This page outlines the personal data protection policies implemented by MARTE Srl for users consulting the website and, more generally, for all those involved in data processing who interact with our hotel in various ways.
This notice is provided pursuant to Article 13 of the EU General Data Protection Regulation 2016/679 (hereinafter referred to as GDPR - General Data Protection Regulation) in particular for those who interact with the web services of the Indigo Hotel, Milan, which can be accessed electronically from the address:
This notice refers only to the Hotel Indigo website and not to any other websites that the user may consult by clicking on links.
DATA CONTROLLER AND PROCESSOR
Pursuant to Article 4, point 7 of the GDPR 2016/679, the Data Controller is MARTE Srl with registered offices in Via M. Melloni, 8 - 20129 Milan;
Pursuant to Article 28 of the GDPR 2016/679, the External Data Processor and System Administrator for the management of the hotel website is the company RELACTIONS Srl with registered office in Via Saturnia, 55 - 00183 Rome;
Pursuant to Article 28 of the GDPR 2016/679, the External Data Processor for bookings made via the booking platform integrated into the hotel website is the company InterContinental Hotels Group with registered offices in Broadwater Park
Denham, UB9 5HR
DATA PROCESSING SITE
The processing operations connected to the web services of this website take place at the Data Controller and Data Processors' registered office, and are carried out only by technical personnel of the processing service.
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this possibility, the data on web contacts do not currently persist for more than thirty days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
The voluntary completion of data acquisition forms to request specific services or to adhere to offers or to the purchase of services and products, entails the subsequent processing of the personal data provided to ensure the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same.
The services on this website are not intended for minors. We do not knowingly collect data, including Personal Data, from minors.
If we learn that we have collected Personal Data from a minor, we will immediately delete such data, unless we are required by law to retain such data. Please contact us if you believe that the Hotel has mistakenly or unintentionally collected information from a minor.
Personal data is processed using automated instruments for the amount of time required to fulfil the purposes for which they were collected. Specific safety measures are observed to prevent data loss, illicit and incorrect use and unauthorised access.
PURPOSE, LEGAL BASIS AND TYPE OF THE DATA PROVIDED
The Data Controller will process the Personal Data you provide through the Website for the following purposes:
a) To contact the hotel and make requests. The legal basis for the processing is based on Article 6 paragraph 1 letter b) of GDPR 2016/679, i.e. the processing is necessary for the performance of pre-contractual measures to which the data subject is party. Consent Not necessary;
b) to make a booking and make payment by credit card. The legal basis for the processing is based on Article 6 paragraph 1 letter b) of GDPR 2016/679, i.e. the processing is necessary for the performance of pre-contractual measures to which the data subject is party. Consent Not necessary;
c) to register for the free IHG Rewards Club loyalty programme in accordance with the terms and conditions set out on the Intercontinental Hotels Group website. The legal basis is based on Article 6 paragraph 1 letter a) of the GDPR 2016/679, i.e. it requires the Data Subject's explicit consent;
e) research and statistical analysis of anonymous aggregate data for the purpose of assessing the functioning of the Website, measuring traffic and assessing usability and interest in order to make it more functional and performing; consent not necessary as no personal data is processed;
g) Purposes related to compliance with laws and regulations. The legal basis is under Article 6 paragraph 1 letter c) of the GDPR 2016/679. Consent not required;
h) purposes necessary to establish, exercise or defend a right in court or whenever the courts exercise their judicial functions. The legal basis is under Article 6 paragraph 1 letter f) of GDPR 2016/679. Consent not required.
The data we process may include special categories of personal data as defined in Article 9 of the GDPR 2016/679, i.e. personal data relating to health or religion (food allergies, services for the disabled, menus related to religion, etc.) that you have voluntarily provided, with your consent, in the “Special request” fields of the booking form.
The data in question will be processed by guaranteeing suitable security measures, limited to the data and operations that are essential for fulfilling the obligations, including pre-contractual obligations, that the hotel assumes in its sector of activity, in order to provide specific goods, services or facilities requested by the data subject.
Pursuant to Article 9 of the GDPR 2016/679, we will always ask for explicit authorisation to process personal data, as we cannot know in advance whether the data subject will voluntarily enter data that falls into this category in the data acquisition forms.
This information notice, drawn up in accordance with Article 13 of EU Regulation 2016/679, may also be used by the data controller for any advertisements published for personnel recruitment on websites or portals not directly managed by the same.
