Listed below is:

  1. Information on the processing of personal data of the website’s users.
  2. Information given to Binfi Spa clients at the Hotel Brunelleschi. This statement is published on the website so that clients may consult it online, as well as in paper format at the main office.

1. INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS CONSULTING HOTEL BRUNELLESCHI WEB SITES PURSUANT TO ARTICLE 13 OF (EU) REGULATION 2016/679

PRIVACY POLICY

Pursuant to EU Regulation no. 679/2016 (the General Data Protection Regulation, “GDPR”), this page describes the methods for processing personal data of users who visit the Hotel Brunelleschi websites (hereinafter “Hotel Brunelleschi Sites”) accessible by electronic means at the following addresses:

https://www.brunelleschihotelflorence.com/
https://magazine.brunelleschihotelflorence.com

Moreover, should you decide to book a reservation by selecting arrival and departure dates via the appropriate booking forms on the aforementioned websites, you will be connected to a booking engine. This booking engine is provided by our partner Blastess, appointed as Data Processor as indicated in this statement.

This information does not apply to other websites, pages or online services accessible via hypertext links that may be published on sites and which refer to resources that are external to the hotelbrunelleschi domain.

The information is also based on Recommendation n. 2/2001, which the European authorities for the protection of personal data, that gathered in the Group established by art. 29 regarding directive n. 95/46/EC, adopted on 17 May 2001 in order to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, regardless of the purpose of the connection; as well as the provisions established by the General Measures of the Privacy Guarantor dated May 8, 2014.

THE DATA CONTROLLER

Following consultation of the sites listed above, data relating to identified or identifiable natural persons may be processed.

The Data Controller of your personal data is BINFI SPA (the company that manages Hotel Brunelleschi) VAT number 01043670478 and Fiscal Code number 03129270488, with registered office in Florence, in via De ‘Martelli, n. 5, telephone number: 055.27370 email: info@hotelbrunelleschi.it.

TYPES OF DATA PROCESSED AND PURPOSE OF THE PROCESSING

Browsing data The computer systems and software procedures used to operate this website acquire, during their normal operating functions, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties; however, due to its very nature it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present, the data on web contacts does not last for more than seven days.

The legal basis for this specific data processing: the processing is necessary to allow the interested party to consult the site.

 

Data provided by the user.  The optional, explicit and voluntary sending of emails to the addresses indicated on the Brunelleschi Hotel Sites, as well as filling in and forwarding the forms found on the Brunelleschi Hotel Sites or the booking engine managed by BLASTNESS Srl, entail the acquisition of the sender’s contact data, which is needed to respond, as well as all personal data included in notifications (including data entered in the forms and forwarded through the Hotel Brunelleschi sites to book a stay).

Personal data provided in the manner described above will be processed for the following purposes:

  1. a) to manage your contractual relationship regarding the service requested, or to execute pre-contractual measures (such as, for example, the request for information or an estimate), to acquire and confirm your booking of accommodation services and ancillary services, and to provide the requested services. Legal basis for processing: execution of the pre-contractual or contractual service requested;
  2. b) for administrative purposes and for the fulfilment of legal obligations regarding accounting and taxes, or to comply with requests from judicial authorities. The legal basis for this processing: fulfilment of legal obligations;
  3. c) only with prior specific consent, for periodically sending newsletters by e-mail. The legal basis for this processing: consent of the interested party;
  4. d) only with prior specific consent, to receive promotional notifications and invitations to events and special promotions (marketing). The legal basis for this processing: consent of the interested party;
  5. e) when sending a curriculum vitae, exclusively for selection purposes. The legal basis for this processing: consent of the data subject to processing CV data for selection purposes;
  6. f) only with prior specific consent, for purposes of automated processing and/or profiling. The legal basis for this processing: consent of the interested party.

