This application is used by the hotel or
accommodation facility (referred to in the following as Data Controller or Data
Owner, as an automated reservation processing tool. This Application collects
some Personal Data from its Users, processes and stores the data for later use
on behalf of the Data Controller itself. Hereafter follow the relevant
information regarding Privacy and Data Treatment in compliance with the EU
General Data Protection Regulation (GDPR).
Personal Data (or Data)
Any information regarding a natural person, a legal person, an institution
or an association, which is, or can be, identified, directly or indirectly, by
reference to any other information, including a personal identification number.
The individual using this Application, which must coincide with or be
authorized by the Data Subject, to whom the Personal Data refer.
The legal or natural person to whom the Personal Data refers.
Processor on Behalf (or Data Processor)
The natural person, legal person, public administration or any other body,
association or organization authorized by the Data Controller to process the Personal
Controller (or Owner)
The natural person, legal person, public administration or any other body,
association or organization with the right, also jointly with another Data
Controller, to make decisions regarding the purposes, and the methods of
processing of Personal Data and the means used, including the security measures
concerning the operation and use of this Application. The Data Controller,
unless otherwise specified, is the Owner of this Application.
Information collected automatically from this Application, or from any
third party service used by this Application, which can include: the IP
addresses or domain names of the computers utilized by the Users who use this
Application, the URI addresses (Uniform Resource Identifier), the time of the
request, the method utilized to submit the request to the server, the size of
the file received in response, the numerical code indicating the status of the
server's answer (successful outcome, error, etc.), the country of origin, the
features of the browser and the operating system utilized by the User, the various
time details per visit (e.g., the time spent on each page within the
Application) and the details about the path followed within the Application
with special reference to the sequence of pages visited, and other parameters
about the device operating system and/or the User's IT environment.
The hardware or software tool comprising the present reservation service by
which the Personal Data of the User is collected and processed on behalf of the
Small piece of data stored in the User's device.
2. Types of Data collected
Among the types of Personal Data that this Application collects, by itself
or through third parties, there are: First Name, Last Name, Phone number,
Address, Country, State, Province, Email address and ZIP/Postal code,
Reservation Information (such as room type, rate plan, extras, amount, etc.), Cookie
and Usage data.
Other Personal Data collected may be described in other sections of this
collection. The Personal Data may be freely provided by the User, or collected
automatically when using this Application.
owners of third party services used by this Application, unless otherwise stated,
serves to identify Users and remember their preferences, for the sole purpose
of providing the service required by the User.
Failure to provide certain Personal Data may make it impossible for this
Application to provide its services.
Users are responsible for any Personal Data of third parties obtained,
published or shared through this Application and confirm that they have the
third party's consent to provide the Data to the Owner.
3. Methods of processing the Data
Methods of Processing
The Data Controller by means of the Data Processor processes the Data of
Users in a proper manner and shall take appropriate security measures to
prevent unauthorized access, disclosure, modification, or unauthorized
destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools,
following organizational procedures and modes strictly related to the purposes
indicated. In addition to the Data Controller, in some cases, the Data may be
accessible to certain types of persons in charge, involved with the operation
of the site (administration, sales, marketing, legal, system administration) or
external parties (such as third party technical service providers, mail
carriers, hosting providers, IT companies, communications agencies) appointed,
if necessary, as Data Processors by the Owner. The updated list of these
parties may be requested from the Data Controller at any time.
The Data is processed via the Internet using encrypted https protocol,
stored in GDPR compliant server infrastructure by the Data Processor and
transmitted to the Data Controller via the Internet using encrypted https
protocol. The data is that managed in Data operating offices and in any other
places where the parties involved with the processing by the Controller are
located. For further information, please contact the Data Controller.
The Data is kept for the time necessary to provide the service requested by
the User, or stated by the purposes outlined in this document, and the User can
always request that the Data Controller suspend or remove the data.
4. The use of the collected Data
The Data concerning the User is collected to allow the Owner to provide its
Accommodation services, as well as for the following purposes: Analytics,
Interaction with external social networks and platforms, Access to third party
services' accounts, Advertising, Contacting the User, Displaying content from
external platforms, Handling payments, Infrastructure monitoring, Registration
and authentication and Remarketing.
The Personal Data used for each purpose is outlined in the specific
sections of this document.
