In accordance with applicable privacy laws (EU Regulations n. 679, 2016), we would like to take this opportunity to inform you that your personal information will be processed in an ethical and transparent manner, only for lawful purposes, and in a manner that safeguards your privacy and your rights.
Processing takes place manually and using IT tools, and is done for the following purposes:
- To obtain and confirm your booking of accommodations and other services, and to provide such services as requested. Since this processing is required to define our contractual relationship and to perform under our contract with you, your consent is not required, unless certain “sensitive” information is submitted. Should you refuse to submit your personal information, we will not be able to confirm your booking or provide you with the requested services. Processing shall cease once you check out, although some of your personal information may (or in some instances, has to) continue to be processed for the purposes and in the manner described below;
- To comply with our “Public Safety Law” (Article 109 Royal Decree n. 773, 18/6/1931) which requires that we provide identification data of our guests to the police, for purposes of public safety, in the manner established by the Ministry of the Interior (Decree of 7 January 2013). Data submission is mandatory, and does not require your consent. Should you refuse to provide such information, we will not be able to host you in our hotel. Data acquired for such purposes shall not be retained by us, unless you provide consent to their retention as required under point 4, infra;
- To comply with applicable administrative, accounting, and tax regulations. For these purposes, your consent is not required. Personal information is processed by us and our persons in charge of data processing, and is disclosed outside the company only when and if required by law. Should you refuse to submit the required data for the above purposes, we will not be able to provide you with the requested services. Data acquired for such purposes is retained by us for the required statutory period (10 years – or longer, in case of tax audits);
- To speed-up check-in on your next visit to our hotel. For such purposes, upon obtaining your consent (which can be revoked at any moment), your information will be retained for a maximum of 5 years, and will be used the next time you are our guest, for the reasons listed supra;
- To allow you to receive messages and telephone calls during your stay. Your consent is required for such purposes. You can revoke your consent at any time. Such processing, where consent is granted, shall end when you check out;
- To send you advertising messages and updates on special rates and promotions. For this purpose, upon obtaining your consent, your information shall be retained for a maximum of 5 years, and will not be disclosed to third parties. You may revoke your consent at any moment;
- For purposes of protecting persons, property, and company assets, using a video-surveillance system for some areas of the hotel, which are duly identified by signage. Your consent is not required for such processing because it is conducted pursuant to our legitimate interest to safeguard persons and property against potential violence, theft, robbery, damage, and vandalism. Surveillance is also conducted for purposes of fire prevention and occupational safety and health. Recorded images are erased after 24 hours, except on holidays or other days the business is closed; images are never retained for more than one week. These images are not subject to third-party disclosure, except as required to comply with a specific investigatory demands from a court or the police.
We also would like to inform you that the European Regulation grant you certain rights, including rights of access to, adjustment, erasure, limitation of, or objection to the processing of your data, as well as data portability rights, when and insofar as applicable (Articles 15-22 of the EU Regulations n. 679, 2016). You can also file a complaint with the Data Protection Authority, according to the procedures set forth under applicable regulations.
For any other concern, and to assert your rights under the EU Regulation, please contact:
Data Controller SAN TOMASO SRL Via Stradivari 4 – 20131 Milano
Data Processor LUCA OLATI email@example.com