Information provided by THE HOSTEL s.r.l., under and for the purposes of Article 14 Reg. UE 679/2016

PREMISE

According with Reg. UE 679/2016, herewith we provide the necessary information regarding the purposes and methods of personal data processing to those who consult the pages of the website (thehostel.it), as data controller.
This information is valid only for this website (thehostel.it) and not for other websites that may be consulted via links published on this website; on such third-party websites, the data controller is not to be considered in any way responsible.
Users are informed that the hosting of this website is provided by the treatment company: The Hostel s.r.l., based in Genova (GE), Via Ippolito D’Aste 8/4; P.iva/CF: 02245430992; mail: info@thehostel.it; tel: 010 4033223; PEC: thehostelsrl@pec.it
Under the art. 28 del REG. UE 679/2016, the Data Controller may use subjects whose servers that host the website are located in Italy.

TYPES OF DATA PROCESSED

Navigation data
Regarding the technical aspects and protocols, we wish to inform you that:

• – The computer systems and software procedures used to operate this website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
• – This is information that is not collected to be associated with interested parties identified, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
• – This category of data includes the IP addresses or domain names of computers used by the Users who connect to the website, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
• – These data can be used to ascertain any responsibility in case of hypothetical computer crimes against the website.

Cookies
Cookies are small text files that are sent from the visited website to the user’s device (usually to the browser), where they are stored in order to recognize this device at the next visit. In fact, at each subsequent visit, cookies are sent back to the website from the user’s device.
Each cookie generally contains: the name of the server from which the cookie was sent, the expiration date and a value, usually a unique number generated randomly by the computer. The server of the website that transfers the cookie uses this number to recognize the user when he returns to visit a website or browses from page to page.
Cookies can be installed not only by the same manager of the website visited by the user (first-party cookies), but also by a different website that installs cookies through the first website (third-party cookies) and is able to recognize them. This happens because on the visited website elements may be present (images, maps, sounds, links to web pages of other domains, etc.) that reside on other servers different than the website visited.
In general, cookies are classified in different types based on:

• A. Duration:
  • – session cookies (temporary) automatically deleted when the browser is closed.
  • – persistent cookie active until its expiration date or its cancellation by the user.
• B. Provenance:
  • – first-party cookies sent to the browser directly from the visited website.
  • – third-party cookies sent to the browser from other websites and not from the visited website.
• C. Purpose
  • – technical cookies
  • – navigation/indispensable/performance/process/security cookies contributes to the operation of the website, for example gives the possibility to browse through the pages or access protected areas. If they are blocked, the website can not function properly.
  • – functionality/preference/tracking/session status cookies allow you to store information that change the behavior or appearance of the website (preferred language, text and font size, geographical area in which you are located). If it is blocked, the experience is less functional but not compromised.
  • – statistical/analytic cookie a) first-party or b) third-party with IP masking, without cross data (similar to technical cookies for purposes), is used to collect information and generate statistics on the use of the website to understand how the visitors interact.
  • – non-technical cookies
  • – Third-party statistical/analytic cookies without IP masking, with data crossing, are used to gather information, generate usage statistics, with the possibility of identifying and tracking the website user, in order to understand how visitors interact.
  • – profiling/marketing/advertising/tracking or conversion cookies for the selection of advertising based on what is relevant for a user (personalized ads). Profiling cookies are designed to create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the user in the context of web-browsing.

The Hostel s.r.l., in person of the l.r., has implemented the obligations required by the Provision of the Authority for the Protection of personal data. Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – 8 may 2014 (Published in the Official Gazett n. 126 of 3 June 2014)”, as well as subsequent interventions by the Competent Authority regarding “cookies”.

Below we report all information on cookies installed through this website, and the necessary instructions on how to manage the preferences of users regarding them.
The Hostel s.r.l., in person of the l.r., wishes to inform Users that its website (thehostel.it) can use the following types of cookies:

• – First Party Technical Cookies, which do not require the User’s consent;
• – Third Party Analytical Cookies, similar to technical cookies as tools have been adopted that reduce the identifying power of cookies (by masking significant portions of the IP address) and, the third part does not cross the information gathered with others that already has.
• – Profiling cookies.