We wish inform you that when issuing notifications for marketing purposes and sending newsletter to clients, via email, for the purposes referred to in subparagraphs c) and d) the Data Controller also initiates automated processing, profiling, based on indices and pre-established parameters, as we use MailUP’s platform and IT tools to issue our notifications. In particular, MailUP provides information on who opens the newsletter and clicks on the links contained in the email received. In particular, MailUP, via statistical tracking systems (for example web beacons), enables to detect when the message is opened, the number of clicks on hyperlinks contained in the email, which IP address or what type of browser is used to open the email, and other similar details. The logic used in the use of the processing in question, consists in sending newsletters and commercial offers to subjects who interact with Binfi Spa (Hotel Brunelleschi), that are interested in the Data controller’s service and/or products and to avoid forwarding unwanted notifications. The profiling activity (with the consent of the interested party) is limited to the data provided by you (without data enrichment). You have the right not to give consent to processing via profiling and in any case, you can, at any time, oppose this process as outlined in this disclosure in the Rights of the interested parties section. The legal basis for this processing: consent of the interested party.

Specific summary information will progressively be provided or displayed on the Brunelleschi Hotel Sites pages, possibly prepared for the provision of certain services. Upon checking-in, clients will receive further information regarding the processing of their personal data with regard to the hotel service.

Cookies. Cookies are text files, containing small amounts of information, which are stored on the computers or mobile devices or other similar technologies of users that visit a website. At each subsequent visit, cookies are sent back to the website that originated them (first party cookies), or to another website (third-party cookies) and recognized. Cookies cannot retrieve any other data from your hard drive, nor transmit computer viruses or acquire email addresses. For information regarding our use of cookies please refer to our Cookie Policy. For further information on the types of cookies, features and their function, please visit the following websites – http://www.allaboutcookies.org, www.youronlinechoices.com, http://cookiepedia.co.uk and the aforementioned Provision of the Guarantor.
https://www.brunelleschihotelflorence.com/cookie-policy/

OPTIONALITY TO PROVIDE DATA

Apart from what has been specified with regard to browsing data, the user is free to provide personal data listed in the application forms or indicated in contacting the Office to request to receive informative material or other notifications. Failure to provide such data may make it impossible to fulfil requests.

Please note that should consent be given to receive marketing material, newsletters, CV processing for personnel selection purposes by Hotel Brunelleschi, it can be revoked at any time.

DATA RETENTION PERIOD

The data provided will be processed for the time strictly necessary to give feedback to requests and notifications sent voluntarily by clients. With regard to receiving a CV, it will be processed only for the time strictly necessary for the evaluation of the candidacy. The data processed for the purpose of booking a stay at the Hotel through our website will be kept for the entire duration of the relationship and subsequently, after payment, for 10 years (the time envisaged by legal regulations). Personal data provided to receive newsletters and to receive promotional offers (marketing) will be kept for 10 years. Data relating to web browsing is stored for a maximum of seven days. Cookies are kept for the period indicated in the cookies policy.

SAFETY METHODS AND INFORMATION PROCESSING

Personal Data will be processed using manual, computerized or telematic tools that are suitable for ensuring security and confidentiality and will be carried out by personnel that has been trained to comply with current legislation.

Specific security measures have been implemented to prevent the loss, illicit or incorrect use and unauthorized access of data, in compliance with the provisions set forth in Articles 24.25 and 32, of the GDPR.

In any case, Hotel Brunelleschi cannot be held responsible for unauthorized access or loss of personal data attributable to the interested party or in any case beyond its control.

No data acquired via the web will be passed on to third parties unless otherwise indicated in the Cookie Policy.

SITE SECURITY MEASURES

With regard to managing the site, specific security measures have been adopted, aimed at ensuring the user’s secure access and to protect the information contained in the site from risks of loss or destruction, even accidental. The antivirus software used in managing the site is updated on a regular basis in order to avoid data loss due to possible computer viruses. It is worth highlighting that though we ensure adopting specific anti-virus systems, despite being a legal obligation, it is advisable for users to equip their workstations with an anti-virus system to prevent possible attacks. An identification code and password are assigned to companies that wish to access the reserved part of the site. These passwords are generated in such a way that they do not contain references that are easily traceable, so as to avoid possible abuse. Users are required to keep their password confidential.

DATA PROCESSING LOCATION

Personal data is stored on servers located within the European Union, unless otherwise specified in the Cookie Policy

With regard to forwarding emails via MailUP, the physical data centre located within the EU is compliant with the applicable legal provisions, pursuant to the provisions established in Article 45 and 46 of the European Regulation 679/2016.

DATA ACCESS. PROCESSING RECIPIENTS.

