Privacy & Cookie Policy (Englisch)

Infor­ma­tion to Data Sub­ject

(pur­suant to art. 13 and 14 of  Regu­la­tion EU 2016/679 GDPR)

 

1. Intro­duc­tion

1.1 We care and are com­mit­ted to pro­tec­ting the per­so­nal data of visi­tors of our web­si­te and users of our ser­vi­ces. With this docu­ment we pro­vi­de the data sub­jec­ts with the infor­ma­tion on the pro­ces­sing pro­vi­ded for by art. 13 and 14 of the Regu­la­tion EU 2016/679 — Gene­ral Data Pro­tec­tion Regu­la­tion (GDPR).

 

1.2 This poli­cy applies whe­re we are acting as a data con­trol­ler with respect to the per­so­nal data of our web­si­te visi­tors and ser­vi­ce user; in other words, whe­re we deter­mi­ne the pur­po­ses and means of the pro­ces­sing of that per­so­nal data.

 

1.3 By using our web­si­te and agreeing to this poli­cy, you con­sent to our use of coo­kies in accor­dan­ce with the terms of this poli­cy.

 

1.4 The Data Con­trol­ler of the pro­ces­sing is the B&B Roma Borgo91, and its legal repre­sen­ta­ti­ve, who can be con­tac­ted at the email address info@borgo91.it. In this docu­ment we refer as “we”, “us” and “our” to B&B Roma Borgo91 or the Data Con­trol­ler.

2. How we use your per­so­nal data

2.1 In this Sec­tion we have set out:

(a) the gene­ral cate­go­ries of per­so­nal data that we may pro­cess;

(b) the pur­po­ses for which we may pro­cess per­so­nal data; and

© the legal bases of the pro­ces­sing.

 

2.2 We may pro­cess data about your use of our web­si­te and ser­vi­ces (“usa­ge data”). The usa­ge data may inclu­de your IP address, geo­gra­phi­cal loca­tion, bro­w­ser type and ver­sion, ope­ra­ting system, refer­ral sour­ce, length of visit, page views and web­si­te navi­ga­tion paths, as well as infor­ma­tion about the timing, fre­quen­cy and pat­tern of your ser­vi­ce use. Our ana­ly­tics trac­king system (Goo­gle Ana­ly­tics) pro­ces­sed the­se data and pro­du­ces aggre­ga­te ano­ny­mous reports for the pur­po­ses of ana­ly­zing the use of the web­si­te and ser­vi­ces.

The legal basis for this pro­ces­sing is our legi­ti­ma­te inte­rests of moni­to­ring and enhan­cing our web­si­te and ser­vi­ces (arti­cle 6.1.f), appli­ca­ble becau­se the ano­ny­mous form of the report does not pre­sent any risks for the indi­vi­dual data sub­jec­ts.

 

2.3 We may pro­cess infor­ma­tion con­tai­ned in any enqui­ry you sub­mit to us via tele­pho­ne, email, web or social net­works  regar­ding our goods and/or ser­vi­ces (“enqui­ry data”).  Enqui­ry data may inclu­de Name, Last Name, lan­gua­ge, tele­pho­ne or fax num­ber, email. Enqui­ry data may be pro­ces­sed for the pur­po­ses of offe­ring and sel­ling rele­vant ser­vi­ces to you.

The legal basis for this pro­ces­sing is to take steps at the reque­st of the data sub­ject prior to ente­ring into a con­tract (art. 6.1.b).

 

2.4  We may pro­cess your per­so­nal data that are pro­vi­ded by you in the cour­se of the use of our ser­vi­ces (“ser­vi­ce data”). The ser­vi­ce data may inclu­de your name, last name, tele­pho­ne num­ber, email address, gen­der, date and pla­ce of birth, pla­ce of resi­den­ce, iden­ti­ty docu­ment num­bers. The sour­ce of the ser­vi­ce data is you or your employer. The ser­vi­ce data may be pro­ces­sed for ful­fil­ling the con­tract for pro­vi­ding our ser­vi­ces.

