(EN) Villa Irlanda Roma Data protection policy

Introduction

Villa Irlanda Roma offers Bed & Breakfast accommodation for paying guests. It is associated with, but legally separate from, the Pontifical Irish College. It is the data controller in respect of the personal data that it processes in respect of its guests and its employees.  As set out below, it fully complies with its obligations under the General Data Protection Regulation (GDPR).  The contact information of Villa Irlanda is:

Villa Irlanda Roma
Via Dei Santi Quattro, 7
00184 Rome
Tel: (+39) 06 77263 501

Personal Data Processed

The Villa processes the standard personal data required for the operation of a guest accommodation service.  The personal data gathered includes: name; home address; contact details; payment details. It does not include any sensitive data[1] It uses an external booking engine, GPdati,[2] to process bookings, including payments. GPdati acts as a data processor for the Villa and the appropriate safeguards are built into the contract with them. In addition, the Villa captures passport details for the purpose of transmission to the Italian police.  The Villa operates a CCTV system for security purposes.

The Villa processes standard data required for employment purposes.

The Villa has an e-mail system based on the Outlook platform.

Purpose and Legal Basis

The main purpose of the data processed is to manage reservations, including payments, efficiently.   The consent of the guests for the processing of their personal data is conveyed by means of a tick-box on the reservations page.  Where reservations are made in person, the consent of the guest is captured on the paper booking form. The data are also processed for accounting purposes to comply with the Villa’s legal obligations in relation to   payment of city tax to the City Council of Rome and the requirements of the national tax authorities.  The data (including passport details) are also processed to comply with reporting obligations to the police.  The CCTV system is operated in the interests of the security of the Villa and of its guests.

Recipients

Personal data of all guests are disclosed to the Italian police, in accordance with the Villa’s legal obligations under Italian law.  The data are uploaded to the secure police website provided for this purpose. Accounting data, which may include personal data, are transmitted to external accountants for processing.

Retention

Personal data related to the Villa’s tax obligations are retained for at least 10 years, to satisfy the requirements of the tax authorities. They are/will be securely destroyed after this period.  CCTV images are retained for 1 month, after which they are over-written.

Information to Guests (data subjects)

Guests are provided with comprehensive information on the processing of their personal data at the time the data are provided.   For on-line bookings, this is provided through a link from the reservations page. Similar arrangements are in place for bookings in person. Guests and other visitors are informed of the operation of CCTV cameras by means of prominently-displayed notices.

Security

Access to guest data is confined to the manager and reservations staff. Bookings data are stored securely by the booking engine, GPdati. Manual data are stored securely in the Villa.

[1] (special categories under the GDPR)
[2] GP Dati SpA | Zucchetti group
Via Paganello 22/a, 30172 Mestre
VENEZIA – Italy