Access to Personal Data collected, as a result of consulting the website and sending requests and/or reservations via the website, is permitted only to persons in charge of processing, expressly authorized by the Data Controller, and to designated data processors as established in Article 28 of the GDPR.

The Data Controller is aware of the importance of data security for our clients and has selected our data processors very carefully.

The Data Controller has appointed as Data Processors, pursuant to Article 28 of the GDPR:

  • BLASTNESS SRL – P.IVA/C.F.: 01195440118 – N.ISCRIZIONE REA DI MILANO 2107189 Registered Office: Galleria del Corso, 2 – 20122 Milan, Italy, with reference to the processing of personal data provided by clients when making a reservation for a stay through the Hotel Brunelleschi website, via the management of the booking engine. More precisely, it should be noted that if users intend to make a reservation on the Brunelleschi Hotel Sites, they will be connected to the search engine for bookings managed by BLASTNESS SRL, https://www.blastnessbooking.com/, which ensures an encrypted and protected session.
  • MailUp S.p.A. with registered office in Viale F. Restelli 1, 20124 Milan (Italy), which manages the MailUP service for the management of forwarding email notifications, with which we have signed an agreement in compliance with the law and art. 28 GDPR.

The updated list of external processors is available at the data controller’s registered office. The updated list can be requested any time by contacting the data controller at the addresses and through the contacts indicated in this document.

No data deriving from the web service is circulated. The data will not be disclosed to third parties except to third parties who, in fulfilling the contract and limited to the purposes indicated above, collaborate with the Data Controller (professionals/companies providing consultancy work of a legal, tax and accounting nature, competent authorities for ‘fulfilling legal obligations’, subjects providing services for managing computer systems and assistance to the website); all of which are bound by the obligation of confidentiality. In any case, in compliance with the principles of data processing envisaged by the GDPR, only the data necessary for carrying out the activities entrusted to them will be passed on to external parties.

The personal data provided by users who request dispatch of informative material is used for the sole purpose of carrying out the service or provision requested and is communicated to third parties only if this is necessary for that purpose (shippers or couriers, for example).

 

RIGHTS OF THE INTERESTED PARTIES (art 7, articles 15 to 22 GDPR).

Based on current legislation and the provisions established in the GDPR, you have the right to:

  1. ask the data controller to access personal data and request confirmation of the existence, or otherwise, of your personal data;
  2. obtain information on the origin, the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be communicated and, where possible, the retention period, the existence of an automated decision-making process, including profiling, and in relation to it, obtaining information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
  3. obtain the correction of data concerning you without unjustified delay;
  4. obtain the deletion (right to be forgotten) of the data without unjustified delay if no longer necessary, incomplete, erroneous or collected in violation of the law;
  5. obtain the integration of incomplete personal data, by providing an additional declaration, taking into account the purpose of the processing;
  6. obtain the processing limitation or oppose the processing;
  7. object, at any time, to the processing, including profiling, in relation to the data processed for direct marketing purposes;
  8. obtain data portability, i.e. receive it from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit it to another data controller without delay;
  9. revoke your consent at any time, if this constitutes the basis of the processing. The withdrawal of consent, however, does not prejudice the lawfulness of the processing based on the consent given prior the revocation;
  10. know whether the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and whether the data subject is obliged to provide personal data and the possible consequences of not communicating such data ;
  11. oppose an automated decision-making process concerning individuals, including profiling, and, in such cases, receive significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
  12. lodge a complaint to a supervisory authority (Privacy Authority);
  13. be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer of data, should the personal data be transferred to a third country or to an international organization.

Requests addressed to the Data Controller may be sent to the following address: BINFI SPA, in via De ‘Martelli, no. 5, 50122 Florence, telephone number: 055.27370, email: info@hotelbrunelleschi.it.

The Data Controller must proceed in this direction without delay and, in any case, no later than one month after receiving a request. The deadline may be extended to two months if necessary, taking into account the complexity and the number of requests the Data Controller receives. In such cases, the Data Controller, within one month of receiving your request, will inform you of the reasons for the extended period.

Complaints to the supervisory authority can be addressed to the Guarantor for the protection of personal data, Piazza di Monte Citorio 121, IT-00186 Rome, email: rpd@gprp.it.

