Book an appointment

Privacy Policy

Dear Guest,

Hotel Royal srl (VAT: 02397220647), located at Via Posta Vecchia, 1 – 83030 Pietradefusi (AV) ITALY, as the Data Controller, informs you about the use of your personal data provided and/or related to you for booking and staying at our hotel.
The Data Controller informs you, pursuant to Articles 13/14 of EU Regulation 2016/679, that your personal data provided or related to you will be processed in compliance with the legal provisions.
According to the regulations, the processing of your personal data (personal details, residence information, contact data, email, phone number, preference data, booking details, stay-related data, browsing data, etc.) will be conducted in accordance with principles of fairness, legality, transparency, and protection of privacy.

Treatment methods

Personal data are processed using both manual and automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.

Processing is also carried out with the aid of computer systems for the following purposes:

  1. Reservation and Stay Purposes: Personal data provided or related to you during the reservation and/or stay will be processed for delivering the requested hotel services.
    The legal basis for this processing is the necessity to fulfill contractual and/or pre-contractual obligations under Article 6(1)(b) of EU Regulation 2016/679, as well as to comply with legal obligations under Article 6(1)(c) of the same Regulation. Providing these personal data is essential for the provision of hotel services; failure to provide them may prevent the Data Controller from delivering the requested services. The personal data will be processed for the time necessary to fulfill contractual and/or legal obligations.
  2. Compliance with Public Security Obligations: To comply with the "Consolidated Public Security Laws" Compliance with Public Security Obligations: To comply with the "Consolidated Public Security Laws" (Article 109 of R.D. 18.6.1931 n. 773), we are required to report guest details to the Police Headquarters for public security purposes, according to the procedures established by the Ministry of the Interior (Decree 7 January 2013). Providing these data is mandatory and does not require consent; refusal to provide them will result in the inability to accommodate you. Data collected for this purpose will be stored for a maximum of 10 years to allow for fiscal and judicial verification by the competent authorities.
  3. Administrative, Accounting, and Fiscal Obligations: To meet current administrative, accounting, and fiscal obligations. Processing for these purposes is carried out without requiring consent. Data are processed by us and our external partners and are communicated to third parties only in compliance with legal obligations. Refusal to provide necessary data will prevent us from providing the requested services. Data for these purposes are retained for the time required by relevant regulations (10 years, or longer in case of tax audits).
  4. To streamline the registration procedures for any future stays at our facility. For this purpose, with your revocable consent given at any time, your data will be retained until you request its deletion and will be used during future stays at our facility for the purposes mentioned above.
  5. To handle the reception of messages and phone calls addressed to you during your stay. For this purpose, your consent is required. You may revoke your consent at any time. However, processing will cease upon your departure.
  6. For the protection of individuals, property, and company assets through a video surveillance system in certain areas of the facility, identifiable by appropriate signage. Consent is not required for this processing., this is because it serves our legitimate interest in protecting individuals and property from potential threats, theft, robbery, damage, vandalism, as well as for fire prevention and workplace safety. Recorded images are retained for no more than one week and are not shared with third parties, except in response to specific investigative requests from judicial or law enforcement authorities.
  7. to manage surveys and/or evaluations related to the quality of services provided by Hotel Royal srl and/or the perception of its image as a company. This processing does not require consent as it is based on the legitimate interest of the Data Controller
  8. Profiling and marketing purposes (optional)

With your explicit authorization, the personal data (as per Article 4(1) of EU Regulation 2016/679) you provide or related to you during the booking and/or stay may be processed for the following additional purposes:
A) Direct marketing activities through the sending of promotional materials via postal mail, email, SMS/MMS, mobile applications, or other digital communication channels.
B) Customer profiling activities aimed at improving the offerings of goods and services by Hotel Royal srl (customer profiling).

Please note that the aforementioned processing activities may be used to understand your consumption choices in order to make Hotel Royal srl’s commercial policies and services more effective. Consequently, you may receive targeted discounts, offers, or promotions based on your preferences and consumption.
Providing data for the purposes outlined in points A) and B) is voluntary and optional. Therefore, all hotel services can still be provided even if you choose not to authorize the processing for these purposes.