Specifically, in addition to the above, we report that the website (thehostel.it) uses:

• – First-party technical cookies
  These cookies are necessary for the proper functioning of our website: these are cookies that are used to browse or provide a service requested by the User; they are not used for other purposes and are installed directly by the data controller. Without the use of these cookies, some operations could not be completed or would be more complex and/or less secure.
• – Third-party analytical cookies, similar to technical cookies
  Our website uses third-party cookies for the management of statistics. In particular, our website uses Google Analytics: it is a web analyses service provided by Google Inc. (“Google”) that uses cookies that are stored on the User’s computer to allow statistical analysis in aggregate form in order to the use of the visited website. Please note that tools have been adopted that reduce the identifying power of cookies (by masking significant portions of the IP address) and the third party does not cross collected information with others that already has. For these cookies we provide the name of the third parties that manage them, and the link to the page where the user can receive information on the treatment and express their consent.
  Overview: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
  Opt out: https://tools.google.com/dlpage/gaoptout?hl=it
• – Profiling cookies
  Finally, we inform Users that the website uses cookies c.d. “Profiling” exclusively of third-party.
  Profiling cookies are designed to create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the same in the context of web-browsing.

Social network buttons
The Social Buttons are the buttons on the website that depict the icons of social networks (eg Facebook, Twitter, etc …) and allow users who are browsing to interact directly with social platforms with a click. The Social Buttons used by the website (thehostel.it) are links that refer to the account of the data controller on the social networks depicted. Through the use of these buttons are therefore not installed through our website third-party cookies. In any case, we report the references to the Social Network Buttons used by the website (thehostel.it) and the links where the User can view the privacy policy regarding the management of the data by the Social networks to which the buttons refer to.

• Facebook button (Facebook Inc.).
  The button is a service of interaction with the social network Facebook, provided by Facebook, Inc.
  Processing location: USA
  Privacy Policy: https://www.facebook.com/privacy/explanation
• Instagram button (Instagram Inc.).
  The button is a service of interaction with the social network
  Instagram, fornito da Instagram, Inc.
  Processing location: USA
  Privacy Policy: https://help.instagram.com/155833707900388/?helpref=hc_fnav&bc[0]=Centro%20assistenza%20di%20Instagram&bc[1]=Privacy%20e%20Centro%20per%20la%20sicurezza

Contents from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of the site (thehostel.it) and interact with them.
If a service of this type is installed, it is possible that, even if the Users do not use the service, it can collect traffic data related to the pages in which it is installed.

• – TripAdvisor widget (TripAdvisor LLC)
  Widget TripAdvisor is a content visualization service managed by TripAdvisor LLC that allows this Website to integrate content from this external platform into its pages.
  Personal Data collected: Cookies and Usage Data.
  Processing location: USA
  Privacy Policy: https://www.tripadvisor.com/pages/privacy.html
• – Google Maps Widget (Google Inc.)
  The Google Maps Widget provides customized interactive maps that are included within the web pages of websites that use the service. The website (thehostel.it) incorporates the Google Maps Widget to allow the User to view, on the map, the location of the The Hostel s.r.l. This service may involve the installation of cookies, including profiling, by Google (third party). No information is shared from the website (thehostel.it), where the Widget is embedded.
  Processing location: USA
  Privacy Policy: https://www.google.it/intl/it/policies/privacy/
• – Instagram Widget (Instagram, Inc.)
  Instagram is an image visualization service managed by Instagram, Inc. that allows this Website to integrate such content within its pages.
  Personal Data collected: Cookies and Usage Data.
  Processing location: USA
  Privacy Policy: https://instagram.com/legal/privacy/

In general, beyond the type of cookies used by this website, we wish to inform Users that, in addition to the safeguards provided for by current legislation, some options are available for browsing without cookies, such as for example:

• – Block the third-party cookies: third-party cookies are generally not essential for browsing, so you can reject them by default, through special functions of your browser.
• – Activate the Do Not Track option: the Do Not Track option is present in most of the latest generation of browsers. Websites are designed to respect this option, when activated, they should automatically stop collecting some browsing data. As mentioned, however, not all websites are set to respect this option (discretionary).
• – Activate “anonymous browsing”mode: using this function you can browse without leaving a trace in the browser of navigation data. The websites will not remember the User, the pages that are visited will not be stored in the chronology and the new cookies will be deleted. The anonymous browsing function does not guarantee anonymity on the Internet anyway, because it only serves not to keep navigation data in the browser, whereas this data will continue to be available to website managers and connectivity providers.
• – Delete cookies directly: there are special functions to do it in all browsers. Remember, however, that every time you connect to the Internet, new cookies are downloaded, so the cancellation operation should be performed periodically. If desired, some browsers offer automated systems for the periodic cancellation of cookies.

For further information on the issue of c.d. “Cookies”, please consult the following link: http://www.garanteprivacy.it/cookie
In addition, to know how to limit, block and/or remove cookies set on your device, we recommend that you visit the following link: http://www.aboutcookies.org
As previously mentioned, the User can manage his own cookie preferences also through his browser. To know the type and version of the browser you are using, it is advisable to click on “Help” in the browser window at the top, from which you can access all the necessary information. If you know the type and version of your browser, just click on the link corresponding to the browser you are using to access the cookie management page.

