Privacy Policy

Privacy Notice pursuant to Articles 13–14 of EU Regulation 2016/679

Data Subjects: Website users.

Sg Hotels srl, as Data Controller of your personal data pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your privacy and your rights.

Your personal data will be processed in compliance with the legal provisions of the above-mentioned regulation and the confidentiality obligations therein.

Purpose and legal basis of processing: in particular, your data will be used for the following purposes related to the performance of contractual or pre-contractual obligations:

  • technical and functional access to the Website; no data is retained after the browser is closed;
  • advanced browsing purposes or personalized content management;
  • statistical purposes and analysis of navigation and users;
  • customer relations.

For the purposes of the aforementioned processing, the Controller may become aware of special categories of personal data and, in particular:

Dietary requirements or specific customer preferences. The processing of personal data in these categories is carried out in compliance with Article 9 of the GDPR.

Your personal data may also, subject to your consent, be used for the following purposes:

  • marketing and advertising purposes.

The provision of data is optional with regard to the above purposes, and any refusal to provide such data will not affect the continuation of the relationship or the adequacy of the processing.

Processing methods. Your personal data may be processed in the following ways:

  • by means of electronic computers using software systems managed by third parties;
  • by means of electronic computers using software systems managed or programmed directly;
  • temporary processing in anonymous form.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures. Your data will be processed exclusively by personnel expressly authorized by the Controller and, in particular, by the following categories of staff:

  • programmers and analysts;
  • marketing department.

Disclosure: Your data may be disclosed to external parties for proper management of the relationship and, in particular, to the following categories of recipients, including all duly appointed Data Processors:

  • Facebook: advertising services, ad targeting, content personalization;
  • Google: advertising services, ad targeting, analytics/measurement, content personalization, optimization;
  • subcontractors;
  • Twitter: ad targeting, analytics/measurement, content personalization;
  • YouTube: advertising services, ad targeting, analytics/measurement, content personalization, optimization.

Dissemination: Your personal data will not be disclosed in any way.

Your personal data may also be transferred, limited to the above purposes, to the following countries:

  • EU countries;
  • United Kingdom;
  • United States.

Retention period. Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is:

  • limited to a period not exceeding the time necessary to provide the services.

Cookie management: if you have any doubts or concerns regarding the use of cookies, you can always take action to prevent their setting and reading, for example by modifying the privacy settings within your browser in order to block certain types.

Since each browser—and often different versions of the same browser—may differ significantly, if you prefer to act independently through your browser preferences, you can find detailed information on the necessary procedure in your browser’s help section. For an overview of how to manage cookies for the most common browsers, you can visit

www.cookiepedia.co.uk.

Advertising companies also allow you to opt out of receiving targeted ads, if you wish. This does not prevent cookies from being set, but it stops the use and collection of certain data by such companies.

For more information and opt-out options, visit www.youronlinechoices.eu/.

Controller: the Data Controller, pursuant to the law, is Sg Hotels srl, via Spadari 1, 20123 Milan (MI), VAT no. 10935700962, represented by its legal representative pro tempore.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification, portability, and objection to the processing of your personal data, as well as, in general, to exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

You may also view the updated version of this notice at any time by visiting https://matildeboutiquehotel.com/privacy-policy/ .

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Data Subject Rights

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, its communication in intelligible form, and the possibility to lodge a complaint with the supervisory authority.

2. The data subject has the right to obtain information on:

  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the case of processing carried out with the aid of electronic instruments;
  4. the identification details of the Controller, processors, and the designated representative pursuant to Article 5(2);
  5. the entities or categories of entities to whom the personal data may be disclosed or who may become aware of it as designated representatives within the territory, processors, or persons in charge.
3. The data subject has the right to obtain:
  1. the updating, rectification, or, where interested, integration of the data;
  2. the erasure, anonymization, or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
  3. certification that the operations referred to in points a) and b) have been notified, including their content, to those to whom the data was disclosed or disseminated, unless this proves impossible or involves a disproportionate effort compared to the right protected;
  4. data portability.

4. The data subject has the right to object, in whole or in part:

  1. a. for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
  2. to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

Privacy Notice pursuant to Articles 13–14 of EU Regulation 2016/679

Data Subjects: customers.

Sg Hotels srl, as Data Controller of your personal data pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your privacy and your rights.

