Please, find here below:

  1. Privacy policy of the Brunelleschi Hotel restaurant: RISTORANTE SANTA ELISABETTA
  2. Information notice on the processing of personal data of users who consult the websites of the Brunelleschi Hotel.
  3. Information notice given to the clients of Binfi S.p.A. at the Brunelleschi Hotel. This information notice is published on the website so that clients may consult it online, as well as physically at the headquarters.

1.      PRIVACY POLICY OF THE BRUNELLESCHI HOTEL RESTAURANT: RISTORANTE SANTA ELISABETTA

The privacy policy on the processing of data relating to the services, gourmet experiences, products and packages of the Michelin-starred restaurant of the Brunelleschi Hotel, Santa Elisabetta Restaurant, is available at the following link: https://www.ristorantesantaelisabetta.it/ privacy /

  1. INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS WHO CONSULT THE WEBSITES OF THE BRUNELLESCHI HOTEL.

Pursuant to EU Regulation No. 679/2016 (the General Data Protection Regulation, “GDPR”), this page describes the methods of processing the personal data of users who consult the website of the Brunelleschi Hotel (hereinafter the “Websites”) electronically accessible at the following addresses:

Furthermore, if the user of the Site decides to make a reservation and / or a purchase, by filling out the reservation templates present on the Site, they will be connected to a booking engine. Such booking engine is powered by our Partner Blastess, appointed as Data Processor, as indicated in this information notice.

This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the Websites but refer to resources outside the domain of the Brunelleschi Hotel.

DATA CONTROLLER

The data controller of the personal data of the website user is BINFI S.p.A. (the company that manages the Brunelleschi Hotel, hereinafter also referred to only as “Brunelleschi Hotel”) – VAT number 01043670478 and Tax Code  03129270488 – with headquarters in Florence, via De’ Martelli, 5 – telephone number: +39 055.27370 e-mail: info@hotelbrunelleschi.it.

WARNINGS AND PROTECTION OF MINORS

Unless otherwise indicated, the provision of personal data, through the collection points on the Site, refers to adults only.

TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING

Navigation data During normal operation, the computer systems and software procedures used to operate the Websites acquire some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified data subjects, but by their very nature may, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used solely to compile anonymous statistical information on the use of the website, to verify its correct operation and for security reasons. The data may be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Cookies. For any information relating to cookies of these Websites, please refer to our Cookie Policy at the following link:  [https://www.hotelbrunelleschi.jp/cookie-policy/ + https://www.ristorantesantaelisabetta.it/cookie-policy/]

Data communicated by the user The optional, explicit and voluntary sending of emails to the addresses indicated on the Websites, as well as the compilation and forwarding of the forms on the Websites or on the booking engine powered by BLASTNESS S.r.l., entail the acquisition of the contact data provided by the sender that are necessary for a response to be sent, along with all the personal data included in the communications.

The Controller normally processes so-called common data (e.g. personal data, residence or domicile data, billing data, payment data, email contact details, telephone and fax numbers…). Data belonging to particular categories (referred to in Article 9 of the GDPR), hereinafter also referred to as “Special Data” – such as information revealing the health conditions of the data subject (allergies or other health issues) or religious / philosophical beliefs (for example for requests made by the client on the grounds of their religious affiliation) – may be processed only at the explicit request of the user.

The personal data provided as illustrated above will be processed for the following purposes:

