Privacy Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA
of the users visiting the websites of Hotel Splendide Royal Lugano
According to Federal Act on Data Protection FADP 235.1 of 25 September 2020 (Status 1 September 2023) and GDPR 679/2016
This page contains a description of the policies for managing the website in regard to processing the personal data of the users who visit the site and their privacy. This information is provided to individuals who interact with the web services of Hotel Splendide Royal Lugano, which is accessible by telematics means through the following web address:
https://www.splendide.ch and https://www.robertonaldicollection.com/splendide-lugano
which corresponds to the home page of the official website of Hotel Splendide Royal Lugano.
This informative note is provided only for the aforementioned website and not for other websites eventually accessed by the user through links.
THE “CONTROLLER”
Following access to this website, data pertaining to persons that are identified or identifiable may be processed. The “Data Controller” of the personal data collected following a visit to our website or any other data used for providing our services is Hotel Splendide Royal SA, Riva Antonio Caccia 7 - 6900 Lugano - Switzerland.
PLACE WHERE DATA IS PROCESSED
Data processing pertaining to the web services of this website (physically hosted by Register.it SpA ("www.register.it") at the Data Center of Reading (UK)) is carried out at the aforementioned headquarters and said data is processed only by the technical personnel in charge of processing of the data processing office, or by eventual persons in charge of processing who are entrusted to process occasional maintenance operations.
Transmission of personal data to third parties
The personal data obtained from the users who submit hotel reservation requests or through informative material (informative notes, newsletters, registration, etc) is used only to carry out the services or assistance requested and is not transmitted to third parties, except in the following possible cases:
• Business partners of Hotel Splendide Royal SA, or representative chains such as Leading Hotels of the World / Blastness (https://www. blastness.com) to whom Hotel Splendide Royal SA transmits the data exclusively in order to avoid on-line reservations;
• Persons, companies or professional offices who lend assistance and consulting services to Hotel Splendide Royal SA, concerning accounting, administrative, legal, financial and tax matters;
• Subjects who are authorized to have access to the data by law or through requests by the authorities;
Personal Data can be shared within the hotels of “Roberto Naldi Collection” or controlling companies located in the world, including companies located in a country that is outside Switzerland and not a member of the European, in accordance with Section 3 LPD and Chapter V of the GDPR 679/2016, with a view to supplying specific services requested.
The transmission of personal data may only take place with explicit consent of data subjects, if there is a legal obligation to do so, or if this is necessary for the exercise of data controller rights, for the exercise of rights deriving from the contractual relationship. The transmission of your data to third parties will only take place if this is necessary to the use of this website and for the execution of the contract (also outside the website), in particular for the processing of reservations.
Furthermore, the transmission of data is aimed at making the functionality of our website available and maintaining it. The legal basis is our legitimate interest pursuant to Article 6, § 1, letter. f) of the GDPR.
Finally, when you make a payment by credit card on our web platform, your credit card data is transmitted to the card issuing company and to the intermediary who manages the credit card acceptance terminals. If you decide to pay by credit card, you will be asked to enter all the necessary information.
The credit card data used for booking will be automatically unavailable at the end of the stay.
CATEGORIES OF PROCESSED DATA
Navigational data
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties.
This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.
These data are only used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the website; except for this circumstance, any data on web contacts is currently retained for no longer than seven days.
Data voluntarily provided by the user
Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender's address, which is necessary in order to reply to any request, as well as of such additional personal data as is contained in the message(s).
Data will be retained only for registration request to send the newsletters or special offers and will not be disclosed to anyone.
The personal information regarding the individual who visited the website is not collected or used. The visitors remain anonymous. The only exception to this rule concerns the information for personal identification needed to fulfill the contractual obligations of reservations on behalf of the user.
Reservations Data
In the event of reservations made through the website, the user must provide his name, address, telephone number and information regarding the payment manners and credit card used. Hotel Splendide Royal SA will use said information only to process the reservations and to send specific information, which is relevant to the confirmation of said, such as a receipt, the reservation code and the conditions.