CHANGES

The Data Controller reserves the right to modify or amend, at any time, this privacy statement, wherever published on the site, mainly due to the entry into force of new sector regulations. At any time, users can check the latest version of the privacy policy as updated from time to time by the Data Controller, by simply connecting to the site

Last updated May 2018

 

2. INFORMATION ISSUED TO BINFI SPA CLIENTS AT THE HOTEL BRUNELLESCHI FACILITIES.

DISCLOSURE PURSUANT TO ART. 13 EUROPEAN REGULATION 679/2016. (GENERAL DATA PROTECTION REGULATIONS, “GDPR”).

This document (“Disclosure”) is intended to provide you with indications regarding the processing of information, as specified below, which will be provided by you to the Data Controller indicated below and which will be processed for the purposes indicated in this document. The Disclosure, in particular, is provided pursuant to Article 13 of Legislative Decree 196/2003 and of EU Regulation no. 679/2016 (“GDPR”), art. 13, and subsequent national adaptation rules (along with the GDPR “Applicable Regulations”).

1. Data Controller identity and contact details.

The Data Controller, or rather the legal entity that determines the personal data processing purposes and means, is BINFI SPA, Vat 01043670478 Fiscal code 03129270488, (the company that manages the Hotel Brunelleschi facilities), with registered office in Florence, in via De ‘Martelli, n. 5, telephone number 055/27370: email: info@hotelbrunelleschi.it

2. Categories of personal data processed.

The following information categories, established within the limits of the purposes and methods described in this Disclosure, may be processed: a) “Data of a common nature”, which includes your personal details, those of the persons staying with you, your bank details, your contact details, billing information (such as, for example, mobile phone number, residential or home address, e-mail address.); b) “Particular Data”, in accordance with applicable law, of a particular nature; by way of example, reference is made to those who provide information on the state or health conditions of the user, religious or philosophical convictions (Article 9 of EU Regulation 679/2016).

For convenience of reference, in this Disclosure, the expression “Personal Data” shall be understood as a reference to all of your Common Data and Particular Data, unless otherwise specified.

3. Purpose and legal basis of the processing.

The Personal Data collected will be processed for the following purposes and on the following legal basis:

3.1 for managing your contractual relationship regarding the hotel and/or catering service, or to execute pre-contractual measures (such as, for example, the request for information or estimates), to acquire and confirm your reservation of accommodation and ancillary services, and to provide the requested services. You may decide to give the Data Controller details in order to indicate your health needs, such as allergies, pathologies, and/or food intolerance or otherwise, or rather data that reveals conditions related to protecting your health. Since this processing is required for defining the contractual agreement, for its subsequent implementation, and/or to execute the services requested by you, you are free to provide your personal data, however should it not be given, we will not be able to confirm booking or provide the requested services.

Legal basis for processing: execution of a contractual relationship, execution of legal obligations, legitimate interest of the Data Controller with regard to any disputes concerning the contractual relationship.

For this purpose, your data will be kept for the entire duration of the relationship and subsequently for 10 years (legal requirement). Any Particular Data you provide will be stored only for the time strictly necessary to carry out the requested service, unless you give us consent to keep it for a longer period;

3.2 to fulfil the obligation pursuant to the “Consolidated Law on Public Security” (article 109 RD 18.6.1931 No. 773) which requires us to inform the Police Headquarters, for purposes of public security, the details of clients accommodated according to the procedures established by the Ministry of the Interior (Decree of 7 January 2013). The provision of data is mandatory and does not require your consent, and in case of refusal in providing it, we will not be able to accommodate you in our facility.

Legal basis for processing: implementation of legal obligations.

For this purpose, the acquired data is not stored by us after the termination of the relationship referred to in point 3.1, unless you provide us with the consent to retention as established in point 3.5;

3.3 to comply with current administrative, accounting and tax obligations. For these purposes, the processing is carried out without the need to acquire your consent. The data is processed by us and our representatives, and is disclosed externally only to fulfil legal obligations. In case of refusal to provide the data necessary for the above-mentioned obligations, we will not be in a position to provide the requested services.

Legal basis for processing: execution of a contractual relationship, execution of legal obligations, legitimate interest (in case of checks by the relevant authorities).

