Stampa
Hotel the Building S.r.l.
VIA SAMBUCA PISTOIESE 65
00138 Roma (ROMA)
P.IVA 12913971003
PEC: interniitalianicontractsrl@legalmail.it
Cod. Doc. 21756.51.466136.2668696

Information notice

Privacy Policy concerning the processing of personal data pursuant to articles 13-14 of (EU) Regulation 2016/679

Data subject: customers.

Hotel the Building S.r.l. with operating office in via Montebello 126 - Rome and registered office in via Sambuca Pistoiese n. 65 - Rome, as Data Controller in relation to the processing of your personal data pursuant to (EU) Reg. 2016/679 (hereinafter 'GDPR')We inform you that the aforementioned regulation protects data subjects in relation to the processing of their personal data and that such processing will take place in a fair, lawful and transparent manner, protecting your privacy and your rights.

Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.

During the indicated processing, the Controller may operate on common categories of personal data and in detail: Address data, Bank data, Contact data, Credit and debit cards provided as collateral and/or for balance, Data related to purchases or use of services, details of your stay in the hotel (arrival, departure, etc.), economical, commercial, financial and insurance activities, family data and personal circumstances (e.g. tax relief, health exemptions, etc.), Personal data, Profiling data

In addition, the Data Controller may obtain knowledge of special categories of data, as follows: data on the state of health . Personal data in these special categories are processed in compliance with art. 9 of the GDPR.

Purposes and legal basis of processing: specifically, your data will be processed for the following purposes, relating to the fulfilment of legal obligations:

  • Managing of controversy;
  • legal compliance with regard to taxation and accounting;
  • records for the purposes of police control.

Your data will also be processed for the following purposes relative to the performance of measures connected to contractual or preliminary obligations:

  • After sales support;
  • Historical filing system of customer invoices;
  • Clients management;
  • follow up customer or potential customer requests and manage pre-contractual or contractual obligations;
  • Detection of the degree of customer satisfaction;
  • Quality Management;
  • use of the fitness area;
  • follow up customer or potential customer requests and manage pre-contractual or contractual obligations.

Further to your consent, your personal data may be used for the following purposes:

  • take advantage of the access to the fitness area inside the Hotel the Building. The processing of health data will be limited to the declaration by the hotel customer regarding the general state of health of the same, in such a way as to be able to take advantage of the access to the fitness area inside the Hotel the Building;
  • make use of the service of receiving messages and phone calls addressed to the person concerned during the hotel stay;
  • possibly to satisfy market surveys, statistics and receive promotional communications regarding the activities dedicated to customers at the email address eventually communicated.;
  • storage of data recorded for the purposes of communications to public security authorities (decree of the Ministry of Interior 7 January 2013). The request for such data is justified by art. 109 of the Consolidated Law of Public Safety as specified in the extended information, being, therefore, a legal obligation to which the Data Controller must comply.;
  • use the SPA services within the Hotel the Building. The processing of health data will be limited to the declaration by the customer regarding his general state of health, in order to be able to take advantage of access to the SPA area.

Your contribution of data is optional with regard to the abovementioned purpose, and any refusal of consent will not affect the continuation of the relationship or the congruency of the processing.

Processing procedures. Your personal data may be processed by the following ways:

  • computer processing.

All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.

Your data will only be processed by persons specifically authorised by the Data Controller, and specifically by the following categories of authorized persons:

  • Admnistration office;
  • Employees of the Data Controller;
  • Marketing office;
  • have been designated in writing all natural persons, in charge of processing, authorized to use the facilities and, in cases where it is indispensable for the purposes pursued, to view the records (art. 30 of the Code).

Disclosure. Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:

  • banks and lenders;
  • consultant and freelance professionals, also working as firms;
  • Public/private subjects whose data transmission is mandatory or necessary in compliance with regulations or functional to the relationship management;
  • Police headquarters;
  • Freight Forwarders and Logistics Companies.

Distribution: Your personal data will not be distributed in any way.

Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:

  • EU countries;
  • Safe extra EU countries.

Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:

  • 10 years from the contract year or the last contract termination;
  • established in a period of time not exceeding the fulfillment of legal obligations and for the protection in litigation;
  • Established within a period of time not exceeding the fulfilment of legal obligations;
  • set for a timing not larger than the one which implies its purpose achievement, given the aim to collect data, and collected and processed for the execution and fulfillment of contract purposes;
  • established as a period of time not exceeding the purposes for which the data were collected and processed and complying with the compulsory times required by law.;
  • The data acquired for communication to the police can be stored at the accommodation, only after the acquisition of the customer’s consent for 2 years.

Data Controller: the Data Controller, as defined by the Law, is Hotel the Building S.r.l. with registered office in (VIA SAMBUCA PISTOIESE 65 , 00138 Roma (ROMA), VAT no. 12913971003) in the person of its current legal representative and operating office in via Montebello 126 - Rome, contactable at the following e-mail address:privacy@progetti turistici.com


The Data Protection Officer (DPO) designated by the data controller pursuant to art.37 of the GDPR is:
U.C.GROUP s.r.l with registered office in Via Lima 7, 00198 Roma, P. iva 11316521001, and can be contacted at the following e-mail address: dpo@uc-group.it

You are entitled, by application to the Data Controller, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.

You may also examine whenever you like the updated version of the present report by connecting to the following web site https://www.privacylab.it/informativa.php?21756466136&lang=en.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.

2. The data subject has the right to be informed of:

  1. the source of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied if the data are processed by electronic devices;
  4. the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
  5. the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.

3. The data subject is entitled to obtain:

  1. the updating, rectification or, where interested therein, integration of the data;
  2. the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
  3. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
  4. the portability of the data.

4. The data subject has the right to object, in whole or in part:

  1. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
  2. to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.