menu
menu
eng
ita eng
Benefits
Gym
Late check-out upon availability
High floor availability upon request
Resaleable on Takyon
Complimentary water upon arrival
Benefits
Gym
Late check-out upon availability
High floor availability upon request
Resaleable on Takyon
Complimentary water upon arrival
Privacy Policy 1
Show More

Privacy Policy

Privacy Policy for Website Visitors

CRA - Costruzioni Residenziali Alberghiere S.r.l., with registered office at Via Giovanni Amendola 46 – 00185 Rome, Tax Code and VAT No. 03804501009 (the "Company"), in its capacity as data controller (hereinafter, the "Company" or the "Data Controller"), provides this privacy notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (the "GDPR") regarding the processing of personal data of visitors to the websites https://www.giobertiarthotel.it/ and https://www.hotelgioberti.it/ (the "Sites").

1. What types of data are processed, for what purposes, and on what legal basis?

Browsing the Sites (browsing data):

The computer systems and software procedures used to operate the Sites acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected for the purpose of being associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by visitors to access the Sites, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file returned, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters related to the visitor’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on the use of the Sites and to verify their proper functioning. They are deleted immediately after processing. Such data may also be used to determine liability in the event of potential cybercrimes committed against the Sites.
Browsing data are processed on the basis of our legitimate interest in ensuring the security of the Sites, verifying their proper operation, and gathering usage statistics (Article 6(1)(f) of the GDPR).

Data voluntarily provided by you:

  • In emails voluntarily sent to us and in booking forms: the optional, explicit, and voluntary sending of your personal data to the email addresses published on the Sites, or through the completion of the booking form available thereon, entails the subsequent acquisition of such data (including data related to the selected payment method), which are necessary to respond to your request or to process your booking (Article 6(1)(b) of the GDPR). You are free not to provide such data; however, failure to do so may make it impossible for us to respond to your request.

2. Who may become aware of my personal data?
Your personal data may come to the knowledge of the employees and/or collaborators of the Company in charge of managing the Sites, providing assistance or supplying you with what you have requested. Your personal data may also be disclosed to parties who, in their capacity as data processors, provide us with services that are instrumental to the performance of our activities, such as, by way of example but not limited to, suppliers of IT and logistics services functional to the operation of the Sites and group companies that provide us with intra-group services.

3. Will my personal data be disclosed to third parties?
Your data may be disclosed to judicial authorities upon their request, in the cases provided for by law.


4. How will my personal data be processed and how long will it be retained?
Your personal data will be processed using both automated and non-automated means. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorized access.
Browsing data will be retained for a maximum of 30 (thirty) days, unless further retention is necessary to determine liability in the event of potential cybercrimes against the Sites or to comply with requests from judicial authorities.
If you contact us via email to request information about the Company’s services, your data will be retained for 30 (thirty) days, unless a contractual relationship is established or negotiations are initiated for that purpose.
In the event of a booking cancellation, your data will be deleted immediately, unless further retention is required by law or necessary to defend our rights in judicial or extrajudicial proceedings.

5. Will my data be transferred outside the European Economic Area?
No, your personal data will be stored and processed exclusively within the territory of the European Economic Area. However, with regard to data collected through cookies, please refer to our Cookie Policy.

6. Do you use cookies or similar tools on the Sites?
Yes, we use cookies on our Sites. Please refer to our Cookie Policy for more information.

7. What are my rights?
You have the right to exercise, at any time and free of charge, the rights provided under Articles 15 to 22 of the GDPR, including:
(i) the right of access to your personal data (i.e. the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, access to such data, a copy thereof, and the information referred to in Article 15 of the GDPR);
(ii) the right to rectification (i.e. the right to have inaccurate data concerning you corrected or incomplete data completed), erasure of such data where one of the grounds set out in Article 17 of the GDPR applies, or restriction of processing (i.e. the right, in the cases provided under Article 18 of the GDPR, to have your data marked so that their processing is limited in the future);
(iii) the right to data portability (i.e. the right, in the cases provided under Article 20 of the GDPR, to receive your data in a structured, commonly used and machine-readable format, and to transmit such data to another data controller without hindrance).

You also have the right to object, at any time and on grounds relating to your particular situation, to the processing of personal data concerning you carried out pursuant to Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interest) of the GDPR, including profiling based on those provisions.
Furthermore, you have the right to withdraw your consent at any time, where processing is based on your consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. How can I contact you and exercise my rights?
Requests to exercise your rights, as outlined above, may be submitted by post to:
CRA - Costruzioni Residenziali Alberghiere S.r.l., Via Giovanni Amendola 46 – 00185 Rome – Attn: Privacy Officer,
or by email to: privacy@hotelgioberti.it,
or by contacting the Data Protection Officer appointed by the Company at: dpo@arsenalegroup.com.

Please note that you also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the supervisory authority of the EU Member State in which you reside or work, or where the alleged violation took place.

9. How will you notify me of any changes to this privacy notice?
This privacy notice may be subject to changes and/or updates. Any such changes will always ensure full protection of your rights. Should any changes be made that may limit the safeguards for your data or your rights compared to the current version, you will be promptly informed before any processing begins under the new conditions.
In any case, we encourage you to regularly review this notice to stay informed about any updates made since your last consultation.