Privacy policy
Introduction
This Privacy Policy applies to the company PANISTERS.R.L (Casa Monti), and all restaurants and spas to which it provides operational or management services (known under the following names: "PANISTERS.R.L (Casa Monti)"). PANISTER S.R.L (Casa Monti) takes your privacy very seriously and processes your personal data with the greatest of care and incompliance with the applicable data protection legislation. This Privacy Policy will inform you about the way in which we process your personal data and your rights in connection with the personal data you provide to us, and/or that you have provided to us as user of this website, subscriber to an email, customer of the hotel, participant in an event, visitor to one of our restaurants or spas, or customer or partner of PANISTER S.R.L (Casa Monti). Our Websites are not designed for children under the age of 16 and we do not knowingly collect data relative to children. If you are under the age of 16, you must ask your parent or guardian to help you use the Websites. If you enter the personal data of a third party (for example the contact details of any other person of your group), you must have obtained the prior express and unequivocal permission of the persons concerned before sharing these data with us. It is important that you read this Privacy Policy and any other privacy or data protection notice that we may provide on specific occasions when we collect or process your personal data, in order that you are fully aware of the way in which we use your data and the reasons why we use them.
Who are we?
This Website is operated by PANISTER S.R.L. a limited liability company with a sole quota-holder, Registered office in Rome, VIA PASQUALE STANISLAO MANCINI 12 - TaxCode, VAT and number of registration with the Companies’ Register of Rome14861521004.
For information, PANISTER S.R.L (Casa Monti) isa subsidiary of the AU COEUR DE MEGEVE group, société anonyme [public limited company] with Board of Directors, registered under SIREN 607220605, with its registered office at rue Charles Feige 74120 MEGEVE. Save in the case of express derogation materialised by a written mandate, the PANISTER S.R.L (Casa Monti) subsidiary will alone process your data to manage its contractual relationship with you (billing, payment, management of bookings, etc.), to undertake marketing activities, and to comply with its legal obligations.
In all cases, the general principles of the General Data Protection Regulation (notably compliance with the principles of legitimacy, compatibility of communication with the original processing, information to data subjects, etc.) are complied with.
Who is responsible for processing your personal data?
The Casa Monti (trading name - PANISTER S.R.L), as data controller, determines the purpose and means of processing the personal data which are processed about you. For further information, please send an email to the address [email protected].
What type of information is collected?
Depending on the nature of your interaction withus, we can collect, use, store and transfer the following types of personaldata concerning you:
- Identifying data: forename, surname, date of birth, civil status and title.
- Contact details: billing address, email address, business address, personal address and telephone numbers.
- Financial data: details of your bank account and payment card.
- Financial transaction data: details of the payments you make and receive and other details about the products and services you buy from us.
- Technical data: internet protocol (IP) address, your login data, the type and version of browser, time zone settings, types and versions of your browser’s plugins, the operating system and platform and other technologies on the devices you use to access this Website.
- Data about your profile: your social media channels, your interests, your preferences, your comments and your responses to surveys.
- Usage data, including cookies: information about the way in which you use our website and our services, notably the Wi-Fi.
- Marketing and communication data: your preferences about receiving marketing communications from us and those of our third party partners, and your communication preferences.
We also receive, use and share aggregate data, such as statistical or demographic data. The aggregate data may be derived from your personal data, but are not considered as personal data within the meaning of the law because these data do not directly or indirectly reveal your identity. We hold all rights, titles and interests in the aggregate data.However, if we combine or link aggregate data with your personal data in order to be able to identify you, directly or indirectly, we process the combined data as personal data which will be used in compliance with this Privacy Policy.
With the exception of the specific information you may communicate to us within the framework of the services we provide to you (for example in connection with your physical, health or dietary requirements), we do not collect Special Categories of personal data concerning you (this includes details about your race or ethnic origin, your religious or philosophical beliefs, your sex life, your sexual orientation, your political opinions, your union membership, information about your health, and your genetic and biometric data). We also do not collect information about criminal convictions and offences.
If you do not provide personal data
When we need to collect personal data pursuant to the law or a contract that we have with you and you do not provide these data on request, we may be unable to perform the contract we have or that we are trying to enter into with you (for example to fulfill your booking). In that case, it may be that we have to cancel a service you have with us, but we will notify you if that is the case at the time.
How are your personal data collected?
