Image Alt

Privacy policy

Our privacy policy

(1) Relevant regulation and Privacy Notice recipients

European General Data Policy Regulation (Reg. n. 679/2016 of April 26th 2016 related to natural person protection in relation to personal data processing and free movement of such data, especially the provision n. 13 of the Regulation, indicated in the following document also as ‘GDPR’) aims to ensure that personal data processing is performed respecting the rights, the fundamental freedom and the dignity of natural persons, with particular attention to privacy and personal identity. GDPR establishes that the data subjects or person from whom personal data are collected will receive specific information about the purposes and the modalities of their data processing. If you did not reach 18 years old (eighteen), or if you have a limited ability to act, this Privacy Notice is addressed to the responsible person, as identified by the current Italian Law, who is the only subject allowed to provide us with the agreement to your personal data processing.

(2) Data Controller and Data Processors

As per GDPR, Ostello Bello S.p.a., with registered office in Milan (MI), Via dei Piatti n. 8, C.F. 07139620962, eMail: (indicated below as “Data Controller”) is responsible for the processing of your personal data that are acquired through compiling the required documentation for the check-in process. You can ask us the full list of Data Processors (both internal and third parties subjects) by sending us an eMail at the following e-mail address:

(3) Collected data typologies and processing purpose Data Controller ensures that your data inserted in the attached module will be collected and processed as per GDPR indications and they will be preserved only for the time strictly needed to execute the required hotellerie service. The lawfulness of the processing is based on the fact that the processing itself is necessary for the performance of a contract to which the data subject is (art. 6.1-b of GDPR), or, depending on the different cases, the processing is necessary for compliance with a legal obligation to which the Controller is subject (art. 6.1-c of GDPR). Only if you will provide us with your explicit consent, ticking the box “I consent to my data processing for promotion and direct/indirect marketing purposes”, we will use your data to send you updates and news on our activities (also when performed in partnership and/or collaboration with other subjects), in particular on services and events, surveys and/or opinions and/or dedicated discounts and for other types of communications related to services and for the statistical elaboration of studies and researches. The lawfulness for this typology of processing is your explicit consent (art. 6.1-a of GDPR) to the processing of your personal data for specific purposes. Your consent is optional (and you can freely modify it, also if you consented, sending a request to the following eMail address or through a different modality indicated by the Controller with no further formality); your eventual denial will not imply the impossibility to complete the furthermore indicated procedures.

(4) Personal data recipients

Your personal data can be communicated to private or public subjects that, in strict accordance with existing regulation, can access the data in compliance with the legal requirement in force (for example, but not limited to, officers of Financial Administration); security societies, within the limits that are strictly necessary to allow their duties; to subjects that are consultants of the Data Controller, prior an explicit letter as Data Processor from the Data Controller that requires that the confidentiality and security of the data processing are ensured. On no occasion your Personal Data will be shared or disclosed or communicated, with the exceptions above indicated, to third parties.

(5) Rights of data subjects

We remind you that GDPR confers you to the exercise of specific rights. Among them, you have the right to get confirmation of your personal data existence also if not yet registered, to the communication in an accessible format of your data, of their source and of the methodology and the purpose of the processing. In particular, you have the right to obtain: confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (right of access, ex-art. 15 GDPR); the rectification of inaccurate personal data concerning you or to have incomplete personal data completed(right of rectification, ex-art. 16 GDPR); the erasure of your data, if one of the grounds included in the Regulation occurs (right to erasure, ex-art. 17 GDPR); the restriction of processing of your data when one of the conditions included in the Regulation applies (right to restriction of processing ex-art. 18 GDPR); the right to request the full and updated list of all the Processors authorized to your personal data processing.

(6) Personal Data protection

The Data Controller utilizes particularly advanced security technologies to protect the privacy and integrity of your data.

(7) Duration of preservation of personal data

We will preserve your personal data for all the time that is needed to comply with legal requirements, resolve legal disputes and have agreements implemented and respected. Your personal data will be preserved, in compliance with the law, for a period not longer than the needed one to pursue the purposes for which the Data Controller is treating them. In particular: in relation to the existing contract, data will be preserved for the periods defined by regulating law. Upon termination of the contractual relationship, civil law related data will be conserved for ten years; in relation to the personal data management that user-provided voluntarily when registered to our services that can be accessed through credentials and/or to the newsletter, we will preserve the data till the registration is active; in relation with user personal data processing for marketing purposes and analysis of behaviour and consumer choices purposes, only if you provided to us a specific consent (optional) we will preserve the collected data only for the strictly needed period to manage the above-mentioned purposes. We will preserve these data following criteria that respect existing law and that balance Data Controller legitimate interests and users rights and freedom. Data Controller will use user data for these purposes for a maximum period of 24 months, and after we will proceed to cancellation, in case of lack of specific norms that define different preservation periods and of lack of a new explicit uses consent, requested when the due date will be approaching. In relation to user personal data for profiling purposes, only in case the user-provided a specific consent (option), Data Controller will preserve the data for the period strictly necessary to manage the above-described purposes. We will preserve these data following criteria that respect existing law and that balance our legitimate interests and your rights and freedom. We will use user data for these purposes for a maximum period of 12 months, and after we will proceed to cancellation, in case of lack of specific norms that define different preservation periods and of lack of a new explicit uses consent, requested when the due date will be approaching.

(8) Information

You can exercise the aforementioned rights at any moment, submitting a simple request to the Data Controller to the following eMail address or the physical address indicated in the provision “Data Controller”.

We will contact the user as soon as possible and, in all cases in less than 30 (thirty) days from the requested date.

(9) Complaints

If you believe that the personal data protection law has been breached, in relation to your personal data processing, you have the right to present a complaint to the local Authority for data protection in the European Economic Area (EEA). You can find details of the different local Authorities, based on user located country, at the following link.