This document ("Privacy Notice") is intended to provide you with information about the processing of data, as specified below, that will be expressly provided by you or by those interacting with the web services of this website accessible at www.turismogestioni.it (hereinafter, the "Website") and also from the other websites of the operating offices. This Privacy Notice is provided pursuant to EU Regulation No. 679/2016 ("GDPR") and subsequent national implementing legislation (together with the GDPR, hereinafter "Applicable Law"). Specific notices may be presented on pages of the Website in relation to particular services or data processing provided by the data subject, with specific consents collected where necessary.
The data controller, pursuant to Arts. 4 and 24 of EU Reg. 2016/679, is TURISMO GESTIONI SRL, with registered office at Via Paolo Tosti, 1, 64025 Pineto (TE), and secondary offices at Via Garibaldi 242, Silvi (TE) and other tourist accommodation facilities, VAT No. 01747930673, turismogestione@pec.it, e-mail privacy@turismogestioni.it, in the person of the pro-tempore legal representative (hereinafter "Controller").
The Data Controller does not carry out activities requiring the appointment of a Data Protection Officer.
Personal Data collected will be processed for the purposes and on the legal bases set out below:
| Purpose | Legal basis |
|---|---|
| point 3, lett. a): to acquire and confirm your booking for accommodation services and ancillary services, and to provide you with the requested services or to carry out pre-contractual measures (such as, for example, a request for information or a quote). In this case, you are free to provide your Personal Data and that of the room occupants, including data of minors over whom you exercise parental authority and/or guardianship; however, failure to provide it will prevent you from establishing the aforementioned relationship and satisfying your request. | processing is necessary for the performance of a contract to which you are a party |
| point 3, lett. b): to comply with the obligation under the "Consolidated Law on Public Security" (Article 109 of Royal Decree 18.6.1931 No. 773), which requires us to communicate to the Police, for public security purposes, the personal details of lodged guests in accordance with procedures established by the Ministry of the Interior (Decree of 7 January 2013). The provision of data is mandatory and does not require your consent; refusal to provide it will mean we cannot accommodate you at our facility. Data collected for this purpose is not retained by us unless you provide consent to its retention as set out in point 3, lett. d. | Legal obligation |
| point 3, lett. c): to use the booking of ancillary services requested by you, health-related data may be processed, subject to your express consent. | your consent |
| point 3, lett. d): to store registration data, including identity document details, in our servers and portals, and to speed up future check-in procedures for subsequent stays at our facility. | your consent |
| point 3, lett. e): subject to your specific consent, to send you via e-mail (newsletter) or postal mail (i) promotional communications, such as advertising materials and communications, including through automated systems, of an informational and/or promotional nature regarding products or services provided and/or promoted by the Controller, via fax, e-mail, SMS, MMS and other messaging systems, and (ii) communications relating to events organised by the Controller (hereinafter "marketing purposes"). | your consent |
| point 3, lett. f): for the external communication of data relating to your stay and/or room occupants, subject to your consent, for the sole purpose of enabling the receipt of messages and/or telephone calls addressed to you or them. | your consent |
| point 3, lett. g): to create, subject to your specific consent, a profile to personalise the offer of products, services, and specific services requested by you, providing information more closely aligned with your interests, while always ensuring the security and confidentiality of your information (hereinafter "Profiling"*). | your consent |
* Article 4 of the GDPR defines profiling as "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements". It must therefore be understood as the set of activities for collecting and processing data relating to users of a service, with a view to dividing them into groups according to their behaviour (an operation not to be confused with "segmentation" or "clustering").
Within the limits of the purposes and methods described in this Privacy Notice, information that may be considered "Personal Data" may be processed, including your personal details and contact information (such as, for example, mobile phone number, e-mail address, IP address, cookies, etc.). Data relating to your health (e.g. physical disability, requiring a specific type of room at the time of booking) may also be processed, subject to your express consent. In such cases, we guarantee that processing will be limited to the data and operations strictly necessary to fulfil obligations, including pre-contractual ones, related to the provision of Hotel Services, within the limits of the services and facilities requested by you at the time of booking or during your stay at our hotel.
Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information notices displayed before data collection. The use of Cookies (or other tracking tools) by this website or by the owners of third-party services used by this website, unless otherwise specified, is intended to provide the service requested by the User, as well as the additional purposes described in this document and in the Cookie Policy.
The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the date and time of the request, the method used to submit the request, the size of the response file, the numerical code indicating the status of the server's response, and other parameters relating to the user's operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and monitoring its correct functioning, and are deleted immediately after processing. The data could be used exclusively by the Judicial Authority for establishing liability in the event of hypothetical computer crimes against the site.
The optional, explicit and voluntary sending of e-mail to the addresses indicated on this website, or the completion of forms, entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data voluntarily entered by the User. The User assumes responsibility for Personal Data of third parties obtained, published or shared through this website and guarantees having the right to communicate or disclose them, freeing the Controller from any liability towards third parties.