The information provided will not be used for marketing purposes and will not be sold, transmitted, given by contract or sent to third parties an any way, with the exception of our provider of on-line reservation services, Leading Hotels and Blastness only for online reservations purposes.
In any event, the administrator of the website guarantees the use of scrupulous procedures in order to protect the navigational data and the use of particular precautions to protect the data pertaining to the credit card, which is provided during on-line reservations.
In case of booking via e-mail or by telephone, the user is required to provide his/her name, surname, billing address, postal address, date of birth, telephone number, language spoken, and information on the methods of payment and of credit card.
Unless otherwise specified in this Privacy Policy, or if you have separately expressed your consent, this data and other data voluntarily provided by you (estimated time of arrival, vehicle license plate, preferences, comments, etc.) will be used only for the execution of the contract. In particular, the data will be processed to register the booking based on the request, to make the booked services available, to contact the user in case of doubts or problems and to guarantee correct payment.
The legal basis for data processing for this purpose is the performance of a contract pursuant to Article 6, § 1, letter. B) of the GDPR.
Reservations via third-party platforms
If you make your booking using a third-party platform, we will receive the above personal information from the platform operator. Furthermore, requests relating to the reservation may be forwarded to us. This data is processed in particular to register the booking as requested and to make the booked services available. The legal basis for data processing for this purpose is the performance of a contract pursuant to Article 6, § 1, letter. b) of the GDPR.
Finally, we may be informed by the platform managers of any disputes related to a booking. In this context, data relating to the booking procedure may also be sent to us, including a copy of the booking confirmation as proof of the actual completion of the booking. The pourpose of the processing of this data is to protect and to assert our rights; This is our legitimate interest pursuant to Article 6, § 1, letter. f) of the GDPR.
Please also refer to the data protection information of the respective provider.
Data Processing in compliance with the communication obligations established by law
Upon arrival at the hotel, the staff on duty may need to receive personal information from the guest and companions such as name and surname, postal address and Swiss Canton, date of birth, place of birth, nationality, official identity document and related number, arrival and departure date, room number.
This information is collected for the fulfillment of statutory reporting obligations, in particular those from the hotel industry laws or Police Law. If required by current legislation, this information will be transmitted to the competent police authority.
The legal basis of data processing for this purpose is the need to fulfill a legal obligation to which the data controller is subject pursuant to Article 6, § 1, letter. c) of the GDPR.
Registration of purchased services
If during your stay you use additional services (for example the minibar or the Pay TV service), we will note the subject of the service and the time at which it was purchased for billing purposes. The legal basis for data processing for this purpose is the fulfillment of a contract in accordance with Article 6, § 1, letter. b) of the GDPR.
The legal basis of data processing for this purpose is preliminary consent pursuant to art. 6, § 6 of the LPD and art. 6, § 1, letter. a) of the GDPR.
Newsletter Registration
Site visitors can register for our newsletter service. By registering, the user's e-mail address will automatically be included in a list of contacts to which e-mail messages will be sent. The newsletter will be containing periodic updates with commercial and promotional information relating to initiatives, events or promotions of the data controller.
To subscribe to the newsletter, you can use the registration forms on the site by entering your name and e-mail address. The information supplied with the registration form will be only used to sending our newsletter via e-mail and will not be disclosed to third parties.
The legal basis of data processing for this purpose is preliminary consent pursuant to art. 6, § 6 of the LPD and art. 6, § 1, letter. a) of the GDPR.
Personal Data Processing Collected From Curriculum Vitae
Hotel Splendide Royal SA accept Personal Curriculum Vitae of possible candidates both on paper and in an electronic format. Providing spontaneous and voluntary of the Curriculum Vitae data will be considered as implicitly informed consent by the data subjects for personal data processing contained, only following the purposes related to the selection of potential candidates.
The data processed for the purpose of selection of candidates are personal useful to search for the particular profile. In general, the nature of the data is normal, except in some cases where you may indicate any sensitive data necessary to identify the specific requirements of the regulations, such as specifying a particular protected class, the suitability for certain jobs and / or start-ups required, within the limits set by the law;
The provision of data relating to the selection of candidates is required. Any refusal to provide such data makes it impossible to perform an orderly selection and the possible recruitment. The data in question will not be disclosed to anyone.
