Privacy and Cookies Notice

Purpose and principles of data processing. In compliance with legal obligations on the matter, this page describes the methods of managing the website regarding the processing of personal data of users who browse it and interact with the web services accessible electronically from the address: www.th-resorts.com.
We inform you that HOTELTURIST will use your personal data to manage access to the portal and the services included therein, handle technical practices, perform all activities necessary or useful for the constant improvement of the service provided, and to ascertain responsibility in case of crimes against the Site and/or illegal acts carried out through the Site. Additional specific purposes related to individual processing may be identified in detail through supplementary notices within the various services included in the portal.
Browsing the Site may involve the processing of data relating to identified or identifiable persons. The personal data provided by users who browse the Site are processed by the communication recipient to follow up on received requests.
Index of topics (you can navigate by hovering the mouse over the list and clicking on the related text)

Logic and forms of processing organization

The logic and forms of processing organization will be strictly related to the individual purposes respectively indicated above. Processing will take place electronically, telematically, and/or on paper. Data during processing are subjected to protection measures activated by HOTELTURIST to ensure the data themselves against the risk of unauthorized access or unauthorized processing. For example, computerized personal data are accessible only by accessing various data processing or entry programs through the mandatory typing of personal passwords, by authorized personnel only by HOTELTURIST, who must in any case adhere to predetermined usage limits.

Are there cases of simplified consent or exemptions from the obligation of consent for direct marketing purposes?

Are there cases of simplified consent or exemptions from the obligation of consent for direct marketing purposes?
As permitted by current legislation and for the fulfillment of privacy obligations by HOTELTURIST respecting simplification principles (as per the General Provision of the Privacy Guarantor of 15.05.2013 – “Consent to the processing of personal data for direct marketing purposes through traditional and automated contact tools”), the consent required by HOTELTURIST concerning secondary purposes of profiling and direct marketing is unified and comprehensive for all possible means used for marketing processing (electronic/telematic, paper), as well as for all possible direct marketing purposes (without multiplying consent forms for each distinct marketing purpose pursued).

NB: HOTELTURIST may process personal data, using telephone calls with operators and ordinary mail, for the aforementioned secondary purposes without the prior specific consent of the data subject (in this case, the data subject’s right to object to processing by simplified methods and also electronically by registering the telephone number of which the data subject is the owner and other personal data related to subscribers in paper and electronic directories available to the public, in the Public Objection Register (http://www.registrodelleopposizioni.it/) provided by the Presidential Decree no. 178/2010, is reserved).
In case HOTELTURIST requests your phone number – for direct marketing purposes – and you have given optional and specific consent to its use, HOTELTURIST may process it even if the number is registered by you in the Public Objection Register: since in this case the number is communicated by you and not taken from public telephone directories.

We also inform you that the Privacy Code allows the so-called “soft spam”. This means that without acquiring your express consent, we can use the email address you provided during a previous purchase to send commercial communications and sales offers via email, provided they relate to products and services similar to those you already purchased.
Upon receiving each communication and/or promotional email sent by HOTELTURIST for the purposes already provided, you are informed of the possibility to object at any time to the processing, easily and free of charge (notifying such your opt-out choice through our online platform).

Does the data subject’s consent to processing for profiling and direct marketing purposes also apply to data communication to third parties?

Does the data subject’s consent to processing for direct marketing and profiling purposes also apply to data communication to third parties?
HOTELTURIST communicates some data to other companies belonging to the HOTELTURIST Group or to third parties who, by contract and as “data processors,” are authorized to process data (e.g., send commercial communications) on behalf of HOTELTURIST based on the same specific marketing consent (including that for communication to third parties for such purposes) already provided by you to HOTELTURIST.
HOTELTURIST may also, exclusively upon your further, separate, additional, documented, optional, expressed consent, carry out the communication or transfer of data to third parties who process them as joint controllers or autonomous controllers (usually third-party partners promoting Events), who use them for direct marketing or profiling purposes).

