In compliance with the provisions of the EU Regulation 2016/679 (hereinafter GDPR) we provide, in the following, information regarding the processing of personal data provided by the data subject towards the Company.
This information is provided pursuant to art. 13 and 14 GDPR.
Identity and contact data controller
The data controller is Zucchetti Hospitality, Viale Ceccarini 190, - Riccione (RN) 47838 – Italia.
The Company can be contacted at the following addresses: via Solferino n. 1 – 26900 Lodi (LO), tel: 0371/5941; e-mail: email@example.com.
Contact details of the Data Protection Officer (DPO)
The Data Protection Officer is dr. Mario Brocca, tel. 0371/5943191, e-mail: firstname.lastname@example.org; pec: email@example.com.
Purpose of processing, legal basis and retention time
Purpose Type of data processed Legal basis Retention time Service delivery
Customer registration and then comply with legal obligations.
Name, Surname, Phone number, Additional requests, Address, ZIP Code, Province, Nation, State and E-Mail, payment data
Performance of a contract to which you are a party or pre-contractual measures taken at the request of the data subject; fulfillment of legal obligations.art. 6 co. 1 lett. b) and c) GDPR.
The retention time is changeable because it is dictated by the difference between the moment in which the reservation takes place and the moment in which you really arrive in the structure.
The encrypted payment data is stored up to 15 days after the departure of the guest of the customer and then stored for one year in an anonymous and encrypted form.
Newsletter by hotel
Automatic contact send by newsletter
Personal data and contact data.
Agreement (required by contract or with specific request);
(optional and revocable at any time)Art. 6 co. 1 lett. a) GDPR.
Until the withdrawal of consent for this purpose and/or five years after the expression of consent
Mandatory nature of data provision
The interested party must provide the Company with the data necessary for the performance of the contractual relationship, as well as the data necessary to comply with obligations provided for by laws, regulations, community regulations, or by provisions of the Authority to which this is legitimized by law and by supervisory and control bodies.
Data not essential for the performance of the contractual relationship are qualified and considered additional and their provision by the interested party, if required, is optional and subject to consent. The consent provided may be revoked by the data subject at any time by writing an e-mail to: firstname.lastname@example.org. Such revocation will in no way affect the lawfulness of the processing based on the consents granted before the revocation.
Personal data will be recorded, processed and stored in the archives of the Company, both paper and electronic, in compliance with the appropriate technical and organizational measures referred to in art. 32 of the GDPR. The processing of the personal data of the data subject may consist of any transaction or set of transactions among those indicated in art. 4, paragraph 1, point 2 of the GDPR.
The processing of personal data will take place through the use of appropriate tools and procedures to ensure its security and confidentiality and may be carried out, directly and/or through delegated third parties, either manually using paper media, either by means of computer or electronic means. The data, for the purposes of the correct management of the relationship and the fulfilment of legal obligations, may be included in the internal documentation of the Companies and, if necessary, also in the records and registers required by law.
The personal data of the interested party may be processed by the employees of the Company’s corporate functions appointed to pursue the purposes indicated above. These employees have been expressly authorized to process and have received appropriate operating instructions pursuant to and for the purposes of art. 29 GDPR.
Categories of personal data recipients
The personal data referred to in the purpose a) are exclusively communicated to the booked property or to any legal offices where required by law.
The navigation data, following the expression of consent, are communicated to Google and Meta for statistical purposes.
The booking identification number is communicated to TripAdvisor/Trivago (if the booking came from them), in order to uniquely track the completion of the booking.
Payment data is transmitted to payment service providers for the completion of the transaction.
Data transfer to non-EU countries
The data provided by the data subject will be processed only in countries located within the European Union. If the personal data of the data subject are processed in a state outside the EU, the rights granted to the latter by Community legislation will be guaranteed and the data subject will be notified in a timely manner.
Rights of the data subject
Pursuant to artt. 15 and ss GDPR, the data subject may exercise the following rights:
- Access: confirmation or not that the personal data of the data subject are being processed and right of access to them; it is not possible to respond to manifestly unfounded, excessive or repetitive requests;
- Rectification: correct/obtain correction of personal data if incorrect or obsolete and complete them, if incomplete;
- Erasure/oblivion: obtain, in some cases, the cancellation of the personal data provided; this is not an absolute right, as the Companies may have legitimate or legal reasons to store them;
- Limitation: the data will be stored, but can neither be processed, nor further processed, in the cases provided for by law;
- Portability: move, copy or transfer data from the Company’s databases to third parties. This applies only to the data provided by the data subject for the execution of a contract or for which consent has been given and expressed and the processing is carried out by automated means;
- Opposition to direct marketing;
- Withdrawal of consent at any time, if processing is based on consent.
