocedimaltanovara.it . Data will be stored for a maximum of 10 years

Links to Other Websites
The iperbooking platform used by the hotel may contain links to external sites. Hotel Croce di Malta is not responsible for the Privacy Policy applied on these online platforms and the user is advised to consult the information provided by the relative third parties.

Cookies and Other Tracking Technologies
On the iperbooking platform, technologies are used to ensure the online booking process works properly. Additional tracking technologies are also utilised for statistical purposes and for marketing content supplied by third parties. This document concerns the communication of our information only. For any further information, reference should be made to the policies of Google Analytics/Marketing and Facebook.

Other Communications
Hotel Croce di Malta will not communicate the data received to any other commercial organisation without the explicit consent of the end user. If any communication of data from administrative bodies, judicial authorities or government agencies is requested, we will always operate in compliance with the laws in force.

International Transfer
All data collected is currently stored with technological infrastructures within the European Union. In the case of transfers outside the EU, we will take care to utilise services in countries in line with the requirements of the laws in force in Europe.

Breach Notification
Data protection is a primary concern for us. We are constantly committed to investing in its safeguarding. In the event of system violation and data theft, it will be our duty to notify the persons involved within 30 days, whilst implementing all necessary countermeasures.

Changes to This Policy
Except for the limits of applicable laws, we reserve the right to update this Policy to make changes to our data processing procedures known, giving notice of any update in a clear manner on this web application and, as required, obtaining the consent of the user. Each update will become effective immediately after publishing the updates to this Policy and will apply to all user data collected or, when requested, subject to the consent of the user. The latter agrees to periodically review this information. If any changes are made, we will change the “Last Update” date shown at the top. The user is free to decide whether or not to accept the modified version of this Policy. However, the user is required to accept such in its modified form to continue using our online booking service. If the user does not adhere to the new terms or any modified version of this Policy, the only available option would be to terminate the use of our service. If any changes to this Policy are made that materially impact upon the user’s data that has already been collected, we would be required to obtain the prior express consent of the user.