IN ACCORDANCE WITH THE NEW D.lgs on PRIVACY no. 101 of 10/08/2018 amending the Code on the subject of Data Protection of Natural Persons (D.lgs no. 196/03)


(Code for the protection of personal data)

In accordance with the new D.lgs on Privacy no. 101 of 10/08/2018 amending the Code on the subject of Data Protection of Natural Persons (D.lgs no.196/03) and with reference to art. no. 13 of European Delegation 2016/2017 (Law no. 163 of 25 October 2017), in the application of EU Regulation (WP 29) no. 2016/679 (GDPR Data Protection), of the Directive no. 2016/680 (EU Data Protection Package), taking into account the repeal of Directive no. 95/46/EC on (Protection of Physical Persons Processing Personal Data), INFORM that the C.O.T.A. hotels Organizzazione Tecnico – Alberghiera S.r.L., processes the personal data of customers, suppliers, collaborators and persons who have voluntarily communicated their personal data directly or by e -mail to the offices of the operating headquarters located in Corso Paolo Bernacchi, 22 – 21049 Tradate (VA). Organizzazione Tecnico – Alberghiera S. r. L. guarantees the confidentiality and protection of the personal data processed ensuring the necessary protection against the risk of violation and does not require interested parties to provide “particular” data as indicated in article no. 9 of the GDPR, but in case such treatment becomes necessary, will ask interested parties for their consent. Organizzazione Tecnico- Alberghiera S. r.l. verified the cases in which it is provided for by art. no. 37 par. 1 of EU Regulation (WP 29) no. 2016/679 GDPR (Data Protection) the obligation to appoint the DPO (Data Protection Officer), and assessed that it does not fall within the cases provided for in the aforementioned article no. 37 par. 1, considered to not to appoint an internal DPO or use an external company for this purpose and for this reason acts as the owner of the processing of personal data in the person of its legal representative reachable at the address of Via Cavour, 21 – 21049 Tradate (VA).

1) Purpose of processing personal data article, ref. to the new D.lgs on Privacy no. 101 of 10/08/2018 (D.lgs nr. 196/03) and article no. 13, 1° subsection of the GDPR
All data communicated by the interested parties are processed exclusively for purposes connected with the economic activity of the company in particular:
• for inclusion in the database of corporate information databases;
• for the elaboration of internal statistics;
• for the issue of estimates and offers to active and / or potential customers;
• for the issuance of requests for offers to active and / or potential suppliers;
• for research, selection and / or evaluations of personnel;
• to draw up technical reports in relation to services rendered to active and / or potential customers;
• for research, accounting analysis, statistics and economic investment forecasts to active and / or potential customers;
• for the management of receipts and payments;
• for the exchange of communications concerning the economic, administrative and commercial activity of the company by telephone, mail, fax, e – mail;
• to meet the obligations established by law, regulations, community legislation, civil laws and tax rules.

2) The legitimate interests of the owner of a third party, ref. to the new D.lgs on Privacy no. 101 of 10/08/2018 (D.lgs nr. 196/03) and article no. 13, 1° subsection of the GDPR
• If the processing is based on a legitimate interest, the data will be processed on the basis of the protection of legitimate interests;

3) Communication and dissemination to data recipients 
The personal data of the interested parties, if necessary, can also be communicated:
• to all the subjects to whom the right of access to the data is recognized by virtue of regulatory provisions;
• to our collaborators and / or employees and suppliers, as part of their duties and / or the execution and completion of any contractual and commercial obligations in place with the interested parties;
• to factoring companies, credit recovery companies, credit insurance companies;
• to post offices, shippers and couriers for sending documentation;
• to all natural  and / or  legal  persons  (Legal, Administrative  and  Fiscal  Consultancy Studies, Labor Advice Studies, Judicial Offices, Chambers of Commerce, Chambers and Labor Offices, etc.)  when communication is necessary or functional to the carrying out our activity and in the ways and for the purposes illustrated above;
• to banking institutions  for  the  management  of  collections  and  payments  deriving  from  the  execution of contracts.

4) Transfer of data to third countries
• Data management will take place in Europe excluding non-EU countries with servers located in Italy; except as provided for the use of cookies as indicated in the cookies policy.