The legal basis for this pro­ces­sing is the per­for­man­ce of a con­tract bet­ween you and us (art. 6.1.b) and a legal obbli­ga­tion (art. 6.1.c) that we, as Data Con­trol­ler, have to regi­ster your stay with the Poli­ce (art. 109 of the Ita­lian TULPS).

 

2.5 Within the Ser­vi­ce Data we may pro­cess only Name, Last Name, Tele­pho­ne and email to per­form direct mar­ke­ting acti­vi­ties for goods and ser­vi­ces simi­lar to the ones you have alrea­dy pur­cha­sed from us.

The legal basis for this pro­ces­sing is the art. 130 of the Ita­lian Pri­va­cy Code (D.Lgs 108/18) that allo­ws us to per­form direct mar­ke­ting acti­vi­ties without con­sent of the data sub­ject, pro­vi­ded that he can exer­ci­se the right to stop such pro­ces­sing.

 

2.6 We may pro­cess infor­ma­tion rela­ting to tran­sac­tions, inclu­ding pur­cha­ses of goods and ser­vi­ces, that you enter into with us and/or throu­gh our web­si­te (“tran­sac­tion data”).  The tran­sac­tion data may inclu­de your con­tact details and the tran­sac­tion details. The tran­sac­tion data may be pro­ces­sed for the pur­po­se of sup­ply­ing the pur­cha­sed goods and ser­vi­ces and kee­ping pro­per records of tho­se tran­sac­tions.

The legal basis for this pro­ces­sing is the per­for­man­ce of a con­tract bet­ween you and us (art. 6.1.c) a legal obbli­ga­tion (art. 6.1.c) that we, as Data Con­trol­ler, have to main­tain pro­per fiscal records of the tran­sac­tions.

 

2.7 We may pro­cess infor­ma­tion that you pro­vi­de to us for the pur­po­se of sub­scri­bing to our email noti­fi­ca­tions and/or new­slet­ters (“noti­fi­ca­tion data”). The noti­fi­ca­tion data are Name, Last Name and email may be pro­ces­sed for the pur­po­ses of sen­ding you the rele­vant noti­fi­ca­tions and/or new­slet­ters.

The legal basis for this pro­ces­sing is con­sent (art. 6.1.a).

 

2.8 We may pro­cess any of your per­so­nal data iden­ti­fied in this poli­cy whe­re neces­sa­ry for the esta­blish­ment, exer­ci­se or defen­ce of legal claims, whe­ther in court pro­cee­dings or in an admi­ni­stra­ti­ve or out-of-court pro­ce­du­re. The legal basis for this pro­ces­sing is our legi­ti­ma­te inte­rests, name­ly the pro­tec­tion and asser­tion of our legal rights, your legal rights and the legal rights of others.

2.9 We may pro­cess any of your per­so­nal data iden­ti­fied in this poli­cy whe­re neces­sa­ry for the pur­po­ses of obtai­ning or main­tai­ning insu­ran­ce cove­ra­ge, mana­ging risks, or obtai­ning pro­fes­sio­nal advi­ce. The legal basis for this pro­ces­sing is our legi­ti­ma­te inte­rests, name­ly the pro­per pro­tec­tion of our busi­ness again­st risks.

 

2.10  In addi­tion to the spe­ci­fic pur­po­ses for which we may pro­cess your per­so­nal data set out in this Sec­tion 2, we may also pro­cess any of your per­so­nal data whe­re such pro­ces­sing is neces­sa­ry for com­plian­ce with a legal obli­ga­tion to which we are sub­ject, or in order to pro­tect your vital inte­rests or the vital inte­rests of ano­ther natu­ral per­son.

