Privacy Policy
This information is provided in accordance with Article 13 of the GDPR 679/2016 “General Data Protection Regulation”, containing provisions on the processing of personal data.
This Privacy Policy describes the privacy procedures adopted by BAGLIONI* for the collection of data:
- When you browse websites operated by us, from which you can access this Privacy Policy, including baglionihotels.com and other websites owned or controlled by the Baglioni Group (collectively referred to as the Websites);
- By means of software applications provided by us for use on PCs and mobile devices (the App);
- Through the social pages under our control, through which this Privacy Policy can be accessed (collectively referred to as our Social Pages);
- Through emails sent by us containing a link to this Privacy Policy or through online or face-to-face communication;
- From third parties such as Subsidiaries, Affiliates, Owners, as well as from Other Sources such as public databases, marketing partners and other third parties; • When the user visits or stays in one of our properties, hotels, hotel company.
- Hereunder, we make available to you privacy policies, applicable to clients and users who make reservations of our services through this website or via our call center from any country around the world in which we have commercial activities.
Collectively, we refer to our Websites, Apps and Social Pages as “Online Services”.
BAGLIONI*: to be considered as Baglioni Hotels S.p.A., its subsidiaries, affiliates, and its holding company.
1. DATA CONTROLLER
For the processing purposes indicated in this Privacy, the Data Controller is Baglioni Hotels S.p.A., with registered office in Milan, Via Pontaccio, 10.
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at dpo@baglionihotels.com
2. DATA PROCESSED
Navigation data The computer systems and software procedures used to operate this website, in the course of normal operation, acquire certain personal data, the transmission of which is implied in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) form for the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is also used with the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
Personal data we may collect When contacting or interacting with you, we may collect personal data that may include: personal and contact details; nationality, gender, passport or ID card number with date and place of issue; information relating to a booking and stay at one of our facilities; information relating to the purchase of a service; payment details, such as credit card number and other information on the same; preferences regarding marketing, consumption choices and habits; information on packages booked, including hotel, flight and car rental; information relating to participation in a programme in a competition, promotion or survey relating to the programme.
In particular:
- Data collected at our properties and / or through online pre-registration / check in: During the registration/check-in process at our properties, in addition to the above information, we may also use CCTV cameras, viewing or recording images of guests and visitors in common areas in order to ensure the safety of guests, our staff and properties. We may also collect personal information related to the services available at the properties, such as concierge service, spas, activities, babysitting service, equipment rental, car rental, the use of “electronic money” (monetics); with the guest’s consent, including in relation to children under 18 years of age staying at our properties (with the consent of the parent and/or legal guardian) we may also process special data, e.g. related to specific allergies, food intolerances in order to provide a better service and meet the guest’s particular needs.
- Data collected at events, cocktail parties, meetings: In the case of organizing an event, information such as the date, number of guests, details of guest rooms, and information on the organization will be recorded (data on guests under a) and b) above may only be collected in the case of their stay). Should there be any need for third parties offering specific services for the event, information on the organization may also be communicated to these third-party service providers (e.g. wedding planners, etc.).
- Links to third-party websites and services: Our site may contain links to third-party websites. BAGLIONI is not responsible for the processing of personal data and information by these third parties. If you provide information on third-party sites, the data protection provisions and terms of use of services on third-party sites will apply, which we encourage you to read.
Therefore, this Privacy Policy does not apply to, and we assume no responsibility or liability for the privacy, data, or practices of entities not belonging to BAGLIONI, including Owners, strategic business partners, or third parties who operate sites or services connected with BAGLIONI Services.
We also assume no responsibility or liability for the collection, use, disclosure, or security policies and data procedures from other companies such as Facebook, Apple, Google, Microsoft, or any other application developer, application provider, social media platform provider, operating system provider, service provider, or wireless device, including with respect to Personal Data you provide to other companies through the Apps or our social media pages. - Personal data we collect from client service / email / telephone bookings and third parties:
- We collect personal data when a booking is made by telephone, when an email or fax is sent to us, or when you contact the booking service. This information may be recorded for training purposes.
- We may also collect personal information about you from third parties, including social media services in accordance with your service settings (e.g. WeChat, Twitter, Fb, Google, etc.) and from our partners (airlines, travel agencies, etc.).
