+39 06 92592658 - info@romaborgo91.it
At B&B Roma Borgo91 we are care about the privacy and protection of personal data of our guests, users of our services and visitors of our website (“data subjects”) and adopt all the indications and requirements of the European Regulation EU 2016/679 (“GDPR”) and the Italian legislation on data protection (Dlgs 196/03 and subs.).
In this Privacy Policy we provide data subjects with information on the processing of personal data according to Articles 13 and 14 of the GDPR, when B&B Roma Borgo 91 acts as the Data Controller (“Controller”), i.e. when we determine the purposes and means of the processing of personal data.
The Data Controller is Bed & Breakfast Roma Borgo91, whose contact details are available in the specific section of this Privacy Policy. In the rest of the document “we” and “our” and “Roma Borgo91” refer to the Controller.
By using our website www.romaborgo91.it (“website“) and our lodging services, you agree to the terms specified in this Privacy Policy.
In this section we describe:
We may process personal data that Data Subjects provide to us through telephone, web, email, social networks, travel portals (“OTAs”) etc., to request information about the goods and/or services we offer (“enquiry data”). Inquiry data may include personal and contact data, such as e.g. First Name, Last Name, language, telephone, email address etc., and is used with the purpose of providing data subjects for information and quotes on the services offered by the Owner.
The legal basis for this processing is the necessity to the execution of pre-contractual measures taken at the request of the data subject (Art. 6.1.b)
We could treat the personal data provided by Interessie provided by Interessie provided by our services reception and that confer own personal data and group group in the course use our services (“service data”). Service data may include, in addition to general personal and contact data (including data relating to minors) such as e.g. first and last name, telephone, email, gender, date and place of birth, place of residence, etc., also identification data such as Tax Identification Number, Identity Document Number, etc., and economic data, e.g., bank account data, credit card data, etc. These data are necessary for the obligations of guest registration and administrative paperwork related to services.
Exceptionally we may process personal data of special categories such disabilities or food intolerance etc., necessary to set service elements, such as access to the structure, breakfast preparation etc.
Depending on the instances and categories of data, the legal basis for the processing may be one or more of the following:
We may use some of the request and service data, e.g., First Name, Last Name, email, telephone and date of birth, for promotional and direct marketing activities (“direct marketing data”) to propose to the data subjects goods or services provided by the Data Controller or similar to those already purchased by the data subjects.
The legal basis for this processing is Article 130 of the Italian Privacy Code (D.Lgs.108/2018), which allows in this case the sending of direct marketing without the specific consent of the data subject, provided that the right to stop such sending at the request of the data subject is guaranteed.
We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Our analytics system processes these data and produces aggregate anonymous reports for the purposes of analyzing the use of the website and services.
The legal basis for this processing is our legitimate interests of monitoring and enhancing our website and services (article 6.1.f), applicable because the anonymous form of the report does not present any risks for the individual data subjects.
We may process your personal data identified in this document where necessary for the establishment, exercise or defense of legal claims, whether in judicial proceedings or in an administrative or extrajudicial procedure. The legal basis for this processing is our legitimate interests, i.e. the protection and assertion of our legal rights, your legal rights and the legal rights of third parties.
We may process your personal data identified in this document in aggregate form where necessary for the purpose of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the adequate protection of our company against risks.
In addition to the specific purposes for which we may process personal data set out in this chapter, we may also process your personal data where such processing is necessary to fulfill a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.
Please do not provide us with other people’s personal data unless you are requested to do so.
For more information about the use of cookies on our site, please see our Cookie Policy.
In processing your personal data, we have taken all necessary precautions for the highest possible security by adopting and continuously updating technical and organizational measures provided for in Articles 32, 33, 34, 35 and 36 of the GDPR. These measures include the following:
Further information on the security measures taken can be requested from the Controller at any time.
We do not transfer data outside the European Union unless there are specific obligations requiring us to do so. In that case we apply the necessary measures to ensure the security of personal data and respect for the freedoms and rights of data subjects.
Personal data are retained for as long as necessary to ensure the purposes of processing and in accordance with current regulations regarding the legal retention of specific categories of data.
In this Section, we have summarized the Holder’s rights enshrined in Articles 15-22 of the GDPR. Some of the rights are complex and not all details have been included in our summaries. As a result, you should read the relevant laws and guidance from regulatory authorities for a full explanation of these rights.
You can exercise rights in relation to your data personal sending a written communication to our contacts.
You have the right to access your personal data processed by us to have any inaccurate personal data of your own corrected and, taking into account the purposes of the processing, to have incomplete personal data of your own completed.
Under certain circumstances you have the right to have your personal data deleted without undue delay. These circumstances include: the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you revoke consent to processing based on consent; you object to processing under certain rules of the applicable data protection law; the processing is for direct marketing purposes; and the personal data has been processed unlawfully. However, there are exclusions to the right to erasure. General exclusions include when the processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal disputes.
Under certain circumstances you have the right to restrict the processing of your personal data. Such circumstances are: you object to the accuracy of the personal data; the processing is unlawful but you object to deletion; we no longer need the personal data for the purposes of our processing, but require personal data for the establishment, exercise or defense of legal claims; and you have objected to the processing, pending verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will process it only otherwise: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to the processing of your personal information on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or the exercise of any official authority vested in us; or the purposes of legitimate interests pursued by us or a third party. If you make such an objection, we will cease processing your personal information unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to the processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will stop processing your personal data for this purpose.
You have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.
To the extent that
If you believe that our processing of your personal information violates data protection laws, you have the legal right to appeal to a data protection supervisory authority. You can do so in the EU member state of your citizenship or habitual residence.
you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where the rights and freedoms of others are affected.
To the extent that the legal basis for processing personal data is consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal of consent.
The data Controller is B&B Roma Borgo91 – Borgo Vittorio 91, 00193 Rome – Italy.
Any request for information or to exercise the rights of data subjects may be sent:
This is version 2.0 as of 03/01/2024.
We may update the Privacy Policy by posting a new version on our website.