top of page

PRIVACY POLICY

Terms & Conditions

 

This page describes how the personal data of users who visit the website hotelparadisocomo.com are processed.

The following information applies to all entities within the Smart Family Hotel group (www.smartfamilyhotel.comwww.hotelparadisocomo.comwww.mamagina.itwww.hotelgardeniafiera.comwww.lapolenteria.com). Smart Family Hotel s.r.l., with its registered office at Via Giacomo Scalini 70, Brunate 22034 Como (hereinafter referred to as the “Data Controller”), as the data controller, informs you in accordance with Article 13 of EU Regulation No. 2016/679 (hereinafter “GDPR”) that your data will be processed in the following ways and for the following purposes:

​​

  1. Object of the Processing The Data Controller processes personal and identifying data (e.g., name, surname, company name, address, phone number, email, banking and payment details) hereinafter referred to as "personal data" or simply "data" (e.g., information about your stays, including arrival and departure dates, special requests, and your preferences for services: room preferences, services, or other) that you provide when entering into contracts for the Data Controller's services.
     

  2. Purposes of Processing Your personal data is processed: A) Without your explicit consent (Article 6, letter b, GDPR), for the following service purposes:

  • To conclude contracts for the Data Controller’s services;

  • To complete and manage bookings;

  • Customer assistance;

  • To fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with you;

  • To comply with legal obligations, regulations, community law, or orders from authorities (e.g., in matters of anti-money laundering);

  • To exercise the Data Controller's rights, such as the right to defense in legal proceedings.

B) Only with your specific and separate consent (Article 7, GDPR), for the following marketing purposes:

  • To send you via email, mail, and/or SMS and/or phone contacts, newsletters, commercial communications, and/or advertising material regarding products or services offered by the Data Controller, as well as satisfaction surveys on the quality of services;

  • To send you via email, mail, and/or SMS and/or phone contacts, commercial and/or promotional communications from third parties. Please note that if you are already our customer, we may send you commercial communications related to products and services of the Data Controller that are similar to those you have already used, unless you object.
     

3. Methods of Processing

  • The processing of your personal data is carried out through the operations indicated in Article 4, No. 2 of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data will be processed both in paper and electronic and/or automated forms.

  • The Data Controller will process personal data for the time necessary to fulfill the purposes described above and in any case for no longer than 20 years from the termination of the relationship for Service Purposes, and for no longer than 5 years from the collection of data for Marketing Purposes.
     

4. Access to Data

  • Your data may be made accessible for the purposes specified in Article 2.A) and 2.B):

  • To employees and collaborators of the Data Controller or companies within the Smart Family Hotel s.r.l. group, both in Italy and abroad, in their capacity as internal data processors and/or system administrators;

  • To third-party companies or other entities (for example, hosting and cloud services, professional firms, consultants, suppliers, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
     

5. Data Communication

  • Without the need for explicit consent (Article 6, letters b) and c) GDPR), the Data Controller may communicate your data for the purposes specified in Article 2.A) to supervisory bodies, judicial authorities, and those subjects to whom the communication is mandatory by law in order to carry out the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disseminated.
     

​6. Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes of Article 2.A) is mandatory. Without it, we will not be able to guarantee you the Services referred to in Article 2.A). The provision of data for the purposes of Article 2.B), however, is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications, and advertising material related to the Services offered by the Data Controller. However, you will still have the right to the Services referred to in Article 2.A). Rights of the Data Subject
As a data subject, you have the rights provided for in Article 15 of the GDPR, specifically the rights to:
I. Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
II. Obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in the case of processing carried out with the aid of electronic tools; d) of the identification details of the Data Controller, the data processors, and the designated representative pursuant to Article 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them as the designated representative in the state territory, data processors, or persons in charge;
III. Obtain: a) the updating, rectification, or, where relevant, the integration of data; b) the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those that are not necessary to retain in relation to the purposes for which the data were collected or subsequently processed; c) the confirmation that the operations referred to in points a) and b) have been made known, including with regard to their content, to those to whom the data have been communicated or disclosed, except when this proves impossible or involves a manifestly disproportionate effort in relation to the protected right;
IV. Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if they are relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for market research or commercial communication, using automated calling systems without the intervention of an operator via email and/or through traditional marketing methods via phone and/or postal mail. Please note that the right of opposition of the data subject, as stated in the previous point b), for marketing purposes using automated methods extends to traditional methods, and the data subject may still exercise the right of opposition, even partially. Therefore, the data subject may choose to receive communications only through traditional methods, only automated communications, or neither type of communication. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority.

​

7. Methods of Exercising Rights
You may exercise your rights at any time by sending: a registered letter with return receipt to: Smart Family Hotel s.r.l., with registered office at Via Giacomo Scalini 70, Brunate 22034 Como, or an email to: amministrazione@smartfamilyhotel.com.

 

8. Minors
The Data Controller’s Services are not intended for individuals under the age of 18, and the Data Controller does not intentionally collect personal information about minors. In the event that information about minors is unintentionally recorded, the Data Controller will promptly delete it upon the request of the users.

​

9. Data Controller, Processor, and Appointed Persons
The Data Controller is Smart Family Hotel s.r.l. The updated list of data processors and appointed persons is kept at the registered office of the Data Controller.

 

10. Changes to this Privacy Notice
This Privacy Notice may be subject to changes. Therefore, it is recommended to regularly check this Notice and refer to the most up-to-date version.

bottom of page