Pursuant to art. 2-undicies of D.Lgs. 196/2003 the exercise of the rights of the data subject may be delayed, limited or excluded, with reasoned communication and returned without delay, unless the communication may compromise the purpose of the limitation, for the time and insofar as this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subject, in order to safeguard the interests referred to in paragraph 1, letters a) (interest protected in the field of money laundering)e) (the conduct of defensive investigations or the exercise of a right in court)and f) (the confidentiality of the identity of the employee who reports wrongdoings of which he has become aware by reason of his office). In such cases, the rights of the interested party can also be exercised through the Guarantor in the manner referred to in article 160 of the same Decree. In this case, the Guarantor will inform the person concerned that he has carried out all the necessary checks or carried out a review and that the person concerned has the right to bring legal proceedings.
In addition, it is specified that - before processing requests - the Company may carry out a verification of the identity of the person concerned, to assess the legitimacy of the request received.
To exercise these rights, the interested party can contact the Data Controller Company in relation to the areas as defined above at the address email@example.com or by contacting the number 0371/594.3191 or by sending a letter to Ufficio Privacy Zucchetti, via Solferino n. 1 - 26900 Lodi.
The Company will respond within 30 days of receiving the formal request sent by the interested party.
Please note that in the event of a personal data breach, the data subject may lodge a complaint with the competent authority: “Data Protection Authority“
Cookies are small pieces of information installed in the browser when you visit a website or use a social network with your PC , tablet or smartphone. Each cookie contains various information that assist the Owner in providing the service according to the purposes described . Cookies can stay in the system for the duration of a session (that ends when the browser is closed ) or for a prolonged period of time. Some of the purposes of installation may require the User consent.
How can I manage cookies ?
The User has the ability to manage Cookies preferences directly from within their browser and prevent third parties from installing them. It is important to note that disabling all Cookies can alter the correct functioning of this Site.
More information about online advertising
Browser cookie controls
In addition, your browser or device may offer settings that allow you to choose whether browser cookies are set and to delete them. For more information about these controls, visit your browser or device's help material.
Cookies help us provide, protect and improve the Service, such as by personalizing content and providing a safer experience. While the cookies that we use may change from time to time as we improve and update the Service, we use them for the following purposes:
Essential session Cookies
This Application uses session cookies with the only purpose of carrying out tasks that are essential for the Site to operate correctly.
Saving preferences, experience optimization and statistical reports
Site features and services
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services.
Registration and authentication
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Facebook Authentication (Facebook Inc.)
Facebook Authentication is a registration and authentication service provided by Facebook, Inc. This service allows this Application to connect with the User's account on the Facebook social network.
Google OAuth (Google Inc.)
Google OAuth is a registration and authentication service provided by Google Inc. This service allows this Application to connect with the User's account on the Google network.
Payment processing services enable this Application to process payments by credit card, bank transfer or other means. To ensure greater security, this Application shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning the payment.
PayPal is a payment service provided by PayPal Inc. which allows Users to make online payments using their PayPal credentials.
Displaying content from external platforms
These services allow you to view content hosted on external platforms directly from the pages of this Application and interact with them. If a service of this kind is installed, it may still collect web traffic data for the pages where the service is installed, even when users do not use it.
GoogleFonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.
Contacting the User
Contact form (This Application)
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
- Personal data collected: Name, Surname, Telephone number, Address, ZIP code, Province, State, Country and Email
- Place of processing: Europe
These services allow this Application to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Azure Applications Insights (Microsoft Inc.)
Azure Applications insight is a monitoring service provided by New Microsoft Inc. The way it is integrated means that it filters all traffic of this Application, i.e., communication between the Application and the User's browser or device, while also allowing analytical data on this Application to be collected.
- Personal data collected: Cookie and Usage data
- Place of processing: USA
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.AdWords Conversion Tracking (Google Inc.)
Google AdWords conversion tracking is a statistics service provided by Google Inc. that connects data from the network of Google AdWords ads with the actions within this Application.
TripAdvisor Conversion Tracking (Google Inc.)
- Personal data collected: Cookie and Usage data
- Place of processing: 141 Needham Street, Newton, MA 02464, USA
Remarketing and Behavioral Targeting
These services allow this Application and its partners to inform, optimize and serve advertising based on past use of this Application by the User. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
AdWords Remarketing (Google Inc.)
AdWords Remarketing is a Remarketing and Behavioral Targeting service provided by Google Inc. that connects the activity of this Application with the Adwords advertising network and the Doubleclick Cookie.
Widgets and third party services
Google Maps (Google Inc.)
Google Maps is a maps visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.
- Personal data collected: Cookie and Usage data
- Place of processing: 1600 Amphitheatre Parkway Mountain View - CA94043 USA
Last updated: November, 21th 2022