- If you send or disclose Personal Data about other people to us or our suppliers (e.g. if you make a reservation for another person), you represent that you have the authority to do so and you authorize us to use the data in accordance with this Privacy Policy.
- We collect Personal Data and Other Data from subsidiaries, affiliates, and holding company for the purposes set out in this Privacy Policy, i.e. to provide and personalize the Services, communicate with you, promote loyalty programmes and achieve our business objectives.
- Owners: we collect Personal Data from Owners we manage, who have signed a hotel management contract with us.
- On-site and/or travel suppliers. We may collect Personal Data from spas, restaurants, wellness centers, concierges and retail outlets within our facilities.
- Linked Accounts: We collect Personal Data when you use your loyalty programme code or login data to the Online Services.
- Other Sources and Service Providers: We collect Personal Data from various third parties, such as public databases, joint marketing partners and online travel agencies.
- Online Services: we collect Personal Data when you interact with our Online Services, by performing actions such as, but not limited to, browsing, booking, purchasing goods and services from our Websites or Apps, when you send us messages, when you contact us or post on social media, when you subscribe to a newsletter or participate in surveys, contests or promotional offers.
- Internet-connected devices: we collect Personal Data from Internet-connected devices available in our facilities. For example, when connecting a device to the hotel network.
3. PURPOSES OF DATA PROCESSING
We use your information in a variety of ways, as specified below:
- In order to comply with legal, administrative, accounting and tax;
- To manage online, telephone and email bookings in order to follow up on your requests;
- For the management of reception and accommodation services: managing check-in and check-out; processing payments; providing personalized on-site services (spa, babysitting, etc.); providing concierge services, luggage storage and parking; making arrangements with third-party suppliers on behalf of guests (e.g. organizing taxi services, car rental, restaurant reservations, etc.); managing access to WI-FI (including through social logins), TV and other connectivity and entertainment services; providing room service; taking into account guests’ dietary restrictions, food intolerances and disabilities; managing housekeeping and dry cleaning services (taking into account clients’ preferences and special requirements); handling any client complaints; making clients’ presence at the hotel known to third parties, allowing operators to forward communications/messages and phone calls during their stay.
- To manage conferences and events;
- To manage loyalty programmes;
- To gather residence information and carry out statistical processing of the data in aggregated form;
- To identify and assess your preferences, tastes, consumption choices and habits in order to offer you more targeted products and services that meet your needs; we may take note of anniversaries or birthdays so that we can offer you a gift or promotion on these special dates; we may keep track of your preferences about the types of activities you like to participate in or the services you usually request, to make sure that we can offer you similar experiences during any upcoming visit;
- To send advertising, direct sales, market research and commercial communication material through traditional means (paper mail, telephone calls with operator) or through automated means (sms, mms, automated telephone calls, newsletters) – direct marketing;
- To communicate your contact details to businesses and/or companies that are partners of BAGLIONI, which may process this data exclusively to send commercial and/or promotional communications about their products and services, as well as to carry out market research – third party marketing
- On the basis of the regulations in force, BAGLIONI may use the email details you provide when purchasing one of our services and/or benefits to offer you services and benefits similar to those you have purchased. However, should you not wish to receive such communications, you may notify BAGLIONI at any time, using the link on the email communications you receive. In such a case, BAGLIONI will discontinue the aforementioned activity without delay.
- Handle requests, questions and any complaints from clients.
4. COMMUNICATION AND TRANSFER OF PERSONAL DATA
- Your personal data may be communicated or transferred between Baglioni Hotels S.p.A., its subsidiaries, affiliates, and its holding company, for the purposes indicated in this Privacy Policy, i.e. to provide and customise the services chosen, communicate with the client, promote loyalty programmes, and achieve corporate objectives. Some of these entities may be located outside the European Economic Area, UK. In this regard, in order to guarantee you adequate protection of your personal data, we would like to inform you that the transfer/communication, where necessary, is regulated by Standard Contractual Clauses (SCC) containing a series of clauses that set out binding principles on the protection of personal data, which all parties belonging to BAGLIONI are required to comply with.