Withdrawal of consent

Even after giving your consent to data processing for profiling and direct marketing purposes, as a data subject you can notify HOTELTURIST at any time of a different will through one of the following alternative methods:

• clicking the “unsubscribe” button, made available to the user at the bottom of promotional emails sent to the data subject, an email will be automatically sent to HOTELTURIST and consequently the data subject’s name will be registered in a dedicated blacklist, preventing further direct marketing actions by HOTELTURIST towards the same;
• sending to HOTELTURIST by ordinary mail or email your declaration of withdrawal of consent (which in this case will be manually recorded within the Company’s CRM). This communication method is always necessary if the data subject wishes to express a more selective and detailed will, either regarding the use of certain individual means and not others (e.g., only paper, only electronic, refusing automated system communications, etc.) for receiving, subject to consent, HOTELTURIST’s marketing communications, or regarding specific marketing purposes among those concretely possible (e.g., choosing to receive only newsletters and not event invitations);
• sending a clear telephone communication of consent withdrawal to HOTELTURIST without formalities. Upon receiving such opt-out request, HOTELTURIST will proceed to remove and delete data from databases used for direct marketing processing and, where possible, inform any third parties to whom the data were communicated for the same purposes.
  The simple receipt of the deletion request will automatically be considered confirmation of deletion.
• If you wish to withdraw consent to advertising communications coming from social channels (e.g., Facebook, Twitter, etc.), you must communicate the withdrawal directly to the individual social platform according to the methods made available from time to time by the platform itself and/or the browser you use (as HOTELTURIST is technically unable to influence third-party social platforms for this purpose). Such opposition will not affect the provision of any ongoing contractual activities.

Communication of data to third parties

Within primary purposes and subject to communication to third parties carried out in compliance with legal obligations or deriving from regulations or other EU legislation, or upon request of judicial offices or other third parties recognized by the aforementioned provisions, data are communicated to all subjects whose intervention in processing is reasonably necessary based on the services requested by the data subject and/or regulatory obligations, by way of mere example and not exhaustively:

1. banks and credit institutions, or electronic money institutions for payment management;
2. insurance companies (in case of claims related to your stay, your family or accompanying persons) involving our liability;
3. debt collection companies, factoring companies, leasing companies, insurance companies or credit assignment, credit consortia (only for the purpose of credit protection and better management of our rights related to the individual commercial relationship);
4. commercial information companies;
5. consultants;
6. professionals and professional firms (lawyers, accountants, auditors, members of 231 supervisory bodies, and auditors);
7. subjects providing web hosting and/or maintenance and/or IT assistance services related to our systems, databases, and IT services;
8. suppliers (e.g., travel agents, tour operators, airlines, hotels, tour guides, escorts, entertainers, photographers, car rentals, carriers, couriers, etc.) and subcontractors, providing tourist services in your or our favor requiring knowledge of your data;
9. other companies, entities and/or individuals performing instrumental, support, or functional activities for the execution of contracts or services requested by you;
10. other companies of the HT Resorts Group (parent, subsidiaries or affiliates) or affiliated with the TH Resorts brand operating in the tourism/hotel sector;
11. for direct marketing and/or profiling purposes, marketing consultants, advertising, communication and public relations agencies, companies responsible for design, printing, and maintenance of advertising or promotional editorial materials and/or their online management, website production or management companies, web marketing companies, direct e-mailing service companies (e.g., Mail-up or similar), call center service companies with legal and operational centers in Italy, consultants and/or other entities entrusted by us with activities functional to these purposes; third-party commercial partners with whom HOTELTURIST activates co-marketing actions.

To make a payment on the site, you can use the online service provided by a third-party provider. The user, to complete the purchase, must enter the required data on the relevant screen (e.g., credit card, expiration, security code, etc.). These data will be processed by the provider – as an autonomous controller – without passing through the HOTELTURIST server, which will only receive the order code issued and the payment confirmation notification.

Only in the case of processing for secondary purposes (profiling, direct marketing), pursuant to the General Provision of the Guarantor dated July 4, 2013, containing the “Guidelines for anti-spam,” we inform you that we will also communicate data – subject to your specific prior consent, see below – to the following categories of third-party recipients: marketing consultants, advertising, communication and public relations agencies, companies responsible for design, printing, and maintenance of advertising or promotional editorial materials and/or their online management, website production or management companies, web marketing companies, direct e-mailing service companies (e.g., Mail-up or similar), call center service companies with legal and operational centers in Italy, consultants and/or other entities entrusted by us with activities functional to these purposes; third-party commercial partners with whom HOTELTURIST activates co-marketing actions.