  1. a) To allow the user to browse the Websites. Legal basis for the processing: the need to allow the user to use the Websites navigation service.
  2. b) to execute pre-contractual measures (such as, for example, the request for information or a quote). Legal basis for the processing: the execution of pre-contractual measures at the request of the data subject. In case of provision of Special Data, the legal basis for the processing is also constituted by the data subject’s consent.
  3. c) for the management of Your contractual relationship relating to the requested service; to acquire and confirm your booking of accommodation and ancillary services; to perform the pre-check-in service before the client’s arrival at the facility and to provide the requested services. Legal basis for the processing: execution of the requested contractual service. In case of provision of Special Data, the legal basis for the processing is also constituted by the data subject’s consent.
  4. d) to fulfill the obligation set out in the “Consolidated Law on Public Security” (Article 109 of the Royal Decree 18.6.1931 No. 773), which requires that the details of the clients are communicated to the Police Headquarters, according to the procedures established by the Italian Ministry of the Interior (Decree of January 7th 2013). Legal basis for the processing: to comply with legal obligations.
  5. e) for administrative purposes and for the fulfillment of legal obligations, such as those having an accounting or tax nature, or to comply with requests from the judicial authority. Legal basis for the processing: fulfillment of legal obligations.
  6. f) in the presence of specific consent, for the periodic emailing of newsletters. Legal basis for the processing: consent of the data subject;
  7. g) in the presence of specific consent, to receive promotional communications and invitations to events, special promotions (marketing). Legal basis for the processing: consent of the data subject;
  8. h) for sending a Curriculum Vitae, exclusively for selection purposes. Legal basis for the processing: consent of the data subject to process the data in the CV for selection purposes;
  9. i) to allow the Company to carry out surveys aimed at improving the quality of the service provided (“client Satisfaction”). Legal basis for the processing: legitimate interest of the Controller to verify the quality of the contractual service rendered to the client.
  1. l) to send direct marketing communications relating to services offered by the Controller, already enjoyed by the data subject, and / or for which they have previously shown interest / made requests for quotations. Legal basis for the processing: legitimate interest of the Controller to carry out direct marketing communications.

 

  1. m) for the protection of persons, property and company assets through a video surveillance system of certain areas in the building, identifiable by the presence of appropriate signs. Legal basis for the processing: legitimate interest of the Controller to protect people and property against possible attacks, thefts, robberies, damage, acts of vandalism and for purposes of fire prevention and safety in the workplace

Specific summary information will be progressively reported or displayed on the pages of the Site, possibly arranged for the provision of certain services.

NATURE OF DATA PROVISION

The provision of navigation data is necessary to guarantee browsing the website. In the absence of such consent, the user will not be allowed to browse our website.

The provision of data required for the execution of pre-contractual measures, the conclusion of the contract, the fulfillment of legal obligations, is not mandatory; it is however necessary for the conclusion of the contract and / or to perform the pre-contractual measures, and to satisfy the legal obligations to which the data controller is subjected. Failure to communicate such personal data may lead to the impossibility of fulfilling the relative request.

The provision of data for sending the curriculum vitae is optional; however, in the event of failure to provide your contact details, we may not be able to provide feedback on your application.

The provision of data for marketing purposes, to subscribe to the newsletter service, is optional; failure to consent to the provision will have the only consequence that you will not be able to receive our marketing communications, and / or our newsletters.

The provision of personal data for the purpose of carrying out Costumer Satisfaction surveys is not mandatory and is not a necessary requirement for the conclusion of the hotel and / or restaurant contract; we point out that, pursuant to Article 21, par. 1 of EU Regulation 679/2016, the data subject has the right to object at any time to the processing carried out for legitimate interest. The objection to the processing will have no consequence other than that the data subject will not receive our Costumer Satisfaction surveys.

The provision of personal data for the purpose of direct marketing (to be contacted by the hotel in relation to the services for which the client has shown interest) is not mandatory and is not a necessary requirement for the conclusion of the hotel contract and / or for catering; pursuant to art. 21, par. 2 and 3 of EU Regulation 679/2016, the data subject has the right to object to the processing carried out for direct marketing at any time. The objection to the processing will have no consequence other than that of not receiving direct marketing communications.

The provision of the images taken by the video surveillance system is necessary for the conclusion of the restaurant and hotel contract, as the data subject cannot access the hotel unless they have given such consent.

The data subject may not authorize the use of cookies and disable them at any time, using the methods illustrated in the cookie policy. However, it should be noted that in this case, malfunctions of the Site or of some of its features may occur.

The consent given to obtain the sending of marketing material, newsletters, for the processing of CVs for personnel selection purposes by Brunelleschi Hotel, may be revoked at any time, as specified in paragraph 10 RIGHTS OF THE DATA SUBJECT (art. 7, articles from 15 to 22 of the GDPR).   

DATA STORAGE PERIOD.

The data relating to web browsing are stored for the time strictly necessary to process the statistics of the site, and to ensure the operation and security of the website.

Any Special Data provided by the data subject will be stored exclusively for the time strictly necessary to perform the requested service, unless we are given the consent to store them for a longer period.

The data provided for pre-contractual purposes will be processed for the time strictly necessary to respond to requests and communications voluntarily forwarded by the client.

For CVs, data will be stored only for the time strictly necessary for the evaluation of the application.

The data processed for contractual purposes and for the execution of legal obligations connected to the contract will be stored for the entire duration of the relationship and subsequently, once the payment has been settled, for 10 years (ordinary time limit).

The data processed to fulfill legal obligations relating to the contract will be stored for as long as necessary to meet the legal obligations to which the Data Controller is subjected.

The data acquired to fulfill the legal obligation indicated in letter d) are not stored by us after the termination of the contractual relationship.

The personal data provided to receive newsletters and promotional offers (marketing) will be stored for 10 years.

The data processed to carry out surveys on customer satisfaction are stored for the time necessary for the overall evaluation of the controller’s survey and for the subsequent action to resolve any organizational deficiencies found.

The data processed for direct marketing purposes are stored for a maximum of 1 year from the termination of the contractual relationship.

The recorded images are deleted after 24 hours, except on holidays or other cases of closure of the facility; in any case they are deleted within one week. Data will not be disclosed to third parties, except where it is necessary to comply with a specific investigation request by a judicial or police authority.

Cookies are stored for the period indicated in the cookie policy.

INFORMATION PROCESSING AND CONFIDENTIALITY PROCEDURES

Personal Data will be processed by manual, computerized or electronic means, suitable for guaranteeing security and confidentiality thereof, and such operation will be carried out by personnel duly trained to comply with the Applicable Regulations.

In compliance with the provisions of art. 24, 25 and 32 of the GDPR, specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access.

However, the Data Controller is not responsible for unauthorized access or loss of personal information attributable to the data subject or that is in any case beyond their control.

No data acquired via the web will be communicated to third parties unless otherwise specified on the page https://www.hotelbrunelleschi.it/cookies/

WEBSITE SECURITY MEASURES

In compliance with the provisions of art. 24 and 25 of the GDPR, specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access.

However, the Data Controller is not responsible for unauthorized access or loss of personal information attributable to the data subject or that is in any case beyond their control.

LOCATION OF PROCESSING  

Personal data are stored on servers located within the European Union, unless otherwise indicated below and in the Cookie Policy

The Online Chat service on the Site is provided by Tawk.to Inc with headquarters in Las Vegas, Nevada (company appointed as data processor pursuant to Article 28 of the GDPR); therefore, the personal data provided by the data subject in the chat may also be transferred to the outside the European Union.  This transfer is authorized as the company Tawk.to Inc. and the Data Controller have signed the standard contractual clauses (referred to in Article 46 of the GDPR) as a means of ensuring an adequate level of protection of data transferred outside the European Economic Area.

For further information on and / or a copy of the transferrable data, contact the data controller at the contacts indicated in this statement.

The Data Controller guarantees that whenever external data controllers (art 28 GDPR) with servers located in third countries are used, the appointment will take place in accordance with the applicable legal provisions, with guarantee of an adequate level of protection and/or subject to adequate guarantees (for example on the basis of a decision of adequacy of the Third Country by the European Commission, or through the stipulation of standard contractual clauses provided for by the European Commission).

ACCESS TO DATA. RECIPIENTS OF DATA PROCESSING.

Access to personal data collected following the consultation of the Website and / or reservations through the website is allowed only to the data processors, expressly authorized by the Data Controller, and to the data processors appointed in compliance with the characteristics referred to in art. 28 of the GDPR.

The Controller is aware of the importance of data security for our clients and for this reason has selected the data processors very carefully.

Pursuant to art. 28 of the GDPR, the Data Processors appointed by the Controller are:

  • BLASTNESS S.r.l.– VAT/TAX CODE: 01195440118 – REGISTRATION NUMBER AT THE BUSINESS ADMINISTRATION REGISTER OF MILAN 2107189 – Headquarters: Galleria del Corso, 2 – 20122 Milan, Italy, for the processing of personal data provided by clients for the purpose of making a reservation through the website of the Brunelleschi Hotel, via the booking engine. More specifically, it should be noted that if the user intends to make a reservation through the Websites of the Brunelleschi Hotel, they will be connected to the search engine for reservations powered by BLASTNESS S.r.l.  -https://www.blastnessbooking.com/ – that provides an encrypted and protected access session.
  • MailUp S.p.A.with headquarters in Viale F. Restelli 1, 20124 Milan (Italy), that manages the MailUP email communications forwarding service, with which we have signed an agreement in compliance with the provisions of the law and art. 28 of the GDPR.
  • Serenissima Informativa S.p.A. with headquarters in Via della Croce Rossa 5, Padova, 35129, VAT Number  01488090281
  • Tawk.to Inc with headquarters in: 187 East Warm Springs Rd, SB298 Las Vegas, Nevada, 89119. Federal TAX ID 36-4846242
  • Np Technology SLU with headquarters in Andorra, Via Peu del Carrer, 1 – Casa Moral Bajos – La Massana, zip code AD 400 “NP” NRT: L-710579-Z. Representative in Italy: INFOTED S.r.l., with headquarters in Teramo, Contrada Scalepicchio snc. VAT number 00874550676
  • E-Group S.r.l. with registered office in Via San Marco, 11 / C – 35129 Padua (PD) – CF / VAT IT03461800280, with reference to the processing of personal data provided by customers to make a restaurant reservation through the Site. More precisely, it should be noted that if the user intends to make a reservation for restaurants, the user will be connected to the managed booking search engine by E-Group S.r.l., which ensures an encrypted and protected access session.

The updated list of external data processors is available at the headquarters of the data controller. The data subject can request the updated list at any time by contacting the data controller at the addresses and contact numbers indicated in this document.

No data deriving from the web service is communicated or disseminated. The data may not be disclosed to third parties except to external parties that, in the fulfillment of the contract and limited to the purposes indicated above, collaborate with the Data Controller (professionals / companies providing legal, tax, accounting consultancy services, competent authorities for the fulfillment of legal obligations, entities that provide services for the management of IT systems and support to the website): all such entities are bound by the confidentiality duty. In any case, in compliance with the principles of data processing provided for by the GDPR, only the data necessary for the performance of the activities entrusted to them will be transmitted to external subjects.

The collected data will in no case be disclosed.

We would like to point out that in the case of stay at this structure, the Controller, under the Italian legislation in force, is obliged to transmit to the authorities the data of the people who stay at the hotel.

The personal data provided by users who request information to be sent to them are used for the sole purpose of providing the service requested and are only communicated to third parties if necessary in order to fulfil the request (for example, shipping agents or carriers).

The information may also be communicated when this is necessary to comply with requests from the Judicial or Public Security Authorities.

RIGHTS OF THE DATA SUBJECTS (art. 7, articles from 15 to 22 of the GDPR).

Based on the current legislation and the provisions of the GDPR, You have the right to:

  1. ask the data controller to access your personal data and request confirmation of the existence or otherwise of your personal data;
  2. obtain information about the origin, the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period, the existence of an automated decision-making process, including profiling, and in relation to it obtain information about the logic used, as well as the importance and expected consequences for the data subject of this processing;
  3. obtain the correction of data concerning yourself without undue delay;
  4. obtain the erasure (right to be forgotten) of data without undue delay if they are no longer necessary, incomplete, erroneous or collected in violation of the law;
  5. to have incomplete personal data completed, including by means of providing a supplementary statement.
  6. obtain the restriction of processing or object to the processing;
  7. Object, at any time, to the processing of data based on legitimate interest to monitor Customer Satisfaction;
  8. Object, at any time, to the processing of data based on legitimate interest for direct marketing purposes;
  9. request data portability, e., you have the right to receive personal data from the Data Controller in a structured, commonly used, and machine-readable format, and have the right to send such data to another Data Controller without hindrance;
  10. withdraw your consent at any time, if this constitutes the basis for the processing. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal;
  11. object to an automated decision-making process relating to natural persons, including profiling, and, in such cases, receive significant information on the logic used, as well as the importance and expected consequences for the data subject of such processing;
  12. lodge a complaint with a supervisory authority (Privacy Guarantor).

Requests addressed to the Data Controller may be sent to the Data Controller’s contacts at the following address: BINFI S.p.A., via De’ Martelli, 5, 50122 Florence, telephone number: +39 055.27370, email info@hotelbrunelleschi.it.

The Data Controller must comply with such request without delay and, in any case, no later than one month after receiving the request. This period may be extended by two further months, depending on the complexity and number of requests received by the Data Controller. In such cases, the Controller will inform you of the reasons for the extension, within one month of receiving your request.

Complaints to the supervisory authority may be addressed to the Guarantor for the protection of personal data, Piazza Venezia, 11 – 00187 Rome, IT-00186 Rome, email: protocollo@pec.gpdp.it.

AMENDMENTS

The Controller reserves the right to modify or amend, at any time, this privacy statement published anywhere on the site, especially following the entry into force of new sector regulations. The latest version of the privacy policy, updated as and when needed by the Data Controller, is available on the website to all users who may consult it at any time.

Last update: October 2023

******************

3.       INFORMATION ON THE PROCESSING OF PERSONAL DATA OF CLIENTS PROVIDED AT BRUNELLESCHI HOTEL.

This document (“Information notice”) intends to provide information on the processing of information that will be given by you to the Data Controller to be processed by the latter for the purposes indicated in this document. The information notice is provided pursuant to art. 13 of EU Regulation No. 679/2016 (“GDPR”) and subsequent national adaptation rules (together with the GDPR: “Applicable Law”).

  1. Name and contact details of the Data Controller

The Data Controller, i.e. the legal person who determines the purposes and means of processing personal data, is BINFI S.p.A., VAT number 01043670478 Tax code 03129270488, (company that manages the Brunelleschi Hotel structure), with headquarters in Florence, in via De’ Martelli,  5, telephone number +39 055/27370: email:  info@hotelbrunelleschi.it

  1. Categories of personal data processed

Within the limits of the purposes and methods described in this Information note, the data that may be processed are those that can be considered as: a) “Data of a common nature”, which include your personal details, those of the people staying with you, your bank details, your contact details, billing data (such as, by way of example, cellphone number, residential or domicile address, email address); b) “Special Data” as characterized, pursuant to the applicable legislation, by a particular nature; by way of example, reference is made to those who are able to provide information on the health conditions of the user,  and on religious or philosophical beliefs (Article 9 of the EU Regulation  679/2016).

For reasons of convenience, within this Information notice, the expression “Personal Data” is to be understood as a reference both to all Your data of a common nature and to special data, unless otherwise specified.

  1. Purpose, legal basis for data processing and storage period

The Personal Data collected will be processed for the purposes and according to the legal bases illustrated below:

3.1 to execute pre-contractual measures (such as, for example, the request for information or quote); for the management of your contractual relationship relating to the hotel and / or restaurant service; to acquire and confirm your booking of accommodation and ancillary services, and to provide the requested services. You may decide to give the Controller certain Special Data in order to provide information on your health, such as, for example, allergies, pathologies, and / or food or other intolerances, i.e. those data that reveal conditions relating to health protection.

Since such processing is necessary for the definition of the contractual agreement, for its subsequent implementation, and / or to perform the services requested by you, the provision of Your Personal Data is at Your discretion; however, should you decide against this, we will not be able to confirm the reservation and / or provide you with the requested services.

Legal basis for the processing: execution of pre-contractual measures at the request of the data subject; execution of a contractual relationship to which the data subject is a party. Consent of the data subject in case of provision of Special Data.

Storage period: for this purpose, your data will be stored for the entire duration of the relationship and subsequently for 10 years (ordinary time limit). Any Special Data provided by You will be stored exclusively for the time strictly necessary to perform the requested service, unless we are given the consent to store them for a longer period;

3.2 to fulfill the obligation set out in the “Consolidated Law on Public Security” (Article 109 of the   Royal Decree 18.6.1931 No. 773), the details of the clients are communicated to the Police Headquarters, for public security purposes, according to the procedures established by the Italian Ministry of the Interior (Decree of January 7th 2013).

The provision of data is mandatory as it derives from a legal obligation. In case of refusal to provide it, we will not be able to have you as a guest in our hotel.

Legal basis for the processing: to comply with legal obligations.

Storage period: for this purpose, the acquired data are not stored by us after the termination of the relationship referred to in paragraph 3.1, unless you give us the consent to the storage as provided for in paragraph 3.5;

3.3 to comply with current administrative, accounting and tax requirements.

The provision of data for this purpose is necessary for the conclusion of the contract. In case of refusal to provide the data necessary for the aforementioned obligations, we will be unable to provide the requested services.

Legal basis for the processing: execution of a contractual relationship; compliance with legal obligations.

Storage period: for these purposes, your data will be stored for the time required by the respective regulations;

3.4) to render services aimed at customer satisfaction, performed at your request, regarding Your need and / or preference, such as, for example, a preferred room or floor for accommodation, the presence of objects and / or other. For this purpose, you may decide to provide Special Data to the Controller. These categories of data may be processed by the Data Controller only with your free and explicit consent.

Legal basis for the processing:  your consent.

Storage period: for this purpose, the acquired data are not stored by us after the termination of the relationship referred to in paragraph 3.1, unless you give us the consent to the storage.

3.5) to speed up the registration procedures at the Hotel in the event of subsequent stays at our hotel. For these purposes, after obtaining your consent – which may be revoked at any time – your data, provided for the categories of data and purposes referred to in points 3.1, 3.2 and 3.3, will be used when you are our guest again.

Legal basis for the processing: Your consent

Storage period: for this purpose, your data will be stored for up to 10 years

3.6) to guarantee the rendering of the services referred to in 3.4 (aimed at achieving customer satisfaction) in the event of subsequent stays at our hotel. For these purposes, after obtaining your consent – which may be revoked at any time – your data will be used when you are our guest again.

Legal basis for the processing:  your consent.

Storage period: for this purpose, your data will be stored for up to 10 years

3.7) for the protection of persons, property and company assets through a video surveillance system of certain areas in the building, identifiable by the presence of appropriate signs. For this processing, your consent is not required, as protecting people and property from possible aggression, thefts, robberies, damage, acts of vandalism and preventing fire and ensuring safety in the workplace fall within our legitimate interest.

The provision of data for this purpose is necessary for the conclusion of the contract; failure to provide such consent will make it impossible for you to access our hotel.

Legal basis of the processing: legitimate interest of the Controller to protect people and property against possible attacks, thefts, robberies, damage, acts of vandalism and for purposes of fire prevention and safety in the workplace

Storage period: for this purpose, the recorded images are deleted after 24 hours, except on holidays or other cases of closure of the facility; in any case they are deleted within one week. Data will not be disclosed to third parties, except where it is necessary to comply with a specific investigation request by a judicial or police authority.

3.8) to receive messages and telephone calls addressed to You during Your stay. For this purpose, your consent is required. You may revoke your consent at any time.

Legal basis for the processing:  your consent.

Storage period: for this purpose, your data will be stored until your departure from the hotel.

3.9) for marketing purposes, and therefore to send You promotional communications and newsletters, updates on rates and offers made by the Data Controller, communications relating to events organized by the Data Controller. This processing can be carried out by the Data Controller only with Your prior consent, which You may revoke at any time.

Legal basis for the processing:  your consent.

Storage period: for this purpose, your data will be stored for up to 10 years.

3.10. To carry out direct marketing activities, aimed at offering you services similar to those already purchased or for which you have already shown interest / or made requests for information or quotes. In this regard, it is always within your rights to object to the processing at any time. This objection will not prevent you from using the service referred to in 3.1) and any additional ones you may have chosen.

Legal basis for the processing: legitimate interest of the Data Controller to make direct marketing contact in case of interest already expressed by the client or potential client for the services offered by the Data Controller

Storage period: for such purpose, the data will be stored for a maximum of 1 year.

3.11. To allow the Company to carry out surveys aimed at improving the quality of the service provided (“Customer Satisfaction”).

Legal basis for the processing: legitimate interest of the Controller to verify the quality of the contractual service rendered to the Customer.

Storage period: for this purpose, Your data will be stored for the maximum period necessary for the overall evaluation of the controller’s survey.

Provision of personal data.

The provision of data for the purposes specified in this information is mandatory and / or necessary only in the cases expressly indicated as such in paragraph 3, as these data are essential for the conclusion of the contract and / or to carry out pre-contractual measures or to comply to legal obligations. In case of lack of consent to the provision of such data, even partial, the contract cannot be concluded and / or executed.

Unless expressly specified, the provision of data is optional and failure to consent will have the sole consequence of not being able to use the purpose described (for example, your data will not be stored in the event of future stays, or you will not receive promotional communications).

  1. Data processing methods

Personal Data will be processed by manual, computerized or electronic means, suitable for guaranteeing security and confidentiality thereof, and such operation will be carried out by personnel duly trained to comply with the Applicable Regulations.

  1. Access to data. Recipients of data processing.

Your data may be made accessible, for the purposes indicated in this document, to:

– employees and collaborators of the Data Controller in their capacity as persons in charge, in compliance with the requirements of the GDPR, external data processors, system administrators / IT experts;

– third-party companies or other subjects who collaborate with the Data Controller in fulfilling the contract and / or limited to the purposes indicated above (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, freight forwarders etc…). Pursuant to Article 28 of the European Regulation, the data processors are expressly appointed by the controller on the basis of a written agreement.

The updated list of external data processors is available at the headquarters of the data controller. The data subject can request the updated list at any time by contacting the data controller at the addresses and contact numbers indicated in this document.

The information may also be communicated when this is necessary to comply with requests from the Judicial or Public Security Authorities. The collected data will in no case be disclosed. To this end, we would like to point out that in the case of stay at this hotel, the  Controller, under the Italian legislation in force, is obliged to transmit to said authorities the data of the people who stay at the hotel.

  1. Transfer of data.

Personal data are stored on servers located within the European Union. It is however understood that, if necessary, the Data Controller may also move the servers outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the conclusion of the standard contractual clauses provided for by the European Commission.

  1. Rights of the Data Subject.

We also wish to inform you that under the GDPR you have the right to:

  1. ask the data controller to access your personal data and request confirmation of the existence or otherwise of your personal data;
  2. obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the storage period;
  3. obtain the correction of data concerning yourself without undue delay;
  4. obtain the erasure (right to be forgotten) of data without undue delay if they are no longer necessary, incomplete, erroneous or collected in violation of the law;
  5. to have incomplete personal data completed, including by means of providing a supplementary statement, taking into account the purposes of the processing;
  6. obtain the restriction of processing or object to the processing;
  7. object, at any time, to the processing for direct marketing purposes;
  1. object, at any time, to the processing of data based on legitimate interest to monitor Customer Satisfaction;
  1. obtain data portability, i.e., you have the right to receive personal data from the Data Controller in a structured, commonly used, and machine-readable format, and have the right to send such data to another Data Controller without hindrance;
  2. withdraw your consent at any time, if this constitutes the basis for the processing. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal;
  3. object to an automated decision-making process relating to natural persons, including profiling, and, in such cases, receive significant information on the logic used, as well as the importance and expected consequences for the data subject of such processing;
  4. lodge a complaint with a supervisory authority (Privacy Guarantor);

We also inform you that the aforementioned rights may be exercised by means of a written request addressed without formalities sent to the Data Controller at the contacts indicated in 1.

The Data Controller must comply with such request without delay and, in any case, no later than one month after receiving the request. This period may be extended by two further months, depending on the complexity and number of requests received by the Data Controller. In such cases, the Controller will inform you of the reasons for the extension, within one month of receiving your request.

Last update: October 2023