Personal data processing notice


Dear Client, we would hereby like to inform you that your personal data will be stored carefully in the operating offices of Soges Group SpA .
The data Process Controller is Soges Group SpA (VAT number 05019310480), with registered office in Via dei Caboto 49, 50127 Florence, phone +39 055.6532526, e-mail to be used for communications: privacy@soges-group.com.
You may exercise all the rights and faculties set forth in this notice.



1. Type of data collected

At the time of booking we collect the following data: name, address, phone number, e-mail address, possibly an invoicing address that is not the one of residence, booking details and other information possibly communicated to the organisation or requested by it. Data related to the names and information of people travelling with the user if the latter has provided them will also be processed.
If the booking is made by credit card the number, expiry date, name of card owner are collected and used. Further personal data can also be collected and requested to personalise services the client would like to use such as, as an example, meals and other services paid for.



2. Purpose and legal basis of data processing

User data is collected and used to make the reservation and manage payments.
Data provided by you will be processed to assist you to handle any requests received from contact forms, during bookings, confirm your booking and enable the supply of services provided by the location you will be lodging in.
The legal basis for data processing is therefore performance of the contract or for pre-contractual activities.



3. Methods used to process data

Data will be processed in the offices of So.ges and in any other place where the parties involved in processing are located.
Processing will be carried out using both electronic and non electronic means, in compliance with fundamental liberties and without breach of your confidentiality, inspired by the principles of transparency, fairness and for purposes that do not go beyond the aforementioned collection purposes. The data provided by the data subject will be stored by the Company for the time needed to fulfil the obligations for which it was collected.
For handling requests from the contact form, data will be kept for one year from the date of the last contact.
That data will also be stored to fulfil obligations (tax and accounting) remaining after the contract has terminated.
After the contract has terminated, your data will be processed anonymously.



4. Communication and dissemination of data

Personal Data provided to the accommodation structure at the time of booking is mainly disclosed to third parties whose activities are needed to fulfil services related to the relationship established. In fact, that data can be shared with service companies that perform some of the activities carried out at the structure (suppliers of technical services, postal services) and to employees and collaborators of So.Ges appointed to process data (administrative, commercial personnel) and to other companies providing computer storage services appointed as processors.
The personal data may not be disseminated otherwise, except if that should arise from a specific legal obligation including as an example the obligation to send Police Headquarters the general details of clients lodging or to fulfil administrative, accounting and fiscal obligations.



5. Providing data

The provision of personal data is necessary for the conclusion of a contract and for managing the pre-contractual phase or handling requests and information received.



6. Refusal to provide data

Any refusal by the data subject to provide his/her personal data could mean that the organisation is not able to provide the services.
Should the data subject not consent to his/her personal data being processed if the consent provided enables the booking to be personalised with additional, optional services, or to receive advertising offers, that processing will not take place for those purposes; without this having any effects on the supply of the services requested, nor on those for which he/she has already provided consent.



7. Rights of the data subject

The data subject has the right at any time to access personal data and exercise rights connected to the processing of data concerning him/her.
These rights include:

  1. obtaining an update, rectification or when interested in doing so the data being integrated;
  2. obtaining erasure, data being made anonymous or blocked if processed in breach of the law;
  3. objecting at any time to its data being processed if specific situations should occur;
  4. withdrawing consent previously given to data processing without prejudice to the lawfulness of processing based on consent before its withdrawal;
  5. the portability of data;
  6. presenting a complaint to the data protection Authority (Personal Data Protection Authority – www.garanteprivacy.it).
Book now