We have appointed in writing as external data processors the categories of third-party recipients to whom we communicate the data, except where they act as autonomous controllers due to the decision-making scope reserved to them regarding purposes and/or means of processing.
Data will also be processed by our internal appointees belonging to functional areas managing booking procedures and service management purchased by you (administration, commercial, IT, customer care, logistics offices).
Data will not be disclosed.

Transfer of data abroad
Data may be transferred outside the EU by the data controller for the primary purposes indicated above (and provided that the chosen destination is to such countries), to:

• Foreign countries for which there is an adequacy decision by the EU Commission pursuant to art. 45 GDPR and/or adequate guarantees pursuant to art. 46 GDPR specifically: – Andorra – Argentina – Australia – PNR – Canada, Faroe – Guernsey – Isle of Man – Israel – Jersey – New Zealand – Switzerland – Uruguay;
• other non-EU countries for which there is no adequacy decision by the EU Commission pursuant to art. 45 GDPR or art. 46 GDPR; in this case, it is noted that, being excessively burdensome for the data controller to conclude written agreements with third-party foreign importers to oblige them to comply with technical and organizational data protection measures and other data management measures compliant with the GDPR, the customer cannot exercise the rights or use the remedies provided by the GDPR neither against the data controller nor directly against third-party recipients (such as, by way of example: hoteliers, local carriers, local insurance companies, etc.) since such data processing and/or storage obligation according to EU standards is not provided for by the laws of the data importer’s country; nevertheless, if the chosen destination is to such countries, the transfer carried out by HOTELTURIST is lawful, even without the customer’s express consent, because it is necessary for the execution of a contract concluded between the data subject customer and HOTELTURIST data controller or for the execution of pre-contractual measures adopted at the data subject’s request; or it is necessary for the conclusion or execution of a contract concluded between HOTELTURIST data controller and another natural or legal person (constituted by a foreign supplier or partner of HOTELTURIST) in favor of the data subject.

Legal basis of processing

Legal basis of processing. HOTELTURIST may lawfully process data for the following reasons:

• In the case of primary purposes, processing is necessary, depending on the case, for the execution of pre-contractual measures adopted at the data subject’s request (e.g., requests for clarifications, sending information or commercial offers), the conclusion and execution of a contract to which the data subject is a party, or to comply with a legal obligation to which HOTELTURIST is subject and/or to pursue the legitimate interest of HOTELTURIST (prevailing over the interests or fundamental rights and freedoms of the data subject) to process data to efficiently manage relationships with its users, customers, and/or suppliers and to organize internal and external production and management processes necessary for this. Furthermore, there is the legitimate interest of HOTELTURIST suppliers and partners to receive from HOTELTURIST and process personal data to manage activities related to HOTELTURIST’s request for support in managing activities towards data subjects and to verify proper fulfillment by HOTELTURIST of legal and contractual obligations towards the data subject and/or third parties (e.g., verification by the public authority of compliance with tax obligations, verification by the board of auditors or auditors of compliance with legal obligations, etc.).
• In the case of secondary purposes (profiling, direct marketing) processing is based on the legitimate interest of HOTELTURIST to promote its products and/or services to customers offline and online (e.g., sending so-called soft spam or commercial communications via public telephone numbers) and, subsidiarily, on the data subject’s consent, not subsequently withdrawn.

Cookie Policy

The Privacy Guarantor with provision of May 8, 2014, adopted, with definitive entry into force in Italy from June 2, 2015, the European directive 2009/136/EC requiring website administrators to publish a notice regarding the cookie policy of the site visited by visitors.

This Policy may be updated at any time due to changes in current legislation or any change in the configuration and type of cookies used; therefore, we suggest you periodically review this cookie policy to know all subsequent updates.

The Site may contain links to other websites that have their own privacy policies which may differ from that adopted by the site’s SEO positioning and thus are not responsible for these sites.