 

2.11 Plea­se do not sup­ply any other person’s per­so­nal data to us, unless we prompt you to do so.

3. Tech­ni­cal and Orga­ni­sa­tio­nal Mea­su­res

3.1 In pro­ces­sing your per­so­nal data we have taken all the neces­sa­ry pre­cau­tions to the maxi­mum pos­si­ble secu­ri­ty, adop­ting the tech­ni­cal and orga­ni­za­tio­nal mea­su­res pro­vi­ded for by the art. 32, 33, 34, 35 and 36 of the GDPR. In par­ti­cu­lar:

(a) All ope­ra­tors who have access to per­so­nal data have been pro­per­ly trai­ned and have been autho­ri­zed to pro­cess by the Con­trol­ler.

(b) All com­pu­ters on which per­so­nal data is pro­ces­sed are pro­tec­ted by login cre­den­tials (user­na­me and pas­sword);

© All com­pu­ters on which per­so­nal data is pro­ces­sed are pro­tec­ted by mali­cious soft­ware (viru­ses and mal­ware) throu­gh soft­ware pro­grams upda­ted to the late­st avai­la­ble relea­ses.

(d) All per­so­nal data is sub­ject to perio­dic bac­kups to gua­ran­tee avai­la­bi­li­ty.

All tech­ni­cal and orga­ni­za­tio­nal mea­su­res are sub­ject to perio­dic reviews and are modi­fied in line to best-prac­ti­se avai­la­ble secu­ri­ty norms, stan­dards and tech­no­lo­gies. 

4. Trans­fer­ring your per­so­nal data to others

4.1 We may disclo­se your per­so­nal data to our insu­rers and/or pro­fes­sio­nal advi­sers inso­far as rea­so­na­bly neces­sa­ry for the pur­po­ses of obtai­ning or main­tai­ning insu­ran­ce cove­ra­ge, mana­ging risks, obtai­ning pro­fes­sio­nal advi­ce, or the esta­blish­ment, exer­ci­se or defen­ce of legal claims, whe­ther in court pro­cee­dings or in an admi­ni­stra­ti­ve or out-of-court pro­ce­du­re.

4.2 Finan­cial tran­sac­tions rela­ting to our ser­vi­ces may be hand­led by our pay­ment ser­vi­ces pro­vi­ders and banks, who­se cur­rent list is avai­la­ble on demand. We will share tran­sac­tion data with our pay­ment ser­vi­ces pro­vi­ders only to the extent neces­sa­ry for the pur­po­ses of pro­ces­sing your pay­men­ts, refun­ding such pay­men­ts and dea­ling with com­plain­ts and que­ries rela­ting to such pay­men­ts and refunds. You can find infor­ma­tion about the pay­ment ser­vi­ces pro­vi­ders’ pri­va­cy poli­cies and prac­ti­ces at their rela­ti­ve web­si­tes.

4.3 We may disclo­se your enqui­ry data to one or more of tho­se selec­ted third par­ty sup­pliers of goods and ser­vi­ces iden­ti­fied on our web­si­te for the pur­po­se of ena­bling them to con­tact you so that they can offer, mar­ket and sell to you rele­vant goods and/or ser­vi­ces. Each such third par­ty will act as a data con­trol­ler in rela­tion to the enqui­ry data that we sup­ply to it; and upon con­tac­ting you, each such third par­ty will sup­ply to you a copy of its own pri­va­cy poli­cy, which will govern that third party’s use of your per­so­nal data.

4.4 In addi­tion to the spe­ci­fic disclo­su­res of per­so­nal data set out in this Sec­tion, we may disclo­se your per­so­nal data whe­re such disclo­su­re is neces­sa­ry for com­plian­ce with a legal obli­ga­tion to which we are sub­ject, or in order to pro­tect your vital inte­rests or the vital inte­rests of ano­ther natu­ral per­son. We may also disclo­se your per­so­nal data whe­re such disclo­su­re is neces­sa­ry for the esta­blish­ment, exer­ci­se or defen­ce of legal claims, whe­ther in court pro­cee­dings or in an admi­ni­stra­ti­ve or out-of-court pro­ce­du­re.