5) Data retention period
• The data are stored at the headquarters of the Organizzazione Tecnico Alberghiera S. r. L. Corso Paolo Bernacchi, 22 – 21049 Tradate (VA) for the time needed to carry out the contract and for the time prescribed of the civil law, fiscal and / or rights deriving from the contract and in any case not later than 10 years

6) Technology
• The Data Controller will promptly inform the data subjects if there is a particular risk of violation as foreseen by article no. 33 of the GDPR:

7) The protection of minors
• The services offered are intended exclusively to persons legally authorized to conclude contracts, however, are implemented preventive measures such as control of the tax code, chamber of commerce inspections and identification documents:

8) Right to access personal data
The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even  if  not  yet  registered  and   their  communication  in  an  intelligible  form,    in  addition  to  the  right  to obtain   the  indication:
• the origin of personal data and the purposes and methods of processing;
• of the logic applied in case of treatment carried out with the aid of electronic instruments;
• of the extremes identification details of the data controller and data processors.

9) Right to be forgotten Article no. 17 GDPR, of limitation of the treatment and of opposition to the same and right to the revocation of consent, right to portability; the interested party has the right to obtain
• before giving your consent information on the methods of data processing;
• the elimination of the data processed with reference to article no. 17 when there is no longer a purpose;
• the right to limitation of processing;
• the right to withdraw consent at any time;
• the withdrawal of consent as easily as it is granted, even if such withdrawal does not affect the lawfulness of the processing based on consent prior to the withdrawal;
• the limitation of the processing and portability of data.

10) Right to complain to the supervisory authority
The data subject may lodge a complaint with the supervisory authority:
• when there is a violation of the privacy legislation and have the right to a detailed complaint to the Guarantor (to represent an infringement of the privacy legislation);
• for reporting to the same (when it is not possible to submit a detailed complaint and in order to request a check by the Guarantor on compliance with the regulations);
• when it can be used to present to the Guarantor or to the competent judicial authority in order to obtain what is recognized by Article. no. 7;
• when there are invariably tools available to the interested parties, that is, to the persons to whom the data subject of the treatments are referred.

11) Nature of data collection, mandatory and non-obligatory to communicate data and consequences of a possible failure to provide and / or refusal
• The provision of personal data by parties who intend to open a business relationship also purely informative to obtain  the  services  from Organizzazione Tecnico – Alberghiera S. r. L.  is  to  be  considered optional, but their eventual failure to provide / deny could result in the non-prosecution and / or interruption of the relationship, its proper performance and any legal obligations, including tax rules.

12) The interested party has the right to object in whole or in part:
• for legitimate reasons  the  processing  of  personal  data  concerning  him,  even  if  pertinent  to  purpose  of collection;
• to the commercial processing of personal data concerning him for the purpose of sending material advertising or direct sales or for carrying out market research or commercial communication.
The above rights may be exercised by request, addressed to the legal representative of the Data Controller of Organizzazione Tecnico – Alberghiera S.r.L., which may also be transmitted by registered letter, fax, or e-mail to

13) The method of treatment, the existence of an automated process and the indication of the logic used, the importance and consequences of the treatment:
• The owner of the processing of personal data has adequate security measures in order to preserve confidentiality in the processing that takes place using both paper and computerized media, by computer and telematic means and through instruments that also require third parties and suppliers to comply with all precautionary measures. on the risk assessment (Privacy By Design).

14) Owner of the processing of personal data
• Owner of the processing of personal data is C.O.T.A. hotels Organizzazione Tecnico – Alberghiera S. r. L. Via Circonvallazione, 46 – DAIRAGO ( MI) Italy; Operational Headquarters Corso Paolo Bernacchi, 22 – 21049 – TRADATE – (VA) Italy.

15) Modification of the Policy
• Organizzazione Tecnico – Alberghiera S. r. L. reserves the right to modify this policy whenever necessary. Visitors are invited to periodically check the changes.

16) Copyright
• The copyright of all materials on all pages of this website belongs to the author and owner of the site ( S.r.l.).
No part of this site may be published, distributed, extracted, used or re-produced in any form.

Updated: 24th October 2019