What cookies are and how they are used
Cookies are short strings of information (text files) regarding user activity on the website, stored during the first navigation on the website on the user’s device (computer, smartphone, or tablet) and then retransmitted to the same sites on any subsequent visit of the same user allowing our site to automatically recognize the user (or other users using the same device) after the first visit and thus improve their user experience.

Their functioning is entirely dependent on the browser used by the user and can be enabled or disabled by the user.

To always ensure the best possible navigation, our site offers the best performance with cookies enabled. By default, almost all web browsers are set to automatically accept cookies.

Cookies can be:

• “first-party” when managed directly by the website owner;
• “third-party” when cookies are set and managed by entities external to the website visited by the user.

Third-party cookies are under the direct and exclusive responsibility of the same operator, and regarding their installation, the first-party site operator acts merely as a technical intermediary.
Which cookies we use and for what purpose
The Site uses or may use, also in combination, the following categories of cookies:

• Persistent or “permanent” cookies: these cookies remain stored on the device even after leaving the website or closing the browser; in particular, they remain until their expected expiration or until manually deleted by the user. Persistent cookies serve many functions in the interest of users (such as password storage), yet in some cases, they may also be used for promotional purposes.
• Session (or temporary) cookies: They last only for the visit and are deleted when the browser is closed, ending the site access “session.” Usually, they allow the user to access personalized services and fully exploit site features, avoiding other IT techniques potentially harmful to user browsing privacy.
• Technical-functional cookies, e.g., for transmitting session identifiers necessary to allow secure and efficient browsing of the site. These cookies avoid the use of other IT techniques potentially harmful to user browsing privacy.
  For the use of technical cookies, the law requires only the provision of notice to the data subject, as occurs with this communication, i.e., even without specific banners on the Site.
  For all non-technical cookies, conversely, current legislation conditions their installation on prior consent in simplified forms provided by the Guarantor’s Provision of 8.5.2014, i.e., through the publication of a synthetic banner visible to the user on the first “landing” on the site allowing an additional site usage action (based on “scroll” or continued navigation within the same webpage) by which the user may implicitly communicate consent, or alternatively, access an analytical cookie notice (i.e., this notice), within which to express necessary consent or dissent. Such consent or dissent may be formulated by the user not concerning individual cookies but categories of cookies or specific producers and/or intermediaries with whom the Site has commercial relationships.
• Analytics cookies: these cookies may be temporary or permanent and allow the collection and analysis of aggregated and/or disaggregated statistical information about accesses (e.g., user’s geographical area, access device used, age, etc.) and generally user behavior on the site to improve the experience and content offered.
  These analytics cookies can be assimilated to technical cookies only if implemented and used directly by the first-party site (without third-party intervention). For example, the site uses log files (recording operation history as performed) and registry files (including IP addresses, browser type, operating system used by the user’s device, Internet Service Provider (ISP), date, time, entry and exit pages and number of clicks, but also pages visited on the site, third-party sites from which the user comes). All this is to analyze user behavior trends and manage and optimize the site. The information collected in this way is not personal since data are collected and analyzed anonymously.
  If analytics cookies are implemented and/or used by third parties (different from the first-party site controller), they cannot be assimilated to technical cookies and have different legal treatment.
• Profiling (or advertising) cookies (always permanent). They are used to gather information, aggregated or not, useful to evaluate website usage and visitor activities (choice of viewing specific pages, products, or services), used by the controller for targeted commercial advertising based on previous user activity (instead of general offers for all).
  List of cookies actually present on the website
  This premise does not automatically imply that this website currently uses all the categories of cookies indicated above. The list of cookies actually used by HOTELTURIST is as follows.

Cookie Name	Session/Permanent	Function (technical, analytical, advertising)	Duration (if permanent and if not deleted earlier by the user)
_gat_UA-52126534-11	session	analytical	1 minute
_ga	permanent	analytical	two years
_gid	session	analytical	24 hours
fr	permanent	analytical	3 months
mktz_client	permanent	analytical	two years
mktz_sess	session	analytical	24 hours
cookie_notice_accepted	permanent	analytical	1 month

The Site also uses Google Analytics cookies (cookies from Google Inc., an American company, third party). We clarify that through Google Analytics functions, no strictly personal information is collected, but only aggregated statistical data on age, gender, and interest preferences of our visitors (to better evaluate the use of our website and visitor activities and better direct the services provided). These cookies are stored on servers that may be located in the United States or other countries. Google reserves the right to transfer information collected with its cookie to third parties where required by law or where the third party processes information on its behalf.