We use different methods to collect your data, including through:
Direct interactions: you may communicate your identity, your contact details and your financial data by completing online forms or communicating with us by post, by telephone, by email or otherwise. This notably includes the personal data you provide when:
- you make a booking;
- you attend an event on one of our sites;
- you receive a service from us;
- you use our Wi-Fi service in one of our hotels;
- you subscribe to our service or our publications;
- you ask for marketing offers to be sent to you;
- you participate in a competition, a promotion or a survey;
- you provide us with an opinion.
Technologies or automated interactions: as and when you interact with our Website, we may automatically collect technical data about your hardware, your browsing activity and your browsing habits. We collect these personal data using cookies, web server logs, and other similar technologies. We may also receive technical data about you if you visit other websites using our cookies. To find out more, please view our Cookie Policy.
Third parties or sources accessible to the public: we can receive your personal data from various third parties and public sources, such as the technical data of the following parties:
- analysis providers;
- advertising networks;
- information providers.
We also use video surveillance in order to prevent the use of our services and our installations for illegal purposes and to protect our employees and our customers. In that context, the personal data may be processed by the Casa Monti (trading name - PANISTER S.R.L) and its suppliers for those purposes.
Legal bases
The use of personal data pursuant to the applicable data protection laws must be justified by one of the reasons legal laid down by the GDPR. We are required to indicate the reason for each use of your personal data in this policy. These are the main reasons justifying our use of your information:
Consent: when you have consented to us using your personal information (you provide freely given explicit, informed consent relative to such use, and can withdraw your consent by informing us).
Legitimate interest: the interest of our company in the conduct and management of our business in order to enable us to offer you the best service and the best experience under the best conditions. We ensure we take into account and manage any potential impact (positive or negative) on you and your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities to our benefit which could have consequences on you (unless we have your consent or if the law so requires or allows).
Performance of contract: the fact of processing your personal data when necessary to perform a contract with you or the fact of undertaking procedures on your request before entering into such contract.
Compliance with a legal or regulatory obligation: the fact of processing your personal data when this is necessary to comply with a legal or regulatory obligation to which we are subject.
Legal complaints: when your information is necessary so we can defend ourselves, institute proceedings or present a complaint.
Purposes for which we will use your personal data
We collect or process your personal data with respect for the European data protection laws. Below is a description of all the ways in which we plan to use your personal data, and the legal bases on which we rely to do so. We also identify our legitimate interests. When we have your consent to process your personal data, you have the right to withdraw your consent at any time, and when we rely on legitimate interests, you have the right to oppose them.
To process your reservation, including:
- Management of payments, costs and charges
- Recovery and reimbursement of the sums due to us
- Identity
- Contact
- Financial
- Financial transactions
- Performance of a contract with you
- Necessary for our legitimate interests (to recover sums that are due to us)
To manage our relationship with you, which will include:
- Informiyou of changes made to our Terms and Conditions of Use or our Privacy Policy
- Asking you to leave a comment or complete a survey
- Identity
- Contact
- Marketing and communications
- Necessary to comply with a legal obligation
- Necessary for our legitimate interests (keep our records up-to-date and study the way in which customers use our services)
To enable you to participate in a prize draw, a competition, or to respond to a survey.
- Identity
- Contact
- Profile
- Use
- Marketing and communications
Necessary for our legitimate interests (study the way in which customers use our services, to develop them and our activity)
To administer and protect our company and this website (including troubleshooting, data analysis, testing, system maintenance, support, production of reports, and data hosting)
- Identity
- Contact
- Technical
- Necessary for our legitimate interests (for the conduct of our business, execution of administrative and IT services, network security, fraud prevention, and within the framework of a company reorganisation or a group restructuring)
- Necessary to comply with a legal obligation (to prevent fraud)
To provide you with relevant website content and advertisements and measure or understand the effectiveness of the advertising we show you.
- Identity
- Contact
- Profile
- Usage
- Marketing and communications
- Technical
Necessary for our legitimate interests (study the way in which customers use our services, develop them and our activity, and inform our marketing strategy)
To usedata analysis to improve our Website, our services, our marketing, ourrelations with customers and our experiences
- Technical
- Usage
Necessary for our legitimate interests (define the customer types for our services, keep our Website up-to-date and relevant, develop our activity and inform our marketing strategy)
To make suggestions and recommendations to you on goods or services that may interest you
- Identity
- Contact
- Technical
- Use
- Profile
- Marketing and communications
Necessary for our legitimate interests (to develop our services and our activity)
Consent, when we send you third party marketing
Change of purpose
We will only use your personal data for the purposes for which we collected them, unless we reasonably consider that we have to use them for another reason and that reason is compatible with the initial purpose. If you wish to obtain an explanation about the way in which the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for other purposes, we will inform you thereof and we will explain to you the legal basis allowing us to do so.