The legal basis for the processing is your explicit consent, given by checking the appropriate boxes and completing the procedure double opt-in your personal data, as defined in Article 4(1) of EU Regulation 2016/679, provided or related to you, will be processed in compliance with legal requirements for a period deemed appropriate for achieving the purposes indicated in this point, considering the balance between the legitimate interests of the Data Controller and the rights and freedoms of the customer as the data subject. Your data will be processed according to the timelines specified by legal provisions or, in the absence of specific regulations, as long as necessary for marketing and profiling activities. The Data Controller ensures that data processing will not continue indefinitely.
We emphasize that you have the right to withdraw your consent at any time for the activities described in this section 2) by sending a simple informal written communication to the contact details of the Data Controller specified later in this notice. According to the law, any processing carried out before the withdrawal of consent remains valid.

  1. In the case of registration and/or access through third-party accounts, Hotel Royal srl may process and access certain profile information from the corresponding social network solely for internal administrative processes and/or the purposes mentioned above.
  2. If it is necessary to process the User’s data to fulfill a legal obligation or to execute the contractual relationship between Hotel Royal srl and the user, the processing will be lawful as it is required to meet these purposes.

Regardless of the data subject’s decision to remove them, personal data will be retained to fulfill obligations (e.g., fiscal and accounting) that remain even after the termination of the contract (Article 2220 of the Italian Civil Code). For these purposes, the Data Controller will only retain the data necessary to comply with such obligations.

Exceptions are made in cases where it is necessary to assert rights arising from the contract and/or registration, in which case the personal data of the data subject, limited to what is necessary for these purposes, will be processed for the time required to pursue such rights.
The Data Controller does not transfer personal data to countries outside the EU where the GDPR does not apply, unless specifically indicated otherwise. In such cases, if necessary, consent will be requested.
We would also like to inform you that providing your data for the processing activities mentioned in points 1, 2, and 3 is mandatory. If you refuse to provide this data, we will not be able to accommodate you at our hotel. If you wish for the processing described in points 4, 5, and 6 to be carried out, you will need to provide your consent. However, consent can be withdrawn later by opposing the processing activities.

Below, we provide you with additional information and clarifications regarding the specified processing activities:

– The personal data you provide or that is related to you may be subject to partially or fully automated processing, which may be carried out using paper, electronic, and/or magnetic supports.
– Personal data will not be disseminated but may be communicated to or accessed by specifically trained operators within the Data Controller's organization and/or external parties who collaborate with the company as data processors or independent data controllers. Examples include, but are not limited to:

  1. – Companies, firms, and/or independent professionals for the processing and management of personal data;
  2. – Companies, firms, and/or independent professionals for consulting and/or management activities in technical, corporate, and IT fields;
  3. other parties to whom communication may be necessary for the proper and complete execution of the contractual relationship and/or to fulfill legal obligations and/or to pursue the specified purposes.

We inform you that the Data Controller has appointed external data processors who may have IT systems located in countries outside the European Union, and therefore data may be processed in those countries. However, we specify that personal data will only be processed in third countries that have received an adequacy decision from the European Commission and provide appropriate security guarantees for data processing. For any clarification and requests, you may contact the Data Protection Officer at the details provided below.

– We also inform you that you have the right to request from the Data Controller access to your personal data, as well as its correction, deletion, or restriction of processing. You also have the right to object to the processing of personal data and to exercise the right to data portability. The rights mentioned in this paragraph can be exercised as provided by Articles 15, 16, 17, 18, 20, and 21 of Regulation (EU) 2016/679, which are reproduced for your convenience along with this notice. All rights may be exercised with the Data Controller, and you also have the right to file a complaint with the national data protection authority.

 

This notice integrates and completes elements already known to the data subject

EXTRACT FROM REGULATION (EU) 679/2016

Article 15 - Right of access by the data subject The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information: a) the purposes of the treatment; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations; d) when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party. 2. If personal data are transferred to a third country or to an international organisation, the interested party has the right to be informed of the existence of adequate guarantees pursuant to Article 46 relating to the transfer. 3. The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless the interested party indicates otherwise, the information is provided in a commonly used electronic format. 4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Article 16 Right to Rectification The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.

Article 17 Right to Erasure ("Right to be Forgotten") The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller is obliged to erase personal data without undue delay if one of the following reasons applies: a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a), and there is no other legal ground for the processing; c) The data subject objects to the processing pursuant to Article 21(1), and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d) The personal data have been unlawfully processed; e) The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.