For these purposes, your data will be retained for the time required by the respective regulations;

3.4) to render the services aimed at customer satisfaction, carried out at your request, with regard to your needs and/or preferences, such as, a room or a preferred accommodation plan, objects and/or other items required. Based on these purposes you may wish to give the Data Controller Particular Data as well. These categories of data may be processed by the Data Controller only through your free and explicit written consent, by signing this disclosure.

Legal basis for processing: your consent.

With regard to these purposes, the acquired data is not stored by us after the termination of the relationship referred to in point 3.1, unless you provide us with your consent.

3.5) to speed up the registration procedures at the hotel as referred to in points 3.1, 3.2. and 3.3 regarding your subsequent stays at our hotel. For these purposes, after obtaining your consent which can be revoked at any time, your data, provided for the data categories and purposes referred to in points 3.1, 3.2 and 3.3, will be used when you are once again a guest.

Legal basis for processing: your consent.

For this purpose your data will be kept for a maximum period of 10 years

3.6) to guarantee the services referred to in the purpose as at point 3.4 (aimed at achieving customer satisfaction) should you once again be our guest in the future. For these purposes, after obtaining your consent which can be revoked at any time, your data will be used when you are once again a guest.

Legal basis for processing: your consent.

For this purpose your data will be kept for a maximum period of 10 years,

3.7) for the purposes of protecting people, property and corporate assets through a video surveillance system placed is some areas throughout the facilities, identifiable via appropriate signs. For this processing your consent is not required, as it pursues our legitimate interest in protecting people and property with respect to possible aggressions, thefts, robberies, damage, acts of vandalism and for purposes of fire prevention and job security.

Legal basis for processing: Data Controller’s legitimate interest.

For this purpose the recorded images are deleted after 24 hours, except holidays or other closure dates, and in any case no longer than a week. They are not the object of communication to third parties, except in the case where it is necessary to adhere to a specific investigation request by judicial or police authorities.

3.8) to carry out the function of sending messages and telephone calls addressed to you during your stay. For this purpose your consent is required. You may revoke your consent at any time.

Legal basis for processing: your consent.

For this purpose your data will be kept until your departure from the hotel.

3.9) for marketing purposes and therefore to send you reminders and promotional notifications, to send you updates on the Data Controller’s rates and offers, notifications relating to events organized by the Data Controller. Providing your Personal Data for this purpose is optional and will not prevent you from using the service referred to in the purposes at point 3.1) and any additional services you may have chosen. These data categories may be processed by the Data Controller only upon your free and explicit written consent which may be revoked at any time, by signing this disclosure.

Legal basis for processing: your consent.

For this purpose your data will be kept for a maximum period of 10 years.

3.10 for periodic issuing, by e-mail, of newsletters by the Data Controller. Providing your Personal Data for this purpose is optional and will not prevent you from using the service referred to in the purposes of point 3.1) and any additional service you may have chosen. These data categories may be processed by the Data Controller only upon your free and explicit written consent which may be revoked at any time, by signing this disclosure.

3.11 for the purposes of automated processing and/or profiling through your specific consent. We wish to inform you that in carrying out notifications for marketing purposes and issuing newsletters to clients, via email, for the purposes referred to in points 3.9) and 3.10), the Data Controller also carries out automated processing and profiling, based on pre-established indexes and parameters, as we use the MailUP platform and IT tools to send our notifications. In particular, MailUP provides information on who opens the newsletter and clicks on the links contained in the email received. In particular, MailUP through statistical tracking systems (for example web beacons), enables us to detect when the message is opened, number of clicks on hyperlinks contained in the email, which IP address is used or with what type of browser the email is opened, and other similar details. The logic used in the use of the processing in question, consists of sending newsletters and commercial offers to subjects who interact with Binfi Spa (Hotel Brunelleschi), interested in the Data Controller’s services and/or products and those who wish to avoid receiving unwanted notifications. The profiling activity (through the interested party’s consent) is limited to the data provided by you (without data enrichment). You have the right not to give consent to the processing by profiling and in any case, at any time you can oppose this process as indicated in this disclosure in the interested party’s Rights section. Legal basis for processing: consent of the interested party.

