Privacy policy

 

This policy fully describes the practices we have adopted.

This page describes the methods for managing the referred website with reference to the processing of personal data of users consulting it.
The processing is always based on the principles of lawfulness and correctness, in compliance with all the laws in force, and appropriate data protection and data security measures are adopted.

This privacy policy is also issued as an abridged information notice pursuant to Art.13 of the GDPR, European Regulation No 679/2016 on privacy, as well as pursuant to the Order regarding cookies, No 229 of 8 May 2014, with a view to informing visitors to the website on the use of the data entered and the cookies used by the website.

The policy is also issued pursuant to Recommendation No 2/2001 adopted by the Working Group established pursuant to Art. 29 of Directive No 95/46/CE to anyone interacting with the web services of this website, for the purpose of the protection of personal data, accessible on-line at the address: www.ipi-spa.com

Using any of our services and/or accepting this Privacy policy, for example when registering for one of our services, you agree to the collection and use of your personal information as described in detail in this Privacy Policy.

This policy fully describes the practices we have adopted.

Please note that this Privacy Policy does not apply to the processing of personal information on behalf of and/or in accordance with the instructions of third parties, such as airlines, car rental companies and other service providers, companies organising and offering travel packages, commercial partners or business clients.

WHAT PERSONAL INFORMATION WE COLLECT

As the IPI group, the personal information we collect includes:

  • Your name and surname, your e-mail address, telephone number and home address;
  • The data concerning your credit card (card number, name on the card, expiry date and CVC code);
  • Information on your travels, including the departure or arrival dates, special requests and preferences in relation to the services offered (preferences for rooms, services and other);
  • Information you provide in relation to your marketing preferences and promotional offers
  • Collected at your property:
    we also collect personal information during your registration/check-in at our hotel, including any information required by local laws.
  • Events profiles:
    if you plan to organise an event with us, we will record the specific information on the event or meeting, the date, number of guests, details of the rooms for the guests and, for business events, information on your organisation (name, annual budget, number of events sponsored every year). We also collect information on the guests in your group or participating in your event. If you visit us as part of a group, we may request your personal information from the group and we may send you commercial information with your express consent after your stay with the group or your participation in an event. If you visit us during an event, we may share your personal information with the event organisers. If you are an event organiser, we may also share the information on your event with third party service providers who may send you commercial information on services for events.
  • Social media: if you choose to participate in offers or activities on social media sponsored by the companies of the IPI group, we may collect some information from your social media profiles, consistently with your social media settings, for example your position, check-in, activities, interests, photos, status updates and friends.
    We may also allow you to participate in competitions, submitting photos, such as those taken during your stay with us, which you may share with your contacts on social media to receive votes, shared offers and other promotions.
  • Information we collect from third parties
    We may also collect information about you from third parties, including information from our partners (travel agencies, airlines, payment cards) and from other partners, or social media services, consistently with your settings on these services; and from third party sources.
  • Information we collect automatically:
    When you use our website, we automatically collect information, some of which may be personal data. For example: language settings, IP address, position, device settings, device operating system, log-in information, usage times, the URL requested, status reports, user agents (such as information on the browser version), browsing history, the result (visit or booking), the user’s booking code, the type of information viewed. We may also collect data automatically via cookies.
    Data may also be used to ascertain responsibility in the case of hypothetical data processing crimes to the detriment of the website.

PURPOSE, LEGAL BASIS AND LAWFULNESS OF THE PROCESSING

The data processing has the following purposes:

  1. to manage customer relations (bookings management, issue of invoices, quotations), for any contractual obligations. The personal data may be disclosed to subsidiaries and/or associated companies and/or companies belonging to the same group as the Company, as well as to any persons, companies or professional firms providing services and assistance or consulting services to the Company for the purposes indicated on a case-by-case basis in the specific privacy policies, and will not be used by the company for other purposes;
  2. to meet any legal obligations, particularly accounting and fiscal obligations;
  3. to manage disputes;

Relating to the service:

  • to send promotional offers on our services and updates on prices and offers available as well as to send wishes by ordinary post, fax or e-mail;
  • to implement the hotel services, including the external communication of data relating to your stay, exclusively for the receipt of objects, messages and phone calls for you.
  • with your written consent, to process any so-called sensitive data provided voluntarily by you, to offer a better level of hospitality at our hotel.
    With your express consent herein, we may use your e-mail address to send you our newsletters and our best wishes for the festivities.
  • As regards the purposes indicated in point 2 a), we base our actions on the implementation of a contract; the use of your data may be necessary for the performance of the contract between us. For example, if you use our services to make a booking online, we will use your data to fulfil our obligation to complete and manage the booking, by virtue of the contract in place between us.
  • As regards the purposes indicated in point 2 b) and c), we base our actions on legitimate interests: we use your information for our legitimate interests, and for administrative and legal purposes and to identify fraud. When we use the personal data for our legitimate interests, we will always balance your rights and interests in relation to the protection of your personal data with our own rights and interests.
  • Depending on the purpose our processing is based on, where possible we will also comply with our obligation to comply with the laws in force.