  1. f) The personal data were collected in relation to the offer of information society services referred to in Article 8(1). Where the data controller has made personal data public and is obliged, under paragraph 1, to erase them, taking into account available technology and the cost of implementation, the data controller shall take reasonable steps, including technical measures, to inform data controllers who are processing the personal data of the data subject's request to erase any links to, or copies or replications of, those personal data. Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary: a) For exercising the right to freedom of expression and information; b) For compliance with a legal obligation requiring processing under Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; c) For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i), and Article 9(3); d) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1), insofar as the right under paragraph 1 is likely to make it impossible or seriously impair the achievement of the objectives of that processing; or e) For the establishment, exercise, or defence of legal claims.
    Article 18 Right to Restriction of Processing The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs: a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that their use be limited; c) although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the interested party to ascertain, exercise or defend a right in court; d) the interested party has objected to the processing pursuant to Article 21, paragraph 1, pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. 2. If processing is limited pursuant to paragraph 1, such personal data shall be processed, except for storage, only with the consent of the interested party or for the establishment, exercise or defense of legal claims. or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. L 119/44 EN Official Journal of the European Union 4.5.2016 3. The interested party who has obtained the limitation of processing pursuant to paragraph 1 shall be informed by the data controller before said limitation is revoked.

Article 20 Right to Data Portability 1. The interested party has the right to receive the personal data concerning him or her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom it was provided if: a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), or on a contract within the meaning of Article 6(1)(b); and b) the processing is carried out by automated means. 2. When exercising their rights relating to data portability pursuant to paragraph 1, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible. 3. The exercise of the right referred to in paragraph 1 of this article is without prejudice to Article 17. This right does not apply to processing necessary for the execution of a task of public interest or connected to the exercise of public powers referred to the data controller is vested. 4. The right referred to in paragraph 1 must not adversely affect the rights and freedoms of others.

 Article 21 Right to Object 1. L'interessato ha il diritto di opporsi in qualsiasi momento, per motivi connessi alla sua situazione particolare, al trattamento dei dati personali che lo riguardano ai sensi dell'articolo 6, paragrafo 1, lettere e) o f), compresa la profilazione sulla base di tali disposizioni. Il titolare del trattamento si astiene dal trattare ulteriormente i dati personali salvo che egli dimostri l'esistenza di motivi legittimi cogenti per procedere al trattamento che prevalgono sugli interessi, sui diritti e sulle libertà dell'interessato oppure per l'accertamento, l'esercizio o la difesa di un diritto in sede giudiziaria. 2. Qualora i dati personali siano trattati per finalità di marketing diretto, l'interessato ha il diritto di opporsi in qualsiasi momento al trattamento dei dati personali che lo riguardano effettuato per tali finalità, compresa la profilazione nella misura in cui sia connessa a tale finalità di marketing diretto. 3. Qualora l'interessato si opponga al trattamento per finalità di marketing diretto, i dati personali non sono più oggetto di trattamento per tali finalità. 4.5.2016 IT Gazzetta ufficiale dell'Unione europea L 119/45 4. Il diritto di cui ai paragrafi 1 e 2 è esplicitamente portato all'attenzione dell'interessato ed è presentato chiaramente e separatamente da qualsiasi altra informazione al più tardi al momento della prima comunicazione con l'interessato. 5. Nel contesto dell'utilizzo di servizi della società dell'informazione e fatta salva la direttiva 2002/58/CE, l'interessato può esercitare il proprio diritto di opposizione con mezzi automatizzati che utilizzano specifiche tecniche. 6. Qualora i dati personali siano trattati a fini di ricerca scientifica o storica o a fini statistici a norma dell'articolo 89, paragrafo 1, l'interessato, per motivi connessi alla sua situazione particolare, ha il diritto di opporsi al trattamento di dati personali che lo riguarda, salvo se il trattamento è necessario per l'esecuzione di un compito di interesse pubblico.

 

Extended Cookie Policy

This website uses technical cookies to ensure the proper functioning of procedures and to enhance the user experience of online applications. This document provides information on the use of cookies and similar technologies, how they are used on the site, and how to manage them.

Definitions

Cookies are small text files that the sites visited by users send to their terminals, where they are stored before being re-transmitted to the same sites on the next visit. The cookies of the so-called “third parties” are, however, set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than that of the site visited.