Please note that we can process your personal data without your knowledge or without your consent, in compliance with the above rules, when the law so requires or allows.
Notably, we can disclose also your personal data if we believe that such disclosure is necessary to comply with any law or regulation in force, legal proceeding or other legal obligation; to detect, investigate and prevent security problems, fraud or technical problems; to protect the rights, the property or the security of the Hotel, our customers, employees and others.
Marketing
We endeavour to provide you with choices concerning some uses of personal data, particularly regarding marketing communications and advertising. We have put in place the following mechanisms for control of personal data:
Promotional offers
You will receive marketing communications from us, including information notices and marketing emails about our services, if(i) you have requested information, (ii) you have used our services, or (iii)you have provided your contact details when you participated in a competition or registered for a promotion, and in that case if you have not opted not to receive this marketing information.
Marketing by third parties
We will obtain your express consent before sharing your personal data for marketing purposes with any company outside of the Casa Monti (trading name - PANISTER S.R.L) group.
Unsubscribe
You can ask us to stop sending you marketing messages at any time by clicking on the unsubscribe links in every marketing message sent to you, or by contacting us at any time at [email protected].
Cookies
You can configure your browser to reject all or some cookies, or for it to warn you when websites are configured for or access cookies. If you block or refuse cookies, please note that some parts of this website may become inaccessible or not function correctly. For further information about the cookies we use, please REFER TO THE DEDICATED PAGE.
How do we protect your data?
We implement technical and organisational measures aiming to guarantee an appropriate level of security of the personal information we process. These measures aim to ensure the integrity, the confidentiality and the availability of the personal information. We have put in place appropriate security measures to avoid your personal data being accidentally lost, used or obtained in an unauthorised manner, modified or disclosed. Furthermore, we restrict access to your personal data to the employees, agents and third parties having a commercial need to access them.They only process your personal data on our instructions and are subject to a confidentiality obligation.
We have put procedures in place to deal with any presumed data breach and we will inform you, as well as any applicable regulatory body, of any data breach when the law so requires.
Disclosure of your personal data
We may be required to share your personal data with the parties mentioned below for the purposes indicated in the above table.
- Internal third parties (as indicated in the glossary). Legal framework: legitimate interest (to operate the company and provide the related services)
- External third parties (as indicated in the glossary). Legal framework: legitimate interest (to operate the company and provide the related services)
- Third parties to which we choose to sell, transfer or merge all or part of our company or our assets. We may also seek to acquire other companies or merger with them. If a change occurs within our company, the new owners may use your personal data in the same way as that described in this Privacy Policy. Legal framework: legitimate interest (to operate the company and provide the related services)
We require all third parties to respect the security of your personal data and to process them in compliance with the law.We do not authorise our third party service providers to use your personal data for their own purposes (save where the law so allows for compliance purposes)and we only allow them to process your personal data for specific purposes andin compliance with our instructions.
Transfer of your personal data outside of Europe
The Casa Monti (trading name - PANISTER S.R.L) operates only at a European level, but it may sometimes be necessary to transfer personal data to another recipient (such as partners or third party service providers) in a country outside of the country where they were originally collected, or outside of your country of residence or your nationality. For many of our commercial activities, we use “cloud” services. Consequently, for technical and organisational reasons, it may be necessary for your personal data to be transferred to servers based outside of the European Economic Area(EEA).
When we transfer your personal data outside of the EEA, we ensure that a similar degree of protection is granted to them, overseeing that at least one of the following guarantees is implemented:
- We only transfer your personal data to countries considered as providing an adequate level of data protection by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- When we use certain service providers, we may use specific contracts approved by the European Commission which guarantee the same protection of your personal data as in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- When we use suppliers based in the United States, we may transfer data to them if they belong to the privacy protection system which requires offering similar protection to the personal data shared between Europe and the United States. For further details, see European Commission: EU-US Data Privacy Framework.
- With your consent, or according to what is permitted by the applicable data protection laws.
Please contact us if you would like further information about the specific mechanism we use when transferring your personal data outside of the EEA.
Storage period of your personal data
We will only keep your personal data for the time necessary to achieve the objectives for which we collected them, including with the aim of fulfilling legal, accounting or reporting requirements.
To determine the appropriate duration for storage of your personal data, we take into consideration the quantity, the nature and the sensitivity of the personal data, the potential risk of harm resulting from unauthorised use or disclosure of your personal data, the purposes for which we are processing your personal data, and whether we can achieve these purposes by other means, as well as the applicable legal requirements.
In some cases, you can ask us to erase your data: see “Request for erasure” below for further information.
In some circumstances, we may anonymise your personal data (in order that they can no longer be associated to you) for research or statistical purposes, in which case we may use this information indefinitely.
Your legal rights
You have rights guaranteed by the privacy and data protection laws in Europe and in some other countries, and you can benefit from them free of charge:
- access to your personal information;
- rectification or erasure of your personal data;
- restriction of our processing of your personal data, or objection to our processing; and
- a copy of your personal data (right to data portability).
If you want to exercise these rights, please submit your request via [email protected]. We will respond to your request in compliance with the laws in force. To protect your privacy and your security, we may contact you again to request proof of identity.
Please consult the “Your legal rights” section of the glossary below to find out more about these rights:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Oppose the processing of your personal data.
- Request a restriction on the processing of your personal data.
- Request transfer of your personal data.
- Right to withdraw your consent.
- Right to file a complaint.
Procedure and timeline for exercising your rights
You can contact us at the address [email protected] to exercise these rights. We will ask you for information so we can identify you.
Requests will be processed within a period of one month. We are allowed to extend this period by two additional months if the complexity of the situation so requires, and we will inform you if the period is extended. If your request is manifestly ill-founded or excessive, we may either bill you for costs, or refuse to process your request. Regarding requests for access, we may also bill you for additional copies. If we decide not to honour your request or not to respond to your request, we will explain the reasons for this in our response.
Glossary
Internal third parties
Any company of the group of companies AU COEUR DE MEGÈVE or of the group of companies to which PANISTERS.r.l. and Casa Monti belong providing intra group services, including marketing, finances, IT, system administration, HR services, and leadership reports.
External third parties
- Service providers acting as processors who provide IT, system administration, analysis, marketing, booking and other services to companies.
- Professional advisors, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- All authorities and public administrations which require the declaration of the company’s activities and its transformation in some circumstances.
Your legal rights
You have the right to:
- Request access to your personal data (commonly called “subject access request”). This enables you to receive a copy of the personal data we hold about you and verify that we are processing them legally.
- Request correction of your personal data.This enables you to have incomplete or inaccurate data we hold about you corrected, although we need to verify the accuracy of the new data you provide.
- Request erasure of your personal data. This enables you to ask us to modify or erase personal data when there is no valid reason for us to continue to process them. You also have the right to ask us to erase your personal data when you have successfully exercised your right of opposition to processing (see below), when we have processed your information illegally, or when we are bound to erase your personal data in order to comply with the applicable legislation. Please note however that we are not always able to grant your request for erasure for specific legal reasons which will be notified to you, if applicable, when you make you request.
- Oppose processing of your personal data when that processing is based on a legitimate interest (or those of a third party) and there is something in your individual situation which leads you to oppose processing for that reason, because you feel it will have an impact on your fundamental rights and freedoms. You also have the right to oppose the processing of your personal data for direct marketing purposes. In some cases, we can demonstrate that we have imperious legitimate reasons to process your personal data which prevail over your rights and freedoms.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend processing your personal data in the following situations: (a) if you want us to establish the accuracy of the data; (b) when our use of the data is illegal but you don’t want us to erase them; (c) when you need us to keep the data even if we no longer need them because you need to establish, exercise or defend rights; or (d) if you have contested our use of your data but we must verify whether we have imperious legal reasons to use them.
- Request the transfer of your personal data to you or to a third party. We will provide you or your chosen third party with your personal data in a structured, commonly used and machine-readable format. Please note that this right only applies to automated information that you initially authorised us to use or when we have used them to perform a contract with you.
- Withdraw your consent at any time when we need your consent to process your personal data. However, this will not affect the legality of any processing undertaken before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain services. We will inform you if that is the case at the time you withdraw your consent.
- File a complaint. You have the right to file a complaint with the competent supervisory authority, such as the Garante per la Protezione dei Dati Personali (https://www.garanteprivacy.it/). We encourage our customers to contact us first if you have any concerns or complaints.
We reserve the right to modify or amend this PrivacyPolicy at any time and for any reason. The changes will take effect on the date of display or publication.
By using our website, you accept our Privacy Policy. Please contact us if you have any questions about our practices. You can contact us at the following address [email protected].