Your personal data will be processed in compliance with the legal provisions of the above-mentioned regulation and the confidentiality obligations therein.

Purpose and legal basis of processing: in particular, your data will be processed for the following purposes related to the fulfillment of legal obligations:

  • mandatory compliance with tax and accounting obligations;
  • management of disputes.

Your data will also be used for the following purposes related to the performance of contractual or pre-contractual obligations:

  • after-sales support;
  • customer management;
  • quality management;
  • activity planning;
  • customer satisfaction assessment;
  • customer billing history.
For the purposes of the aforementioned processing, the Controller may become aware of special categories of personal data and, in particular:
  • Dietary requirements or specific customer preferences. The processing of personal data in these categories is carried out in compliance with Article 9 of the GDPR.

Your personal data may also, subject to your consent, be used for the following purposes:

  • sending newsletters;
  • possibly to carry out market research, statistics, and promotional activities, including the sending of advertising and promotional material.

The provision of data is optional with regard to the above purposes, and any refusal to provide such data will not affect the continuation of the relationship or the adequacy of the processing.

Processing methods. Your personal data may be processed in the following ways:

  • outsourcing of processing operations to third parties;
  • creation of profiles relating to customers, suppliers, or consumers;
  • processing by means of electronic computers;
  • manual processing using paper archives;
  • verification and modification of data only upon request by the data subject.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures.

Your data will be processed exclusively by personnel expressly authorized by the Controller and, in particular, by the following categories of staff:

  • service staff and reception personnel;
  • administration department;
  • marketing department.

Disclosure: Your data may be disclosed to external parties for proper management of the relationship and, in particular, to the following categories of recipients, including all duly appointed Data Processors:

  • banks and credit institutions;
  • consultants and freelance professionals, including those operating in associations;
  • shippers, carriers, owner-operators, postal services, logistics companies;
  • subcontractors.

Dissemination. Data may be disclosed through:

  • publication of general data and photos on portals, social media, and publications attributable to Ristorante Savini srl.

Without prejudice to the absolute prohibition on disclosing data capable of revealing health status.

Your personal data may also be transferred, limited to the above purposes, to the following countries:

  • EU countries;
  • United Kingdom.

Retention period. Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is:

  • limited to a period not exceeding the time necessary to provide the services;
  • limited to a period not exceeding the achievement of the purposes for which the data are collected and processed, and in compliance with the mandatory time limits prescribed by law.

Controller: the Data Controller, pursuant to the law, is Sg Hotels srl, via Spadari 1, 20123 Milan (MI), VAT no. 10935700962, represented by its legal representative pro tempore.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification, portability, and objection to the processing of your personal data, as well as, in general, to exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

You may also view the updated version of this notice at any time by visiting the following web address:

https://matildeboutiquehotel.com/privacy-policy.

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Data Subject Rights

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, its communication in intelligible form, and the possibility to lodge a complaint with the supervisory authority.

2. The data subject has the right to obtain information on:

  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the case of processing carried out with the aid of electronic instruments;
  4. the identification details of the Controller, processors, and the designated representative pursuant to Article 5(2);
  5. the entities or categories of entities to whom the personal data may be disclosed or who may become aware of it as designated representatives within the territory, processors, or persons in charge.

3. The data subject has the right to obtain:

  1. the updating, rectification, or, where interested, integration of the data;
  2. the erasure, anonymization, or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
  3. certification that the operations referred to in points a) and b) have been notified, including their content, to those to whom the data was disclosed or disseminated, unless this proves impossible or involves a disproportionate effort compared to the right protected;
  4. data portability.

4. The data subject has the right to object, in whole or in part:

  1. for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
  2. to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

Privacy Notice pursuant to Articles 13–14 of EU Regulation 2016/679

Data Subjects: candidates to be considered for the establishment of an employment relationship.

Sg Hotels srl, as Data Controller of your personal data pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your privacy and your rights.

Your personal data will be processed in compliance with the legal provisions of the above-mentioned regulation and the confidentiality obligations therein.

For the purposes of the aforementioned processing, the Controller may become aware of special categories of personal data, in particular: trade union membership, racial or ethnic origin, health status. The processing of personal data in these categories is carried out in compliance with Article 9 of the GDPR.

