This page illustrates the policies for personal data security implemented by INFINITY HOTEL MANAGEMENT S.r.l. for the benefit of users who consult the website and, more generally, for data subjects who interact with our hotel for various reasons.

This privacy policy disclosure is provided pursuant to Article 13 of the General Regulation for the Protection of Personal Data EU 2016/679 (hereinafter referred to as GDPR – the General Data Protection Regulation), in particular for those who interact with the web services of Palazzo Panzani, which in turn belongs to the hotel brand GREGORI HOTELS, which you may review at:

https://www.palazzopanzani.com/ 

This privacy policy disclosure refers only to the website of Palazzo Panzani and not to other websites that may be accessed by the user through links.

This privacy policy disclosure is also issued following Recommendation No. 2/2001 which the European authorities for the protection of personal data, acting within the Group established by Article 29 of Directive No. 95/46/EC, adopted on 17 May 2001. The purpose of said Group was to identify certain minimum requirements for the online collection of personal data and, in particular, the manner, timing and nature of information disclosures which data controllers must provide to users when they access web pages, regardless of the purpose thereof.

DATA CONTROLLERS AND DATA PROCESSORS

1. Pursuant to Article 4 point 7 of the GDPR 2016/679, the data controller for the Website is the company INFINITY HOTEL MANAGEMENT S.r.l. with headquarters in Via Catone, 34 - 00192 Rome – Province of Rome;
2. Pursuant to Article 28 of the GDPR 2016/679, the external Data Processor and System Administrator for the management of the hotel's website and the online booking platform www.blastnessbooking.com, integrated in the website itself, is the company BLASTNESS S.r.l. with headquarters in Via Paolo Emilio Taviani 164,19124 La Spezia (Province of La Spezia), Tel. 0187 599737- Fax 0187 020349 - email: info@blastness.com.
3. Pursuant to Article 28 of the GDPR 2016/679, the company GREGORI HOTELS GROUP S.R.L., with registered office in Via Sistina, 27 – Rome, is responsible for the marketing activities of the website and newsletters and is in charge of the Brand GREGORI HOTELS.

DATA PROCESSING LOCATION

The processing operations associated with the web services of this website take place at the headquarters of the data controller and data processors, and are carried out only by technical personnel assigned to the data processing service.

Using third-party cookies, Google and other companies that install third-party profiling cookies may also process personal data outside the European community. In this regard, please refer to the relevant Cookie Policy.

Personal data submitted by users who request information material are used only to perform the service or provide services requested, whereas certain data acquisition forms provide for the possibility of forwarding the data subject's personal data to service providers to comply with the contract and provide the requested services.

TYPES OF DATA PROCESSED

Browser data

During their normal operation, computer systems and software procedures used to operate this website acquire certain personal data the transmission of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its own very nature, could lead to the identification of users through processing and association with data held by third parties. This category includes IP addresses or domain names of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, digital code indicating the server response status (successful, error etc.) and other parameters pertaining to the user's operating system and IT environment. This data is used only to obtain anonymous statistics about the usage of the website and to check that it is functioning correctly; it is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site; except for this possibility, web contact data is presently retained for no longer than thirty days.

Data submitted voluntarily by users

The optional, explicit and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the messages. The voluntary compilation of data acquisition forms to request specific services, adhere to offers or to purchase services and products, entails the subsequent processing of the personal data submitted to ensure the execution of a contract to which the data subject is a party or the fulfilment of pre-contractual terms requested by the same data subject. The company has taken specific measures to ensure that the processing of data is preceded by the user's voluntary reading of this privacy policy disclosure.

Cookies

Please refer to the Cookie Policy

Minors

The services provided on this website are not intended for minors. We do not knowingly collect data, including personal details, related to minors. Should we become aware that we have collected the personal data of a minor, we will immediately delete such data, unless we are obliged by law to retain the same. Please contact us if you believe that the Hotel has mistakenly or unintentionally collected information related to a minor.

PROCESSING METHODS

Personal data are processed by automated tools for the time necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, the illicit or incorrect use thereof and unauthorised access.

PURPOSE, LEGAL BASIS AND NATURE OF SUBMITTED DATA

Data provided through the Website will be processed by the Data Controller for the following purposes:

1. a) purposes relating to the execution of a contract to which the data subject is a party or to the fulfilment of pre-contractual terms requested by you (e.g.: booking, acceptance of special offers, etc.). Consent is not necessary;
2. b) purposes related to the sending by email of promotional and commercial material following voluntary registration to the Hotel newsletter. This requires the explicit consent of the data subject or soft spamming;
3. c) to assess possible job applications by acquiring CVs via email as per professional proposals. Since there is no data acquisition form, it is sufficient to view this privacy policy disclosure
4. d) statistical research on and analysis of anonymous aggregate data, aimed at measuring Website functionality, traffic intensity, usability and interest to make it more functional and performing; Consent is not necessary as the processing of personal data is not involved
5. e) profiling purposes through third-party cookies; Consent is required as per the Cookie Policy
6. f) purposes related to the fulfilment of laws and regulations; Consent is not required
7. g) purposes necessary to establish, exercise or defend a right in court or whenever the courts exercise their judicial functions. Consent is not required

The data processed by us may include special categories of personal data as defined by Article 9 of GDPR 2016/679 or personal data concerning health or religion (food allergies, services for the disabled, menus related to religion, etc.) provided voluntarily, with prior consent, in the Notes fields of the booking form.