5. Retai­ning and dele­ting per­so­nal data

5.1 This Sec­tion sets out our data reten­tion poli­cies and pro­ce­du­re, which are desi­gned to help ensu­re that we com­ply with our legal obli­ga­tions in rela­tion to the reten­tion and dele­tion of per­so­nal data. In gene­ral the reten­tion period is set to 10 years.

5.2 Per­so­nal data that use for direct mar­ke­ting pur­po­ses will be kept as long as data sub­ject does not reque­st to stop the pro­ces­sing.

5.3 Not­wi­th­stan­ding the other pro­vi­sions of this Sec­tion, we may retain your per­so­nal data whe­re such reten­tion is neces­sa­ry for com­plian­ce with a legal obli­ga­tion to which we are sub­ject, or in order to pro­tect your vital inte­rests or the vital inte­rests of ano­ther natu­ral per­son.

6. Amend­men­ts

6.1 We may upda­te this poli­cy from time to time by publi­shing a new ver­sion on our web­si­te.

6.2 You should check this page occa­sio­nal­ly to ensu­re you are hap­py with any chan­ges to this poli­cy.

6.3 We may noti­fy you of chan­ges to this poli­cy by email.

7. Your rights

7.1 In this Sec­tion, we have sum­ma­ri­zed the rights that you have under GDPR. Some of the rights are com­plex, and not all of the details have been inclu­ded in our sum­ma­ries. Accor­din­gly, you should read the rele­vant laws and gui­dan­ce from the regu­la­to­ry autho­ri­ties for a full expla­na­tion of the­se rights.

7.2  Right to access — you have the right to con­fir­ma­tion as to whe­ther or not we pro­cess your per­so­nal data and, whe­re we do, access to the per­so­nal data, toge­ther with cer­tain addi­tio­nal infor­ma­tion. That addi­tio­nal infor­ma­tion inclu­des details of the pur­po­ses of the pro­ces­sing, the cate­go­ries of per­so­nal data con­cer­ned and the reci­pien­ts of the per­so­nal data.

7.3 Right to rec­ti­fi­ca­tion - you have the right to have any inac­cu­ra­te per­so­nal data about you rec­ti­fied and, taking into account the pur­po­ses of the pro­ces­sing, to have any incom­ple­te per­so­nal data about you com­ple­ted.

7.4 Right to era­su­re - in some cir­cum­stan­ces you have the right to the era­su­re of your per­so­nal data without undue delay. Tho­se cir­cum­stan­ces inclu­de: the per­so­nal data are no lon­ger neces­sa­ry in rela­tion to the pur­po­ses for which they were col­lec­ted or other­wi­se pro­ces­sed; you with­draw con­sent to con­sent-based pro­ces­sing; you object to the pro­ces­sing under cer­tain rules of appli­ca­ble data pro­tec­tion law; the pro­ces­sing is for direct mar­ke­ting pur­po­ses; and the per­so­nal data have been unla­w­ful­ly pro­ces­sed. Howe­ver, the­re are exclu­sions of the right to era­su­re. The gene­ral exclu­sions inclu­de whe­re pro­ces­sing is neces­sa­ry: for com­plian­ce with a legal obli­ga­tion; or for the esta­blish­ment, exer­ci­se or defen­ce of legal claims.

