Privacy Policy

The following describes how we process the personal data of customers who consult the hoteluniversal.eu page and who use our services.  

Hotel Universal di Renzo Guddemi VAT number 01789560495 GDDRNZ86D13E625F with registered office in Livorno Viale di Antignano 4, 57128 Livorno, Italy as data controller (hereinafter, “Data Controller”), informs you pursuant to art. 13 D.Lgs.  30.6.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and manner set out below   

Art. 1 Data processing   

Through the booking system accessible on our website and by filling in the form for request estimates, we may collect the following personal data in the following ways: 

  1. a) Reservation service 

The booking service accessible on the site is via access to the booking engine of Hotel in Cloud Professional (https://www.hotelincloud.com/). The data entered for the purpose of booking consist of name, surname, email, telephone, time of arrival, special requests, payment data. In particular, with regard to the booking application, please refer to the privacy policy of www.ciaomanager.com present at the following link https://www.iubenda.com/privacy-policy/80301362. The processing of the aforementioned data is necessary for the purpose of providing the booking service and for the execution of the hotel contract.   

  1. b) Request quotation and information 

Through the contact form the customer has the opportunity to ask for a quote. Its compilation includes the following data: name, surname, email, expected duration of stay/ event. The processing of such data is necessary for the purposes of drawing up the estimate requested.   

  1. c) Data provided voluntarily by email 

The optional, explicit and voluntary sending of e-mail to the addresses indicated on our site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the letter.  

The above data collected will be processed for the following purposes:  

booking service;  

request information;  

accounting, administrative and tax services;  

marketing purposes, communication of promotional offers, updating rates by subscribing to our newsletters, or specific consent issued at the time of booking in the structure;  

  1. d) Navigation data 

computer systems and software procedures for the operation of our website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects , but which by their very nature could, through processing and association with data held by third parties, allow to identify users. 

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI notation (Uniform resource identifier)  of the required resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server and other parameters related to the operating system and the computer environment of the user.  

This data is used only for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data may also be used to ascertain liability in the event of hypothetical computer crimes against the site.   

For further information, please refer to the Cookie Policy on our website (LINK)

Art. 2. Data controller  

In relation to the processing of data relating to the reservation, Evols S.r.l. – a company of the teamsystem group – with registered office in Via Del Santuario, 31 95028 Valverde (CT), tax code and VAT no. 04751990872, has been appointed Data Processor as well as by the Master Data Processing Agreement signed by the Data Controller and the Data Processor. 

The Data Controller has entrusted the aforementioned Data Controller with the task of processing the aforementioned types of personal data according to the indications provided and in full compliance with current legislation. A Data Protection Officer (DPO) has been appointed,  domiciled at the headquarters of teamsystem S.p.A., in via Sandro Pertini, 88 in Pesaro, who can be contacted at the following address: dpo@teamsystem.com or at the number 0721/42661.   

Art. 3 Method and duration of processing   

The processing of your personal data is carried out through the operations indicated in art.  4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, registration, organization,  storage, consultation, processing, modification, selection, extraction, comparison,  use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are processed both on paper, electronically and automatically. The Data Controller will process personal data for the time necessary to fulfil the above purposes and the execution of the hotel contract. In any case, the data will no longer be processed after the withdrawal of the data subject’s consent (unless required by law).   

Art. 4 Access and communication of data   

You are the holder of the right of access to your data at any time by making a simple request to the addresses indicated in this information notice in art. 9.  

Art. 5 Communication of data   

Your data may be made accessible and/ or communicated for the purposes referred to in art. 2 of this statement. Without prejudice to communications and dissemination carried out in compliance with legal obligations, the Data Controller may communicate his data, in Italy and/or abroad (as indicated in the following points) to:   

To employees and collaborators of the Data Controller, in their capacity as persons in charge and/or processors and/or system administrators;   

To technicians and/or collaborators for administrative, tax and accounting management and/or to fulfil specific legal obligations or for which external suppliers have been identified.   

Art. 6 Data transfer  

The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/ or third parties appointed and duly appointed as Data Processors. The data will not be transferred outside the European Union. It remains in any case understood that the Data Controller, if it becomes necessary, will have the right to move the server location in Italy and/or European Union and/or non-EU countries. In this case, the Data Controller ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by stipulating, where necessary, arrangements ensuring an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission. 

Art. 7 Mandatory nature of data provision   

 The provision of data for the purposes referred to in art. 2 lett. a) and b) is mandatory. Therefore,  If this does not happen, Hotel Universal will not be able to guarantee the services offered.     

Art. 8 Rights of the data subject  

 As data subject, he is the holder of the rights indicated by art. 7 Privacy Code and art. 15- 22 GDPR and precisely the rights of:  

  1. a) obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form; 
  2. b) Obtain the indication: the origin of the personal data; the purposes and methods of processing; the logic applied in the case of processing carried out with the help of electronic tools; the identification details of the owner; the responsible persons and the appointed representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; and of the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as a designated representative in the territory of the State, of responsible persons or persons in charge; 
  3. c) Obtain: updating, rectification or, where it is in your interest,  data integration; deletion, anonymisation or blocking

data processed in violation of the law, including those whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; the attestation that the transactions referred to in art. 8. a) and b) those to whom the data have been communicated or disseminated have been brought to the attention, including as regards their content, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right; 

  1. d) Object, in whole or in part: for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of the collection pursuant to Articles 6,  paragraph 1, letters e) or f) and 21 GDPR. This right will be exercised by the contact details indicated in art. 9 of this Where applicable, it also has the rights referred to in Articles. 16-20 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability), as well as the right to complain to the Supervisory Authority.

Art. 9 Procedures for exercising rights  

 You may at any time exercise your rights by sending: