Privacy Reservations
PURSUANT TO ARTICLES 13 AND 14 OF THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 AND LEGISLATIVE DECREE 196/2003 AND SUCH ANNEX II, when you visit this website, personal information and data may be collected, as indicated in this policy. This policy applies exclusively to this website.
The Data Controller
The Data Controller for Hotel Maggiore is HIM Srl , with registered office in Via Emilia Ponente n. 62/3 – 40133 Bologna (BO), VAT number 03938541202, in the person of its Legal Representative.
The Data Controller has not designated a Data Protection Officer (DPO), as it is not subject to the designation requirement set forth in Article 37 of the Regulation.
Types of data processed and purposes of processing
Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user's operating system and IT environment.
This data, necessary for the use of web services, is also processed for the purpose of:
- obtain statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.
Browsing data does not persist for more than seven days (except where required by judicial authorities to investigate crimes).
Data communicated by the user
The optional, explicit, and voluntary sending of messages to the Data Controller's contact addresses, private messages sent by users to social media profiles/pages (where this option is available), as well as the completion and submission of forms on the Data Controller's website, entails the acquisition of the sender's contact information, necessary for a response, as well as all personal data included in the communications.
Providing certain personal data is mandatory to access the requested services, and failure to provide it may prevent access. Mandatory personal data is marked with an asterisk.
In cases where certain data is indicated as non-mandatory, the interested party is free to refrain from providing such data, without this having any impact on the availability or operation of the service.
Interested parties who have doubts about which data is mandatory are encouraged to contact the Data Controller.
Specifically, your data will be collected to process your requested booking. Users are asked not to provide irrelevant personal data; irrelevant data will be deleted or, at any rate, disregarded.
The data transmitted through this page are processed only for the purpose of completing the Customer's booking, based on the pre-contractual relationship between the parties.
Cookies and other tracking systems
For details, see the cookie policy presented on this website.
Legal basis for processing
The legal basis for the processing is as follows:
- processing is necessary for compliance with a legal obligation to which the Data Controller is subject, pursuant to art. 6, paragraph 1, letter c) of EU Regulation 2016/679;
- processing is necessary for the pursuit of the legitimate interests pursued by the Data Controller or by third parties, pursuant to art. 6, paragraph 1, letter f) of EU Regulation 2016/679;
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the data subject's request prior to entering into a contract, pursuant to Article 6, paragraph 1, letter b) of EU Regulation 679/2016;
- The processing is carried out on the basis of the data subject's consent, pursuant to art. 6, paragraph 1, letter a) of EU Regulation 2016/679.
However, you may ask the Data Controller to clarify the specific legal basis for each processing operation and, in particular, to specify whether the processing is based on the law or required by a contractual or pre-contractual relationship.
Processing methods
The data is processed by appointed company personnel and is not disclosed to unauthorized third parties.
The processing is carried out using computerized and/or electronic means and in an automated and/or manual manner, in compliance with the provisions of Article 32 of GDPR 2016/679 regarding security measures, by specially appointed persons and in compliance with the provisions of Article 29 of GDPR 2016/679.
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.
In addition to the Data Controller, in some cases, other parties involved in providing the services offered and in the organization of this website (hosting providers, IT companies, archiving, collection, printing, shipping, and email management, communications agencies, and postal couriers) may have access to the data, as well as external parties appointed, if necessary, as Data Processors by the Data Controller. An updated list of Data Processors can be requested from the Data Controller at any time.
Transfer of personal data
The data is processed at the Data Controller's operating offices and in any other locations where the parties involved in the processing are located. For further information, please contact the Data Controller.
The data subject's personal data is not transferred outside the European Union.
Retention period
In compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Article 5 of GDPR 2016/679, the data subject's personal data will be retained for the period of time necessary to achieve the purposes for which they are collected and processed or to defend/exercise a legal claim.
When processing is based on the data subject's consent, the Data Controller may retain personal data for a longer period until such consent is revoked. Furthermore, the Data Controller may be required to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, personal data will be deleted. Therefore, upon reaching this deadline, the rights to access, erasure, rectification, and data portability can no longer be exercised.
Data Subject Rights
Pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, the data subject may exercise at any time the right to:
a) request confirmation as to whether or not personal data concerning him or her are being processed;
b) obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and, where possible, the retention period;
c) obtain rectification or erasure of data;
d) obtain restriction of processing;
e) obtain data portability, i.e., receive the data from a data controller in a structured, commonly used, and machine-readable format, and transmit the data to another data controller without hindrance;
f) object to processing at any time. Data subjects are reminded that, if their data is processed for direct marketing purposes, they may object to the processing without providing any reason.
g) request from the data controller access to, rectification or erasure of, or restriction of processing concerning the data subject, or to object to processing, as well as the right to data portability;
h) withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
i) lodge a complaint with a supervisory authority. The data subject has the right to lodge a complaint with the Italian Data Protection Authority, located in Rome, Via di Monte Citorio 121 (tel. +39 06696771), following the procedures and instructions published on the Authority's website www.garanteprivacy.it
Contact details of the Data Controller
To contact the Data Controller, please use the following contact details:
- by email, to the address:
- by phone: +39.051.381634
- by regular mail: Via Emilia Ponente n. 62/3 – 40133 Bologna (BO)