The data in question will be processed guaranteeing appropriate security measures limited to the data and operations necessary to fulfil the pre-contractual obligations that the hotel undertakes in its sector of activity, in order to provide specific goods or services requested by the data subject.

Pursuant to Article 9 of the GDPR 2016/679, however, we will always ask for an explicit authorisation to process your personal data as we cannot know in advance if data subjects will voluntarily enter information applicable to a given category in the data acquisition forms.

MANAGEMENT OF CVS

This privacy policy disclosure, prepared in accordance with Article 13 of EU Regulation 2016/679, can also be used by the data controller in association with personnel recruitment announcements that may be published on websites or portals not directly managed by the same.

The Company will process the CVs received by email or through third-party recruiting companies (publications on portals, etc.) to evaluate potential candidates within the company or that could be presented in the future.

The processing is carried out electronically, with the exception of CVs received by ordinary post.

CVs considered "interesting" will be retained at the company's headquarters for a period not exceeding one year and will be processed in full compliance with the minimum security measures prescribed by Article 32 of the GDPR 2016/679

CVs deemed irrelevant as well as those whose retention time has exceeded 18 months will be deleted. In any case, the CVs will be retained at the Palazzo Panzani and will not be disclosed to unauthorised third parties excluding hotels and companies belonging to the Brand GREGORI HOTELS (www.gregorihotels.com)

The CVs in question shall be evaluated by employees or collaborators of the hotel officially appointed and instructed in personal data protection matters.

In any case, we ask candidates to observe the following rules when submitting their CVs electronically:

1. please complete your CV in the European format;
2. submit your CV as a pdf file;
3. in your CV, avoid including special personal data categories as defined in Article 9 of the GDPR 2016/679 (in particular relating to state of health, religious, philosophical or political beliefs) that are not relevant to the job opportunity;
4. consent to the processing of sensitive data relevant to the establishment of an employment relationship (e.g. if you belong to a protected category).

The company reserves the right not to delete CVs not compliant with the above requirements. Processing purposes related to the management of CVs will involve activities strictly related to the evaluation, recruitment or selection of personnel, in contexts of collaboration, fixed-term or permanent employment, internships, or to enable selected student candidates to prepare dissertations at our headquarters.

TRANSFER OF PERSONAL DATA

Except as provided in the Cookie policy, in no case will your personal data be transferred to third countries or international organisations. The company INFINITY HOTEL MANAGEMENT S.r.l. ensures that the processing of Personal Data by the Recipients takes place in compliance with the Applicable Regulations which are legally applicable outside the EU.

Otherwise, transfers are subject to an adequacy judgement or compliance with the Standard Model Clauses approved by the European Commission or, in cases of transfers to the USA, compliance with the Privacy By Shield principles.

More relevant information and explanations can be provided by the data controller.

DATA RETENTION

The data controller will process the personal information of data subjects for the time strictly necessary to achieve the purposes indicated in this privacy policy disclosure.

By way of non-exhaustive example, the hotel will process Personal Data to provide the newsletter service until the interested party decides to unsubscribe from the service itself by simply clicking on the email received.

Without prejudice to the above, the data controller will process your Personal Data for as long as permitted by Italian law to protect its interests (Article 2947(1)(3) of the Italian Civil Code). More information about the Personal Data retention period and the criteria used to determine this period can be requested by writing to palazzopanzani@gregorihotels.com 

RIGHTS OF THE DATA SUBJECTS

At any time, data subjects have the right to obtain confirmation of the existence or non-existence of the data itself, to be informed of its content and origin, to verify its accuracy, and to request that it be supplemented, updated or corrected (Article 15 – 22 GDPR 2016/679). In accordance with the above-mentioned Articles, Data Subjects have the right to request the deletion, anonymization or blocking of data processed in violation of the law, and in any case, to oppose the processing of said data for legitimate reasons.

Pursuant to Chapter III of the GDPR 2016/679, at any time, data subjects have the right to request access to their Personal Data, the correction or cancellation of the same or to oppose their processing as well as restriction of processing or return of the data in a structured, commonly used and machine-readable format.

Data subjects may also oppose profiling and lodge complaints with the Supervisory Authority.

At any time, data subjects also have the right to revoke their consent to processing without prejudice to the lawfulness of the processing based on consent given before the revocation. For the complete and exhaustive list of the rights exercisable by data subjects, see Article 15 et seq. of the GDPR 2016/679. Requests should be sent via email to palazzopanzani@gregorihotels.com 

UPDATES AND REVISIONS

The privacy policy was updated to revision 1 on 18-12-2019 and may be subject to future revisions.