Privacy policy
Last updated on 02/11/2023
Contents
Dear Client, we would hereby like to inform you that your personal data will be stored carefully in the operating offices of Soges Group Spa.
The data Process Controller is Soges Group spa (VAT number 05019310480), with registered office in Via dei Caboto 49, 50127 Florence, phone +39 055.6532526, e-mail to be used for communications: privacy@soges-group.com.
You may exercise all the rights and faculties set forth in this notice.
We would also like to inform you that your signature at the bottom of this form is valid as consent to your data being processed, solely for what you authorised based on this information.
1) Type of data collected
At the time of booking we collect the following data: name, address, phone number, e-mail address, possibly an invoicing address that is not the one of residence, booking details and other information possibly communicated to the organisation or requested by it. Data related to the names and information of people travelling with the user if the latter has provided them will also be processed.
If the booking is made by credit card the number, expiry date, name of card owner are collected and used. Further personal data can also be collected and requested to personalise services the client would like to use such as, as an example, meals and other services paid for.
2) Purpose and legal basis of data processing
User data is collected and used to make the reservation and manage payments.
Data provided by you will be processed to assist you during bookings, confirm your booking and enable the supply of services provided by the location you will be lodging in.
The legal basis for data processing is therefore performance of the contract.
3) Methods used to process data
Data will be processed in the offices of So.ges and in any other place where the parties involved in processing are located.
Processing will be carried out using both electronic and non electronic means, in compliance with fundamental liberties and without breach of your confidentiality, inspired by the principles of transparency, fairness and for purposes that do not go beyond the aforementioned collection purposes. The data provided by the data subject will be stored in the operating offices of the Company for the time needed to fulfil the obligations for which it was collected.
That data will also be stored to fulfil obligations (tax and accounting) remaining after the contract has terminated.
After the contract has terminated, your data will be processed anonymously.
4) Communication and dissemination of data
Personal Data provided to the accommodation structure at the time of booking is mainly disclosed to third parties whose activities are needed to fulfil services related to the relationship established. In fact, that data can be shared with service companies that perform some of the activities carried out at the structure (suppliers of technical services, postal services) and to employees and collaborators of So.Ges appointed to process data (administrative, commercial personnel) and to other companies providing computer storage services appointed as processors.
The personal data may not be disseminated otherwise, except if that should arise from a specific legal obligation including as an example the obligation to send Police Headquarters the general details of clients lodging or to fulfil administrative, accounting and fiscal obligations.
5) Providing data
The provision of personal data is necessary for the conclusion of a contract.
6) Refusal to provide data
Any refusal by the data subject to provide his/her personal data could mean that the organisation is not able to provide the services.
Should the data subject not consent to his/her personal data being processed if the consent provided enables the booking to be personalised with additional, optional services, or to receive advertising offers, that processing will not take place for those purposes; without this having any effects on the supply of the services requested, nor on those for which he/she has already provided consent.
7) Rights of the data subject
The data subject has the right at any time to access personal data and exercise rights connected to the processing of data concerning him/her.
These rights include:
- obtaining an update, rectification or when interested in doing so the data being integrated;
- obtaining erasure, data being made anonymous or blocked if processed in breach of the law;
- objecting at any time to its data being processed if specific situations should occur;
- withdrawing consent previously given to data processing without prejudice to the lawfulness of processing based on consent before its withdrawal;
- the portability of data;
- presenting a complaint to the data protection Authority (Personal Data Protection Authority – www.garanteprivacy.it).