PRIVACY POLICY

This information is provided in accordance with Article 13 of the GDPR 679/2016 “General Data Protection Regulation“, containing provisions on the processing of personal data.

This Privacy Policy describes the privacy procedures adopted by the Baglioni Group for the collection of data:

• when you browse websites operated by us, from which you can access this Privacy Policy, including baglionihotels.com and other websites owned or controlled by the Baglioni Group (collectively referred to as the Websites);
• by means of software applications provided by us for use on PCs and mobile devices (the App);
• through the social pages under our control, through which this Privacy Policy can be accessed (collectively referred to as our Social Pages);
• through emails sent by us containing a link to this Privacy Policy or through online or face-to-face communication;
• from third parties such as Subsidiaries, Owners, as well as from Other Sources such as public databases, marketing partners and other third parties;
• when the user visits or stays in one of our properties, hotels, hotel company.

collectively, we refer to our Websites, Apps and Social Pages as “Online Services“.

For the processing purposes indicated in point 3 (excluding point 3V), the Data Controller is Baglioni Hotels S.p.A. with registered office in Milan, Via Pontaccio, 10

Limited to the processing purposes indicated in point 3.V (My Baglioni Programme), the Data Controller is Baglioni UK Ltd. with registered office at 60 Hyde Park Gate – London SW7 5BB, Company no. 4659208;

The Data Protection Officer (DPO) can be contacted at dpo@baglionihotels.com.

Navigation data

The computer systems and software procedures used to operate this website, in the course of normal operation, acquire certain personal data, the transmission of which is implied in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) form for the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.This data is also used with the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.

a. Personal data we may collect

When contacting or interacting with you, we may collect personal data that may include: personal and contact details; nationality, gender, passport or ID card number with date and place of issue; information relating to a booking and stay at one of our facilities; information relating to the purchase of a service; payment details, such as credit card number and other information on the same; preferences regarding marketing, consumption choices and habits; information on packages booked, including hotel, flight and car rental; information relating to participation in a programme (e.g. My Baglioni) in a competition, promotion or survey relating to the programme.

In particular:

b. Data collected at our properties and/or through online pre-registration/check in:

During the registration/check-in process at our properties, in addition to the above information, we may also use CCTV cameras, viewing or recording images of guests and visitors in common areas in order to ensure the safety of guests, our staff and properties. We may also collect personal information related to the services available at the properties, such as concierge service, spas, activities, babysitting service, equipment rental, car rental, the use of “electronic money” (monetics); with the guest’s consent, including in relation to children under 18 years of age staying at our properties (with the consent of the parent and/or legal guardian) we may also process special data, e.g. related to specific allergies, food intolerances in order to provide a better service and meet the guest’s particular needs.

c. Participation in “My Baglioni” Loyalty Programme:

By signing up to the My Baglioni Hotels Loyalty Programme (“Programme”) via the Website, the dedicated App, or in one of our hotels, you will be able to provide us with information about yourself when you are registered in the Programme, when you take part in a competition, promotion or survey linked to the Programme, when you use your My Baglioni Card. The information we process may include your first and last name, country of residence, address, email address and telephone number, your personal opinion about our services or your requests. As a Programme participant, each time you visit one of our hotels, we may collect the following information: general information about your stay, the hotels you stayed at, the date of your arrival and departure, the products and services you purchased, special requests you made, and notes about your preferences (including rooms, holiday preferences, type of services you requested, equipment and other services used). We also collect and process the name and email address of people suggested by Programme participants through the use of the “Suggest to a Friend” option. If your email was provided to us by a participant in our Programme through the use of the “Suggest to a Friend” option, we will retain the email address provided, your name and the number of emails sent to you. Please read the regulations of the My Baglioni Loyalty Programme available at https://my.baglionihotels.com/my-baglioni-loyalty-terms-of-use/

d. Data collected at events, cocktail parties, meetings:

In the case of organising an event, information such as the date, number of guests, details of guest rooms, and information on the organisation will be recorded (data on guests under a) and b) above may only be collected in the case of their stay). Should there be any need for third parties offering specific services for the event, information on the organisation may also be communicated to these third-party service providers (e.g. wedding planners, etc).

e. Links to third-party websites and services:

Our site may contain links to third-party websites. Baglioni Hotel S.p.a. is not responsible for the processing of personal data and information by these third parties. If you provide information on third-party sites, the data protection provisions and terms of use of services on third-party sites will apply, which we encourage you to read.

Therefore, this Privacy Policy does not apply to, and we assume no responsibility or liability for the privacy, data, or practices of entities not belonging to the Baglioni Group, including Owners, strategic business partners, or third parties who operate sites or services connected with the Baglioni Group Services.