7.5  Right to restrict pro­ces­sing — in some cir­cum­stan­ces you have the right to restrict the pro­ces­sing of your per­so­nal data. Tho­se cir­cum­stan­ces are: you con­te­st the accu­ra­cy of the per­so­nal data; pro­ces­sing is unla­w­ful but you oppo­se era­su­re; we no lon­ger need the per­so­nal data for the pur­po­ses of our pro­ces­sing, but you requi­re per­so­nal data for the esta­blish­ment, exer­ci­se or defen­ce of legal claims; and you have objec­ted to pro­ces­sing, pen­ding the veri­fi­ca­tion of that objec­tion. Whe­re pro­ces­sing has been restric­ted on this basis, we may con­ti­nue to sto­re your per­so­nal data. Howe­ver, we will only other­wi­se pro­cess it: with your con­sent; for the esta­blish­ment, exer­ci­se or defen­ce of legal claims; for the pro­tec­tion of the rights of ano­ther natu­ral or legal per­son; or for rea­sons of impor­tant public inte­re­st.

7.6 Right to object to pro­ces­sing — you have the right to object to our pro­ces­sing of your per­so­nal data on grounds rela­ting to your par­ti­cu­lar situa­tion, but only to the extent that the legal basis for the pro­ces­sing is that the pro­ces­sing is neces­sa­ry for: the per­for­man­ce of a task car­ried out in the public inte­re­st or in the exer­ci­se of any offi­cial autho­ri­ty vested in us; or the pur­po­ses of the legi­ti­ma­te inte­rests pur­sued by us or by a third par­ty. If you make such an objec­tion, we will cea­se to pro­cess the per­so­nal infor­ma­tion unless we can demon­stra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de your inte­rests, rights and free­doms, or the pro­ces­sing is for the esta­blish­ment, exer­ci­se or defen­ce of legal claims.

You have the right to object to our pro­ces­sing of your per­so­nal data for direct mar­ke­ting pur­po­ses (inclu­ding pro­fi­ling for direct mar­ke­ting pur­po­ses). If you make such an objec­tion, we will cea­se to pro­cess your per­so­nal data for this pur­po­se.

You have the right to object to our pro­ces­sing of your per­so­nal data for scien­ti­fic or histo­ri­cal research pur­po­ses or sta­ti­sti­cal pur­po­ses on grounds rela­ting to your par­ti­cu­lar situa­tion, unless the pro­ces­sing is neces­sa­ry for the per­for­man­ce of a task car­ried out for rea­sons of public inte­re­st.

7.7 Right to data por­ta­bi­li­ty — to the extent that the legal basis for our pro­ces­sing of your per­so­nal data is:

(a) con­sent; or

(b) that the pro­ces­sing is neces­sa­ry for the per­for­man­ce of a con­tract to which you are par­ty or in order to take steps at your reque­st prior to ente­ring into a con­tract,

and such pro­ces­sing is car­ried out by auto­ma­ted means, you have the right to recei­ve your per­so­nal data from us in a struc­tu­red, com­mon­ly used and machi­ne-rea­da­ble for­mat. Howe­ver, this right does not apply whe­re it would adver­se­ly affect the rights and free­doms of others.

7.8 Right to com­plain to a super­vi­so­ry autho­ri­ty — if you con­si­der that our pro­ces­sing of your per­so­nal infor­ma­tion infrin­ges data pro­tec­tion laws, you have a legal right to lod­ge a com­plaint with a super­vi­so­ry autho­ri­ty respon­si­ble for data pro­tec­tion. You may do so in the EU mem­ber sta­te of your habi­tual resi­den­ce, your pla­ce of work or the pla­ce of the alle­ged infrin­ge­ment.

7.9 Right to with­draw con­sent — to the extent that the legal basis for our pro­ces­sing of your per­so­nal infor­ma­tion is con­sent, you have the right to with­draw that con­sent at any time. With­dra­wal will not affect the law­ful­ness of pro­ces­sing befo­re the with­dra­wal.

7.10 You may exer­ci­se any of your rights in rela­tion to your per­so­nal data by writ­ten noti­ce to us at our email address info@borgo91.it

8. About coo­kies

8.1 A coo­kie is a file con­tai­ning an iden­ti­fier (a string of let­ters and num­bers) that is sent by a web ser­ver to a web bro­w­ser and is sto­red by the bro­w­ser. The iden­ti­fier is then sent back to the ser­ver each time the bro­w­ser requests a page from the ser­ver.