• – Microsoft Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
• – Google Chrome: https://support.google.com/accounts/answer/61416?hl=it 
• – Mozilla Firefox: http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies 
• – Safari: http://www.apple.com/legal/privacy/ 

Finally, for more information on how to manage cookies, we recommend to visit the following web pages: http://www.youronlinechoices.eu, http://www.allaboutcookies.org, https://tools.google.com/dlpage/gaoptout, http://aboutads.info/choices, http://www.networkadvertising.org/choices.

DATA PROVIDED VOLONTARILY BY THE USER

Following consultation of this website, data relating to identified or identifiable persons may be processed. In particular, we specify that such processing may take place in relation to personal data provided freely by Users who send their personal data to the data controller through the contact details present on the website (thehostel.it), such as company e-mail addresses, and/or filling out specific information collection forms present on the website. In fact, the optional, explicit and voluntary sending of e-mails to the
addresses indicated on this website entails the subsequent acquisition of the sender’s address, necessary for the purpose of responding to requests, as well as any other personal data included in the message. Specific and detailed information on the processing of data, issued under the art. 13 of the Reg. UE 679/2016, are given, every time, in the pages where modules for the collection of visitor data are present. These information intend to define limits, purposes and methods of processing of each data collection form and every visitor can freely express their consent and authorize the collection of data and the subsequent use.
It should be noted that, in no section of the website, nor for access to any functionality of the website, the assignment of “special categories of personal data” and/or “personal data relating to criminal convictions and crimes” is requested, as defined by the art. 9 and 10 of the Reg. UE 679/2016: if the user spontaneously sends information of the aforesaid type to the data controller, the data controller will process such data in compliance with the current legislation on the protection of personal data (Reg. UE 679/2016) and within the limits of what strictly necessary in relation to the requests expressed by the interested User.
In general, as regards to the data provided voluntarily by the user, we wish to inform users that the Reg. UE 679/2016 and the Legislative D.Lgs 196/2003 while compatible provide for the protection of individuals with regard to the processing of personal data.
According to this legislation, this treatment will be based on principles of correctness, lawfulness and transparency, protecting their privacy and rights.
Within the aforementioned article 14 of the Reg. 679/2016 and D.Lgs 196/2003, while compatible, we therefore give the following information:

• a) The processing that the Data Controller may do will be carried out through an automated process and/or collection of paper documents
• b) Users are free to provide their own information by sending it to the data controller via the contact details on the website (thehostel.it) and/or by filling out specific forms for information collecting on the website; in the latter case, failure to provide certain data could, depending on the case, make it impossible to proceed with the activities requested by the User (for example, see “mandatory fields” marked with > in the information collection forms).
• c) the User’s personal data will be processed by subjects specifically appointed by the data controller as data controllers and/or by anyone acting under his authority and having access to personal data; this subjects will process the data only when necessary in relation to the purpose of the conferment and only in the performance of the tasks assigned to them by the data controller, committing to process only the data necessary for carrying out these tasks and to perform operations only necessary to carry them out. Furthermore, personal data may be disclosed to third parties only if strictly necessary to provide specific services or information requested by the User. Finally, we point out that the data controller may use internal or external IT technicians for occasional maintenance, updating or assistance, in case of malfunction, of the website. No data deriving from the web service will, however, be communicated or disseminated outside the company. The communications of data described above are strictly connected to the normal business operation in the context of the management of the relationship and are strictly necessary for the purposes for which the data were provided;
  c1) the Data Controller may transfer personal data to a third country or an international organization; in these cases the responsable committs to carry out the processing only in the presence of appropriate guarantees;
  c2) in compliance with the measure “Measures and precautions prescribed to data controllers carried out with electronic instruments concerning the assignments of the functions of the system administrator – 27 November 2008″ (GU No. 300 of 24 December 2008) and related additions and amendments, the data controller has appointed specific “System Administrators” who, in the performance of their functions, may access, even indirectly, services or systems that process or allow the processing of personal information.
  c3) the data will not be disclosed to other third parties, without asking, in advance, your express consent.
  Your personal data will not be disseminated.
• d) The data will be kept for the time necessary to reach the purposes for which the data were provided; The data will be stored in a form that allows the identification of the interested party for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed, after which, if not expressly confirmed by the interested party, will be deleted, save their transformation in an anonymous form.
• e) The personal data provided will not be processed in order to implement an automated decision-making process (so-called profiling).
• f) In the hypothesis in which the personal data provided must be processed for purposes other than those indicated above, the Data Controller will provide you with information regarding this different purposes and any other relevant information.

