Information pursuant to Articles 13 and 14 of EU Regulation 2016/679 of the European Parliament and of the Council
S.U. SERVICES SRL wishes to inform you that, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data or General Data Protection Regulation (hereinafter also referred to as the “GDPR”), it will process certain personal data collected automatically or provided by the user or third parties through navigation or use of the website https://shop.serenohotels.com/ (hereinafter referred to as the “Website”).
1. DATA CONTROLLER
The Data Controller is S.U. SERVICES SRL, VAT number 10171890964, registered in Milano, via Bartolomeo Eustachi n. 46 (hereinafter “Owner” of the treatment).
2. CONTACT PERSON FOR THE PROCESSING OF PERSONAL DATA
The Owner, considering the protection of personal data of primary importance, has appointed an internal contact person or “Designated Privacy” for the supervision of processing activities: this figure can be contacted by writing an e-mail to for each issue concerning the protection of personal data.
3. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
In order to allow the use of the Website and its services, the Data Controller needs to know, acquire and process some of your personal data. In particular, when you browse or purchase on the Website (hereinafter, collectively, “Services”), or interact with the initiatives and activities carried out by the Owner processes the following personal data:
4. PURPOSE OF THE PROCESSING AND ITS LEGAL BASIS
The personal data in the possession of the Data Controller are those provided when browsing the Website and during the use of its Services.
Personal data are processed for the following purposes.
The legal basis on which the treatment is based is the need to execute a contract of which you are a party and the need to comply with legal obligations.
The legal basis on which the treatment is based is the exercise of the legitimate interest of the owner and / or the need to comply with legal obligations.
Personal data may be processed either by computer or on paper, where this is necessary in relation to the type of service requested.
5. PERIOD OF RETENTION OF PERSONAL DATA
The Data Controller shall keep the personal data for a period of time not exceeding that necessary to achieve the purposes for which they were collected and processed.
In this context, in compliance with current legislation, including accounting, the Owner will keep your personal data acquired through the sale of its products for a period not exceeding 10 years. Subsequently, we will provide for their cancellation, or their transformation into anonymous form in a permanent and non-reversible.
In any case, once the purposes for which they were collected and processed have been achieved, we will remove them from our systems and records and/or take appropriate measures to make them anonymous, so as to prevent you from being identified.
This is without prejudice to the case where we need to keep such data in order to comply with legal obligations, or to ascertain, exercise or defend our rights in court.
6. CATEGORIES OF RECIPIENTS OF THE DATA
The personal data processed will not be disclosed to third parties. Your personal data may, however, be disclosed in relation to the processing purposes set out above:
In addition, our employees may also be informed of your personal data, provided that they have previously been designated as a person acting under the authority of the Data Controller pursuant to Art. 29 GDPR or as a System Administrator.
Any communication of your personal data will take place in full compliance with the legal provisions of the GDPR and with the technical and organizational measures put in place by the Data Controller to ensure an adequate level of security.
In no case will the personal data of the Users be disclosed, unless explicit, free and prior consent has been obtained on the basis of specific information in accordance with current legislation.
7. RIGHTS OF THE INTERESTED PARTY
In relation to the processing of your personal data, according to the GDPR, the person concerned has the right to:
To exercise each of your rights, you can contact the Data Controller by sending a communication to the address of the registered office indicated above, or you can contact the Designated Company Privacy by writing to the e-mail address, providing the following personal data:
– Name, surname;
– Details of the request;
Where necessary, in order to verify the identity of the interested party by the Data Controller, the following additional information may be requested:
– Purchase code;
– Other data relating to the transaction initiated or completed.
8. CONSENT OF MINORS IN RELATION TO INFORMATION SOCIETY SERVICES
Children under the age of sixteen (16) are expressly prohibited from using the services provided through the Website. In consideration of the technologies available and the services provided, the Owner has set up systems of personal verification to ensure that the consent to the processing of personal data of the child is given or authorized by the subject exercising parental authority. By registering or purchasing on the Website, you confirm that you have reached the age of majority envisaged by your country of residence.
9. VERSION AND VALIDITY OF THIS DOCUMENT
This notice may be updated from time to time and will be based on the latest version, so please check this page regularly.