Privacy Policy

This page sets out the data processing and security policies that Remarhotels S.r.l. implements for users visiting the website and, more generally, for all data subjects who interact with the facility in any capacity.
This notice is provided pursuant to Article 13 of EU General Data Protection Regulation 2016/679 (hereinafter referred to as "GDPR"), in particular for those who interact with the web services of Hotel Versilia Palace, accessible online at: https://www.versiliapalacehotel.com

This notice applies solely to the website https://www.versiliapalacehotel.com and not to any other websites that users may access via links.

 

DATA CONTROLLER
Pursuant to Article 4(7) of the GDPR, the Data Controller for your personal data is Remarhotels Società a Responsabilità Limitata, with registered office at Via Poli no. 6, 00187 – Rome (hereinafter referred to as "Hotel" or "Facility").
The Supervisor and Contact Person for data processing, specifically appointed and authorised, is the General Manager of the Hotel.

 

DATA PROCESSOR
In carrying out its activities, the Data Controller may engage external parties to provide IT support and assistance services (e.g. website hosting, maintenance, updates), formally designated as Data Processors pursuant to Article 28 of the GDPR.
With regard to the main processing activities carried out through this website, the Data Processor and System Administrator responsible for managing the website and the integrated booking platform is Vertical Booking by Zucchetti Hospitality S.r.l.
An updated list of designated Data Processors may be requested from the Data Controller.

 

PLACE OF DATA PROCESSING
Processing operations connected to the web services of this website take place at the premises of the Data Controller and the Data Processor, and are handled exclusively by technical personnel authorised to carry out such processing.
The booking servers and databases are located at the premises of the Data Processor.
No data derived from the web service is communicated or disseminated. Personal data provided by users submitting requests for informational materials is used solely for the purpose of fulfilling the requested service or performance, and is communicated to third parties only where strictly necessary for that purpose.

 

TYPES OF DATA PROCESSED
Browsing Data
The IT systems and software procedures used to operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is inherent in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects; however, by its very nature, it could — through processing and cross-referencing with data held by third parties — allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's response (success, error, etc.) and other parameters relating to the user's operating system and computing environment. These data are used solely to obtain anonymous statistical information about the use of the website and to monitor its correct operation, and are deleted immediately after processing. The data may be used to ascertain liability in the event of hypothetical cybercrime offences against the website; subject to this eventuality, web contact data are not retained for more than thirty days.
Data Voluntarily Provided by the User
The optional, explicit and voluntary submission of emails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is necessary in order to respond to requests, as well as any other personal data included in the message. Specific summary notices will be progressively included or displayed on the pages of the website designated for particular on-request services.
PROCESSING METHODS
Personal data are processed by electronic means for the time necessary to achieve the purposes for which they were collected. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorised access.

 

BOOKING SYSTEM SECURITY
Vertical Booking by Zucchetti Hospitality S.r.l. is certified as compliant with PCI DSS (Payment Card Industry Data Security Standard). All information submitted to this website during an SSL session is encrypted and protected against disclosure to third parties.

 

PURPOSES, LEGAL BASIS AND NATURE OF DATA PROVISION
The Personal Data you provide through the Website will be processed by Hotel Versilia Palace for the following purposes:
a) making a room reservation at the Hotel via the "Book" button visible on all pages of the website. The legal basis for processing is Article 6(1)(b) of the GDPR, insofar as the processing is necessary for the performance of pre-contractual measures taken at the request of the data subject. Consent: not required.
b) booking packages, participating in special offers or making reservations for special services (e.g. private dinner, etc.). The legal basis for processing is Article 6(1)(b) of the GDPR, insofar as the processing is necessary for the performance of pre-contractual measures taken at the request of the data subject. Consent: not required.
c) research and statistical analyses on anonymous aggregated data, aimed at measuring the performance of the Website, monitoring traffic, and assessing usability and user interest in order to make it more functional and efficient. Consent: not required, as no personal data processing is involved.
d) profiling through third-party cookies. The legal basis is Article 6(1)(a) of the GDPR, in accordance with Directive 2009/136/EC of 25 November 2009 and in compliance with the provisions of the Italian Data Protection Authority's Measure of 10 June 2021 (Guidelines on cookies and other tracking tools). Consent: required as per the Cookie Policy.
e) compliance with statutory and regulatory obligations. The legal basis is Article 6(1)(c) of the GDPR. Consent: not required.
f) establishing, exercising or defending a right before a court of law, or whenever judicial authorities exercise their jurisdictional functions. The legal basis is Article 6(1)(f) of the GDPR, namely legitimate interest. Consent: not required.
The provision of personal data for the purposes indicated above is mandatory and, in the absence thereof, it will not be possible to provide the proposed service or to fulfil the requests submitted.

