REASONS FOR THE INFORMATION
This privacy statement contains important information about personal data that is collected by
visiting this Web site, as a registered or unregistered user, and describes how to use such data.
Where applicable, it also explains how to process data provided by the user or collected during
stays at our Hotel Duca del Mare directly managed by the Company or by related companies, or
during other contacts with the Company. This information is complementary to any other
information received in such other circumstances.
This document contains important information on the following:
1. TREATMENT OF PERSONAL DATA
2. PERSONAL DATA COLLECTED
3. FINALITY OF THE PROCESSING OF PERSONAL DATA
4.COMMUNICATION OF PERSONAL DATA
5. PROTECTION OF MINORS ‘PRIVACY
6. ARCHIVING, ACCESSIBILITY AND TRANSFER OF DATIPERSONALS
7. SAFETY AND CONFIDENTIALITY OF PERSONAL DATA
8.DIRITTI OF ACCESS TO PERSONAL DATA – MANAGEMENT OF CHOICES
9. DATA CONSERVATION
10.POLITICS IN THE FIELD OF COOKIES AND SIMILAR PROCESSES
11. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
12. HOLDER OF TREATMENT – COMPANY CONTACTS
13. UPDATES OF THIS NOTICE -COMMUNICATIONS
By visiting the Website, using its services or interacting with the Company and the Hotel Duca del
and accept that the Company collects, use, store, transmit and disclose personal data collected
case in which it is already registered, the Company may require the user to provide its consent (for
example, by ticking a box), where it deems it appropriate to safeguard its rights or where required
to visit this Website, do not create an account and do not otherwise use this Website or send it to us
or do not give your consent when this option it is offered in accordance with the regulations in
1. TREATMENT OF PERSONAL DATA
allows the Company to identify the user (or a third party that the user provides the data), directly or
indirectly, including any information connected to the purchase of goods or services, or that the user
chooses to communicate to the Company or to share with it, or with third parties, during the use of
the Websites or directly at our Hotel. The processing of personal data will be carried out in
accordance with the General Data Protection Regulation (EU) 2016/679 “Reg. (EU) 2016/679 “and,
where applicable, to the legislation of the country where the data should be collected. The Company
reserves the right to perform further processing of data, where required by law or in the context of
investigations or criminal or other proceedings.
2. PERSONAL DATA COLLECTED
The Company collects personal data from the user only if the latter voluntarily provides
information, for example:
in the case of Web Sites that distribute and / or provide services of the Company: by making a
reservation through the Website or the “Host”; opening an account or modifying it; doing research
on the Website; by contacting the Company by sending a comment or a request; by subscribing to
e-mail newsletters and updates regarding the latest products and services, events or promotions; or
requesting to receive confirmation of a reservation;
in the case of online booking at the Hotel: filling out the Company’s customer card, conversing
informally during the phone calls with our booking office, interacting with the same or purchasing
in the case of the Company’s customer service: requesting assistance, special services or post-stay
in the case of e-mail, SMS and other electronic messages: exchanging communications between the
Company and the user.
If the user provides the Company with personal data of third parties (for example, family members,
other customers or potential customers), the same should ensure that such third parties are informed
The Company may collect and use different types of personal data according to the specific
purposes pursued and described below:
1. personal information, such as name, surname, gender, age / date of birth, country of origin and
other personal data that the current regulations allow to collect;
2. contact information, such as address, e-mail address, telephone number, mobile number, fax
number and other contact information that current regulations allow to collect;
3. payment information, such as payment instrument (credit or debit card), if applicable, and
passport number, if required for tax reasons or in relation to anti-money laundering legislation;
4. information relating to the sale, such as data, products or services provided, amount, total sale,
VAT number, claims, refunds or other information relating to the sale that the current regulations
allow to collect;
5. habits and profiles, such as purchase data (overnight stay history), information on activities and
initiatives relating to the management of relationships with customers (date and categories of such
actions implemented or to be achieved and their results), habits and preferences of purchase (wish
list, preferred categories of services), other information (information on work activity, education,
hobbies and lifestyle) that the current regulations allow to collect; is
6. Family-related information such as marital status, anniversary date, number of children,
information about children and other family-related information that current regulations allow you
3. PURPOSE OF THE PROCESSING OF PERSONAL DATA
Depending on the specific circumstances in which the interaction between the user and the
Company occurred, personal data could be used for the following purposes.
