Data privacy and protection is a matter of great importance to us in all of our business dealings and in all of the services we offer.


EU Regulation 2016/679 ("European Regulation on the Protection of Personal Data" in short GDPR) provides for the protection of persons and other subjects and compliance with the processing of personal data.
The first principle of GDPR n. 679/2016 is accountability, i.e. the responsibility of the Data Controller and all members of his organization in data management.
Website privacy policy
This information describes the management methods of the web site of the HOTEL LE PALME in relation to the processing of personal data of users who consult it and of those who interact with web services accessible electronically starting from the reference internet address, corresponding to the page official of the company HOTEL LE PALME sas.
This information is provided only for the reference site and not for other websites that may be consulted by the user via links.

In order to easy understanding of this Regulation, some of the definitions contained in the art. 4 of EU Regulation 2016/679:
"personal data": any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or imposed, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characteristic of his physical identity, physiological, genetic, psychological, economic, cultural or social;
"processing": any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data such as collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;
"data controller": the natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data;
"data controller": the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller;
"recipient": the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party; (public authorities that may receive communications in the context of a specific investigation in accordance with European Union law are not considered recipients).
"supervisory authority": independent public authority pursuant to art. 51 GDPR;
"profiling": any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, the personal preferences, interests, reliability, behavior, location or movements of that natural person;
"pseudonymisation": the processing of personal data in such a way that they can no longer be attributed to a specific interested party without the use of additional information, provided that they are stored separately and subject to technical and organizational measures such as to ensure that the data are not attributed to an identified or identifiable natural person;
"consent of the interested party": any free, specific, informed and unequivocal expression of will of the interested party, with which he or she expresses his or her assent, through a declaration or unequivocal positive action, that the personal data concerning him or her be processed ;
"personal data breach": the breach of security which accidentally or unlawfully leads to the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
Type of data processed
This site may collect some personal data from users.
Pursuant to articles 13 and 14, we therefore provide some information on the processing of some of your data.
The computer systems and software procedures used to operate this website acquire, during their normal operation, the following personal data whose transmission is implicit in the use of Internet communication protocols:
• IP addresses;
• the type of browser used;
• the operating system;
• the domain name;
• the addresses of websites from which access was made;
information on the pages visited by users within the site, access time, time spent on a single page, internal path analysis and other parameters relating to the operating system and the user's IT environment;
• the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources;
method used in submitting the request to the server and the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the 'user;
This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
Please refer to the "cookies policy" which can be consulted from the link on the company web page.

Purpose and legal basis of the processing

The navigation data are processed for our legitimate interest in guaranteeing the security of the sites, checking their correct functioning and obtaining statistics in relation to their use (art. 6, co.1, letter f) of the GDPR). Return information to potential customer requests.

Data processing methods

The personal data collected will be processed through the use of IT systems and stored both on IT media and on paper media, according to the principles of correctness, loyalty and transparency provided for by the applicable legislation on the protection of personal data and protecting its confidentiality and his rights through the adoption of suitable technical and organizational measures to guarantee a level of security appropriate to the risk.
Personal data are processed for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
The data provided is not subject to profiling activities except in anonymous mode and only for the data necessary for the maintenance of the site and to improve the user's browsing experience.

Recipients of Personal Data

The data will be processed exclusively by competent and duly appointed subjects for the performance of the services necessary for the correct management of the relationship, with a guarantee of protection of the rights of the interested party. In particular, the data may be communicated to third parties duly appointed by public and/or private entities in compliance with legal obligations.
Personal data may also be communicated by the Data Controller to persons authorized by them to process it. No data deriving from the web service is disseminated.

Place of treatment

The processing connected to the web services of this site takes place at the registered office of the Hotel le Palme sas company and is handled only by personnel appointed for this purpose, or by any external managers of maintenance operations, appropriately designated.
No data deriving from the web service is communicated or disseminated. The personal data provided by users who request dispatch of informative material are used for the sole purpose of carrying out the service or provision requested and will never be communicated to third parties unless specifically requested.

Transfer of Personal Data
The data controller does not transfer or intend to transfer personal data to recipients in third countries or to international organisations

Data controller
Hotel Le Palme S.a.s.- P.iva 01897610653 nella persona del legale rappresentante

Via Poseidonia , 123 - 84047 Loc. Laura - Capaccio (SA)

Data Protection Officer
Hotel Le Palme S.a.s.- P.iva 01897610653 nella persona del legale rappresentante

Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679
The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;
d) the expected retention period of personal data or, if this is not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
Without prejudice to any other administrative or judicial action, the interested party may submit a complaint to the competent supervisory authority on Italian territory (Personal Data Protection Authority) or to the one that carries out its tasks and exercises its powers. in the Member State where the violation of the GDPR occurred.

Right referred to in art. 17 of EU Reg. 2016/679 - specific circumstances under which the right to be forgotten applies .
The interested party has the right to obtain from the data controller the deletion of personal data concerning him or her without unjustified delay and the data controller has the obligation to delete the personal data without unjustified delay, if one of the following reasons exists:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the interested party withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment;
c) the interested party objects to the processing pursuant to Article 21, paragraph 1, and there is no overriding legitimate reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2;
d) the personal data have been processed unlawfully;
e) the personal data must be erased to comply with a legal obligation under Union or Member State law to which the data controller is subject;
f) the personal data were collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of EU Regulation 2016/679


Right referred to in art. 18 Right to limit processing
The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that their use be limited;
c) although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
d) the interested party has objected to the processing pursuant to Article 21, paragraph 1, EU Regulation 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

To exercise these rights you can contact the Data Controller at any time by sending the request to the following email address: info@lepalme.it
Furthermore, the interested party can lodge a complaint with the Supervisory Authority, represented in Italy by the Guarantor for the Protection of Personal Data www.garanteprivacy.it

Protection of rights
The articles 11 and 12 of the "New Regulation" generally govern the methods for exercising all the rights arising from the interested party.
The Community Legislator has established the obligation - weighing on the owner - to regularly respond in written form to the interested party's requests, also through electronic tools that facilitate accessibility. The requested information may be granted to the interested party in oral form only if the interested party explicitly requests it.
To assert his rights, the interested party may also contact the judicial authority or the Guarantor, in case of failure to satisfy his requests to the data controller.
Response times for exercising rights
The deadline for the response to the interested party by the Data Controller is, for all rights (including the right of access), 1 month, extendable up to 3 months in cases of particular complexity; the owner must in any case give feedback to the interested party within 1 month of the request, even in the event of refusal.
In the event of a data breach, the Data Controller will have to implement two different actions:
• notification of the violation to the Supervisory Authority within 72 hours of the event
• reporting to the person concerned (without unjustified delay).
Revocation of consent to processing
For reasons relating to the particular situation of the interested party, the interested party may object at any time to the processing of their personal data if it is based on legitimate interest or if it takes place for commercial promotional activities, by sending the request to the data controller.
The interested party has the right to have their personal data deleted if there is no overriding legitimate reason of the Data Controller compared to that which gave rise to the request, and in any case in the event that the interested party has objected to the processing for commercial promotion activities.
On 25 May this Regulation also came into force in Italy to regulate the relationship that public and private bodies, professionals, establish with people: citizens, customers, workers. We have the obligation to process the personal data of our users in absolute compliance with the law.
Below is the link to consult the entire European privacy regulation in Italian:
 European Privacy Regulation 679/2016