Privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

1. DATA CONTROLLER

Pursuant to and for the purposes of Article 13 of the General Data Protection Regulation 2016/679, KaizenHotels SRL, in the person of its pro tempore legal representative, VAT number 12034310966, with registered office in Milan Viale Luigi Majno, 28, 20129 Milan  (Italy), exclusive owner of The Front Best (http://www.thefrontbest.com) software, in its capacity as Data Controller, provides you with some information regarding the processing of your personal data.

You can contact the Data Controller at any time to receive information regarding the processing of personal data at the email address: members@kaizenhotels.com

The processing carried out by the Data Controller will be based on the principles of lawfulness, fairness,          transparency, purpose and storage limitation, data minimization, accuracy, integrity and confidentiality.

This information is provided only for this Site and not for other websites that may be consulted through links. Please refer to any specific sections of these sites where you can find specific information and any requests for consent for individual treatments.

2. TYPE OF DATA PROCESSED

The personal data that the Data Controller processes are.

- those provided voluntarily: 

1      Identification and contact data: name, surname, email address, postal address, telephone number, profile picture, etc. etc.

2      those that are provided directly during registration through access to the TheFrontBest platform, http://www.thefrontbest.com;

3      product data: data relating to the licensed products and/or services requested, including the information contained in the documents managed through TheFrontBest; 

4      Billing and payment data: VAT number, tax code, address, company name, email, no. Telephone;

5      those provided through third-party social media channels;

6      those provided when subscribing to the newsletter or when requesting a free trial of the software;

- Browsing and usage data collected automatically: 

1.     IP addresses, the type of browser used, the operating system, the domain name, the internal path analysis and other parameters relating to the operating system and the IT environment used, log data, data relating to licenses, installations and configurations, data relating to registrations made, performance indicators, data relating to navigation flows and page views, etc.);

- historical data regarding your contacts with the Data Controller;

3. PROCESSING PURPOSES

The personal data provided may be processed for the following purposes:

A) use of the services offered through access to the TheFrontBest http://www.thefrontbest.com platform;

B) statistical purposes on anonymized data;

C) sending newsletters with express consent;

D) direct marketing purposes: sending commercial or promotional communications relating to products or services provided by the Data Controller by means of automated (telephone without operator, sms, mms, email, fax) or traditional (telephone with operator, mail) contact methods;

E) indirect marketing purposes: sending commercial or promotional communications about products and services offered by subsidiaries, parent companies or associated companies, including those of the group;

F) to fulfil the obligations provided for by the applicable national and supranational regulations or legislation;

G) ascertain and exercise or defend the rights of the Data Controller in court;

4. LEGAL BASIS OF THE PROCESSING

The legal basis for the processing of personal data is the performance of a contract for the purposes referred to in letter A); for the purposes referred to in letters C), D) E) the optional and revocable consent at any time given by the users and which must necessarily comply with the conditions referred to in art. 7 of the Regulation. Consent is not required for the processing of data anonymously for the purposes referred to in letter B). With regard to point F), the legal basis is the need to comply with legal obligations and in letter G) the legitimate interest.

5. MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA AND CONSENT

The provision of personal data is optional.

The provision of identification and contact data (name, telephone number, email address, etc.) is, however, necessary in order to allow the Data Controller to provide the services through access to the TheFrontBest platform http://www.thefrontbest.com

Only with express consent will the Data Controller use such data to propose commercial offers, promotional offers, carry out direct and indirect marketing activities. In such cases, these activities may be carried out using automated contact methods (telephone without operator, sms, mms, email, fax) or traditional (telephone with operator, mail).

The Data Controller also carries out statistical surveys and analyses with data in aggregate form to understand how users use the site, to improve the offer and the services offered.

Always with your consent, the aforementioned data will allow the Data Controller to send newsletters.