The Company will process CVs received by e-mail or through third-party recruitment companies (publications on portals, etc.) to assess potential applications for employment within the Company or that may arise in the near future.
Processing is carried out electronically, with the exception of CVs received by ordinary mail.
CVs considered "interesting" will be stored at the company's offices for a period not exceeding one year and will be processed in full compliance with the minimum security measures set out in Article 32 of GDPR 2016/679.
CVs considered to be irrelevant as well as CVs with a retention period of more than 18 months will be discarded.
CVs will be stored at Hotel Indigo and will not be passed on to third parties.
In any case, we recommend you follow these indications for submitting CVs in electronic format:
1. Fill in your CV in the European format;
2. Submit your CV in pdf format;
3. avoid including in your CV special categories of personal data as defined by Article 9 of GDPR 2016/679 (relating, in particular, to your health status, religious, philosophical or political beliefs) that are not relevant to the job offer;
4. give consent to the processing of sensitive data relevant to the establishment of an employment relationship (e.g. belonging to protected categories).
The company reserves the right not to reject CVs that do not meet the above requirements.
The data in CVs will be handled for purposes strictly relating to staff assessment, recruitment or selection for long or short term employment or work experience, or to allow the selected candidate to prepare their degree thesis at our facilities.
TRANSFER OF PERSONAL DATA
The data controller undertakes to limit the areas of circulation and processing of personal data (e.g. storage, archiving, preservation of data on its servers) to countries within the European Union, with an express prohibition to transfer them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of the protection measures provided for by EU Regulation 2016/679 - CHAPTER V (adequacy decision, Standard Contractual Clauses or explicit consent from the data subject).
PERSONAL DATA COMMUNICATION AREAS
Personal data acquired through this website may be communicated to:
public authorities or offices, in order to meet legal and/or contractual obligations;
Relactions, a company with registered office in Via Saturnia, 55 - 00183 Rome and with office in P.zza J.F. Kennedy 27, 19125 La Spezia (SP), which is responsible for technical assistance on the website and the booking platform;
IHG international company, which is ran external data processor for the bookings;
banking institutes for the management of collections and payments resulting from the e-commerce transaction;
any consultants and external companies specifically appointed to perform tax and fiscal advisory services;
public authorities or offices, in order to meet legal and/or contractual obligations;
couriers for the sending of products.
The data controller will provide an updated list of external data processors on request, pursuant to art. 28 of GDPR 2016/679.
The data controller will process the data subjects' personal data for the time strictly necessary to achieve the purposes set out in this notice.
By way of example, the hotel will process Personal Data for the newsletter service until the data subject decides to unsubscribe from the service by simply clicking on the e-mail received.
Without prejudice to the above, the data controller will process your Personal Data up to the time allowed by Italian law to protect its interests (Article 2947(1)(3) of the Italian Civil Code).
Further information on the retention period of Personal Data and the criteria used to determine this period may be requested by contacting firstname.lastname@example.org
The company does not process data based on an automated decision-making process, including profiling, which produces legal effects or which may have a significant impact on the data subject.
DATA SUBJECT RIGHTS
The user may freely exercise the rights referred to in articles 15 and following of GDPR 2016/679 or:
revoke consent at any time. The user may revoke consent to the processing of their Personal Data as expressed above;
oppose the processing of their personal data. The User may object to the processing of their Data if it takes place on a legal basis other than consent;
access their Data. The User has the right to obtain information on the Data processed by the Data Controller and on certain aspects of the processing, and to receive a copy of the Data processed;
verify and request correction. The User may verify the accuracy of their Data and request that it be updated or corrected;
ask for its processing to be limited. When certain conditions are met, the User may request that the processing of their Data be limited. In this case, the Data Controller will not process the Data for any purpose other than its storage;
obtain the deletion or removal of Personal Data. When certain conditions are met, the User may request the cancellation of their Data by the Data Controller;
receive their Data or have them transferred to another data controller. The User has the right to receive their Data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain its transfer without hindrance to another data controller. This provision is applicable if the Data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures connected to it;
file a complaint. The User may file a complaint with the competent data protection supervisory authority or take legal action.
HOW TO EXERCISE USER RIGHTS
To exercise the rights referred to above, the data subject may contact the data controller by writing to the e-mail address: email@example.com
To exercise your rights in connection with your booking and enrolment in the IHG loyalty programme you can contact the Privacy Office of the main establishment in the EU located at Thurn-und-Taxis-Platz 60313 Frankfurt am Main Germany at firstname.lastname@example.org.
UPDATING AND REVISION