Privacy Policy

As delegate of the Mima Club Hotel group, with headquarters in Milano Marittima, IX Traversa, 20, al, and Tax Code and VAT number 01039220395 (hereinafter, “Owner”), and as data controller, Hotel Solemare S.a.s. informs you, pursuant to Article 13 of Legislative Decree no. 196 of 30.6.2003 (hereinafter, “Privacy Code”), Legislative Decree 101/2018, and Article 13 of EU Regulation no. 2016/679 (hereinafter “GDPR”), that your data will be processed in the following manner and for the following purposes:

The Data Controller processes the personal identification data (for example, name, surname, company name, address, telephone numbers, e-mail addresses, bank and payment details – hereinafter, “personal data” or just “data”) that you provide when entering into a service contract with the Data Controller.

Your personal data is processed:

A) without your express consent (Article 24, letters (a), (b), and (c) of the Privacy Code and Article 6, letters (b) and (e) of the GDPR) for the following service purposes:

• 1. to respond to your requests for information;
• 2. to stipulate contracts for the services provided by the Data Controller;
• 3. to fulfil the pre-contractual, contractual and tax obligations arising from existing relationships with you;
• 4. to fulfil the obligations established by Italian law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering);
• 5. to exercise the Data Controller’s rights, such as the right of defence in court;

B) without your express consent (Article 24, letters (a), (b) and (c) of the Privacy Code and Article 6, letters (b) and (e) of the GDPR), for the following Service Purposes: preparation and sending of the estimate.

C) marketing purposes and newsletters.
Subject to your consent, which is optional in itself, the company can process your personal data (email addresses, postal addresses and telephone number) to send you business proposals, new offers and newsletters.
We inform you that if you are already a customer of ours, we may send you commercial communications relating to the Data Controller’s services and products, similar to those you have already used, unless you dissent (Article 130(4) of the Italian Privacy Code).

Your personal data is processed using the methods indicated in Article 4 of the Privacy Code and Article 4 (2) of the GDPR, and more precisely: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, erasure and destruction. Your personal data is processed both on paper and electronically and/or by automated means.

The Data Controller will process personal data for the time needed to fulfil the above purposes and for a period not exceeding 10 years from the termination of the relationship for Service Purposes, and in the case of processing for preventive purposes, the data is stored for 3 years.
For the purposes of point C, the duration is 2 years.

Your data may be rendered accessible for the purposes referred to in Article 2 (a) and 2 (b)-2 (c):

• to employees and collaborators of the hotel, in their capacity as internal appointees and/or managers of the treatment and/or system administrators;
• to third-party companies or other entities (for example, web agencies) that carry out outsourced activities on behalf of the Data Controller, in their capacity as data processors.

Without the need for express consent (pursuant to Article 24, letters (a), (b), and (d) of the Privacy Code and Article 6, letters (b) and (c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in Article 2 (a) to Supervisory Bodies (such as IVASS – Italian Institute for the Supervision of Insurance), Judicial Authorities, insurance companies for the provision of insurance services, and to those subjects to whom communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their roles as independent data controllers.

Your data will not be disseminated.

Personal data is stored on servers located within the EU and on local storage units at the company, also within the European Union. In any case, it shall be understood that, if necessary, the Data Controller reserves the right to relocate the servers, including outside the EU. In this case, the Data Controller thereby guarantees that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the entering into of the standard contractual clauses provided for by the European Commission.

The provision of data for the purposes referred to in Article 2 (a) is mandatory. In their absence, we cannot guarantee the services outlined in Article 2 (a).
The provision of data for the purposes referred to in Article 2 (b) is mandatory. In the absence of the same, we will not be able to carry out the service described in the point in question.
The provision of data for the purposes referred to in Article 2 (c) is optional. You can therefore decide to not provide any data or to refuse the processing of data that had been provided at an earlier date. In this case, you will not be able to receive newsletters, commercial communications, and advertising material regarding the services offered by the Controller. However, you will still be entitled to the services referred to in Article 2 (a).

As an interested subject, you have the rights referred to in Article 15 and et seq. of the GDPR, specifically:

i. get confirmation of the existence of your personal data, even if not yet registered, and communication of the same in an intelligible form;

ii. obtain information on: a) the source of personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing by electronic means; d) the identification data of the data controller, data processors and the designated representative as per Article 5, paragraph 2, of the Italian Privacy Code and Article 3, paragraph 1 of the GDPR; e) the entities or categories of entities to whom personal data may be communicated and who may acquire such data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of processing;

iii. obtain: a) updating, rectification, and, when deemed of interest, integration of the data; b) erasure, conversion to an anonymous format or blocking of data that has been processed in violation of the law, including data that does not need to be retained for the purposes for which it was collected and processed; c) confirmation that the operations described in sections a) and b) were made known, including their content, to the parties to whom the data was communicated or transmitted, except in cases when it may not be possible to do so or when it necessitates a disproportionate effort compared to the protected right;

iv. object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose for which it was collected; b) to the processing of personal data concerning you for the purpose of advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without human intervention, by email and/or through traditional marketing methods by telephone and/or mail. Please note that, with regard to direct marketing through automated methods, the Data Subject’s right to object, as set out in point b) above, is extended to traditional methods, and that the Data Subject is able to exercise their right to object, even partially. Hence, the Data Subject may decide to receive only communications using traditional methods or only automated communications or neither of the above.

Where applicable, you are also guaranteed the rights set out in Articles 16-21 of the GDPR (Right to correction, right to erasure, right to restrict processing, right to data portability, right to opposition), as well as the right to lodge a complaint with a Supervisory Authority.

You may exercise your rights at any time by sending a registered letter to the registered office of the Hotel Solemare S.a.s. di Boni Piero & C., Milano Marittima, IX traversa, 20.

The Data Controller is Hotel Solemare Sas di Boni Piero & C., with registered office at Milano Marittima, IX traversa, 20.
For the data processing referred to in points a and b, I have read the information and give my consent …………………………………………
For the data processing in point c, I have read the information and give my consent …………………………………………