In any case, you may object to the processing at any time or limit it to specific contact methods by communicating it to the Data Controller at the email address: members@kaizenhotels.com

6. DISSEMINATION OF DATA 

Your Personal Data may be shared, for the purposes set out above, with:- persons authorised by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g. employees and system administrators);

- third parties who may be in charge of the management of the Sites who typically act as Data Processors. A complete list of the Data Processors can be requested by contacting the email address: members@kaizenhotels.com

- subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities.

- The personal data processed are also processed through the creation of a centralized database with IT and telematic tools. The database containing users' personal data is accessible only by authorized and specifically appointed subjects - such as employees or other collaborators - who may become aware of the data in the processing necessary or related to the sending of advertising material or the provision of a service; Third-party service providers strictly functional to the execution of the contractual relationship may also become aware of it. Each person in charge is given specific directives for the processing of data, instructions that suppliers are required to comply with in order not to incur disciplinary sanctions and/or legal action.

7. SOCIAL MEDIA 

The Data Controller uses social media for the purpose of communicating content relating to its own activities, products and services and/or those of third-party companies and/or subsidiaries, parent companies or companies connected to the Data Controller.

This site may contain links or references for access to other sites, such as the social networks Facebook, Instagram, Linkedin 

The Data Controller does not control the cookies or other tracking technologies of these websites to which this policy does not apply. 

8. TRANSFER OF PERSONAL DATA

Some of your Personal Data is shared with recipients who may be located outside the European Economic Area. The Data Controller ensures that the processing of your personal data by these Recipients is carried out in compliance with the Regulation. Indeed, transfers may be based on an adequacy decision, the Standard Contractual Clauses approved by the European Commission or another appropriate legal basis. More information is available from the Data Controller at the following address: members@kaizenhotels.com

9. DATA RETENTION PERIOD

The Data Controller keeps your personal data for the entire duration of the contract and, after termination, for the time strictly necessary and depending on the purposes for which they were collected. At the end, the personal data will be destroyed, erased or anonymized in accordance with the technical procedures of deletion and backup. 

The personal data processed for the purpose of "Provision of the Service/Contractual Fulfilment" will be kept for the time strictly necessary for the pursuit of the aforementioned purpose. In any case, since such personal data are processed to provide the products/services, the Data Controller may retain them for a longer period, in particular as may be necessary in order to protect the interests of the Data Controller from possible liabilities related to the supply.

With regard to the processing carried out for the achievement of purposes D)-E) of this Policy, the Data Controller may lawfully process your Personal Data until you notify us, in one of the ways provided for in this Policy, of your desire to revoke your consent to one or all of the purposes for which it has been requested by writing to:  members@kaizenhotels.com . Any revocation of consent will effectively require the Data Controller and the joint data controllers to cease the processing of your Personal Data for these purposes. Once consent has been withdrawn, the use of the data for these purposes will cease, but the Data Controller may retain it in order to protect its interests from possible liabilities based on such processing.

To stop receiving the newsletter, you can click on the "Unsubscribe" button at the bottom of the email. In case of technical problems, you can send an e-mail report to: members@kaizenhotels.com . The personal data used to send the newsletters will be kept until you ask us to stop sending them.

Personal data processed for the purpose of complying with legal obligations will be kept by the Data Controller for the period provided for by specific legal obligations or applicable legislation.

The personal data processed in order to prevent abuse and/or fraud will be kept by the Data Controller for the time strictly necessary for the aforementioned purpose.

10. RIGHTS OF THE DATA SUBJECT TO PROCESSING – COMPLAINT TO THE SUPERVISORY AUTHORITY

As provided for in Article 15 of the Regulation, the data subject may access his/her personal data, request its correction and updating, if incomplete or erroneous, request its deletion if the collection took place in violation of a law or regulation, as well as object to the Processing for legitimate and specific reasons.

