GAM S.p.A. Privacy Policy

Information regarding paragraph 13 of the statute 196/2003
The Code regarding the protection of personal data provides for the tutelage of people and any processing of personal data.

GAM SpA respects the privacy of its On-line Guests. The processing of any personal data will be done in the name of correctness, lawfulness, transparency and the tutelage of the guest’s privacy and rights.

By respecting paragraph 13 of the statute 196/2003 concerning any personal data that we may use, GAM SpA wish to inform you of the following.

Purpose for data processing
The personal data that you have freely provided will be used so that you can take advantage of the services, contents and products offered by GAM SpA, registered office at No. 1, Via Fata Morgana, Reggio Calabria, VAT No: 00087020806, by means of the following portal and the other domains we run:
www.altafiumarahotel.it
www.altafiumara.it
www.costaviolahotels.com
www.costaviolahotels.it
www.notos-emotions.it
www.notosemotions.com
www.montesanohotels.it
www.montesanohotels.com
www.reggiocalabriahotels.it
www.altafiumarasposi.it
www.hotelpalacerc.it
www.grandhotelexcelsiorrc.it
www.grandehotelexcelsiorrc.it
These are reserved for registered users and for receiving commercial communications like newsletters, informing mail and/or promotions. The conferment of data is obligatory if you wish to enter the reserved areas of the site and, consequently, take advantage of our services, contents and/or products; the refusal to enter data could mean the impossibility of taking advantage of the services, contents and/or products offered by GAM SpA. It is optional if you wish to receive promotional and commercial offers.

Conditions regarding data processing
Data processing ‘ respecting the norms, and, in particular, art.11of statute 196/03 and the Authorisation given by the Guarantor on the 30/06/2004 ‘ is carried out only with the help of computer-based instrumentation or with the use of written works, if necessary, by those who are in charge of data processing. Some aspects of data processing may be carried out by third parties called head officials and/or superintendents in charge of specific processing for GAM SpA. The data is processed at the registered office at No. 1, Via Fata Morgana, Reggio Calabria, VAT No: 00087020806, by superintendents and any information is kept there.

Personal data security
The data used will be safeguarded so that any risk of losing or destroying material, even accidentally, is minimum. All security measures necessary will be adopted to avoid unauthorised processing of data or anything that does not conform to the original aim of the data.

It is possible to know who the head officials or people-in-charge are by sending an e-mail to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

To exercise your rights you can write to: GAM SpA Privacy Office Via Lodovico Settala n° 6 Milano

GAM SpA specifies that it may identify the user every time they enter one of the sites belonging to the society.
GAM SpA will adopt an identification system, based on the analysis of the number of times any given user enters the sites, for statistical purposes only and the user will remain anonymous. This information will be cancelled immediately after elaboration. The data could be used to ascertain responsibility in case of hypothetical computer crimes causing damage to the site: apart from this eventuality, data only persists for 7 days.

GAM SpA also specifies that it may use web beacons and cookies but only as a way of making the use of the site easier for the user. None of the user’s personal data is deliberately acquired by the site. Cookies are not used for the transmission of personal information. Tracing systems and c.d. cookies are not used either. The use of c.d. session cookies (that are not memorised in a persistent way on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (made up of casual numbers generated by the server) which are necessary to permit a safe and efficient exploration of the site. The c.d. session cookies used in this site avoid the need for other computer techniques that could, potentially, prejudice the privacy of the user’s use of internet and do not permit the acquisition of identifying personal data.

The conferment of data
The data conferred to GAM from its users are the ones needed for the authorisation, qualification and personalisation of access into the various areas of the Gruppo Montesano Hotels web site. GAM requires the necessary data so that it can carry out the contractual obligations that it has with its clients concerning bookings at its hotels, and so that it can offer them its services and information. To carry out these commitments means that the data can be acceded to by more than one person working for the society or those working for external societies that provide services. GAM uses the data collected on-line to offer services and products, to control the authorised access system so as to monitor the security of data, to evaluate job proposals sent by candidates (CVs); only on the requisition of the interested party, by means of an on-line application form, hand-written application form or the spontaneous sending of information to GAM.

On its behalf, GAM sends commercial offers and promotes marketing initiatives through its own newsletter or by means of other technological instrumentation. GAM, being the ‘Owner’ of relevant processing, informs you that the data will only be used in the ways outlined in the Privacy Policy.