The “Analytics” function is however configured by HOTELTURIST, by default, to significantly mask portions of the user’s/visitor’s IP address, and therefore the data relating to the IP address collected is already anonymized at the source, and the analytical cookie does not allow even indirect identification – particularly through further processing – of the user’s/visitor’s identity. For this reason, HOTELTURIST, as the site manager from time to time, is not even subject to obligations and requirements provided by cookie legislation (e.g., notification of cookie processing to the Privacy Guarantor). The user can always disable Google Analytics cookies by using a specific add-on provided by Google at the following link.

If HOTELTURIST decides in the future to modify the “Analytics” configuration to allow collection of the last three digits of the user’s IP address, such choice must be notified in advance to the Privacy Guarantor by the data controller operating through the portal or site, to protect the user.

Google also guarantees, from now on, not to associate the user’s IP address with any other data held by Google to obtain a more detailed user profile.

No profiling cookies based on personal identification data are used on this site.

Our site uses remarketing lists and display network ads, i.e., online advertisements based on general interest categories expressed by user categories through prior web browsing.

Without prejudice to the above, our site uses special advertising features of Google Analytics, which enable additional functionalities not available through standard Google Analytics implementations and cookies.
These advertising features allow collecting traffic data (via Google advertising cookies and anonymous identifiers) in addition to data normally collected through a standard Google Analytics implementation. Google Analytics advertising features include:

• Remarketing with Google Analytics
• Reports on Google Display Network impressions (if used through AdWords)
• Integrations with the DoubleClick platform
• Reports on Google Analytics demographics and interests data

 

Social cookies: these cookies are third-party, connected to services provided directly by the domains of common social media networks linked to our Site via official page links, content sharing buttons, and connections. Using these buttons and functions implies the exchange of information (e.g., texts, photos, videos, etc.) with these sites. If a social service is installed, even if users do not use the service, it collects traffic data relating to pages where it is installed.

• Facebook Like button and social widgets (Facebook, Inc.)
• The Facebook Like button and social widgets are interaction services with the Facebook social network, provided by Facebook, Inc.
• Personal data collected: Cookies and Usage Data.
• Processing location: USA
• Twitter Tweet button and social widgets (Twitter, Inc.)
• The Twitter Tweet button and social widgets are interaction services with the Twitter social network, provided by Twitter, Inc.
• Personal data collected: Cookies and Usage Data.
• Processing location: USA
• Google+ +1 button and social widgets (Google Inc.)
• The Google+ +1 button and social widgets are interaction services with the Google+ social network, provided by Google Inc.
• Personal data collected: Cookies and Usage Data.
• Processing location: USA

Information management and ways to delete such social cookies are regulated by the social media sites themselves: users are invited to consult the respective privacy policies of each at the following links:

• Facebook: https://www.facebook.com/policies/cookies/ or https://www.facebook.com/privacy/explanation
• Twitter: https://help.twitter.com/it/rules-and-policies/twitter-cookies or https://twitter.com/it/privacy
• YouTube: https://www.google.com/policies/technologies/types/
• Pinterest: https://policy.pinterest.com/it/privacy-policy
• Instagram: https://help.instagram.com/519522125107875
• Linkedin: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
  or Google+: https://policies.google.com/privacy?hl=it

The use of these cookies is purely anonymous; no personal information is collected unless the user explicitly provides it by submitting contact or information request forms.
Further information on privacy and the use of social cookies is available directly on the sites of the respective third-party managers.

How cookies work and how to disable them
Accepting or rejecting cookies is your right
By default, browsers generally accept the use of cookies from our site and third-party sites. To allow the site to function properly, exploit its features, and use it fully, we recommend accepting cookie use.
Users can, however, change the default configuration at any time. To manage cookie functioning and options to limit or block cookies, users simply need to change their browser settings via the toolbar. You can choose between unconditional acceptance of all cookies (in particular: by navigating in any form on our site after the initial appearance of the synthetic banner warning you of cookies in our website, you implicitly consent to cookie use), unconditional refusal of all cookies definitively, or the display of a popup (Notice) whenever a cookie is proposed, allowing evaluation of acceptance by explicit user action.

