Privacy Policy

PRIVACY POLICY CONTENT

According to EU Regulation 2016/679 (hereinafter also “Regulation”), here below are reported all the key information regarding the data processing for all the subjects (hereinafter the “Data Subject”) that provide their personal data by registering on the website www.thegrandhouse.com, or with other means. Indeed, the Controller here below identified guarantees that the data will be processed in the respect of correctness, lawfulness and transparency principles, as well as be ensuring the protection of the privacy and rights of the Data Subjects.

The Controller reserves the right to modify and/or update, in any moment, the present policy. In the event the present privacy policy will be modified, the new version will be published on the website and the “date of last update” will be modified accordingly.

What reported below has no contractual value and do no provides for contractual obligations towards the website user.

1. Controller

The Controller of the data provided by the Data Subjects is the company H2O S.r.l., with registered office in Via Giacomo Peroni no.130, 00131 Roma, Fiscal Code and VAT no. 14371111007, registered at the Chamber of Commerce of Rome at the REA no. RM 1515971 (hereinafter also “Controller”). The Controller can be reached by email at the address titolareprivacy@thegrandhouse.com, by certified email at the address H2OGP130@legalmail.it or by phone at the number +390620392872.

The Controller is aware of the importance to guarantee the safety of the private data it receives and therefore will do the needful in order to protect the privacy of the Data Subjects by using the needed data protection informatics technologies. The Controller, however, cannot be responsible for any unauthorized access, for data loss, improper or illicit use, or modification of the personal data that occur out of its control.

2. Purpose of data processing

Data provided by the Data Subjects will be processed for the following purposes:

  1. sale of the travel packages offered on the website www.thegrandhouse.com;
  2. send of marketing and advertising communications relating to the products offered by the Controller;
  3. profiling and identification on the preferences .

In the event the Controller wishes to use the personal data for purposes different from the ones indicated when the data were collected, will be send a new and detailed request in order to receive the free consent of the Data Subjects.

The processing of the personal data relating to the sale of travel packages requires the express consent of the Data Subjects. The fault of providing such consent may cause the impossibility to provide the requested service.

3. Legal basis of the processing

According to article 6 of the Regulation, the processing of the Controller is based on:

  1. the contract entered into at the moment of receipt by the client of the order confirmation, for the purposes indicated in article 2.A above;
  2. the consent of the Data Subjects, for the purposes indicated in articles 2.B and 2.C above (consent freely given, specific and unambiguous, after the reading and understanding of the present policy).

4. Kind of data processed

The Controller will collect the following data of the Data Subjects:

  1. name and last name;
  2. address;
  3. email address;
  4. telephone number;
  5. date of birth;
  6. fiscal code;
  7. location;
  8. job.

The above reported data will be collected directly from the Data Subjects (for example through the on-line forms or by email).

5. Type of processing

The processing of the Data Subject’s data, collected on the basis of the contract or upon free consent, is performed at the registered office of the Controller as indicated above.

The processing is performed directly by the Controller and by its appointed personnel exclusively by way of electronic means and always in a way able to ensure the security and privacy of the data, in the respect of the terms provided by the Regulation.

The data collected through the form of the website www.thegrandhouse.com are automatically forwarded to the personnel of the Controller. 

In order to reach the purposes indicated in article 2 above, the processing provides for: the collection, the storage, the consulting, the comparison and the cancellation of the Data Subjects’ data.

6. Data storage

The Controller stores the collected data for time in which such information are suitable to reach the purposes of article 2 above, or until the time in which the Data Subject requests the erasure of the data.

7. Transfer of the data to a third country

The Controller does not foresee any transfer of data to third countries not part of the European Union and/or to International Organizations.

8. Recipients of the data and Processors

The personal data of the Data Subjects will not be disclosed of transferred by the Controller, but may be communicated to:

  • employees and collaborators of the Controller, located on the European Union territory;
  • legal or natural persons that provides the Controller with advisory activities related to accounting, administrative, legal, tax and financing matters, located on the European Union territory;
  • legal or natural persons or authorities to which the communication of the personal data is compulsory according to the law or legal authority orders.

The personal data of the Data Subjects will be also communicated from the Controller to third parties appointed as Processors. Such third parties are mainly the entities providing for the services included in the Travel Package sold by the Controller.

The complete list of the Processors will be immediately provided by the Controller upon request of the Data Subjects.

9. Rights of the Data Subjects

The Data Subjects have, at any moment, the following rights:

Right of access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged period for which the personal data will be stored or the criteria used to determine that period;
  • a list of his/her rights;
  • where the personal data are not collected from the Data Subject, any available information as to their source;
  • the existence of automated decision-making.

Right to rectification

The Data Subject shall have the right to obtain from the Controller, without undue delay, the rectification of inaccurate personal data and the completion of incomplete data.

Right to erasure

The Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning him/her, without undue delay, in the following events:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws consent;
  • the Data Subject objects to the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in the European Union or in Italy.

The Controller will inform the Data Subject that his/her request will be evaluated on the basis of the following exceptions as reported in the Regulation: freedom of expression and information; compliance with the law, public interest, scientific or historical research purposes or statistical purposes, establishment, exercise or defense of legal claims.

Right to restriction of processing

The Data Subject shall have the right to obtain from the Controller restriction of processing in the event:

  • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims;
  • the Data Subject has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object

The Data Subject shall have the right to object to processing of personal data concerning him or her. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject. Where personal data are processed for direct marketing purposes, will be sufficient the objection of the Data Subject.

Where the data subject objects to processing for direct marketing purposes, the same will be considered relating to all the means, such as email, phone, mail, etc. save for the possibility of the Data Subject to specify a single or different means.

Right to raise a complaint

The Data Subject, in the event deems that the processing is breaching the European law on the privacy, has the right to raise a complaint to the Italian Authority “Garante per la protezione dei dati personali”.

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller.

The Data Subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Withdraw of the consent

The Data Subject shall have the right to withdraw his or her consent without any reason. However, the processing of the personal data already performed by the Controller prior to the receipt of the withdrawal will be deemed compliant with the law. Upon withdrawal of the consent the processing will be interrupted. In order to withdraw the consent is sufficient a clear and unambiguous communication/request to the Controller at the contact details indicated above. To the withdrawal will automatically follow the erasure of the data, as a result thereof the Controller will delete the data of the Data Subject, save for the storage of the data required by legal or tax purposes.

Need help? Contact us!

Leave us your email and we will contact you as soon as possible.

Your request has been successfully sent!
An error has occured. Please retry.