The data of those areas on the form signalled by an asterisk are necessary if you wish to take advantage of the services, contents, and/or products offered by GAM SpA in this portal. The conferment of data not signalled by an asterisk is facultative. The common data required is used for the use permitted by law (196/03) , and it is only used for the supply of services required by the registered user. The data is only used in a reserved way by the site and is accessible only after registration and a procedure of computer authentication. Only people in charge are privy to the information.

GAM SpA offers numerous working opportunities, which may include workshops, professional collaborations, and part-time or seasonal work that may include minors. Minors must give GAM SpA certain personal data. The society will use this data and accept registration via computer only if a parent or legal tutor gives permission. If a minor wishes to have access to our services it would be better if they were assisted by a parent or legal tutor.

Category of subjects to whom data may be communicated
The society through its portal will transfer data to third parties only if necessary for the services required and if it is required by law or control, inspection and verification authorities. It may also be necessary to transfer the data to foreign countries where GAM has offices (i.e. the United States). The society may inform commercial partners of data needed to access the site but only common data. The data of clients may be communicated to professionals and firms that, on behalf of the Society, deal with the accounting and taxation, to third parties for the fulfilment of contractual obligations, and to banking institutes for the management of payments deriving from the execution of the contract. Furthermore, we inform you that the portal is accessible through other sites where there is a link. We wish you to note that in this way your data may be visible to others.

The communication, diffusion and transfer of data to foreign countries
No data collected from the web service will be handed over. Your data will not be transferred abroad unless it is to enable you to have better use of our services, contents and/or products. The data will be treated by GAM SpA by superintendents. GAM SpA will be able to make use of the data only when deemed necessary :
for the tutelage of the interests of GAM SpA and/or other societies connected to it and/or third parties;
on official instruction;
to assist the police with investigations into any illegal doings via internet by one or more users whether regarding our services or not;
to defend our rights in every place, state, degree and erga omnes;
to defend ourselves from external disputes involving third parties who claim that an action or omission on behalf of a user of our services or through our services has violated their rights.

Rights of the directly concerned
You may, in any moment, exercise your rights according to article 7 of the statute 196/2003, hereby stated
Art. 7 St. 196/03:
the directly concerned has the right to confirm the existence or not of personal data concerning themselves, even if it has not been registered, and to receive the communication of this in an intelligible form.
The directly concerned has the right to obtain the indication:
a) of the origin of the personal data
b) of the finalities and methods of processing
c) of the logic used allowing processing by means of an auxiliary electronic instrument
d) of the identification of the Owner, the superintendent and/or the person in charge according to article 5, comma 2
e) of the subjects or category of subjects to whom personal data may have been communicated or who could be aware of its existence being representatives of a State, people in charge or designates

The directly concerned has the right to obtain:
a) the ratification or integration of data
b) the cancellation, the transformation into an anonymous form or block on data treated illegally, including that which need not be kept in relationship to the aim for which it has been collected and processed
c) the certification that the operations regarding points a) and b) have been recognised by those to whom the data was communicated or diffused, except when this proves impossible or out of proportion in relation to the safeguarded right.
The directly concerned has the right to oppose, totally or partially:
a) for legitimate reasons, the processing of personal data that concern them, unless it is pertinent to the aim of the data collection;
b) to the processing of personal data that concern them for the reception of advertising material, direct selling or as material for market research and commercial communications.

The owner of processed data
The owner of processed data is GAM SpA, whose head office is at No. 6,Via Lodovico Settala, Milano, VAT No: 00087020806. The list of superintendents is available at the head office.
The person responsible for the security of personal data is the administrator c/o the society’s head office.
We hereby communicate that we use reliable firms to carry out technical and organisational tasks on our behalf. These firms are our direct collaborators and are responsible for the processing of certain data. The names of these firms are up-dated regularly and by sending an e-mail to the following address they will be listed free of charge : This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Privacy Policy Modifications
The GAM SpA Privacy Policy may be up-dated and/or modified to acknowledge and/or conform to national, EU or international regulations or to adapt to technological innovations. Any up-dates and/or modifications will be reported on this Web Site, and made visible by means of the hypertext links that exist on the GAM sites, so that the directly concerned may be kept informed of how their data is used.

