Last Updated: 12/17/2024
What is this document? Through this privacy notice prepared pursuant to Art. 13 of Regulation (EU) 2016/679 ("GDPR") and in compliance with the principles contained therein, Plutonios S.r.l. intends to inform each user ("User" or "Users") about the processing of personal data collected through the website https://plutoniosolutions.com ("Website").
Plutonios S.r.l. (hereinafter "Plutonios" or "Controller", for the purposes of Art. 4(7) GDPR), with registered office at Via Giuseppe Frua 15 - 20146 Milan, Italy.
Contact address: info@plutoniosolutions.com
The Controller collects personal data for the following purposes, as specified below, where the legal basis and the duration of data processing are also highlighted.
| Purpose | Personal Data | Legal Basis | Retention Period | |
|---|---|---|---|---|
| a. |
Management and fulfillment of information and support requests The data provided will be processed to handle and respond to information and technical support requests, as well as to assist you before, during and after the provision of our services (including through instant messaging tools). |
✓ Personal Information (Name and surname) ✓ Contact details (Email address, phone number) ✓ Booking details |
Performance of pre-contractual measures [Art. 6(1)(b) GDPR] | For the period necessary to respond and up to 3 years |
| b. |
Chatbot The Controller processes Users' data collected through interaction with the "Plutonios Assistant" chatbot present on the Website in order to provide responses and assistance regarding Plutonios' services. |
✓ Data provided by the User through the use of the chatbot (e.g.
questions, requests, or information necessary to provide appropriate
responses); ✓ Usage data related to interaction with the chatbot (e.g. frequency of use, interaction time, type of requests). |
Performance of pre-contractual measures [Art. 6(1)(b) GDPR] | Up to 3 years |
| c. |
Compliance with legal obligations Your data will be processed by the Controller to comply with obligations arising from current laws, regulations or EU legislation (e.g. tax and accounting obligations) or management and response to requests from competent administrative and tax authorities as well as judicial authorities. |
✓ Personal Information (Name and surname) ✓ Contact details (Email address) |
Legal obligation [Art. 6(1)(c) GDPR] | In accordance with applicable legislation |
| d. |
Website Improvement The Controller will process Users' data to enable navigation, consultation of the Website, as well as to improve your browsing experience. |
✓ Website usage and interaction data | Legitimate interest attributable to the Controller's need to enable the use of the Website and its improvement. [Art. 6(1)(f) GDPR] | Not applicable (aggregated or anonymous data). |
| e. |
Complaint management, protection of interests and exercise of
the right of defense The Controller may process Users' data to exercise and protect its rights in extrajudicial and judicial proceedings. |
✓ Personal Information ✓ Contact details |
Legitimate interest attributable to the need to ascertain, exercise or defend a right and/or interest. [Art. 6(1)(f) GDPR] | Personal data will be retained for the period necessary to defend or exercise the right. |
The provision of your Data for the purposes under a) and b) is optional.
However, in the absence of such data, Plutonios will not be able to process the
request.
The provision of your Data for the purposes under c) is mandatory.
The processing activities under d) and e) do not require specific
consent as they are based on the Controller's legitimate interest provided for
in Art. 6(1)(f) GDPR. In any case, in compliance with the
GDPR, the Controller has carried out a thorough balancing of interests
aimed at protecting and guaranteeing the privacy and fundamental rights
of the data subjects.
The use of some services on the website may require the
processing of personal data of third parties sent by you to
the Controller. With respect to these cases, the User acts as an independent
data controller, assuming all legal obligations and
responsibilities. In this regard, the User provides the broadest
indemnity with respect to any dispute, claim, request for compensation for damage from processing, etc. that may be received by
the Controller from third parties whose personal data have been processed in
violation of applicable personal data protection regulations. In
any case, if you provide or otherwise process personal data of
third parties when using the Website, you guarantee from now on -
assuming all related responsibility - that this particular
case of processing is based on an appropriate legal basis pursuant to
Art. 6 GDPR that legitimizes the processing of the information in question.
Processing is carried out using automated and/or manual computer and telematic tools designed to ensure appropriate security measures to prevent access, disclosure, loss, incorrect, unlawful or unauthorized use of data.
Personal Data may be shared with the following external parties: i) Internet service providers and platforms used by the
Controller as organization tools, communication channels and/or
online booking; ii) consultants and other service providers who
perform services for us or on our behalf and require access to
such information to perform such work; iii) public entities to whom
such data must be communicated by legal provisions or orders of the
Authority.
These parties act as independent data controllers or
data processors. In the latter case, the Controller has
entered into a specific agreement pursuant to Art. 28 GDPR (Appointment as
Data Processor). The list of Data Processors can be requested by
contacting the Controller at the contact details indicated in the
previous paragraph 1.
Personal data will also be processed by the Controller's internal staff
specifically authorized pursuant to Art. 29 GDPR.
Personal data are processed at the Controller's premises, as well as on the servers hosting the website www.bellavistamontecatinihotel.com. Personal data are stored on servers located in EU territory and will not in any case be transferred outside the same. The Controller guarantees that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in compliance with applicable law. Transfers are made through appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for by the GDPR.
The User may exercise all rights provided for in Arts. 15-21 of
the GDPR at any time and without unjustified limitations,
by contacting the Controller at the email address info@plutoniosolutions.com.
Requests are filed free of charge and processed by the Controller
within 30 days.
In particular, the User may: