• check-in
    • check-out
  • Modify / cancel reservation
Book

Privacy

Privacy Policy Disclaimer (art. 13 General Data Protection Regulation GDPR)


The processing operations connected to the web services of the site / portal take place at the headquarters of the aforementioned business company and are only handled by the authorized technical staff for processing (eg Internet Area), or by any external Processors (outsourcers) for the completion of occasional or periodic technical operations (eg Database maintenance).
The Controller of the aforementioned data processing considers the "privacy" of its users to be of fundamental importance and guarantees that the processing of personal data through its Internet site is carried out with respect for fundamental rights and freedoms, as well as the dignity of the subject, with particular reference to confidentiality, personal identity and the right to protection of personal data. In this regard, the Controller of the data processing has adopted and implemented a Privacy Policy for everything concerning the site management methods with reference to the processing of users' personal data. Please read the following Privacy Policy and periodically check it carefully to verify any updates or revisions. The Data Controller informs that the personal data (hereinafter "Data") provided by you, or otherwise acquired as a result of or when browsing our site / portal, may be processed, in compliance with the European Regulation 2016/679 (GDPR).

To browse this privacy policy use the “index” button at the top.


“Personal Data” definition

For the purposes of this Policy, "personal data" - as better specified in Article 4 of GDPR - means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This Privacy Policy applies to personal data collected through the website and / or portal of the Data Controller of data and / or email accounts. This does not apply to personal data collected in an "off-line" manner, except in cases where such personal data are combined with other personal data collected by the Data Controller of online data. Furthermore, this does not apply to other websites owned by third parties, which can be accessed via hypertext links, due to the fact that the data controller of your data does not manage and does not control the content of such sites. The following personal data may be collected by the Data Controller of your data, through website and / or portal: name, surname, address, e-mail address, information grouped for statistical purposes only during the site and / or portal consultation process, other information voluntarily provided by the user through the online registration procedures or by filling in appropriate fields, forms, information aimed at improving and facilitating site navigation.


Data Processing

Users can access different sections of the website without giving any personal information. The Data Controller processes and collects personal data online through its website and / or portal or other e-mail address of the Company; these treatments are carried out, in a mainly automated way, in the following ways:
1) Data released voluntarily by users
Data Controller collects personal information and other data that are entered in the registration forms or released in the form fields of the website and / or portal, as well as forwarded to the Company by electronic mail. These data may relate to information necessary to provide the services requested by the interested party (eg Newsletter) and / or to contact the interested party (name, postal address, e-mail address, telephone number, user ID and password), or even the date of birth, professional credentials, hobbies and interests.
2) Navigation data collected through the use of electronic tools
The computer systems and software procedures used to operate the website of the Data Controller acquire, during their normal use, a series of personal information whose transmission is implicit in the use of Internet communication protocols (for example, the user's IP address or the domain name of the computer used to access the website, the URL of the requested resources, the time of the request or the time of the session, the method used to submit the query to the server, the size of the files received in response to the request, the numeric code concerning the status of the response given by the server and other type of information regarding the operating system and the user's computer setting). The website and / or web portal of the Data Controller uses technologies such as cookies or similar in order to collect and / or transmit users' personal data. The Data Controller of uses these technologies exclusively for the purpose of obtaining statistical information on the use of the site and / or web portal (eg total number of visitors to the sites, number of visitors per single web page, name of the origin domain of the internet service provider of visitors). In particular, the use of session cookies (those that are removed from the user's computer when the browser is closed) is strictly limited to the transmission of information related to the user's session, of fundamental importance for a safe and efficient navigation of the website and / or portal. Furthermore, the use of these session cookies strictly excludes the use of other IT techniques that are potentially detrimental to the confidentiality of users' browsing and does not allow the acquisition of personal identification data of the same.


Details on personal data processing

The User Data is collected to allow the Controller to provide its services, as well as for the following purposes: Statistics, Contacting the User, Interaction with social networks and external platforms, Registration and authentication, Social Applications, Payment management, Interaction with support and feedback platforms, Infrastructure monitoring, Traffic optimization and distribution, Interaction with live chat platforms, Remarketing and Behavioral Targeting, Address management and sending email messages, Displaying content from external platforms, Comercial affiliation and Heat mapping. Types of Personal Data used for each purpose are indicated in the specific sections of this document.