For online sales directly from our site. The personal data provided by the user or collected at the
time of booking, whether or not made as a registered user, namely basic personal data, contact
information, data regarding the individual reservation, tax data, payment details, sales information
and any other data strictly necessary for the sale of the stay, will be used for:
1. manage, administer and process the purchases of overnight stays, sales and after-sales services,
for example administrative activities, accounting, guarantees, refunds, where applicable, fraud
prevention and communication with the user, also by email, for any problem relating to the
management of the overnight stay or subsequent requests relating to the stay;
2. comply with obligations imposed by EU laws, regulations or legislation (including anti-money
laundering legislation) and make a legal claim or defend against it.
It is necessary to provide personal data for the aforementioned purposes and the refusal would make
it impossible to complete the purchase. Except where otherwise required to comply with local
regulations in force, the processing of data for these purposes, as necessary to fulfill contractual and
legal obligations, may be made without requesting the user’s consent.
For the specific purposes for which the data were provided voluntarily
The personal data provided by the user or collected when the same requires a specific service (for
example, by registering his account on the Website, handling complaints or requesting information),
namely personal information, contact information and data strictly necessary to follow up at the
request, they will be used for:
1. provide the required services (for example, perform account registration processes, manage
authentication on the Website and user accounts, assist with and manage any complaints and wish
lists and respond to a request or request for contact eventually forwarded by the user);
2. manage subscription to the newsletter where the user is not registered.
Personal data must be provided for the aforementioned purposes and the refusal would make it
impossible to complete the request. Except where otherwise required to comply with applicable
local regulations, the processing of data for these purposes could be carried out without requiring
the user’s consent, as it is necessary to follow up on the request.
For the purposes of managing customer relations (CRM) if the user registers
The personal data provided by the user by filling in the Company’s forms or collected at the time of
the check-in of the stay or the interaction with the Company, namely personal and contact
information and data concerning the user’s habits and profile and details about his family, will be
included in the centralized CRM system for:
1. offer promotions, discounts and other personalized services and send newsletters, other
marketing and commercial communications on the Company’s products and services (organized by
it), surveys and research, market analysis, or other initiatives for users or customers registered on
other sites of the Company (“marketing”). The Company may use traditional means of contact
(ordinary mail and telephone) and / or digital and automated (e-mail, SMS, MMS, telephone and
other digital channels, such as social media) and may send the user such communications on the
basis of its profile, if it has given its consent to profiling;
2. analyze the user’s contacts with the Company, interests, preferences and purchasing habits, and
create individual or aggregated profiles based on them, understand how to provide a better service,
also to offer a better sales experience at the other tourist facilities of the same company
(“profiling”). The Company may also use personal data to create groups and perform statistical and
market analyzes aimed at identifying services of interest to customers of its brands and improving
its services (including Web sites). The data collected on the Websites will be combined with any
information obtained by the Company through interactions with the staff present at the various
structures of the Company. The processing of personal data for profiling is carried out respecting
the guarantees and parameters established by the law in force.
The inclusion of data in the CRM system is optional and free (being based on the consent that the
user can choose to lend) and can only take place where personal data are provided for both
marketing and profiling purposes or only for one of the two . The user can cancel the registration or
withdraw his consent at any time (see the following point 8). In any case, the refusal to provide
personal data for one or both of these purposes CRM does not prevent the user from using the
Company’s services or making purchases, but the Company can not inform him of the marketing
initiatives and events described above and not he will understand his interests and offer him a more
personalized shopping experience.
4. COMMUNICATION OF PERSONAL DATA
The Company shares your personal data with its affiliated companies, its distributors and affiliates,
including those located in other countries, and with other companies that provide services on its
behalf (as detailed below), under its direction or that of third parties. These companies and
organizations will only receive the personal data necessary to perform the services and will not be
authorized to use them for any other purpose.