5. Detailed information on the processing
of Personal Data
Personal Data is collected for the following purposes and using the
The services contained in this section enable the Owner to monitor and
analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc.
(“Google”). Google utilizes the Data collected to track and examine the use of
this Application, to prepare reports on its activities and share them with
other Google services.
Google may use the Data collected to contextualize and personalize the ads of
its own advertising network.
Personal Data collected: Cookie
and Usage data.
Google AdWords conversion tracking (Google Inc.)
Google AdWords conversion tracking is an analytics service provided by
Google Inc. that connects data from the Google AdWords advertising network with
actions performed on this Application.
Contact form (This Application)
By filling in the contact form with their Data, the User authorizes this
Application to use these details to reply to requests for information, quotes
or any other kind of request as indicated by the form’s header.
Personal Data collected: Address,
Country, Email address, Fax number, First Name, Last Name, Phone number,
Province, State and ZIP/Postal code.
Phone contact (This Application)
Users that provided their phone number might be contacted for commercial or
promotional purposes related to this Application, as well as for fulfilling
Personal Data collected: Phone
content from external platforms
These services allow you to view content hosted on external platforms
directly from the pages of this Application and interact with them.
If a service of this kind is installed, it may still collect web traffic data
for the pages where the service is installed, even when users do not use it.
Google Fonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc.
that allows this Application to incorporate content of this kind on its pages.
DSS card tokenization and payments
Payment processing services enable this Application to process payments by
credit card, bank transfer or other means. To ensure greater security, this
Application shares only the information necessary to execute the transaction
with the financial intermediaries handling the transaction.
Some of these services may also enable the sending of timed messages to the
User, such as emails containing invoices or notifications concerning the
Receptio (SysPay Ltd)
Receptio is a tokenization service
provided by SysPay Ltd., which allows Credit Cards to
be processed and stored from start to end in a PCI DSS Level 1 environment.
Personal Data collected: Credit
Card data - namely Card Holder, Number, Expiry date, and CVV.
PayPal (PayPal Inc.)
PayPal is a payment service provided by PayPal Inc., which allows Users to
make online payments using their PayPal credentials.
Personal Data collected: Various
The server infrastructure including, virtual servers, VPN, cloud monitoring
services, back-up, storage and system administration is managed by fully
qualified GDPR compliant partners.
Awarded Microsoft Partner for many years in a row, provides private Cloud
Services, Virtual Machines and Storage, and System Administration Services via
it’s branch company Pegasus S.r.l.
Place of Processing: Italy - Privacy
7. Additional information about Data
collection and processing
The User's Personal Data may be used for legal purposes by the Data
Controller, in Court or in the stages leading to possible legal action arising
from improper use of this Application or the related services.
The User declares to be aware that the Data Controller may be required to
reveal personal data upon request of public authorities.
information about User's Personal Data
Application may provide the User with additional and contextual information
concerning particular services or the collection and
processing of Personal Data upon request.
For operation and maintenance purposes, this Application and any third-party
services may collect files that record interaction with this Application
(System Logs) or use for this purpose other Personal Data (such as IP Address).
not contained in this policy
More details concerning the collection or processing of Personal Data may be
requested from the Data Controller at any time. Please see the contact
information at the beginning of this document.
The rights of
Users have the right, at any time, to know whether their Personal Data has
been stored and can consult the Data Controller to learn about their contents
and origin, to verify their accuracy or to ask for them to be supplemented,
cancelled, updated or corrected, or for their transformation into anonymous
format or to block any data held in violation of the law, as well as to oppose
their treatment for any and all legitimate reasons.
Requests should be sent to the Data Controller at the contact information set
This Application does not support
“Do Not Track” requests.
To determine whether any of the third party services
it uses honor the “Do Not Track” requests, please read their privacy policies.
The Data Controller and Data Processor reserves the right to make changes
It is strongly recommended to check this page often, referring to the date of
the last modification listed at the bottom. If a User objects to any of the
changes to the Policy, the User must cease using this Application and can
request that the Data Controller removes the Personal Data. Unless stated
Data Controller has about Users.
8. Legal information
Notice to European Users: this privacy statement has been prepared in
fulfillment of the obligations under Regulation (EU) 2016/679 (General Data
to this Application.