Below are links for configuring the most popular browsers describing cookie management methods:

• Chrome: https://support.google.com/accounts/answer/61416?hl=it
• Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
• Internet Explorer: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies
• Opera: http://help.opera.com/Windows/10.00/it/cookies.html
• Safari: https://support.apple.com/it-it/HT201265

For browsers other than those listed, refer to the help documentation provided by the specific browser manufacturer.

Users can also selectively disable Google Analytics by downloading and installing the opt-out add-on specifically provided by Google for their browser at the following link:

• http://tools.google.com/dlpage/gaoptout

Remember to set cookie preferences for each device and browser used for internet browsing.

For any further information related to Google Analytics, please refer to the Privacy Policy at the following link:

• http://www.google.com/intl/it_ALL/analytics/learn/privacy.html

To delete cookies from the Internet browser on your smartphone/tablet, refer to the device’s user manual.
For more information on cookies and privacy, please consult the specific document prepared by the Privacy Guarantor at the following link:

• http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/2142939

Data controller and external data processor

The data controller of personal data is:

• HOTELTURIST SPA, located at Via Forcellini, 150 – 35128 Padua, VAT No. 01047360910, email: privacy@th-resorts.com, tel. +39.049.2956414, fax +39.049.8033785;
  The external data processor of personal data is:
• the company – controlled by HOTELTURIST SPA – managing the accommodation facility, as applicable for each booking. A complete and updated list of external data processors is available upon written request by the data subject. The Data Protection Officer (“DPO”) of HOTELTURIST SPA is lawyer Luca De Muri, domiciled for the position at the same company.

Rights of the data subject

Regarding the processing of personal data, the data subject can exercise rights by writing to the data controller:

• request confirmation from the controller whether or not personal data concerning them is being processed and, if so, access personal data and the following information: a) processing purposes; b) categories of personal data involved; c) recipients or categories of recipients to whom personal data have been or will be disclosed, particularly if recipients from third countries or international organizations; d) when possible, the retention period or, if not possible, criteria used to determine such period; e) existence of the right to request correction or deletion of personal data or restriction of processing or to object to processing; f) the right to lodge a complaint with a supervisory authority; g) where data are not collected from the data subject, all available information about their source; h) existence of automated decision-making, including profiling, and, at least in such cases, meaningful information on the logic used and the significance and consequences of such processing for the data subject.
• where personal data are transferred to a third country or international organization, the right to be informed of adequate safeguards;
• request and obtain without undue delay correction of inaccurate data; considering the purposes of processing, completion of incomplete personal data, including by providing a supplementary statement;
• request deletion of data if a) personal data are no longer necessary for collected or processed purposes; b) consent is withdrawn and no other legal basis exists; c) objecting to processing with no overriding legitimate grounds or for direct marketing (including profiling); d) unlawfully processed data; e) deletion required by EU or member state law; f) data collected regarding information society services;
• request restriction of processing when: a) accuracy contested; b) processing unlawful but objecting to deletion; c) data not needed by controller but necessary for data subject’s legal claims; d) objected to direct marketing processing pending verification;
• obtain from the controller the communication of third-party recipients;
• withdraw consent at any time without affecting lawfulness based on prior consent;
• receive personal data in structured, commonly used, machine-readable format and transmit it to another controller where applicable (data portability);
• not be subject to solely automated decisions, including profiling, producing legal effects or similarly significant impacts;
• lodge a complaint with the competent supervisory authority based on GDPR (residence or domicile).
  These rights must be exercised separately against HOTELTURIST or third-party data recipients as applicable.

Policy changes

This privacy policy replaces any previous version from its publication date. Unless otherwise specified, the previous policy will continue to apply to data collected until then. HOTELTURIST reserves the right to make changes at any time, notifying users on this page. Please check this page frequently, referring to the last modification date at the bottom. If you do not accept future changes, you must stop using the website or related features; otherwise, changes will be deemed accepted (except those changing consent conditions, if mandatory).