So-called social plug-ins may be used during browsing on the site. Social plug-ins are special tools that allow the functionalities of a social network to be incorporated directly within the Site (e.g. Facebook's "like" function). All social plug-ins present on the Site are marked with the respective logo owned by the social network platform.
When you visit a page of the Site and interact with the plug-in (e.g. by clicking the "like" button) or decide to leave a comment, the corresponding information is transmitted by the browser directly to the social network platform (in this case Facebook) and stored by it. For information on the purposes, type and methods of collection, processing, use and retention of personal data by the social network platform, as well as the ways in which you can exercise your rights, please consult the privacy policy of the relevant social network.
Personal data will not be disseminated, i.e. will not be made known to unspecified parties. They may instead be communicated to well-defined parties, in full compliance with legal requirements, for purposes strictly related to those previously indicated. Any access to your personal data is limited to parties authorised by the Controller. Communication to identified recipients, only if involved and functional, is linked to the achievement of the purposes referred to in point 3 above, therefore the personal data collected and processed may be:
The information may also be communicated whenever such communication may be necessary to comply with requests from the Judicial or Public Security Authorities. The data collected will in no case be disseminated.
The list of Data Processors is available at the Controller's registered office.
Data will not be transferred outside the European Union.
The following table contains the retention periods (or criteria for their determination) for Personal Data:
| Purpose | Retention period |
|---|---|
| point 3, lett. a): contract management | For the entire duration of the relationship and subsequently for 10 years (ordinary limitation period). |
| point 3, lett. b): public security purposes | For 5 years. |
| point 3, lett. c): ancillary services | For the entire duration of the relationship, subject to the data subject's right to modify and/or withdraw their consent at any time. |
| point 3, lett. d): facilitation of registration procedures | For the entire duration of the relationship and subsequently for 5 years, subject to the data subject's right to modify and/or withdraw their consent at any time. |
| point 3, lett. e): marketing purposes | 2 years from collection, subject to the data subject's right to modify and/or withdraw their consent at any time. |
| point 3, lett. f): receipt of messages and/or telephone calls | For the entire duration of the relationship, subject to the data subject's right to modify and/or withdraw their consent at any time. |
| point 3, lett. g): profiling purposes | 1 year from collection, subject to the data subject's right to modify and/or withdraw their consent at any time. |
Furthermore, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
Personal Data will be processed in a lawful and correct manner, adopting appropriate security measures to ensure the security and confidentiality of your personal data. Personal Data will be processed using manual, IT or electronic means and will be carried out by staff duly instructed to comply with Applicable Law. There is no automated decision-making process.
In addition to the Controller, in some cases other parties involved in the organisation of this website (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), also appointed, where necessary, as Data Processors by the Controller, may have access to the Data.
In addition to cases where it is necessary to contact you for reasons connected to the management of your position, where you consent to the processing of your data for the purposes referred to in point 3, lett. e), you may be contacted via e-mail, newsletter, SMS, or through any equivalent electronic means, or by post or operator call at all the contact details provided. If you prefer to be contacted only at one or some of these contact details, you may make an explicit written request to the Controller without formality.
The User's Personal Data may be used by the Controller in legal proceedings or in the preparatory stages of potential legal proceedings for defence against abuse of this website or related services by the User. The User acknowledges that the Controller may be required to disclose Data by order of public authorities.
At the User's request, in addition to the information contained in this privacy policy, this website may provide the User with additional and contextual notices regarding specific services or the collection and processing of Personal Data.
For operational and maintenance purposes, this website and any third-party services used by it may collect system logs, i.e. files that record interactions and may also contain Personal Data, such as the User's IP address.
Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.
This website does not support "Do Not Track" requests. To find out whether any third-party services used support them, the User is invited to consult their respective privacy policies.
The Controller reserves the right to make changes to this privacy policy at any time, notifying Users on this page and, if possible, by sending a notification to Users through one of the contact details held by the Controller. Please therefore consult this page regularly, with reference to the date of last modification indicated at the bottom. Where changes affect processing whose legal basis is consent, the Controller will collect the User's consent again, where necessary.
We inform you that you may exercise the rights recognised by Applicable Law, including, by way of example only, the right:
The aforementioned rights may be exercised by means of a written request addressed without formality to the Controller at the contacts indicated in point 1. The Controller must proceed accordingly without delay and, in any case, at the latest within one month of receipt of the request. The time limit may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, within one month of receipt of your request, the Controller will inform you and explain the reasons for the extension.
Please note that if the response to your requests has not been satisfactory in your opinion, you may lodge a complaint with the Italian Data Protection Authority (http://www.garanteprivacy.it/) in the ways provided by Applicable Law.
Revised February 2026