8.2 Coo­kies may be either “per­si­stent” coo­kies or “ses­sion” coo­kies: a per­si­stent coo­kie will be sto­red by a web bro­w­ser and will remain valid until its set expi­ry date, unless dele­ted by the user befo­re the expi­ry date; a ses­sion coo­kie, on the other hand, will expi­re at the end of the user ses­sion, when the web bro­w­ser is clo­sed.

8.3 Coo­kies do not typi­cal­ly con­tain any infor­ma­tion that per­so­nal­ly iden­ti­fies a user, but per­so­nal infor­ma­tion that we sto­re about you may be lin­ked to the infor­ma­tion sto­red in and obtai­ned from coo­kies.

9. Coo­kies that we use

9.1 We use coo­kies for the fol­lo­wing pur­po­ses:

(a) stric­tly neces­sa­ry: we use coo­kies to pro­vi­de neces­sa­ry infor­ma­tion on our site (the coo­kies used for this pur­po­se are: ilMe­teo);

(b) per­so­na­li­za­tion: we use coo­kies to sto­re infor­ma­tion about your pre­fe­ren­ces and to custo­mi­ze the web­si­te for you (the coo­kies used for this pur­po­se are: Poly­lang);

© ana­ly­sis: we use coo­kies to help us ana­ly­ze the use and per­for­man­ce of our web­si­te and our ser­vi­ces (the coo­kies used for this pur­po­se are: Goo­gle Ana­ly­tics, Tri­pad­vi­sor);

(d) tar­ge­ting: we use coo­kies to sto­re your beha­vior and research about your pre­fe­ren­ces (the coo­kies used for this pur­po­se are: Goo­gle Dou­ble­click).

The upda­ted list of coo­kies used on our site is here.

10. Coo­kies used by our ser­vi­ce pro­vi­ders

10.1 Our ser­vi­ce pro­vi­ders use coo­kies and tho­se coo­kies may be sto­red on your com­pu­ter when you visit our web­si­te.

10.2 We use Goo­gle Ana­ly­tics to ana­ly­se the use of our web­si­te. Goo­gle Ana­ly­tics gathers infor­ma­tion about web­si­te use by means of coo­kies. The infor­ma­tion gathe­red rela­ting to our web­si­te is used to crea­te reports about the use of our web­si­te. Google’s pri­va­cy poli­cy is avai­la­ble at: https://www.google.com/policies/privacy/.

11. Mana­ging coo­kies

11.1 Most bro­w­sers allow you to refu­se to accept coo­kies and to dele­te coo­kies. The methods for doing so vary from bro­w­ser to bro­w­ser, and from ver­sion to ver­sion. You can howe­ver obtain up-to-date infor­ma­tion about bloc­king and dele­ting coo­kies via the­se links:

(a) Chro­me;

(b) Mozil­la Fire­fox;

© Ope­ra;

(d) Micro­soft Inter­net Explo­rer;

(e) Apple Safa­ri; e

(f) Micro­soft Edge.

11.2 Bloc­king all coo­kies will have a nega­ti­ve impact upon the usa­bi­li­ty of many web­si­tes.

11.3 If you block coo­kies, you will not be able to use all the fea­tu­res on our web­si­te.

12. Our details

12.1 The Data Con­trol­ler is B&B Roma Borgo91.

12.2 Our prin­ci­pal pla­ce of busi­ness is at Bor­go Vit­to­rio 91, 00193 Roma — Ita­ly.

12.3 You can con­tact us:

(a) by post, to the postal address given abo­ve;

(b) by tele­pho­ne, on the con­tact num­ber publi­shed on our web­si­te; or

©  by email, using the email address publi­shed on our web­si­te.