en keyboard_arrow_down

Privacy Policy

Information pursuant to Article 13 of EU Regulation 2016/679 on the protection of personal data.

Holiday System S.r.l., with registered office at via Giacomo Matteotti 1/E, 38065 Mori (TN), Tax Code and VAT No. 01554560225, as Data Controller of personal data, informs you, pursuant to Article 13 of EU Regulation 2016/679 (Regulation on the protection of personal data, hereinafter “GDPR”), of the essential elements of the processing carried out and illustrated below.

We would like to emphasize that our organization operates in full compliance with the applicable Italian legislation on personal data protection and the GDPR, recognizing its utmost importance.

Before proceeding with browsing, we therefore invite you to carefully read this notice (hereinafter “Notice”), as it contains important information on the protection of personal data and the security measures adopted to ensure its confidentiality.

This Notice also:

  • applies only to the website www.hotelpolsa.it (“Site”) and does not apply to other websites that may be consulted via external links;
  • is to be understood as a notice provided pursuant to Article 13 of the GDPR to those who interact with the Site.

Below are the essential elements of the processing carried out.

Personal data subject to processing

Personal data means any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more elements specific to their physical, physiological, mental, economic, cultural, or social identity.

The processing described in this Notice concerns the personal data of Data Subjects collected during the booking and provision of our hospitality services. The categories of personal data processed include the following:

  • identification and contact data of the Data Subject (e.g. name, date and place of birth, gender, postal address, telephone number, email address, nationality, passport, visas or other identity documents);
  • banking, tax and payment data (e.g. bank details, tax information, credit/debit card number or other payment-related data);
  • stay/booking data (e.g. information relating to travel itinerary, tourist group or activities);
  • device data (e.g. IP address, proxy, time-stamp, browser type, device type and operating system);
  • data relating to intolerances, allergies or health conditions (e.g. information on food intolerances); and
  • any additional personal data relating to the Data Subject, provided by the Data Subject to the Controller;
  • Cookies and similar technologies: we collect personal data through cookies. More information on the use of cookies and similar technologies is available in the cookie policy accessible at the bottom of each page of the Site.

(hereinafter collectively referred to as “Data”).

Purposes and legal bases of processing

Personal data are collected and processed for the following purposes and according to the specific legal bases:

  • to allow the user to browse the Site and create a related access profile to manage and view bookings; legal basis: Art. 6(1)(b) GDPR;
  • to carry out pre-contractual measures (e.g. requests for information or quotations), pursuant to Art. 6(1)(b) GDPR. In case of provision of Special Categories of Data (including those under paragraph 1(e)), the legal basis is also the consent of the data subject (Art. 6(1)(a) GDPR). Such consent is not mandatory, but if not provided, the Controller will not be able to process such data or fulfill the Data Subject’s requests;
  • to complete the purchase process, provide the requested service, acquire and confirm bookings of accommodation and ancillary services; legal basis: Art. 6(1)(b) GDPR. In case of Special Categories of Data, the legal basis is also consent;
  • to comply with obligations under the “Consolidated Law on Public Security” (Article 109 of Royal Decree no. 773 of 18 June 1931), which requires the Controller to communicate guests’ details to the Police Headquarters for public security purposes, according to procedures established by the Ministry of the Interior (Decree of 7 January 2013); legal basis: Art. 6(1)(c) GDPR;
  • for administrative purposes and compliance with legal obligations (e.g. accounting, tax, judicial authority requests); legal basis: Art. 6(1)(c) GDPR;
  • to send newsletters and commercial communications relating to Holiday System S.r.l. products and services, subject to specific consent (marketing purposes); legal basis: Art. 6(1)(a) GDPR;
  • to protect individuals, property and company assets through a video surveillance system in certain areas of the premises, identifiable by appropriate signage, for the purposes of safety, prevention of theft, vandalism, fire and workplace safety; legal basis: Art. 6(1)(f) GDPR;
  • to establish, exercise or defend a right in any competent venue, including out-of-court procedures; legal basis: Art. 6(1)(f) GDPR.

Furthermore, if the Data Subject voluntarily provides personal data falling within special categories under Article 9 GDPR (e.g. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sexual life or sexual orientation), the legal basis for processing will be consent pursuant to Articles 6(1)(a) and 7 GDPR.

It is specified that, where necessary to better manage your request, the Controller may request additional personal data, which will be processed in compliance with privacy regulations and this Notice.

No automated decision-making processes are carried out.

No profiling activities are performed, except for profiling via cookies. More information is available in the cookie policy.

Specific notices will be published on the Site pages dedicated to particular services (e.g. “online registration”).

Data retention period

Personal data will be retained only for the time strictly necessary to achieve the purposes for which they are processed or until the expiry of legal retention periods.

In particular:

  • data collected for contractual purposes: for the duration of the contract and up to 10 years thereafter;
  • data collected for legal purposes: for the period required by law;
  • data collected for legitimate interest: up to 10 years from collection where necessary for legal defense;
  • data collected for marketing purposes: for 2 years from collection, unless consent is withdrawn.

Consent and nature of provision

Processing for contractual purposes (excluding health data), legal obligations, and defense of rights may be carried out without consent. Provision of such data is mandatory and necessary for contract execution; failure to provide them will make it impossible to proceed.

Processing of health-related data requires consent.

Processing for marketing purposes requires consent and is optional; refusal will not affect contractual relationships.

Categories of recipients

Your personal data may be disclosed to third parties strictly related to the above purposes, including:

  • service providers (e.g. email services, site analysis), acting as data processors;
  • professionals and entities handling administrative, accounting, insurance or credit recovery activities;
  • public authorities for legal obligations;
  • banks and financial institutions;
  • IT service providers;
  • authorized personnel bound by confidentiality.

Transfers abroad

The Controller does not transfer personal data outside the European Economic Area. However, cloud services may be used, selecting providers that ensure adequate safeguards.

Processing methods

Processing is carried out both electronically and on paper, mainly using IT tools, in compliance with security measures to prevent data loss, misuse or unauthorized access.

Rights of the data subject and complaint

You may exercise the following rights:

  • access (Art. 15 GDPR);
  • rectification (Art. 16 GDPR);
  • erasure (Art. 17 GDPR);
  • restriction (Art. 18 GDPR);
  • portability (Art. 20 GDPR);
  • objection (Art. 21 GDPR);
  • withdrawal of consent (Art. 7(3) GDPR).

Requests can be made using the Controller’s contact details.

You also have the right to lodge a complaint with the competent Data Protection Authority.

Data Controller

Holiday System S.r.l.
email: gdpr@holidaysystem.it
phone: +39 0464 423854
address: via Matteotti 1/E, 38065 Mori (TN)

Changes

This Notice is effective from 18 March 2025. We reserve the right to modify or update it. Updated versions will be published on the Site.

call Contact
calendar_month Book