For more information contact us at dpo@baglionihotels.com
- Owners: We disclose Personal Data to Owners we manage for the purposes described in this Privacy Policy. The Owners have a limited right to use certain Personal Data for their own purposes and therefore qualify as autonomous Data Controllers for the purposes of managing and coordinating your stay at the facilities and complying with their legal obligations, including maintaining books and records, and other compliance obligations.
- Your personal data may also be disclosed to third parties who provide outsourcing services (e.g. companies providing web hosting services, booking engines, data analysis, sending emails, marketing, etc.) to the Data Controller and who will act as Data Processors on the basis of a contract/appointment. You can request the updated list of data processors at any time.
Your data will only be processed for the purposes mentioned above under point 3, by personnel formally authorized to process personal data who have undertaken an obligation of confidentiality.
5. LEGAL BASIS OF PROCESSING
Each processing of your personal data is justified by one of the following legal prerequisites:
Pre-contractual / Contractual: Processing is necessary to execute a contract between the parties.
Legal obligation: Processing is necessary to fulfil a legal obligation.
Legitimate interest: Processing is necessary for the pursuit of the legitimate interest of the Data Controller, provided that the interests or fundamental rights and freedoms of the User, which require the protection of personal data, do not prevail.
Consent: Processing is only possible if you have given consent for specific purposes. In this case, you may revoke your prior consent at any time by contacting the Data Controller as indicated in article 7.
6. METHODS OF DATA PROCESSING AND TRANSPARENCY
Your personal data are processed following the implementation and continuous updating of appropriate technical and organizational security measures aimed at preventing their accidental loss, unauthorized use or access, alteration or disclosure.
Your personal data are kept only as long as necessary to fulfil the purposes for which we collected them, including to meet any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes by other means, and applicable legal requirements.
Transparency towards the User: through the booking engine, or by using the webbased reservation system provided by our suppliers, Processors, we may transfer some personal information to countries that according to the European Commission do not provide adequate data protection; these countries include the United States of America. Such providers may also be subject by law to surveillance by US intelligence agencies, even if the servers are located in Europe. By proceeding with the reservation and entering the personal data requested via the booking engine or using the webbased reservation system, the User therefore accepts that his or her personal data may be transferred to the United States of America and is aware of the risks he or she may incur as set out above.
7. DATA SUBJECTS’ RIGHTS
In relation to the processing, you may at any time request confirmation as to whether or not your personal data is being processed, and in relation to this you have the right to:
- Request access to the data in order to obtain information on the purposes of the processing, the recipients to whom the data may be disclosed, the duration of the processing (if possible) and the possible consequences of processing based on profiling;
- Revoke consent at any time, with no prejudice to the lawfulness of processing based on the consent given before revocation;
- Request the rectification of personal data should they be inaccurate or incomplete;
- Request the deletion of data if they are no longer needed by the Data Controller for the intended processing purposes, are inadequate for the processing purposes, the user has withdrawn his or her consent, or the data have been processed unlawfully;
- Request the limitation of data processing, in the cases provided for by law;
- Request the transfer of data to another Data Controller, in a commonly used, machine-readable format, without impediment from the current Data Controller;
- Object to the processing of his or her data and, in particular, he or she has the right to object to decisions concerning him or her if they are based solely on automated processing of his or her data, including profiling;
- Address the competent Authority if you believe that the processing of your personal data violates the applicable data protection legislation: by accessing the website http://www.garanteprivacy.it;To request further information on the processing of your personal data or to exercise your rights:
Write to: Baglioni Hotels S.p.A. Via Pontaccio 10 20121 – Milan, Italy.
Write to the email address: privacy@baglionihotels.com
8. COOKIES
For information regarding the use of cookies on this site, please read the Cookie Policy.
9. CHANGES TO THE PRIVACY POLICY
The Data Controller reserves the right to amend or simply update the content of this Privacy Policy, in part or in full, including as a result of changes in applicable legislation. Such changes will be binding as soon as they are published on the Site. If you continue to access or use the service after such publication, it is assumed that you have consented to these changes. Accordingly, the Data Controller invites you to visit this section regularly to acquaint yourself with the most recent and up-to-date version of the Privacy Policy so that you are always informed of the data collected and how it is used by the Data Controller.
Last updated:
May 15th, 2023.