Communication of personal data to data controllers
Your personal data may be shared with third parties to monitor and analyze the activity of the
Website, host the contents of the Website, provide technical and organizational services functional
to the aforementioned purposes, maintain the customer database, provide marketing assistance and
manage email, market analysis, surveys, prize initiatives or promotions. These third parties may
have access to the user’s personal data or store them or process them in order to provide such
services on behalf of the Company in Italy, in the country in which the user is located or abroad.
The Company’s service providers are not authorized to use personal data for purposes other than
providing the contracted services.
Dissemination of personal data
Your personal data may need to be shared with payment processing and fraud control companies,
which operate independently as data controllers in order to provide you with online sales services.
In the case of patrimonial or corporate transactions (for example, mergers or acquisitions, corporate
restructuring or liquidation), customer data will probably be one of the transferred assets and may
be shared with legal successors, to the extent permitted by law based on legitimate interest of
The Company may also disclose your personal data to third parties (i) where required by EU or
Member State legislation; (ii) in the case of legal proceedings; (iii) in response to a request from
law enforcement agencies based on legitimate grounds; or (iv) to protect the rights, privacy, security
or property of the Company or the public.
In addition, to the extent permitted by law, the Company may disclose personal data to third parties
in case of complaints related to the use of the Website, where deemed necessary to investigate,
prevent or take measures regarding illegal activities, suspected fraud or in the event that the
Company, in its sole discretion, considers that the use of the Website by the user is incompatible
with the terms of the Website itself.
5. PROTECTION OF THE PRIVACY OF MINORS
This Website is intended for general public, however its services are intended for persons aged 18
and over. The Company does not require, collect, use or disclose personal data provided by persons
under the age of 18 online or at your Hotel. If the Company learns that it has personally collected
data from a minor, it will delete them.
In the event that the user is not of the required age, please do not register or proceed with the online
purchase and ask an adult (or their parents or guardian) to perform the necessary procedures.
6. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA
The processing of personal data collected through the Websites takes place primarily using
electronic or web-based means, including web analytics services hosted by servers of selected
suppliers of the Company operating. At the Hotel the processing of personal data can also be
performed on paper. In both cases, personal data, for CRM purposes, are inserted in the centralized
database and made safe by the Company located in Italy and managed by the CRM Managers and
by the marketing team in Italy.
Access to personal data will be allowed only to authorized personnel of the Hotel, according to the
actual need to know this information and using access control tools on several levels. This
personnel is committed to respecting the obligations of confidentiality and has been expressly
designated as responsible for the treatment, as required by the law in force. In particular, where the
user has given his consent to the processing of his personal data for the purposes of CRM, the
related data may be read, modified and updated by the staff of the Company and that used at the
Hotel. The present staff has received special training and is obliged to respect the confidentiality
obligations. The Company may use it to collect, use and disclose information according to its
If the Company needs to transfer personal data abroad in order to pursue the purposes set out in this
where the user is located, the same will adopt measures to ensure that such communications occur
in accordance with European data protection standards or other local standards used in the country
where data is collected, so that user data remains secure and confidential. The Company has
implemented appropriate measures to protect the user’s personal data from accidental loss and from
unauthorized access, use, modification and disclosure. For example, when the user provides order
information, the Company uses SSL (Secure Socket Layer) technology, an encryption tool that
ensures security when transmitting information over the Internet. In the management of this Web
site, password controls, a firewall technology and other technological and procedural security
measures are also used. Although the Company has implemented the aforementioned security
measures for the Website, the user must be aware that 100% security can not be guaranteed.
Therefore, the user provides his personal data at his own risk and, to the fullest extent permitted by
applicable law, the Company will not be in any way responsible for their disclosure due to errors,
omissions or unauthorized third party actions during or after their transmission to the same. The
Company recommends that the user (i) periodically update the software to protect the transmission
of data on networks (for example, anti-virus software) and check that the provider of electronic
communication services has adopted appropriate means for the security of transmission of data. data
on networks (for example, firewalls and anti-spam filters); (ii) to keep confidential and not to
communicate to anyone the username and password to access the account; and (iii) change the
In the unlikely event that the Company believes that the security of the personal data of the user in
its possession or under its control has been or may have been compromised, the same will inform
the user of
7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
the incident according to the procedures established by law , using the methods prescribed by it
(providing the Company with its email address, the user agrees to receive such communications in
electronic format through this email address).
