Privacy Policy for the Processing of Personal Data – GDPR

HOTEL DEL BORGO with sole shareholder,
with registered office at Via Marco Emilio Lepido, 195 – Bologna,
(hereinafter the “Controller”), in its capacity as data controller of personal data,
informs you pursuant to Art. 13 of Legislative Decree no. 196 of June 30, 2003 (Privacy Code) and Art. 13 of EU Regulation 2016/679 (GDPR) that your data will be processed through the website www.hoteldelborgo.it
in the manner and for the purposes set out below.

1. Subject of the Processing

The subject of the processing includes personal identification and contact data (by way of example but not limited to: first name, last name, address, telephone number, email, tax data) – hereinafter “personal data” or “data” – voluntarily provided by the user on the occasion of:

  • completion of contact forms available on the website
  • requests for information or quotations
  • bookings or availability requests
  • newsletter subscription
  • participation in events or initiatives promoted by the Controller
  • requests for assistance or general communications

2. Purpose of the Processing

Personal data are processed for the following purposes:

A) Without the explicit consent of the data subject

(Art. 6 letters b), c) and f) GDPR), for:

  • management and maintenance of the website
  • responding to requests for information, quotations and contacts
  • management of bookings and hotel services
  • fulfillment of contractual and pre-contractual obligations
  • compliance with legal, tax and administrative obligations
  • prevention of fraud or misuse of the website
  • exercise of the Controller’s rights in court

B) Only with the explicit consent of the data subject

(Art. 6 letter a) and Art. 7 GDPR), for:

  • sending informational and promotional newsletters
  • commercial communications and direct marketing
  • invitations to events or initiatives promoted by the Controller
  • opinion and satisfaction surveys

3. Processing Methods

The processing of personal data is carried out by means of paper, electronic and telematic tools, with logic strictly related to the stated purposes and in compliance with the security measures required by the GDPR.

Data are stored on servers located within the European Union and/or at suppliers duly appointed as Data Processors.

Data will be retained:

  • for 10 years from the termination of the contractual relationship for service-related purposes
  • for 2 years from collection for marketing purposes, unless consent is withdrawn

4. Data Security

The Controller adopts appropriate technical and organizational measures to ensure the security, integrity and confidentiality of personal data, including:

  • HTTPS protocols
  • systems for protection against unauthorized access
  • backup and control procedures

5. Access to Data

Data may be made accessible:

  • to employees and collaborators of the Controller authorized to process the data
  • to IT service providers, hosting providers, email and newsletter management providers
  • to companies providing technical assistance, tax or legal consultancy services
  • to banks and payment service providers

These parties act as Data Processors or Independent Controllers, in accordance with applicable law.

6. Communication and Disclosure of Data

Personal data will not be disclosed.

The Controller may communicate data to judicial authorities or public bodies only in cases provided for by law.

The website may use anonymous tracking tools for statistical and marketing purposes (e.g., remarketing), without direct identification of the user.

7. Data Transfer

Personal data are processed and stored mainly within the European Union.
Any transfers outside the EU will take place in compliance with Arts. 44 et seq. GDPR.

8. Nature of Data Provision

Provision of data for the purposes referred to in point 2.A is necessary.
Failure to provide such data will make it impossible to supply the requested services.

Provision of data for the purposes referred to in point 2.B is optional and may be withdrawn at any time.

9. Rights of the Data Subject

The data subject may exercise the rights provided for in Arts. 15–22 GDPR, including:

  • access to data
  • rectification or updating
  • erasure (right to be forgotten)
  • restriction of processing
  • data portability
  • objection to processing
  • complaint to the Data Protection Authority

10. How to Exercise Rights

Rights may be exercised at any time by sending:

  • a registered letter with return receipt to
    HOTEL DEL BORGO – Via Marco Emilio Lepido, 195 – Bologna
  • an email to
    info@hoteldelborgo.it

11. Minors

The website is not intended for persons under 18 years of age.
The Controller does not intentionally collect personal data relating to minors.

12. Data Controller

HOTEL DEL BORGO
Via Marco Emilio Lepido, 195
Bologna

Company subject to management and coordination activities pursuant to Art. 2497-bis of the Italian Civil Code by Rolima S.r.l., with registered office in Bologna.

13. Changes to This Policy

This policy may be subject to changes and updates.
Users are invited to consult it periodically.

Book now
Book now
Scroll to Top
Hotel del Borgo
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.