Privacy Policy
Hotel Opco hereby informs you that all data provided and collected whilst browsing the Hotel Belstay website, including the integrated chat function, requests for information and/or contact via smartphone or any other device used to access the Internet, will be processed in a relevant and transparent manner and in accordance with the principles of lawfulness and necessity, in line with current regulations on the matter.
This privacy policy applies solely to the Hotel Belstay website and not to any other websites that the user may visit via links, for which reference should be made to the respective privacy policies.
- Data Controller
The Data Controller is:
Hotel Opco Srl, with registered office at Piazza Eleonora Duse 2, 20122 Milan (MI), VAT No. 11285190960, email: belstaygroup@belstayhotels.it.
- Purposes and legal bases of the processing
We inform you that personal data provided voluntarily and optionally to receive information on the hotel’s services (availability of rooms, conference rooms, catering and rates, etc.) are used solely for the purpose of performing the requested service or provision and are not disclosed to third parties unless such disclosure is required by law or is strictly relevant and necessary for the fulfilment of the requests.
The processing of personal data provided whilst browsing the website during the pre-contractual and/or contractual phase will take place for institutional and contractual purposes to ensure the provision of hotel accommodation services and to:
- Check the availability of the requested room based on the information entered in the booking form (legal basis: performance of a contract or pre-contractual measures – Article 6(1)(b) of the GDPR);
- Manage contact or information requests to use the services offered by the hotel (legal basis: performance of a contract or pre-contractual measures);
- Sending confirmation and finalising the purchase order for services, including aspects relating to credit card payments and the handling of any exercise of the right to cancel (legal basis: performance of a contract or pre-contractual measures);
- To comply with obligations under EU and national legislation, to protect public order, and to investigate and prosecute criminal offences (legal basis: legal obligation – Article 6(1)(c) of the GDPR);
- To comply with current administrative, accounting and tax obligations, as well as to comply with laws and regulations (legal basis: legal obligation);
- Defence by the data controller in legal proceedings against abuses arising from the unlawful use of the website or related services by the user (legal basis: legitimate interest – Article 6(1)(f) of the GDPR);
- Any special categories of personal data provided by the data subject (e.g. allergies, food intolerances or health requirements relating to their stay) will be processed solely for the purpose of ensuring the proper provision of the requested services and on the basis of the data subject’s explicit consent in accordance with Article 9(2)(a) of the GDPR.
- Purposes of research and statistical analysis on anonymous aggregated data, aimed at measuring the functioning of the website, measuring traffic and assessing usability and interest in order to make it more functional and efficient (Legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR) aimed at improving the performance of the website; please refer to the Cookie Policy for processing based on consent)
Hotel Opco may also process your data, subject only to your free, specific, informed and unambiguous consent, for the following purposes:
- Promotional and marketing purposes (sending courtesy communications and/or information material, sending newsletters containing advertising material relating to services, commercial, advertising and promotional initiatives) – legal basis: the data subject’s explicit consent – Article 6(1)(a) of the GDPR
We would also like to inform you that the website includes an online chat service based on Artificial Intelligence technology. For information on the processing of data carried out via this service, please refer to the specific privacy notice. The responses provided by the automated system are for information and user support purposes only and do not constitute automated decisions with legal effects within the meaning of Article 22 of the GDPR.
- Methods of processing
Your Personal Data will be processed in accordance with the provisions of current data protection legislation, using both electronic and automated means as well as manual methods, in a manner designed to ensure maximum security and confidentiality, and only by personnel trained and authorised to process such data.
Hotel Opco ensures the adoption of rigorous procedures to protect browsing data on the website and the use of security measures to protect credit card details provided during online bookings.
- Types of data processed
When browsing this website, the following data may be collected:
- l data relating to the booking and the stay (arrival and departure dates, preferences, special requests);
- Identification data (e.g. names and personal details of those using the services, residential address, telephone number, email address, billing details, etc.). Data relating to minors may be processed, collected exclusively from the person exercising parental responsibility, for the purpose of carrying out the booking and registration service at the hotel
- Bank and financial details (e.g. credit and/or debit cards, bank details, etc.).
- Special categories of data (formerly sensitive data), such as food allergies or intolerances, or medication use, which you may choose to disclose
- IP addresses or domain names of the computers used by users connecting to the site, the date and time of the request, the URI (Uniform Resource Identifier) addresses of the resources requested, the size of the file received in response from the server, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
- This data is used solely for the purpose of deriving aggregated and anonymised statistical information, where possible, regarding the use of the website and to ensure it functions correctly. Please note that this data may be used to establish liability in the event of cybercrimes committed against the company’s website or other sites connected or linked to it
- Cookies: for details, please consult the Cookie Policy on the website
The data will be stored in electronic databases accessible to staff who have been duly appointed and trained in the security and confidentiality of personal data.
- Nature of data provision
Data is collected directly from data subjects at the time of requesting information and/or making a booking via the website.
Failure to provide the data required for the purposes set out in points (a) and (g) of the second paragraph will make it impossible to respond to your request and to arrange your stay at the hotel.
The provision of browsing data is necessary for the use of the website.
With regard to the promotional and marketing purposes referred to in point h) of the second paragraph, specific, optional consent will be requested, which may be withdrawn at any time using the methods and contact details provided below.
- Data retention
The determination of the retention period for your personal data is based on the principle of necessity of processing.
The data will be processed for as long as necessary to fulfil the existing contractual relationship and for the period of time required by specific sector regulations.
In any case, the data will be deleted upon specific request by the data subject, unless further retention obligations are required by law.
Browsing data is retained for the time necessary for the technical management of the website and subsequently anonymised.
Data used for marketing purposes will be retained until consent is withdrawn or for a maximum of 24 months.
- Disclosure and dissemination of data
All data collected and processed may be disclosed exclusively for the purposes specified above to:
- Internal staff authorised to process data
- Data Processors appointed by the Data Controller
- Technical and IT service providers (e.g. hosting, server management, CRM providers)
- External data processors and website or integrated chat managers
- Marketing and communications companies
- Public authorities upon request.
Your data derived from the web service will not otherwise be disclosed, sold (whether free of charge or for a fee) or shared with third parties, and will be used solely and exclusively for the purposes indicated above.
- Transfer of data to third countries
Data is processed within the European Union. With regard to certain support tools, although the data centres are located within the European Union, some processing operations (e.g. email; cloud services, etc.) may involve the disclosure of data to suppliers located outside the European Union (e.g. USA; UK). In such cases, the transfer takes place on the basis of adequacy decisions by the European Commission (such as the Data Privacy Framework for the USA) or the signing of standard contractual clauses pursuant to Article 46 of the GDPR.
- Rights of the data subject
Pursuant to European Regulation 679/2016 (GDPR) and applicable national legislation, the data subject may, in accordance with the procedures and within the limits set out in current legislation, exercise the following rights:
- Withdraw consent at any time. The User may withdraw consent to the processing of their Personal Data previously given.
- Object to the processing of their Data.
- Access their Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the processed Data.
- Verify and request rectification. The User may verify the accuracy of their Data and request that it be updated or corrected.
- Restrict processing.
- To obtain the erasure or removal of their Personal Data.
- The right to lodge a complaint with the Supervisory Authority.
Please note that you may at any time exercise your rights under Articles 15 et seq. of EU Regulation 2016/679, amend your data or request further information by writing to Hotel Opco srl, Piazza Eleonora Duse 2 – 20122 Milan (MI), or by sending an email to belstaygroup@belstayhotels.it or a certified email (PEC) to bcopcosrl@legalmail.it . Tel. +393351379432
The Data Controller may make changes and/or additions to this policy, including as a result of any subsequent amendments to the General Data Protection Regulation. Any changes will in any case be notified in advance and may be made available via the Data Controller’s communication channels.