It is advisable to have a look at the Privacy Policy every time you visit a Gam web site.
Art. 4 of statute 196/03. Definitions:
a) ’processing’, any operation or group of operations carried out, with or without the help of electronic instruments, regarding the collecting, registration, organisation, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, communication, diffusion, cancellation and destruction of data, whether or not it is registered in a data bank;
b) ’personal data’, any information relative to a physical or juridical person, a body or association, identified or identifiable, even indirectly, through reference to other information, including a number of personal identification;
c) ’identifying data’, personal data that permits the direct identification of the concerned party;
d) ’intimate data’, personal data that reveals racial and ethnic origin; religious, philosophical or similar convictions; political opinions; adhesion to: political parties, trade unions, and associations or organisations dealing with religion, philosophy, politics or trade unions, as well as personal data revealing state of health and sexuality;
e) ’judicial data’, personal data revealing actions concerning article 3, comma 1, letters from a) to o) and from r) to u), of the decree .P.R. 14 November 2002, n. 313, regarding the judicial register, the registry office of administrative sanctions depending on crimes and any relative pending suit, or somebody charged with a crime or under investigation according to articles 60 and 61 of the code of criminal procedure;
f) ’owner’, the physical or juridical person, the public administration or any other body, association or organisation, that alone or with other owners, make the final decisions about the processing of data and the instruments to be used, including the safety profile;
g) ’superintendent’, the physical or juridical person, the public administration or any other body, association or organisation put forward by the owner to process data;
h) ’person in charge’, the physical people authorised to carry out processing operations by the owner or superintendent;
i) ’concerned party’, the physical or juridical person, body or association to whom the personal data refers;
j) ’communication’, giving knowledge of personal data to one or more subjects that are not the concerned party, the representative of the owner in the territory of the State, the superintendent or people in charge, in any form whatsoever;
k) ’diffusion’, giving knowledge of personal data to indeterminate subjects, in any form, even if they are at your disposal or consultation;
l) ’anonymous data’, data that originally or following processing cannot be associated to an identified or identifiable concerned party;
m) ’block’, the conservation of personal data by temporarily suspending any other processing operation;
n) ’data bank’, any organised complex of personal data, divided into one or more dislocated units in one or more sites;
o) guarantor’, the authority established by the statute 675, 31 December 1996, article 153

Art. 24 of the statute 196/03 Cases in which processing can be carried out without consent
Consent is not needed, apart from the cases foreseen in Part II, when the processing:
a) is necessary to fulfil an obligation required by law, by a regulation or an EU normative;
b) is necessary to carry out obligations deriving from a contract that the concerned party is a part of, or to fulfil, before the conclusion of the contract, the specific requirements of the concerned party;
c) regards data coming from public registers, lists, acts or documents known to all, even though the limits and methods concerning the knowledge and publication of data established by the laws, regulations and EU norms still remain;
d) regards data relative to the carrying out of economic activities, processed in full respect of the law in force regarding corporate and industrial secret;
e) is necessary to safeguard a life or the physical safety of a third party. If the same finality concerns the concerned party and this person cannot give their consent because they are incapacitated physically or mentally, the consent will be given by their next of kin, a relative, the person they live with, or the superintendent of the structure where they live. The disposition of article 82, comma 2 is applied;
f) with the exclusion of diffusion, it is necessary for the carrying out of defensive investigations according to the statute of 7th December 2000, No. 397,or, however, to defend your rights in a judicial office, always making sure that the data is processed for that reason only and for only as long as is necessary respecting the regulations concerning corporate and industrial secret;
g) with the exclusion of diffusion, it is necessary, in cases identified by the guarantor according to the law, so as to be able to safeguard the interests of the owner or third parties that have received the data. This includes reference to banking groups and controlled or connected societies if the rights, fundamental freedom, dignity or legitimate interest of the concerned party is at risk.
h) with the exclusion of external communication and diffusion, is carried out by associations, bodies and organisations with no gain, even unrecognised, in reference to subjects that have regular contact with them, for the continuation of determined and legitimate aims identified by a deed, statute or collective contract, using methods expressly indicated and communicated to the concerned party according to article 13;
i) it is necessary, conforming to the respective deontological codes, see A), for scientific or statistic reasons, or else, for exclusively historical reasons using private archives of historical worth according to article 6, comma 2 of the legislation 29 October 1999, No. 490, concerning patrimonial and environmental matters or anything else stated in the aforesaid codes, through other private archives.