Hotel Aquarius Logo

Privacy Policy

The company Aquarius by Polizzano Vincenzo & C. S.A.S., owner of the Aquarius hotel (hereinafter referred to as the “Controller”), in its capacity as Data Controller pursuant to Articles 4 and 28 of Legislative Decree June 30, 2003, no. 196 – Personal Data Protection Code (hereinafter the “Code”) and Articles 4, no. 7) and 24 of EU Regulation 2016/679 of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data (hereinafter the “Regulation”), informs, in accordance with art. 13 of the Code and 13 of the Regulation, that it will proceed to process personal data related to users who have completed the forms on the website of the hotel

1. Subject of the processing

The processed data consists of personal information and contact details.

The personal data provided by the user through forms are collected and processed solely for the purpose of establishing initial contact for availability requests and quotes in accommodation facilities or to make reservations.

The provision of the requested data is mandatory as it is necessary to provide the service, and any refusal to provide such data could result in the failure to finalize or maintain the contractual relationship.

The processing will be carried out using digital and/or analog means. The data will not be subject to public disclosure.

In the event of a reservation confirmation, in accordance with art. 130, paragraph 4 of the Privacy Code, we may use the email of the interested party for sending newsletters for commercial purposes related to services similar to those subject to the contract already concluded with the Controller.

2. Purposes of the processing

The processing of data will be carried out to allow the performance of activities related to the establishment and management of the service requested from the controller.

The data will be processed lawfully, fairly, and with the utmost confidentiality, in compliance with the minimum security measures as provided by the Code and the Regulation.

It is specified that the email address indicated by the user in the specific forms will be exported to a CRM for sending commercial emails, in accordance with art. 130, paragraph 4 of the Privacy Code.

3. Processing methods

The Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case, not beyond 10 years from the termination of the contract.

4. Data communication

The Controller may communicate the data for the purposes referred to in art. 2 to all other subjects to whom communication is mandatory by law for the fulfillment of purposes provided by the law. However, the aforementioned data will not be disclosed.

5. Data retention and transfer

The management and storage of personal data will take place on servers located within the European Union of the Controller and/or third-party companies duly appointed as Data Processors. Currently, the servers are located in Italy. The data will not be transferred outside the European Union.

6. Rights of the data subject

The customer, as the data subject, has the rights provided for in art. 7 of the Privacy Code and art. 15 of the Regulation, specifically:

1. The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form.

2. The data subject has the right to obtain:

a) Information on the origin of the personal data;

b) Details regarding the purposes and methods of the processing;

c) Explanation of the logic involved in case of processing carried out with electronic tools;

d) Identification details of the controller, processors, and representatives;

e) Information on the entities or categories of entities to whom the personal data may be communicated or who may become aware of it as appointed representatives within the territory of the State, processors, or authorized personnel.

3. The data subject has the right to obtain:

a) Update, rectification, or integration of data, when interested;

b) Erasure, anonymization, or blocking of unlawfully processed data, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) Confirmation that the operations in (a) and (b) have been notified, including their contents, to those to whom the data were communicated or disclosed, except if this requirement proves impossible or involves a disproportionate effort compared to the right to be protected.

4. The data subject has the right to object, in whole or in part:

a) Based on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;

b) To the processing of personal data concerning them for the purpose of direct marketing not covered by Article 2.

Also, in accordance with Articles 15 and subsequent of the GDPR, the user has the right to request, at any time, access to their personal data, rectification, or erasure of the data, restriction of processing as per Article 18 of the GDPR, and to receive the personal data concerning them in a structured, commonly used, and machine-readable format in cases specified in Article 20 of the GDPR. At any time, the user can withdraw the consent previously given under Article 7 of the GDPR, lodge a complaint with the competent supervisory authority under Article 77 of the GDPR if they believe that the processing of their data violates the legislation in force.

The user can lodge an objection to the processing of their personal data under Article 21 of the GDPR, providing reasons justifying the objection. The Controller reserves the right to assess the request, which would not be accepted in the presence of compelling legitimate reasons that prevail over the interests, rights, and freedoms of the user.

The data subject can exercise the rights mentioned above at any time by sending:

– an email to the address