 

Types of data

Through web forms on the sites, we never ask for “special” personal data (data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations or organizations of religious, philosophical, political or trade-union nature, as well as data revealing health status and sexual orientation) or “judicial” data (criminal records, suspect or defendant status, etc.). The data we process may be in three general categories:

Browsing data

When (also via mobile smartphone or tablet) you access this website or use our services, IT systems and software procedures for site operation acquire, during normal operation, some information about you, qualifying as “personal data” whose transmission is implicit in Internet communication protocols.
These include hardware model, operating system and version, mobile network and country of access, request time, method used to submit the request to the server, access time, response file size, response status code (success, error, etc.), details on website navigation path, with particular reference to visited pages and other parameters related to operating system and user IT environment (browser used, version, geographical location, last page visited before accessing IEG services) and unique device identifiers (e.g., IP address or domain names of users’ computers, URI addresses, MAC addresses).
These are information not collected to be directly associated with identified data subjects but could theoretically, through processing and associations with third-party data (particularly internet connectivity providers), identify users.
However, we use these data only for aggregated and anonymous statistical information on site use, to better understand user browsing behavior to offer a better experience, enable site technical features, monitor and optimize functioning, improve quality of services offered, and ensure maintenance of the database and IT infrastructure.
Such browsing data, after anonymous processing, are deleted within 12 months of collection.
Browsing data may also be used to ascertain responsibility in case of crimes against the Site or committed through the Site (malware attempts, spamming, unauthorized access to IT systems, etc.), and in such cases, retention continues as long as necessary to protect IEG and/or third-party rights.

Data actively provided by the data subject

• Information sent voluntarily by users to addresses indicated on the Site (e.g., email address, email subject, company or personal name, etc.);
• Personal data provided by users to use services accessible on the Site or participate in initiatives promoted through the Site;
• Personal data provided by users requesting news and/or informational materials;
• Personal data provided by users sending job application proposals (CVs, etc.).

Data collected from third parties

In the case of sales of travel packages and tourist services by HOTELTURIST to third-party intermediaries reselling to end customers, HOTELTURIST collects, through forms delivered by intermediaries to the latter, personal data such as name and surname, nationality, tax code, type and number of identity document and expiration date, date of birth, family composition, membership in organizations for which HOTELTURIST makes bookings, landline or mobile phone, postal code, city, address, email, data relating to content and delivery methods of the service purchased by the end customer, price, payment method. Data collected may also include food intolerances or membership in organizations revealing religious beliefs.

 

Users are invited not to provide any special data (meaning health data – e.g., stay of disabled persons, medical visits, medical certificates, diets, etc. – and/or data revealing racial or ethnic origin) of themselves or third parties, without prior consent to processing in legal form (written consent).
Processing will be carried out, with or without electronic tools, according to principles of fairness, lawfulness, transparency, to protect confidentiality and data subject rights at all times in compliance with current legislation.

 

Purpose and duration of processing
Data will be processed for the following purposes and respective durations:

To acquire and confirm – including via registration on this Site – your booking of travel packages and services, other accessory and non-accessory services, and to provide them organizing all internal and external management and production activities instrumental to this. Processing may also concern “special” data, meaning only health data (e.g., stay of disabled persons, medical visits, certificates, diets, etc.) and/or data revealing racial or ethnic origin. We do not process data relating to life and sexual orientation, genetic data, biometric data, data revealing political opinions, religious or philosophical beliefs, union membership. Data are also processed for contest and prize event management in which the data subject participates. Processing does not require your consent. Providing personal data is optional but refusal (except for “special” data) prevents booking confirmation and/or service provision. In disputes, data will be processed to protect our rights until resolution; in any case, data will be processed for the duration indicated in point 4 below.

To speed up registration procedures for any future stays at our facility. For this purpose, based on our legitimate interest to reduce internal management activities, your data will be stored for a maximum of fifteen (15) years and used when you are again our guest for the above purposes; this processing does not require your consent.