 

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The Data Controller undertakes to restrict the circulation and processing of personal data (e.g. storage, archiving, and retention of data on its own servers) to countries within the European Economic Area, with an express prohibition on transferring such data to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or in the absence of the safeguard instruments provided for under EU Regulation 2016/679 – Chapter V (adequacy decision, Standard Contractual Clauses, or explicit consent of the data subject).

 

SCOPE OF PERSONAL DATA COMMUNICATION
Personal data collected through this website may be communicated to:
 
Public Bodies or Offices, pursuant to legal and/or contractual obligations;
 
Banking institutions, for the management of transactions and payments;
 
Any external consultants and companies specifically appointed to provide  tax and fiscal advisory services.

 

DATA RETENTION
Hotel Versilia Palace will process your Personal Data for the time strictly necessary to achieve the purposes set out in this notice.
Subject to the foregoing, the Hotel will process Personal Data for the period permitted under Italian law in defence of its own interests (Art. 2947(1)(3) of the Italian Civil Code). Further information regarding the personal data retention period and the criteria used to determine such period may be requested by writing to the Data Controller.

 

MINORS
The Hotel specifically requests that minors do not use this Website or submit or post any information on it. Should the Hotel inadvertently acquire personal information or data of any nature belonging to a minor, any disclosure of such data to third parties by the Hotel would be solely attributable to the fact that the minor used the Website and disclosed personal information without having requested or received permission from the Hotel.

 

AUTOMATED PROCESSING
The Company does not carry out processing based on automated decision-making, including profiling, that produces legal effects or that may significantly affect the data subject.

 

SOCIAL BUTTONS
The Company's website may use, as social plug-ins, certain platforms managed by third parties (by way of example: Facebook, Instagram, WhatsApp). This means that by clicking on specific buttons (referred to as social buttons/widgets), the user is automatically and directly redirected to the provider of the chosen social network, where they may initiate an interaction with the Company's corporate profile.
Users are therefore invited to read and take into account the privacy policy of the selected platform, and to visit the section of the website dedicated to the Company's Cookie Policy for a more complete and detailed description of the features of this functionality.

 

DATA SUBJECTS' RIGHTS
Data Subjects may freely exercise the rights provided for under Articles 15 et seq. of the GDPR, namely:
 

  • withdraw consent at any time. The  Data Subject may withdraw consent to the processing of their  Personal Data previously given;
  • object to the processing of their Data. The  Data Subject may object to the processing of their Data where it is  based on a legal ground other than consent;
  • access their Data. The  Data Subject has the right to obtain information about the Data  processed by the Controller, on certain aspects of the processing,  and to receive a copy of the Data being processed;
  • verify and request rectification. The  Data Subject may verify the accuracy of their Data and request that  it be updated or corrected;
  • obtain restriction of processing. Where certain conditions are met, the Data Subject may request that the processing of their Data be restricted. In such case, the Controller  will not process the Data for any purpose other than storage;
  • obtain erasure or removal of their Personal Data. Where  certain conditions are met, the Data Subject may request that the  Controller erase their Data;
  • receive their Data or have it transferred to another controller. The Data Subject has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller. This provision applies where the Data is processed by  automated means and the processing is based on the Data Subject's  consent, o a contract to which the Data Subject is a party, or on  pre-contractual measures related thereto;
  • lodge a complaint. The Data Subject may lodge a complaint with the competent data protection supervisory authority or take legal action before a court. Requests should be sent by email to: direzionecommerciale@remarhotels.com. Alternatively, the Data Subject may contact the Data Processor directly at the facility.

 

UPDATE AND REVISION
This privacy policy was last updated on 18 March 2026 and may be subject to future revisions.