As regards the purposes indicate in the laws in force, we will request your consent for the purposes indicated therein before processing your personal information; you may withdraw your consent at any time, by contacting us at the addresses given at the end of this privacy policy. PEC certified e-mail: ipi@legalmail.com

IDENTITY AND CONTACT DATA

This website is managed by the Controller, identified in the owner and legal representative pro-tempore of the company IPI S.p.A, Via Nizza 262/59, Turin postcode 10126 e-mail ipi@legalmail.com

The Controller guarantees the security, confidentiality and protection of the data in his possession, in all phases of the data processing.

The Processor, whom you may contact to exercise the rights laid down in Art. 12 and/or for any clarifications regarding the protection of personal data, may be contacted at the address: dpo@ipi-spa.com

The data collected are used in compliance with the privacy laws in force (GDPR 679/2016).

PLACE OF PROCESSING

The data processing linked to the web services offered on this website takes place at the headquarters of the Controller, and are handled only by staff appointed specifically for their processing and by the providers of Internet services and hosting/housing services of this website. Furthermore, the processing is managed exclusively by technical staff of the Office in charge of processing, or by any other persons appointed to occasional maintenance services, under the strict control of the Controller.

NATURE OF THE PROVISION OF DATA

For the purposes referred to in point 2), for booking a hotel stay, the provision of data is mandatory and failure to provide such information may lead to the impossibility to meet any requests. For the purposes referred to in point 2a) the provision of data is optional and will not prevent the provision of the requested service (hotel stay).

REFUSAL TO PROVIDE DATA

The data subject may refuse to provide their navigation data to the Controller. To do this, they must disable them by following the instructions given by the browser being used.

RECIPIENTS OF THE DATA

The data processed shall not be disclosed, sold or exchanged with third parties without the express consent of the data subject. The scope of the communication of data is limited exclusively to persons responsible for the performance of contractual operations and the compliance with legal obligations. The data may therefore be disclosed to third parties in the following categories:

  • persons providing services for the management of the IT system;
  • companies or firms providing assistance and consulting services;
  • administrations, competent local and public authorities, for the fulfilment of legal obligations and/or orders issued by public bodies;
  • companies in the Group and/or the network of businesses or private individuals directly involved in the performance of the services or who have a legal right to know the data.

In any event, only such data as are necessary and relevant to the purposes of the processing for which they are intended are disclosed to the above parties.

OPTIONAL DATA PROVISION

Apart from what is specified for navigation data, users are free to provide their personal data in the forms present on the website (web forms) or to request the sending of newsletters, information material, commercial offers or other communications. Failure to provide such information may lead to the impossibility to meet any requests.

DATA SHARING

Booking.com: We cooperate with Booking.com B.V., with registered offices in Herengracht 597, 1017 CE Amsterdam, the Netherlands (www.booking.com) (hereinafter, Booking.com) to offer you an online booking service. We provide the site contents and the bookings are made with us, while the bookings themselves are managed by Booking.com. The information that you enter on this website will be therefore be shared with Booking.com and its affiliates and may include your name, your contacts, payment details, the name of guests travelling with you and any preferences expressed when booking. Booking.com will send you a booking confirmation, an e-mail before you arrive and information on the area and on our facility. Booking.com also provides international customer care from its offices, every day, 24 hours a day, in several languages. Sharing your data with the Booking.com global customer care service will allow the company to respond if you need any help. Booking.com could use your information for technical, analytical and marketing purposes, as described in the Booking.com Privacy Policy. For this reason, your information could also be disclosed to other companies belonging to Booking Holdings Inc. for analytical purposes, to send you offers relating to the travel world which may be of interest to you and to provide you with a customised service. Where required by law, Booking.com will ask for your consent. If your data are transferred to a country outside the European Economic Area, Booking.com shall make contractual arrangements to ensure that your personal information is protected in accordance with European law. If you have any questions regarding the processing of your personal data by Booking.com, contact the address dataprotectionoffice@booking.com. • BookingSuite: Your personal data may be disclosed to BookingSuite B.V., with registered office in Herengracht 597, 1017 CE Amsterdam, the Netherlands, the company that manages this website and the website suite.booking.com. BookingSuite will provide your information (including your personal data) to Booking.com for the purposes described above.