The legal basis of data processing for this purpose is preliminary consent pursuant to art. 6, § 6 of the LPD and art. 6, § 1, letter. a) of the GDPR.
General Rules for providing the CV
Any CV received spontaneously, replying to a job advertisement, will be stored directly by authorized person in charge of the processing in accordance with the safety guidelines of personal data adopted in compliance with the security measures ex Chapter IV, 2) of the GDPR. These will be printed only on the occasion of a meeting and a conversation with the data subject. After the interview, if the candidate is not selected, the CV will be retained for a maximum of 2 years and after will be deleted and / or destroyed.
To send Curriculum Vitae use only the following addresses: Hotel Splendide Royal SA, Human Resources Dpt, Riva Antonio Caccia 7 - 6900 Lugano – Switzerland.
PERIOD FOR DATA RETENTION - CRITERIA USED
According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation (EU) 2016/679, collected personal data shall be retained in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed.
Data retention periods depend on the purposes of the processing:
• purposes related to technical navigation data for the correct functioning of the website: retention only for the related session, after which the data are deleted;
• purpose of reply to info request/services supply request (up to 12 months for contact requests ; 10 years for administrative / accounting / financial documentation relating to the provision of a service);
• data collection for staff recruitment (up to 24 months);
• newsletter, marketing or promotional communications in general (until withdrawal of consent);
• purpose of di administrative / accounting / financial management: 10 years as as required by law for the conservation of administrative / accounting / financial documentation.
COOKIES AND TRACKING TECHNOLOGIES USED
In this website we are applied cookies technologies for different purposes, including computer technology authentication or to monitor sessions, and to store specific technical information regarding the users that access to the web server provider, in compliance with art 45c Telecommunications Law (LTC) of 30/04/97 and Guidelines of the European Data Protection Board (EDPB) of May 2020. More information on managing cookies and how to possibly refuse them available in the Cookie Policy of this site web.
OPTIONAL DATA PROVISION
Subject to the specifications made with regard to navigation data, users are free to provide the personal data listed in the request forms of Hotel Splendide Royal Lugano or referred to in contacting Hotel Splendide Royal SA in order to provide CV, to make on-line reservations or to request delivery of information materials and other communications. Failure to provide such data may entail the failure to be provided with the items requested.
PROCESSING ARRANGEMENTS
Personal data is processed with automated means for no longer than is necessary to achieve the purposes for which it has been collected. Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation.
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
Personal data is not transferred outside Switzerland or to non-EU third countries, except for any cases described above where the controller provide appropriate safeguards, in compliance with the provisions of Section 3 LPD and Chapter V GDPR, in particular:
• appropriate level of protection guaranteed through legislation in the foreign state (Italy – UK), pursuant to Art 16 § 1 LPD;
• disclosure is directly connected with the conclusion or performance of a contract between the controller and the data subject, pursuant to Art. 17 §1, lett. b, 1) LPD (The LHW Ltd – USA);
• by standard data protection clauses adopted by the EU Commission (Article 46, 2c GDPR) according to commission implementing decision (EU) 2021/914, pursuant to GDPR for Transfer controller to processor for the transfer of personal data to third countries;
• on the basis of an adequacy decision of the EU Commission vs third country or an international organization (Article 45 GDPR), particularly the decision on the adequacy of the protection provided by the EU-U.S. Privacy Shield of 10 July 2023.
DATA SUBJECTS' RIGHTS
Data subjects are entitled to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy, or else request that such data be supplemented, updated or rectified (Art. 25 and ss FADP 235.1 and Chapter III GDPR 679/2016), among which the right to request access to, the correction, deletion or destruction, prohibition of processing or disclosure to third parties, the right to obtain a copy of the personal data in a conventional electronic format as well as the right to data portability, by submitting a specific request, also via the e-mail address: privacy@splendide.ch.
RIGHT TO LODGE A COMPLAINT
If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the law, he or she has the right to lodge a complaint to the Federal Data Protection and Information Commissioner pursuant to Artt. 49 and ss Section 2 of FADP.