4. Data processing methods

Personal Data will be processed using manual, computerized or telematic tools, suitable for ensuring security and confidentiality, and will be carried out by personnel trained in compliance with the Applicable Regulations.

In addition to situations where it is necessary to contact you for needs related to the management of your contractual position, after your consent to the processing of your data, and for the purposes referred to in point 3.1) and 3.9), you may be contacted via e-mail, text message, or through any equivalent electronic tool or by mail or by telephone depending on the details you provided. If you prefer to be contacted only at one or some of these addresses, you can make a specific request by contacting the Data Controller at the addresses indicated in point 1) of this disclosure. Your data will be stored in one or more of the Data Controller’s appropriate archives or databases, in compliance with the retention times indicated for each purpose, excluding Particular Data which will be retained only if we receive your consent to do so.

5. Access to data. Processing recipients.

Your data may be made accessible for the purposes indicated in this document:

– to the Data Controller’s employees and collaborators in their capacity as persons in charge in compliance with GDPR requirements, external data processing managers, system administrators/IT experts;

– to third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.). These data processors are specifically appointed by the data controller on the basis of a written agreement pursuant to Article 28 and 29 of the European Regulation.

The Data Controller has appointed as Data Processor, pursuant to Article 28 of the GDPR: MailUp S.p.A. with registered office in Viale F. Restelli 1, 20124 Milan (Italy) manages the MailUP service for forwarding email notifications, with which we have signed an agreement in compliance with legal provisions and art. 28 GDPR.

The updated list of external processors is available at the Data Controller’s registered office. You may request the updated list, at any time, by contacting the data controller at the addresses and contacts indicated in this document.

Information may also be notified whenever communication is necessary to comply with requests from Judicial Authorities or Public Security. The collected data will not, under any circumstances, be circulated. In this regard, we wish to point out that should you stay overnight at this facility, the data controller, under current Italian law, is obliged to pass on the data of the people who remain at the facility to the above-mentioned authorities.

6. Data transfer.

Personal data is stored on servers located in Italy, and within the European Union. It is understood, however, that the Data Controller, if necessary, will have the right to move the servers even outside the EU. Should this be case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

7. Rights of the interested party.

We would also like to inform you that under the GDPR you have the right to:

  1. ask the data controller to access personal data and request confirmation of the existence, or otherwise, of your personal data;
  2. obtain information on the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data has been or will be notified and, where possible, the retention period;
  3. obtain the correction of data concerning you without unjustified delay;
  4. obtain the deletion (right to be forgotten) of the data, without unjustified delay, if it is no longer necessary, incomplete, erroneous or collected in violation of the law;
  5. obtain the integration of incomplete personal data, via the provision of an additional declaration, taking into account the purpose of the processing;
  6. obtain the processing limitation or oppose the processing;
  7. object, at any time, to the processing carried out for direct marketing purposes, including profiling;
  8. obtain data portability, i.e. receive the data from the data controller, in a structured format, commonly used and readable by automatic devices, and transmit it to another data controller without hindrance;
  9. revoke your consent at any time, if this constitutes the basis of the processing. The withdrawal of consent, however, does not prejudice the lawfulness of the processing based on the consent given prior the revocation;
  10. know whether the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and whether the data subject is obliged to provide personal data and the possible consequences of not communicating such data ;
  11. oppose an automated decision-making process concerning individuals, including profiling, and, in such cases, receive significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
  12. lodge a complaint to a supervisory authority (Privacy Authority);
  13. be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer of data, should the personal data be transferred to a third country or to an international organization

We also wish inform you that the aforementioned rights may be exercised by means of a written request addressed, without formalities, to the Data Controller via the contacts indicated in point 1.

The Data Controller must proceed in this direction without delay and, in any case, no later than one month after receiving a request. The deadline may be extended to two months if necessary, taking into account the complexity and the number of requests the Data Controller receives. In such cases, the Data Controller, within one month of receiving your request, will inform you of the reasons for the extended period.

Book your room now!
[]
1 Step 1
ARRIVAL
DEPARTURE

en

Previous
Next
Best Price Guaranteed.

4 good reasons to book now

  • Free Wi-Fi
  • Breakfast included
  • Pay at the Hotel
  • No Cancellation fee
Share