The controller, taking into account the state of the art and the implementation costs as well as the nature, scope, context and purpose of the processing both when determining the means of processing and at the time of processing itself (so-called risk analysis – accountability), has put in place adequate technical and organizational measures, aimed to implement effectively data protection principles and integrate in the treatment the necessary guarantees in order to meet the requirements of Reg. 679/2016 and protect the rights of the interested subjects.

Data will be processed using methods and instruments that guarantee security (Article 24, 25 and 32 of the Reg. Ue 679/2016) and will be carried out through an automated processes and non-automated processes (paper archives), to which all the technical and organizational measures will be applied to guarantee a level of safety appropriate to the risk, so as to ensure on a permanent basis, their confidentiality, integrity, availability and the resilience of the systems and services of treatment (by way of example but not exhaustive: controls both on assignment of tasks to the persons in charge of data processing and the classification of the data themselves, procedures, if sustainable, of psdonymisation and encryption, disaster recovery mechanisms, etc.).
We inform you that the processing of data is based on the provisions of art. 6, paragraph 1, lett. a) Reg. Ue 679/2016, and the User is free to provide its own information by sending it to the data controller via the contact details on the website (thehostel.it) and/or by filling out specific forms for information collection on the website; in the latter case, failure to provide certain data could, depending on the case, make it impossible to proceed with the activities requested by the User (for example, see “mandatory fields” marked with > in all information collection forms).
The process controller is: The Hostel s.r.l., based in Genova (GE), Via Ippolito D’Aste 8/4; P.iva/CF: 02245430992; mail: info@thehostel.it; tel: 010 4033223; PEC: thehostelsrl@pec.it
According to art. 28 of the REG. UE 679/2016, the Data Controller may use third parties that process data on their behalf and be formally appointed by them as data processors. The complete and up-to-date list of the designated data processors can be consulted at the company’s headquarters.
According to art. 29 of the REG. UE 679/2016, the Data Controller may use others acting under his authority and/or the appointed processor; these subjects will be adequately instructed.
The Data Controller has not designated a D.P.O. (Article 37 REG. UE 679/2016 and WP Guidelines Article 29 of 13.12.2016), considerating it an unnecessary figure within the structure, given that the characteristics of the data processing do not fall within the cases referred in the aforementioned Article 37.
The Data Controller also informs that:

• a) the interested party has the right to ask the controller, access their personal data and to correct or cancel them or limit their processing or oppose to their processing in addition to the right to data portability (art. 15, art. 16, art. 17, art. 18, art. 20 REG. UE 679/2016); with the exercise of the right of access, the interested party has the right to obtain from the controller confirmation that a personal data processing is taking place, while the exercise of the right to portability allows the interested party to obtain from the data controler personal data in a structured format, in common and readable use, or the transfer of said data from the original data controller to another (cfr. WP 242 from 13.12.2016);
• b) the interested party has the right, in case the processng is based on article 6, paragraph 1, letter a) or on article 9, paragraph 2, letter a), to withdraw the consent at any time without harm to the lawfulness of the processing based on the consent given before the revocation;
• c) the interested party has the right to lodge a complaint with a controlling authority;
• d) the interested party has the right to be informed, by the controller, that has to provide for this without justified delay, of a violation of personal data which could present a high risk for the rights and freedoms of the individuals (art. 34 REG. UE 679/2016).

The full text of the articles of the REG. UE 679/2016 concerning your rights (articles from 15 to 23 included) can be consulted at any
time at the following link on the website of the Authority for the Protection of Personal Data: http://194.242.234.211/documents/10160/0/Regolamento+UE+2016+679.+Con+riferimenti+ai+considerando or, alternatively, they will be provided by the Controller at your request, by sending a communication to the addresses previously indicated.

CHANGES TO THE DOCUMENT “PRIVACY & COOKIES POLICY”

The data controller reserves the right to make changes to this Privacy & Cookies Policy, at any time, by giving notice to Users on this page. Therefore, we ask Users to frequently consult this page, taking as reference the date of the last modification indicated at the bottom.
In the face of any updates or changes to this document, Users will be placed in a position to understand and evaluate the changes made, by comparing the different versions of the information that may have occurred over time, as the previous versions of the document will still be available for consultation on the website.
In case of non-acceptance of the changes made to this privacy statement, the User is required to cease using this website and to request the data controller to delete their personal data by sending a specific communication to the data controller, to the previously indicated addresses unless otherwise specified, this Privacy & Cookies Policy will continue to apply to personal data collected until then.
In case of questions, comments and requests relating to this privacy statement, please contact us at the following addresses:
MAIL info@thehostel.it

In any case, we invite Users to report any difficulties encountered in viewing this Privacy & Cookies Policy, in order to be able, if necessary, to provide alternative methods of information.

Last change made on: 03 december 2018