In Hotels and Resorts Group we respect your privacy and we are committed to ensure the security and the confidentiality of the personal data you provide us.
What types of personal data we collect
The Hotels and Resorts Group may process the following categories of your personal data:
- personal information: name, surname, identity card or passport number, gender, date of birth, nationality
- contact information: phone number, email address
- payment information: your credit or debit card details
- information related to your participation in our Loyalty program
- details about your stay: arrival and departure date, goods and services you prefer, participation and group of customers
- reviews and evaluation on the accommodation and services quality
- information you provide us about fulfilling special requests and demands during your stay
- any kind of personal data that you choose to share with us for your better service
How we collect your data
Hotels and Resorts Group collect your personal data:
directly from you:
from the registrations you make on our websites, in order to whether book a room or be informed about the services and activities of our hotels
from the registration of your data at the reception of our hotels upon your arrival
from information you provide to our employees during your stay at our facilities for your best service
- by travel agents with whom the Group cooperates
- from electronic platforms through which you communicate with us or make your reservations
Under no circumstances, we collect or process personal data that is not provided with your consent.
Why we collect your data
We use your personal data only to fulfill the following purposes:
- to fulfill our contractual obligations to you and to provide you with the best possible service and stay we promised you
- to comply with obligations imposed by law, Judicial or Supervisory Authorities
- for information, research or advertising purposes, only if we have ensured your consent
We retain your data for as long as it is required to fulfill the above purposes and, in any case, until you withdraw your consent or object to the processing of your data.
We upgrade our policies in order to comply with the new data protection legislation. We take appropriate technical and organizational measures to protect your personal data that we process.
We prevent unauthorized access to your data, and all staff members are bound under a confidentiality agreement to ensure the confidentiality of your personal data.
We do not disclose or transfer your information to third parties, unless provided in the context of our contractual relationships with our partners and for the fulfillment of specific purposes. In any case, we make sure that all of our partners, with whom we may share your data, comply with the data protection legislation and, in turn, receive all the necessary measures to guarantee the confidentiality, integrity and availability of your data. In addition, we may, exceptionally, disclose your data to Legal or Supervisory Authorities as part of our compliance with an obligation imposed by law.
You have the following rights regarding your personal data, which we process. You have the right to:
- withdraw your consent to the use of your data for advertising, informative or any other purposes at any time
- request information about the type of data processing we use and have access to them
- ask us to correct or update your data if it is inaccurate or incomplete
- request the complete and permanent deletion of your data from our records
- request the restriction of your data processing, if the conditions laid down in the relevant legislation are met
- request a copy of all or part of your data in a commonly used and machine readable format
We are committed to meeting your requests free of charge as soon as possible and, in any case, within 30 days from the submission. This deadline can be extended for 60 days, depending on the complexity and the number of requests.
Please note that you can also send complaints and concerns about the use and protection of your personal data to the competent Data Protection Authority.