Types of cookies

Based on the characteristics and use of cookies, different categories can be distinguished:

– Technical cookies. Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service” (see art. 122, paragraph 1, of the Code). They are not used for further purposes and are normally installed directly by the owner or manager of the website. They can be divided into navigation or session cookies, which guarantee normal navigation and use of the website; analytics cookies, assimilated to technical cookies when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site itself; functionality cookies, which allow the user to navigate according to a series of selected criteria in order to improve the service provided. For the installation of these cookies, the prior consent of the users is not required, while the obligation to provide the information pursuant to art. 13 of the Code, which the site manager, if he uses only such devices, can provide in the manner he deems most suitable.

– Profiling cookies. Profiling cookies are aimed at creating profiles relating to the user and are used to send advertising messages in line with the preferences expressed by the user when browsing the internet. Due to the particular invasiveness that these devices can have in the private sphere of users, European and Italian legislation requires that the user must be adequately informed about their use and thus express their valid consent. The art refers to them. 122 of the Code where it provides that "the storage of information in the terminal device of a contractor or user or access to information already archived is permitted only on the condition that the contractor or user has expressed his/her consent after being been informed with the simplified methods referred to in article 13, paragraph 3” (article 122, paragraph 1, of the Code). This site does not use profiling cookies.

“Third party” cookies

By visiting this website you may receive cookies from sites managed by other organizations (“third parties”). An example is represented by the presence of "social plugins" for Facebook, Twitter, Google+ or LinkedIn, or embedded (integrated) multimedia content viewing systems such as Youtube, Flikr. These are parts generated directly by the aforementioned sites and integrated into the web page of the host site visited. The presence of these plugins involves the transmission of cookies to and from all sites managed by third parties. The management of information collected by "third parties" is governed by the relevant information to which please refer. To ensure greater transparency and convenience, the web addresses of the various information and methods for managing cookies are shown below.

Facebook informativa: https://www.facebook.com/help/cookies/
Facebook (configurazione): accedere al proprio account. Sezione privacy.
Twitter informative: https://support.twitter.com/articles/20170514
Twitter (configurazione): https://twitter.com/settings/security
Linkedin informativa: https://www.linkedin.com/legal/cookie-policy
Linkedin (configurazione): https://www.linkedin.com/settings/
Youtube\Google+ informativa: http://www.google.it/intl/it/policies/technologies/cookies/
Youtube\Google+ (configurazione): http://www.google.it/intl/it/policies/technologies/managing/
Pinterest informativa\configurazione https://about.pinterest.com/it/privacy-policy
Flikr\Yahoo informativa http://info.yahoo.com/privacy/it/yahoo/cookies/details.html
Flikr\Yahoo (configurazione) http://info.yahoo.com/privacy/it/yahoo/opt_out/targeting/details.html

Cookie analytics

WebTrends

For the sole purpose of monitoring and improving the performance of the site, a statistical analysis market product is used to detect access to the site. It may resort to the use of cookies, permanent or otherwise, for the purpose of collecting statistical information and on "unique visitors" to the site. The cookies, defined as "Unique Visitor Cookies", contain an alphanumeric code that identifies the browsing computers, without however any collection of personal data.

Google Analytics

The site also includes components transmitted by Google Analytics, a web traffic analysis service provided by Google, Inc. ("Google"). These cookies are used for the sole purpose of monitoring and improving the performance of the site. For further information, please refer to the link below:

https://www.google.it/policies/privacy/partners/

The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on their browser. To disable the action of Google Analytics, please refer to the link below:

https://tools.google.com/dlpage/gaoptout

Duration of cookies

Some cookies (session cookies) remain active only until the browser is closed or the logout command is executed. Other cookies "survive" when the browser is closed and are also available on subsequent visits by the user. These cookies are called persistent and their duration is set by the server at the time of their creation. In some cases a deadline is set, in other cases the duration is unlimited.

Cookie management

The user can decide whether or not to accept cookies using their browser settings.
Warning: totally or partially disabling technical cookies could compromise the optimal use of the site.
Disabling "third party" cookies does not affect navigability in any way.
The setting can be defined specifically for different websites and web applications. Furthermore, browsers allow you to define different settings for "proprietary" cookies and "third party" cookies. By way of example, in Firefox, through the Tools->Options->Privacy menu, it is possible to access a control panel where it is possible to define whether or not to accept the different types of cookies and proceed with their removal. Documentation on how to set the cookie management rules for your browser is easily available on the internet; as an example, some addresses relating to the main browsers are given below:

Chrome: https://support.google.com/chrome/answer/95647?hl=it
Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9
Opera: http://help.opera.com/Windows/10.00/it/cookies.html
Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

en_GBEnglish
it_ITItalian en_GBEnglish
Scan the code