In particular, below are all the rights that can be exercised, at any time, against the data controller and/or the joint data controllers:

- Right of access: the right, pursuant to Article 15, paragraph 1 of the Regulation, to obtain from the data controller confirmation as to whether or not personal data is being processed and, if so, to obtain access to such personal data and to the following information: a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be retained or, if this is not possible, the criteria used to determine that period; e) the existence of the right of the data subject to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her, or to object to their processing; f) the right to lodge a complaint with a supervisory authority; g) if the personal data are not collected from the data subject, all available information on their origin; h) the existence of an automated decision-making process, including profiling referred to in Article 22(1) and (4) of the Regulation and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of such processing for the data subject. All this information can be found in the information that will always be available in the Privacy section of each of the websites.

- Right to rectification: the right to obtain, pursuant to Article 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing, moreover, it is possible to obtain the integration of personal data that are incomplete, also by providing a supplementary statement.

- Right to erasure: the right to obtain, pursuant to Article 17, paragraph 1 of the Regulation, the erasure of personal data without undue delay and the data controller will have the obligation to erase your personal data, if there is even only one of the following reasons: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you have withdrawn the consent on which the processing of your personal data is based and there is no other legal basis for the processing of your personal data; c) the data subject has objected to the processing pursuant to Article 21, paragraph 1 or 2 of the Regulation and there is no longer any overriding legitimate reason to proceed with the processing of the personal data; d) the personal data have been unlawfully processed; e) it is necessary to erase the personal data in order to comply with a legal obligation provided for by a Community or national law. In some cases, as provided for in Article 17, paragraph 3 of the Regulation, the data controller is entitled not to erase your personal data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest,  for archiving purposes in the public interest, for scientific or historical research or statistical purposes, for the establishment, exercise or defence of legal claims.

- Right to restriction of processing: the right to obtain the restriction of processing, pursuant to Article 18 of the Regulation, in the event that one of the following hypotheses occurs, the data subject: a) has contested the accuracy of his or her personal data (the restriction will continue for the period necessary for the data controller to verify the accuracy of such personal data); b) the processing is unlawful but you have opposed the erasure of your personal data, requesting, instead, that their use be restricted; c) although the controller no longer needs the personal data for the purposes of the processing, the personal data are used for the establishment, exercise or defence of legal claims; d) has objected to the processing pursuant to Article 21, paragraph 1, of the Regulation and is awaiting verification as to whether the legitimate reasons of the data controller prevail over his/her own. In the event of restriction of processing, personal data will only be processed, with the exception of storage, with consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest.

- Right to data portability: the right to request and receive, at any time, pursuant to Article 20, paragraph 1 of the Regulation, all personal data processed by the data controller and/or joint data controllers in a structured, commonly used and readable format or to request their transmission to another data controller without hindrance. In this case, it will be the responsibility of the interested party to provide us with all the exact details of the new data controller to whom they intend to transfer their personal data by providing us with written authorization.

- Right to object: pursuant to Article 21, paragraph 2 of the Regulation and as also reiterated by Recital 70, it is possible to object, at any time, to the Processing of your personal data if it is processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

- Right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal to any other administrative or judicial body, if you believe that the processing of personal data carried out by the data controller and/or the joint data controllers is in violation of the Regulation and/or the applicable legislation, you may lodge a complaint with the competent Data Protection Authority (for Italy,  Data Protection Authority, http://www.garanteprivacy.it).

These rights may be exercised at any time by writing to the Data Controller KaizenHotels SRL with registered office in Milan Viale Luigi Majno, 28, 20129 Milan (Italy) or by e-mail writing to: members@kaizenhotels.com

11. DATA SECURITY

Personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data if the operations can be carried out through the use of anonymous data or by other means. 

The Data Controller has adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorised access.

12. CHANGES TO THIS PRIVACY POLICY

The Data Controller periodically verifies its privacy and security policy and, if necessary, revises it in relation to changes in legislation, organization or dictated by technological developments. In case of changes to the policies, the new version will be published on this page of the site. 

The Data Controller uses technical and profiling cookies in order to collect and access the information stored on your device. For more information. You can change your choices at any time. We invite you to consult  the extended information on  the use of cookies available on our website.

This privacy policy was last revised on 9/03/2022