Your personal data may also, subject to your consent, be used for the following purposes:

  • personnel selection for the establishment of an employment relationship.

The provision of data is optional with regard to the above purposes, and any refusal to provide such data will not affect the continuation of the relationship or the adequacy of the processing.

Processing methods. Your personal data may be processed in the following ways:

  • outsourcing of processing operations to third parties;
  • matching or comparison of data, including data from different public or private databases;
  • processing of data collected from third parties;
  • processing by means of electronic computers;
  • manual processing using paper archives;
  • verification and modification of data only upon request by the data subject.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures.

Your data will be processed exclusively by personnel expressly authorized by the Controller and, in particular, by the following categories of staff:

  • within personnel management;
  • administration department.

Disclosure: Your data may be disclosed to external parties for proper management of the relationship and, in particular, to the following categories of recipients, including all duly appointed Data Processors:

  • consultants and freelance professionals, including those operating in associations.

Dissemination: Your personal data will not be disclosed in any way.

Your personal data may also be transferred, limited to the above purposes, to the following countries:

  • EU countries;
  • United Kingdom.

Retention period. Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is:

  • for the time necessary to carry out personnel selection.
  • Controller: the Data Controller, pursuant to the law, is SG Hotels srl, Via Spadari 1, Milan 20123 – Italy, Tel. +39 3271231790, VAT no. 10935700962, represented by its legal representative pro tempore.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification, portability, and objection to the processing of your personal data, as well as, in general, to exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

You may also view the updated version of this notice at any time by visiting the following web address https://matildeboutiquehotel.com/privacy-policy/

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Data Subject Rights

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, its communication in intelligible form, and the possibility to lodge a complaint with the supervisory authority.

2. The data subject has the right to obtain information on:

  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the case of processing carried out with the aid of electronic instruments;
  4. the identification details of the Controller, processors, and the designated representative pursuant to Article 5(2);
  5. the entities or categories of entities to whom the personal data may be disclosed or who may become aware of it as designated representatives within the territory, processors, or persons in charge.

3. The data subject has the right to obtain:

  1. the updating, rectification, or, where interested, integration of the data;
  2. the erasure, anonymization, or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
  3. certification that the operations referred to in points 1) and 2) have been notified, including their content, to those to whom the data was disclosed or disseminated, unless this proves impossible or involves a disproportionate effort compared to the right protected;
  4. data portability.

4. The data subject has the right to object, in whole or in part:

  1. for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
  2. to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

Privacy Notice pursuant to Articles 13–14 of EU Regulation 2016/679

Data Subjects: suppliers.

Sg Hotels srl, as Data Controller of your personal data pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your privacy and your rights.

Your personal data will be processed in compliance with the legal provisions of the above-mentioned regulation and the confidentiality obligations therein.

Purpose and legal basis of processing: in particular, your data will be processed for the following purposes related to the fulfillment of legal obligations:

  • mandatory compliance with tax and accounting obligations;
  • compliance with obligations provided for by applicable laws.

Your data will also be used for the following purposes related to the performance of contractual or pre-contractual obligations:

  • supplier management;
  • activity planning;
  • supply order history.

Processing methods. Your personal data may be processed in the following ways:

  • outsourcing of processing operations to third parties;
  • processing by means of electronic computers;
  • manual processing using paper archives;
  • verification and modification of data only upon request by the data subject.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures. Your data will be processed exclusively by personnel expressly authorized by the Controller and, in particular, by the following categories of staff:

  • service staff and reception personnel;
  • administration department.

Disclosure: Your data may be disclosed to external parties for proper management of the relationship and, in particular, to the following categories of recipients, including all duly appointed Data Processors:

  • banks and credit institutions;
  • consultants and freelance professionals, including those operating in associations;
  • within public and/or private entities for which data disclosure is mandatory or necessary in compliance with legal obligations or is otherwise functional to the management of the relationship;
  • shippers, carriers, owner-operators, postal services, logistics companies.

Dissemination: Your personal data will not be disclosed in any way.

Your personal data may also be transferred, limited to the above purposes, to the following countries:

  • EU countries;
  • United Kingdom.

Retention period. Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is:

  • for the time necessary to manage purchasing operations;
  • limited to a period not exceeding the achievement of the purposes for which the data are collected and processed, and in compliance with the mandatory time limits prescribed by law.