Purpose of processing of data collection

Personal Data may be collected for the following purposes and using one or more of the following services:
Contact the user, chat and feedback
Mailing List or Newsletter
By registering to the mailing list or to newsletter, the User's email address is automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to this site and / or portal may be transmitted. The User's email address could also be added to this list as a result of registering on the site form or after making a purchase.
Personal data collected: Email.
Address management and email messages sending
These services allow you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services could also allow you to collect data relating to the date and time of display of the messages by the User, as well as to the User's interaction with them, such as information on clicks on the links inserted in the messages.
MailChimp (The Rocket Science Group, LLC.)
MailChimp is an address management and email message service provided by The Rocket Science Group, LLC.
Personal Data collected: email.
Place of processing: USA – Privacy policy - API Use
Subject adherent to the Privacy Shield.
Interaction with live chat platforms
This type of CHAT services allows you to interact with live chat platforms, managed by third parties, directly from the pages of the website. This allows the User to contact the Application support service or this Application to contact the User while he is browsing his pages. In the event that an interaction service is installed with live chat platforms, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages in which it is installed. Furthermore, live chat conversations could be recorded.
Toc Toc chat widget (Toc Toc srl)
The Toc Toc chat widget is an interaction service with the Toc Toc live chat platform, provided by Toc Toc. Personal Data collected: Cookies and Usage Data. Place of processing: Italia – Privacy Policy.
Interaction with support and feedback platforms
These services allow interaction with support and feedback platforms, managed by third parties, directly from the pages of the site and / or portal. In the event that an interaction service is installed with the support and feedback platforms, it is possible that, even if the Users do not use the service, it collects Usage Data related to the pages in which it is installed.


Purpose of data processing

The Data Controller collects the personal data of users necessary to carry out the operation of authorization, enabling and personalization of accesses to the various areas and related contents of the Company website / portal. Furthermore, the Data Controller mentioned above acquires the data necessary to execute the contractual obligations assumed towards customers and deriving from the booking operations. The execution of these obligations necessarily entails that these data have access to the employees of the operational and commercial functions of the External Processor of Website Data, as well as the employees of third-parts service providers. The controller of the aforementioned data processing uses the personal data collected online in order to offer products and services, control the system of authorized accesses to monitor data security, evaluate job proposals submitted by the candidates (CV); only upon specific request of the interested part, by online registration form, the aforementioned data controller submits commercial offers and promotes marketing initiatives through his own "Newsletter". The controller of the aforementioned data processing, as the "Controller" of the relative processing, informs that data in question will be processed and used exclusively for the purposes highlighted in this Privacy Policy.
The personal data gathered from compilation of modules on the web site of the Data Controller is treated for the following purposes:
to grant you access to the services provided by the web site/portal reserved for registered users; to contact you at your request to provide specific information and assistance that you need or for which you have requested our intervention; with your express consent, to send you commercial information and for marketing activities in automated modality (such as email, fax, SMS, MMS, etc.) and non-automated modality (such as surface mail, telephone call with operator, etc.) regarding products and services of the web site owner and/or its commercial partners; with your express consent, to use electronic instruments to conduct profiling, analysis of purchasing choices and market research to improve the offering of services and commercial information, configuring these to better match your interests. This policy can be integrated by further conditions made known at the time of requesting specific services.


Communication and/or diffusion of personal data

Personal data will be accessible to the bodies and employees of data controller mentioned above, formally appointed as Data Processors. The use and forwarding of personal data by external individuals and organizations acting on behalf of data controller mentioned above are governed by contracts that provide for an adequate level of protection of personal data. These subjects are appointed External Data Processors. Users' personal data will be used and released by the aforementioned Controller Data exclusively to individuals and organizations that work on their own behalf, in accordance with this Privacy Policy and according to what is explicitly provided for by current legislation. The data controller mentioned above also manages the information contained on his website / web portal in collaboration with other service providers and web agencies, from which he can receive personal data relating to the users of such information. These online collaborations are governed by specific contracts that presuppose an adequate level of protection of the personal data processed. In some other cases, the data controller may also be required to release the personal data of users, in execution of contractual obligations, in accordance with current legislation or to satisfy the request for services; this information release activity can take place in the following cases:
1. when online users have authorized the release of information;
2. when the data controller needs to communicate information about users in order to offer services and satisfy the request of an online user;
3. when the data controller needs to communicate the information to partners who perform services for online users;
4. when the data controller is required, by order of the judicial authorities, to release information about users, or in accordance with a local or international law, regulation or mandate.
Furthermore, additional circumstances may arise, for example, if the aforementioned data controller decides, for commercial reasons, to carry out transactions involving the sale, merger or acquisition of capital. As part of these reorganization activities, personal data may be shared with current or potential buyers. The personal data will be used and released by the Data Controller as identified above exclusively to individuals and organizations that work for their own account, in conformity with this Privacy Policy and pursuant to explicit conditions of provisions in force. The Data Controller may also be required, by order of judiciary authorities, to release information about users, or in conformity with local or international laws, regulations or mandates. Excepting the cases explicitly consented by the law or foreseen in this Privacy Policy, personal data will not be communicated or shared without the consent of the data owners. The Data Controller as identified above will not transfer, for consideration or gratuitously, the personal data of its own web site users to non-authorized third parties.