8. RIGHTS OF ACCESS TO PERSONAL DATA – MANAGEMENT OF CHOICES
At any time and for free, the user can access their data, receive their electronic personal data in a
structured and commonly used mechanically readable format and transmit them to another data
controller (data portability), and have them corrected, updated, modify or delete (subject to any
applicable exceptions). The user can update the data provided to the Company by contacting the
same address provided below. Requests for cancellation of data are subject to current legal
requirements and to the conservation of documents imposed on the Company.
If you believe there is a problem with how you handle personal data, you will have the right to file a
complaint with your national personal data protection authority or any other country in the EU or
the European Economic Area.
To exercise these rights, the user can send a request by contacting the Company or directly the hotel
of the Company by sending an email to firstname.lastname@example.org or a letter by ordinary mail to the
address of the Company’s registered office. When contacting the Company, you must ensure that
you include your name, e-mail address, postal address and / or telephone number (s) to be sure that
it can properly handle your request.
Accuracy – Updating of personal data
To enable the Company to better serve the user, he is invited to check and update his personal data
on a regular basis. If registered, the user will be able to access their personal data and modify them
using the user account settings on the Website; otherwise, you may contact the Company for
assistance in updating personal data.
Management of choices related to direct marketing and profiling
If the user wishes not to give his consent to the use of data for CRM, marketing and / or profiling
purposes, or to manage his own advertising preferences, he can send a simple request to the
Company indicated below or manage accordingly your account choices. The same procedure
applies where the user wishes to withdraw his consent to profiling.
9. DATA CONSERVATION
Personal data will be kept for the duration of the commercial relationship and for all the time
subscribes to a newsletter, for the duration of such registration, or where have a user account, until
it is closed). After this period, the user’s personal data will be kept only to comply with legal and
regulatory obligations (for example, for 10 years, for accounting purposes, for the duration of the
mandatory conservation obligation, in the case of tax purposes , etc.) or to allow the Company to
maintain evidence of their respective rights and obligations.
The personal data of the user that are processed for CRM purposes (point 3.3) will be kept until the
account is closed or until the consent to their treatment for these purposes is withdrawn. Personal
data relating to information on purchases that are processed for profiling and marketing purposes
will be kept for a limited period, in line with the deadline allowed by the law in force, and will be
erased or anonymized at the end of this deadline. permanent way.
10.POLITICS IN THE FIELD OF COOKIES AND SIMILAR PROCESSES
For more general information on cookies and their enabling and disabling, consult the section
Cookies and Advertising Management on the www.ducadelmare.it website.
11. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
This Website may contain links to various websites owned or controlled by the Company, as well as
to websites of third parties. Where the user chooses to provide his or her personal data on such
linked websites – including Web sites administered and managed by approved distributors of the
Company, with the exception of the data collected by the Company’s distributors for CRM purposes
not responsible for the information sent or collected, used, disclosed or otherwise subjected to
processing by third party websites, the user should be aware of these other privacy policies.
12. TITLE OF TREATMENT – RESPONSIBLE FOR DATA PROTECTION – COMPANY
that the term “Company” refers to DI&SI SRL, with registered office in Via Lucchese 237 cap
50053 Empoli (FI) Italy.
The owner of the processing of data collected at the Hotel Duca del Mare and / or the Local
Website for purposes related to sales is the company DI&SI Srl.
charge of handling data processing requests, you can also contact the Company’s customer service
at: email@example.com – 0566.902284.
13. UPDATES OF THIS INFORMATION – COMMUNICATIONS
The Company, at its discretion, reserves the right to change, modify, add or delete parts of this
date of the “last modification” below indicated. It is the user’s responsibility to review the Privacy
Policy from time to time to be aware of any changes made. In some cases, the Company may
notice on the home page of this Website or, in the case of registered users, by sending a notification
clicking on the “accept” button in this notification email or in the communication published on the
account page (where required to comply with current regulations), by completing a purchase on the
Website or otherwise using or By sending information to the Website after the publication of the
revised Privacy Notice, the user accepts this revised Privacy Notice. Following the changes, where
required by current legislation, the user’s data will not be processed without the explicit consent of
This information is effective from 25-05-2018