THE REASONS FOR THIS POLICY
This Policy concerns the Baglioni Hotels SpA website only. It does not apply to any other websites that you, the user, might visit via external links. Data about identified and/or identifiable people may be processed as a result of using this website.
The Data Controller is Baglioni Hotels SpA, with offices at Via Pontaccio 10, Milan, Italy.
DATA PROTECTION OFFICER (DPO)
You may contact the DPO by email at firstname.lastname@example.org.
TYPES OF DATA PROCESSED AND THE REASONS AND LAWFUL BASES FOR PROCESSING IT
The information systems and software procedures deployed to operate this website gather some personal data during normal use. That data is sent to Baglioni Hotels as an unavoidable consequence of communicating via the internet.
That data includes: the IP addresses or domain names of the computer that you use when visiting the website; the URI (Uniform Resource Identifier) addresses of the resources requested; the time of the request; the method used to send the request to the server; the size of the file obtained in response; the numeric code for the server response status (success, error, etc.); and other parameters about your operating system and computing environment.
That data is necessary in order to use the web service.
That data is used only to obtain anonymous statistical information on use of the website and to check that the website is working properly.
Data that you provide voluntarily
If you make the explicit, optional and voluntary choice to send an email to the addresses on this website, then your email address, which is necessary in order to respond, will then become known to Baglioni Hotels along with any other personal data included in the message.
You can modify all the information that you voluntarily include when registering for the services offered; to do so, log on to your Baglioni Hotels account.
Except as stated for the website-use data, you are free to provide the personal data in the forms that you may fill in to request the various services.
That data is used for the sole purpose of providing the services that you ask for.
If you do not provide that data, then it may not be possible for you to receive the service requested.
Specific privacy notices are shown on dedicated pages of the website for certain services available on request. Those notices explain the reasons and lawful basis for processing your data. These include: you have given consent for one or more specific purposes; the processing is necessary in order to fulfil a contract with you and/or to implement precontractual measures; the processing is necessary to comply with a legal obligation on the Data Controller; or the processing is necessary to pursue the legitimate interests of the Data Controller or third parties.
SHARING AND DISCLOSING YOUR DATA
The data deriving from the web service may be shared with or disclosed to other companies in the Baglioni Hotels group in third countries.
HOW YOUR DATA MAY BE KEPT AND PROCESSED
The personal data collected is processed using specific security measures to prevent data loss, unlawful or improper uses, and unauthorised access.
The data collected is processed by Baglioni Hotels staff who are authorised to process data.
The data is processed at the Data Controller’s premises. The data used will be kept for only as long as is necessary to achieve the purposes for which it was collected, or for as long as the law dictates.
You may assert your rights, as stated in articles 15 et seq. of the GDPR, at any time, in particular: the right to access your data and to have it corrected or deleted; the right to place limits on how it is processed and to object to the processing; the right to withdraw consent for the processing; and the right to complain to a supervisory authority.
To do so, please email the DPO at email@example.com.