(limited to identity document details, name and surname, and date of birth of you and/or your family or accompanying persons) To comply with the obligation under the “Consolidated Public Security Laws” (art. 109 R.D. 18.6.1931 n. 773) requiring us to communicate guest details to the Police Headquarters and/or local Public Security Authority for public safety, as per Interior Ministry procedures (Decree 7 January 2013). Providing data is mandatory and does not require your consent; without these, we cannot accommodate you. Data acquired for this purpose are stored for the strictly necessary time (7 days). For groups or families, data relate only to the group leader or head of family.

To comply with current administrative, accounting, and tax obligations. Providing data is mandatory and does not require your consent. Refusal to provide necessary data prevents service provision. Data are stored for the time required by respective laws (ten years and, in case of tax audits, longer until completion).

To handle reception and transfer of messages and calls, delivery of mail and packages addressed to you, your family, and/or persons present during your stay. Providing data is optional, and without it, we will not provide these services. Consent is required and revocable at any time. Processing ends upon your departure.

For protection of persons and company property through video surveillance of some areas of the accommodation facility, identifiable by external signs. Consent is not required, as this pursues our legitimate interest to protect people and property from assaults, thefts, robberies, vandalism, and similar. Recorded images are automatically deleted after 24 hours, except holidays or closures and in any case no later than one week. They are communicated to third parties only if complying with specific investigative requests by judicial or police authorities and may be communicated to lawyers and IT experts.

(subject to your express consent) To send newsletters and/or our promotional messages and updates on rates and offers of travel packages and accessory and non-accessory services via email, sms, WhatsApp, instant messaging, social networks, telephone calls with or without operators, paper mailings. Providing data and consent is optional; refusal prevents such activities but does not affect your right to obtain booked services or other requested information. You can object (opt-out) or withdraw consent anytime.
No prior consent is required for promotional emails of services/products similar to those you have already purchased or when contacting you using telephone numbers available in public directories or registers. Data are processed for a maximum of twenty-four (24) months.

8. (subject to your express consent) For promotional, informational, and update activities on rates and offers by other group TH Resorts entities (controlled, affiliated, or parent companies) to which we may transfer data for this purpose.
Consent is optional. Lack of consent prevents profiling and personalized direct marketing initiatives but does not affect your right to obtain booked services or other requested information. Consent can be withdrawn anytime. Third-party processing duration is managed by them.

(subject to your express consent) For profiling.
For profiling, we use data (e.g., name and surname, business or organization name, residence or headquarters, landline and mobile phone, email) you provide when using single services (also combined with data from your navigation on HOTELTURIST websites or service use (e.g., cookies) or data collected through other communication channels (e.g., social media likes linked from our site).
We process data to analyze predictively and/or create groups of individuals divided by market segments based on a minimal set of elements (e.g., geographical area, contact language), up to more advanced profiles based on age, gender, declared preferences and interests, marital status, family composition, previous purchases, browsing behavior on our sites and apps (visited pages, viewed offers or content, data loaded on online registration forms, other logs), interaction with our promotional emails (how many and which messages opened/viewed), devices used to interact with our online platforms.
This activity aims to better understand customers, both as groups and individuals, and analyze marketing effectiveness to develop and update services and offers according to your preferences.
Profiling aims to align HOTELTURIST offered goods and services with current and potential demand, measure promotion results, undertake corrective actions to improve business results (e.g., reducing investment risk in marginal thematic areas for the target) and commercial process effectiveness (e.g., assessing how many promotional messages and content we sent you have been viewed and clicked), limit sending irrelevant promotional communications to your probable expectations or preferred channels. This means HOTELTURIST does not send the same offers to all interested and can send advertising communications as close as possible to your tastes and interests or preferred contact methods, improving your purchase experience, also to your advantage.
Profiling does not exclude you from specific benefits or freely exercising your rights regarding personal data processed by HOTELTURIST; in particular, it does not affect ordinary services (e.g., online pre-registration, service purchase) sold by HOTELTURIST.
Providing data is not necessary as we already have them from previous bookings. Your prior consent is discretionary. Lack of consent prevents profiling and personalized direct marketing but does not affect your rights to obtain booked services or other requested information. You may withdraw consent anytime. Data are stored for a maximum of two years.

Purposes from points 1 to 6 are defined “primary purposes”; purposes from points 7 to 9 are defined “secondary purposes”.