We also assume no responsibility or liability for the collection, use, disclosure, or security policies and data procedures from other companies such as Facebook, Apple, Google, Microsoft, or any other application developer, application provider, social media platform provider, operating system provider, service provider, or wireless device, including with respect to Personal Data you provide to other companies through the Apps or our social media pages.

f. Personal data we collect from client service/email/telephone bookings and third parties:

• We collect personal data when a booking is made by telephone, when an email or fax is sent to us, or when you contact the booking service. This information may be recorded for training purposes.
• We may also collect personal information about you from third parties, including social media services in accordance with your service settings (e.g. WeChat, Twitter, Fb, Google, etc.) and from our partners (airlines, travel agencies, etc.).
• If you send or disclose Personal Data about other people to us or our suppliers (e.g. if you make a reservation for another person), you represent that you have the authority to do so and you authorise us to use the data in accordance with this Privacy Policy.
• Baglioni Group: we collect Personal Data and Other Data from other companies within the Baglioni Group for the purposes set out in this Privacy Policy, i.e. to provide and personalise the Services, communicate with you, promote loyalty programmes and achieve our business objectives.
• Owners: we collect Personal Data from Owners of the Baglioni Group branded properties we manage, who have signed a hotel management contract with us. The Owners are separate from the Baglioni Group.
• On-site and/or travel suppliers. We may collect Personal Data from spas, restaurants, wellness centres, concierges and retail outlets within our facilities.
• Linked Accounts: We collect Personal Data when you use your loyalty programme code or login data to the Online Services.
• Other Sources and Service Providers. We collect Personal Data from various third parties, such as public databases, joint marketing partners and online travel agencies.
• Online Services: we collect Personal Data when you interact with our Online Services, by performing actions such as, but not limited to, browsing, booking, purchasing goods and services from our Websites or Apps, when you send us messages, when you contact us or post on social media, when you subscribe to a newsletter or participate in surveys, contests or promotional offers.
• Internet-connected devices: we collect Personal Data from Internet-connected devices available in our facilities. For example, when connecting a device to the hotel network.

We use your information in a variety of ways, as specified below:

I. In order to comply with legal, administrative, accounting and tax obligations to which Baglioni Hotels S.p.a. is legally obliged;

II. To manage online, telephone and email bookings in order to follow up on your requests;

III. For the management of reception and accommodation services: managing check-in and check-out; processing payments; providing personalised on-site services (spa, babysitting, etc.); providing concierge services, luggage storage and parking; making arrangements with third-party suppliers on behalf of guests (e.g. organising taxi services, car rental, restaurant reservations, etc.); managing access to WI-FI (including through social logins), TV and other connectivity and entertainment services; providing room service; taking into account guests’ dietary restrictions, food intolerances and disabilities; managing housekeeping and dry cleaning services (taking into account clients’ preferences and special requirements); handling any client complaints; making clients’ presence at the hotel known to third parties, allowing operators to forward communications/messages and phone calls during their stay.

IV. To manage conferences and events;

V. To manage loyalty programmes (e.g. My Baglioni): to register, manage and respond to your request to participate in the Programme; to credit you with Programme points and enable you to use them in accordance with the Terms of the Programme;

VI. To gather residence information and carry out statistical processing of the data in aggregated form;

VII. To identify and assess your preferences, tastes, consumption choices and habits in order to offer you more targeted products and services that meet your needs; we may take note of anniversaries or birthdays so that we can offer you a gift or promotion on these special dates; we may keep track of your preferences about the types of activities you like to participate in or the services you usually request, to make sure that we can offer you similar experiences during any upcoming visit;

VIII. To send advertising, direct sales, market research and commercial communication material through traditional means (paper mail, telephone calls with operator) or through automated means (sms, mms, automated telephone calls, newsletters) – direct marketing;

IX. To communicate your contact details to businesses and/or companies that are partners of Baglioni Hotels Spa, which may process this data exclusively to send commercial and/or promotional communications about their products and services, as well as to carry out market research – third party marketing

X. On the basis of the regulations in force, Baglioni Hotels may use the email details you provide when purchasing one of our services and/or benefits to offer you services and benefits similar to those you have purchased. However, should you not wish to receive such communications, you may notify Baglioni Hotels at any time, using the link on the email communications you receive. In such a case, Baglioni Hotel will discontinue the aforementioned activity without delay.

XI. Handle requests, questions and any complaints from clients.

• Your personal data may be communicated or transferred within the Baglioni S.p.a. Group, between the companies, facilities, and hotel companies that are part of the same group, for the purposes indicated in this Privacy Policy, i.e. to provide and customise the services chosen, communicate with the client, promote loyalty programmes, and achieve corporate objectives. Some of these entities may be located outside the European Economic Area. In this regard, in order to guarantee you adequate protection of your personal data, we would like to inform you that the transfer/communication, where necessary, is regulated by Standard Contractual Clauses (BCR) containing a series of clauses that set out binding principles on the protection of personal data, which all parties belonging to the Baglioni Hotels S.p.a. Group are required to comply with.
• Owners: We disclose Personal Data to Owners of Baglioni Group hotels and resorts for the purposes described in this Privacy Policy. The Owners have a limited right to use certain Personal Data for their own purposes and therefore qualify as autonomous Data Controllers for the purposes of managing and coordinating your stay at the facilities and complying with their legal obligations, including maintaining books and records, and other compliance obligations.
• Your personal data may also be disclosed to third parties who provide outsourcing services (e.g. companies providing web hosting services, booking engines, data analysis, sending emails, marketing, etc.) to the Data Controller and who will act as Data Processors on the basis of a contract/appointment. You can request the updated list of data processors at any time.