Protection of personal data

In conformity with the principle of necessity as sanctioned in article 5 GDPR, the Data Controller guarantees that processing with electronic instruments reduces the use of personal and identification data to the minimum, limiting recourse to the cases in which it is strictly necessary to fulfil the purposes for which they were gathered. The Data Controller also guarantees the adoption and observance of specific safety measures to prevent loss of data, illicit or improper use of data and unauthorized access. The Data Controller will archive the data of each user until a cancellation order is received from the data owner, including data for which conservation is not necessary in relation to the purpose for which it was gathered, in observance of the rights sanctioned by articles 15 – 21 GDPR, to be implemented by the means set out in the paragraph below entitled “Rights”. Each designated individual user is responsible for guaranteeing the ownership and custody of the password and codes for access to the web resources.


Consent to the processing of personal data
The controller of the aforementioned data processing, processes the data of its users / customers exclusively with the consent of the same. However, if the user does not consent to the processing of data or requests the deletion of his / her data, it will not be possible to access the restricted areas of the Company's website / portal.


Optional nature of data conferral

In addition to the specified navigation data, the user is free to supply or withhold the personal data listed on the module of request and/or registration of the Data Controller’s web site, as identified above. Failure to confer the data may make it impossible to obtain what is requested. For completeness, in some cases (not pertinent to the ordinary management of this web site, authorities can request notice and information pursuant to art. 58 GDPR for the purpose of controlling personal data processing. In these cases, failure to respond is penalized by an administrative sanction.


Right to access personal data and other rights

Users of the website / web portal can always contact the Data Controller to assert their rights as set out in articles from 15 to 21 of the GDPR based on which: The interested party has the right to obtain confirmation that a processing of personal data is being carried out and in this case to obtain access to personal data and to the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
d) when possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
e) the existence of the data subject's right to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose to processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the data is not collected from the interested party, all available information on its origin;
h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
The interested party has the right to obtain:
• updating, rectification or, when interested, integration of data
• the deletion of data concerning for the reasons specifically provided by art. 17 GDPR (right to be forgotten), the transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were or subsequently processed; The Data Controller, in the event that personal data have been made public and is obliged to delete them at the request of the interested party, adopts reasonable and even technical measures to inform those who are processing personal data to cancel any link, copy or reproduction of personal data, except in the case where such fulfillment is impossible or involves the use of means manifestly disproportionate to the protected right. Interested party has the right to object, pursuant to art. 21 GDPR, in whole or in part:
• for reasons related to his particular situation to the processing of personal data concerning him, even though pertinent to the purpose of the collection. The Data Controller refrains from further processing personal data unless demonstrates the existence of legitimate reasons for proceeding with processing that prevail over the interests, rights and freedoms of the subject or for verification, exercise or defense of a right in court.
• to processing of personal data concerning him for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.
In accordance with these provisions, and in addition to the other rights specified herein, the aforementioned Data Controller provides the users of website / web portal with the following possibilities:
1. no collection of personal data: user can choose not to provide personal data online to the data controller mentioned above by deciding not to enter or release personal information in the registration form or in the form fields, or not using in this case any personalized service among those available on the Company website / portal. Some of contents and / or services of the site / portal are offered exclusively to users who release personal information or use personalized services.
2. limitations on use and communication of personal data for different purposes: access to certain sections of content and / or services of the website of the aforementioned Data Controller may require the consent of the user to use and release personal data in order to implement the contact list and / or to identify and offer additional services and promotions considered interesting for the user. Users can limit the further processing of this information by checking or choosing the options to be set when entering the data.
Furthermore, the information provided after the first registration can be modified or canceled by changing the settings previously entered in the registration form on the website of Data Controller, by accessing the "Newsletter" section in home page. It is also possible for users to access their personal data, released and stored online and, where permitted, it is also possible to update and modify personal data online.