Controller: the Data Controller, pursuant to the law, is Sg Hotels srl, via Spadari 1, 20123 Milan (MI), VAT no. 10935700962, represented by its legal representative pro tempore.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification, portability, and objection to the processing of your personal data, as well as, in general, to exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

You may also view the updated version of this notice at any time by visiting the following web address https://matildeboutiquehotel.com/privacy-policy/

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Data Subject Rights

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, its communication in intelligible form, and the possibility to lodge a complaint with the supervisory authority.

2. The data subject has the right to obtain information on:

  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the case of processing carried out with the aid of electronic instruments;
  4. the identification details of the Controller, processors, and the designated representative pursuant to Article 5(2);
  5. the entities or categories of entities to whom the personal data may be disclosed or who may become aware of it as designated representatives within the territory, processors, or persons in charge.

3. The data subject has the right to obtain:

  1. the updating, rectification, or, where interested, integration of the data;
  2. the erasure, anonymization, or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
  3. certification that the operations referred to in points 1) and 2) have been notified, including their content, to those to whom the data was disclosed or disseminated, unless this proves impossible or involves a disproportionate effort compared to the right protected;

d. data portability.

4. The data subject has the right to object, in whole or in part:

  1. for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
  2. to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

Privacy Notice pursuant to Articles 13–14 of EU Regulation 2016/679

Data Subjects: social network users.

Sg Hotels srl, as Data Controller of your personal data pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter “GDPR”), hereby informs you that the aforementioned regulation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and the protection of your privacy and your rights.

Your personal data will be processed in compliance with the legal provisions of the above-mentioned regulation and the confidentiality obligations therein.

Purpose and legal basis of processing: in particular, your data will be used for the following purposes related to the performance of contractual or pre-contractual obligations:

  • possibly to carry out market research, statistics, and promotional activities, including the sending of advertising and promotional material;
  • public relations.

Processing methods. Your personal data may be processed in the following ways:

  • outsourcing of processing operations to third parties;
  • processing of data collected from third parties;
  • processing by means of electronic computers;
  • verification and modification of data only upon request by the data subject.

All processing is carried out in compliance with Articles 6 and 32 of the GDPR and through the adoption of appropriate security measures. Your data will be processed exclusively by personnel expressly authorized by the Controller and, in particular, by the following categories of staff:

  • programmers and analysts;
  • marketing department.

Dissemination. Data may be disclosed through:

  • publication on the internet.

Your personal data may also be transferred, limited to the above purposes, to the following countries:

  • EU countries;
  • United Kingdom;
  • United States.

Retention period. Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Article 5 of the GDPR, the retention period of your personal data is:

  • limited to a period not exceeding the time necessary to provide the services;
  • limited to a period not exceeding the achievement of the purposes for which the data are collected and processed, and in compliance with the mandatory time limits prescribed by law.

Controller: the Data Controller, pursuant to the law, is SG Hotels srl, Via Spadari 1, Milan 20123 – Italy, VAT no. 10935700962, represented by its legal representative pro tempore.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification, portability, and objection to the processing of your personal data, as well as, in general, to exercise all the rights provided for by Articles 15, 16, 17, 18, 19, 20, 21, and 22 of the GDPR.

You may also view the updated version of this notice at any time by visiting the following web address https://matildeboutiquehotel.com/privacy-policy

EU Regulation 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Data Subject Rights

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, its communication in intelligible form, and the possibility to lodge a complaint with the supervisory authority.

2. The data subject has the right to obtain information on:

  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the case of processing carried out with the aid of electronic instruments;
  4. the identification details of the Controller, processors, and the designated representative pursuant to Article 5(2);
  5. the entities or categories of entities to whom the personal data may be disclosed or who may become aware of it as designated representatives within the territory, processors, or persons in charge.

3. The data subject has the right to obtain:

  1. the updating, rectification, or, where interested, integration of the data;
  2. the erasure, anonymization, or blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
  3. certification that the operations referred to in points a) and b) have been notified, including their content, to those to whom the data was disclosed or disseminated, unless this proves impossible or involves a disproportionate effort compared to the right protected;
  4. data portability.

4. The data subject has the right to object, in whole or in part:

  1. for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
  2. to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.
Close

Need help? Our team is just a message away