Your data will only be processed for the purposes mentioned above under point 3, by personnel formally authorised to process personal data who have undertaken an obligation of confidentiality.

Each processing of your personal data is justified by one of the following legal prerequisites:

Pre-contractual/Contractual: Processing is necessary to execute a contract between the parties.

Legal obligation: Processing is necessary to fulfil a legal obligation.

Legitimate interest: Processing is necessary for the pursuit of the legitimate interest of the Data Controller, provided that the interests or fundamental rights and freedoms of the User, which require the protection of personal data, do not prevail.

Consent: Processing is only possible if you have given consent for specific purposes. In this case, you may revoke your prior consent at any time by contacting the Data Controller as indicated in article 7.

Your personal data are processed following the implementation and continuous updating of appropriate technical and organisational security measures aimed at preventing their accidental loss, unauthorised use or access, alteration or disclosure.

Your personal data are kept only as long as necessary to fulfil the purposes for which we collected them, including to meet any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes by other means, and applicable legal requirements.

All personal data are stored in electronic form on servers located in Europe.

If necessary, the Data Controller may also transfer the data outside the EU. In this case, the Data Controller hereby ensures that the extra-EU data transfer will be in compliance with the applicable legal provisions.

Transparency towards the User: through the booking engine, or by using the web-based reservation system provided by our suppliers, Processors, we may transfer some personal information to countries that according to the European Commission do not provide adequate data protection; these countries include the United States of America. Such providers may also be subject by law to surveillance by US intelligence agencies, even if the servers are located in Europe. By proceeding with the reservation and entering the personal data requested via the booking engine or using the web-based reservation system, the User therefore accepts that his or her personal data may be transferred to the United States of America and is aware of the risks he or she may incur as set out above.

In relation to the processing indicated in points 2 and 3, you may at any time request confirmation as to whether or not your personal data is being processed, and in relation to this you have the right to:

• request access to the data in order to obtain information on the purposes of the processing, the recipients to whom the data may be disclosed, the duration of the processing (if possible) and the possible consequences of processing based on profiling;
• revoke consent at any time, with no prejudice to the lawfulness of processing based on the consent given before revocation;
• request the rectification of personal data should they be inaccurate or incomplete;
• request the deletion of data if they are no longer needed by the Data Controller for the intended processing purposes, are inadequate for the processing purposes, the user has withdrawn his or her consent, or the data have been processed unlawfully;
• request the limitation of data processing, in the cases provided for by law;
• request the transfer of data to another Data Controller, in a commonly used, machine-readable format, without impediment from the current Data Controller;
• object to the processing of his or her data and, in particular, he or she has the right to object to decisions concerning him or her if they are based solely on automated processing of his or her data, including profiling;
• address the competent Authority if you believe that the processing of your personal data violates the applicable data protection legislation: by accessing the website http://www.garanteprivacy.it; if the request concerns the processing of your personal data in accordance with point 3V (My Baglioni Programme), where the Data Controller is Baglioni UK Ltd, by accessing the ICO website https://ico.org.uk.

To request further information on the processing of your personal data or to exercise your rights, in relation to personal data processed for the purposes set out in Section 3 (excluding Section 3V) you may:

• write to:
  Baglioni Hotels S.p.a.
  Via Pontaccio 10
  20121 – Milan
  Italy
• write to the email address:
  privacy@baglionihotels.com

To request further information on the processing of your personal data or to exercise your rights, in relation to personal data processed for the purposes referred to in Section 3 V you may:

• write to:
  Baglioni UK Ltd
  60 Hyde Park Gate –
  London SW7 5BB
  UK
• write to the email address:
  mybaglioni@baglionihotels.com

In any case, you can contact the Data Protection Officer (DPO) directly by writing to dpo@baglionihotels.com

For information regarding the use of cookies on this site, please read the Cookie Policy.

The Data Controller reserves the right to amend or simply update the content of this Privacy Policy, in part or in full, including as a result of changes in applicable legislation. Such changes will be binding as soon as they are published on the Site. If you continue to access or use the service after such publication, it is assumed that you have consented to these changes. Accordingly, the Data Controller invites you to visit this section regularly to acquaint yourself with the most recent and up-to-date version of the Privacy Policy so that you are always informed of the data collected and how it is used by the Data Controller.