(Add other search engines for booking sales used with legal data, e.g. TRIVAGO etc.)

  • Other service providers: we use service providers to manage your data on our behalf. This management is used for the purposes described in this privacy policy, for example the management of booking payments and the sending of marketing materials for analytical support purposes. These service providers are bound by confidentiality agreements and are not authorised to use your personal data for other purposes.
  • Competent authorities: we disclose your personal data to the police forces and other government authorities when required by law, or when absolutely necessary to identify, prevent and take legal action against fraud or other offences.

SECURITY

The IPI Group adopts specific procedures to prevent unauthorised access and improper use of data. We use specific sector systems and procedures to safeguard the personal data you provide us. We also adopt security procedures and technical and physical restrictions to prevent access to and use of the personal data stored on our servers. Only authorised staff may access the personal data in the performance of their work.

DATA RETENTION

We will retain your personal data for the time required to provide the service, in conformity with the laws in force, in order to manage any disputes with any third parties and in any case for the time required to perform our activities, including the identification of and protection against fraud and other unlawful activities. All the personal information stored will be subjected to all the procedures laid down in this privacy policy. If you have any questions on specific retention periods, please contact us at the following address: ipi@legalmail.com

DATA TRANSFER

The Controller does not transfer any personal data to third countries or international organisations.

WITHDRAWAL OF CONSENT

With reference to Art.23 of Italian Legislative Decree (D.Lgs.) 196/2003 and Art. 6 of the GDPR 679/16, data subjects may withdraw their consent at any time.

RIGHTS OF THE DATA SUBJECTS

We want you to have control over how we use your personal data. You can do this in any of the following ways:

  • you can ask us for a copy of your personal data in our possession;
  • you can tell us of any changes to your personal data or can ask us to correct any of your information in our possession;
  • in specific situations, you can ask us to delete, block or restrict the processing of your personal data in our possession, or object to particular ways in which we are using your personal information;
  • in specific situations, you can also ask us to send your personal information in our possession to a third party. Where we use your personal information with your consent, you can ask us to withdraw such consent at any time, in the methods laid down by the legislation in force. Furthermore, where we process your personal data on the basis of legitimate interests or public interests, you have the right at any time to object to the use of your personal information, in the methods laid down by law. We rely on you to ensure that your personal data is complete, accurate and updated. Please promptly inform us of any changes or inaccuracies in your personal information by contacting: dpo@ipi-spa.com
    We will manage your request in accordance with the legislation in force. Data subjects may exercise their above-described rights with reference to the GDPR 679/2016, Art. 15 “right of access”, Art. 16 “right to rectification”, Art. 17 “right to erasure”, Art. 18 “right to restriction of processing”, Art. 20 “right to portability”, Art. 21 “right to object to the automated decision-making process of the GDPR 679/2016, by writing to the Controller at the following address: …….. Registered office address (street name, town, postcode), e-mail: ………

LODGING A COMPLAINT

Data subjects have the right to lodge a complaint with a supervisory authority in their country of residence.

MODIFICATIONS TO THIS PRIVACY POLICY

The Controller reserves the right to modify this privacy policy at any time, informing Users of any changes on this page. You are therefore invited to consult this page regularly, noting the reference to the date of the last modification indicated at the bottom.

If Users do not accept the modifications made to this privacy policy, they are bound to stop using this Application and may ask the Controller to erase their Personal Data. Without prejudice to any other provisions specified herein.

INFORMATION ON THIS PRIVACY POLICY

The Controller is responsible for this privacy policy.

PRIVACY OF MINORS

Our website targets the general public and does not provide services for children. If we discover that a minor has provided their personal data without the authorisation of a parent or guardian, we will immediately erase this information. If external links on the pages of this website or in the sections of our applications contain links to other websites, these are not bound by this privacy policy. We advise you to carefully read the privacy policies available on these external websites and examine the procedures for the collection, use and disclosure of personal information used by them.

DEFENCE IN COURT

The Users’ Personal Data may be used for defence in court by the Controller or during the preparatory phases for legal action against unlawful use of such information or the related services by the User. Following a court summons, court order or other legal proceedings; in order to establish or exercise our rights laid down by law; in our defence in any legal proceedings taken against us or for other purposes required by law. The Users declare that they are aware that the Controller may be required to reveal their Data at the request of the public authorities.

LEGAL REFERENCES

This privacy policy is drafted in compliance with the obligations imposed by Italian Legislative Decree (D.Lgs.) 196/2003 and the GDPR 679/16 in Art. 10 of Directive No 95/46/CE, as well as the provisions of Directive 2009/136/CE concerning Cookies. This privacy policy is valid only for this website.

24 May 2018