Privacy

Palazzo Caruso, takes seriously the protection of the privacy of its users' data. This Privacy Policy ("Policy") describes what information we collect about our guests, visitors, users of the website and mobile application, gift voucher buyers, subscribers, subjects who contact us for inquiries, business contacts and all other people from time to time (each referred to as "guest", "user", "you" and their pronomies).

If you agree to receive commercial announcements, we will send you communications from us regarding news, offers, products and services provided by us and our partners that may be of interest to you, as described below on the palazzocaruso/privacypage,   sent by email and through other commercial channels.

We invite you to read this Policy carefully. By visiting our website, using our services, or otherwise interacting with us, you agree to the data processing activities described in this Privacy Policy. Please note that any websites whose link is present on our site are subject to its own privacy policy and policy. If this policy is amended, your continued use of our website and services will result in acceptance of the amended policy.

If you have any questions about this policy, you are invited to write to the e-mail address direzione@palazzocaruso.com or to the address of our  office Palazzo Caruso Piazza Barberini,5- 00187 Rome

This version of the Privacy Policy was published in May 2021.

index

• What data can we collect about you?
• How do we use your data?
• User's right to explicit refusal
• Disclosure of user data
• Security of user data
• How long is user data stored?
• User rights
  
  What data can we collect about you?

We may process the following data about you:

• Data provided by the user. You may provide us with information about your account, even partial, by filling out forms, creating an account or user profile, registering for newsletters and other services, making or cancelling a reservation or ordering a product, responding to job offers, Such data may include: name, e-mail address, billing address, room preferences or special requests, telephone number, deposit and deposit information to guarantee a reservation, content of emails sent to us and any other similar data. You have no obligation to provide us with such data but, without it, we may not be able to respond to it and provide you with the requested services, content or information.

• Data collected during the guest's stay. Palazzo Caruso  records the justified expenses of the guest and the other expenses charged to his room. Special data relating to your stay, such as service requests, solvency, special preferences or health claims, may also be stored. Specific data about the guest's stay is stored in our Property Management Systems and combined with information about previous visitsto thehotel. Images of the user may be captured if they are present in controlled areas with CCTV.

• User data collected by Palazzo Caruso. Regarding your visits to our website and your use of the application, we may  :

• data that does not reveal his personal identity, for example, the type of destination on which the user searches for information. We use this data primarily to ensure the relevance of communications and may link it to your name or email address;
• technical data, including the Internet protocol address (IP) used to connect your computer to the Internet, login credentials, browser type and version, time zone setting, date and time of access to our website, browser plug-in types and versions, operating system, platform and similar information; and
• data about your visit, including the full clickstream of the URL to, through and from our website, the pages displayed or searched and their response times, download errors, duration of visits to certain pages, data on interaction with pages (such as scrolling, clicking and mouse steps) and the systems used to get out of them.

• Data on children under 16 years of age. We collect certain data about minors.

• Data provided by people making a reservation on behalf of the guest. A third party acting on behalf of another person warrants that it is authorized by another person to provide their personal data and that the data provided is correct. In the event of a breach of this warranty, the representative will be responsible for all losses or damages suffered by us as a result.

• User data received from third-partysources. We may receive data from credit reference agencies, online travel agencies used by you to make a reservation or for requests for information, from our broadband provider and other service providers who will inform us, for billing purposes, if our guests have used certain services and other third parties. In addition, in view of the guest's stay, we may acquire the photograph from publicly available sources, in order to be able to recognize it on arrival and offer him a customer service of excellence.

1.2. How do we use your data?

We may process your data in accordance with the law where necessary in order to:

(a) respond to, and process your questions, your comments, complaints and requests;

(b) process your bookings or cancellations, provide the services, products or content requested by you, manage and administer your user account, send you service communications and allow you to participate in interactive functions of our applications and websites, if you have decided to do so;

(c) provide the customer, new or old, with superior personalized service, including customer service before, during and after his stay. For these purposes, we may create a customer profile that includes data from our property management system, which will also allow us to improve the relevance of our communications;

(d) show content on websites and applications, such as stories, product reviews, observations and photos, provided by you;

(e) process applications for jobs that you have submitted, profile for recruitment purposes, manage your login data on our job opportunities platforms, and use recruitment tools that enable us to assess the candidate's suitability for specific roles;

(f) allow our suppliers and service providers to perform certain functions on our behalf, including hosting our websites, booking applications and platforms, verification and technical, logistical or other functions;

(g) send you personalized business communications, alerts and newsletters through our commercial channels, and send personalized advertisements to your devices, with your consent or as permitted by law;

(h) communicate with the guest and manage their participation in special events, programs, surveys, competitions, prize draws and other offers or promotions;

(i) administer our business, including financial transactions, debt control and debt recovery;

(j) ensure the security of your account, our premises and facilities and our business, for example by monitoring account activity and installing CCTV; verify the identity of the user, where required; prevent or detect fraud or abuse of our websites, products and services, for example by requesting verification data in order to reset your account password; implement and implement our general terms and conditions of the company or any other agreements made with you; manage technical aspects of our website, including fault identification, diagnosis of technical and maintenance issues, testing, encryption and similar operations;

(j) perform data analysis, statistical research, and trend analysis in relation to your activity, demographics, guest profiles, user comments or other contributions to develop and improve our websites, products and services and to ensure the effectiveness of our business efforts.

The legal basis of the processing of your personal data by Palazzo Caruso for  the purposes described above usually includes:

• the processing necessary to fulfill a contract, for example, the conditions governing the website or booking, between Palazzo Caruso and the guest, including processing for the purposes indicated in paragraphs (a), (b), (c) and (d);
• the processing necessary for our legitimate interests or those of third parties, such as the processing specified in paragraphs (e), (f), (h), (i),and (j), which is performed according to our legitimate interests to ensure that our website, the services and content are competitive and provided efficiently, without delay and in an intuitive and personalized way, taking into account the feedback of users, their data and profiles, in order to ensure the security of our company and the data of our users, and to ensure the correct and efficient administration of our company, except where consent is required for the above processing according to the applicable law.
• your consent, for example in the case of processing for the purposes indicated in paragraphs (g) and 2, where such consent is mandatory under applicable law;
• the processing necessary for the fulfillment of a legal obligation to which Palazzo Caruso is required, as for example in the case of processing for the purpose indicated in paragraph (l);
• other bases applicable from time to time for treatment.
  
  User's right to explicit refusal

If you wish Palazzo Caruso  to stop sending you commercial communications, you may use the rejection link, the Unsubscribe link in our commercial communications or change the application settings.

If you wish to withdraw your consent to cookies at any time, you, or another person using your device, have the option to accept or block cookies by changing your browser settings. If you choose to block cookies, you may not be able to make full use of the interactive functions of the website, the contents and services of Palazzo Caruso.

1.4. Disclosure of user data

We may disclose your data in accordance with the law for the purposes listed above to third parties, including:

• Our activepartners, such as  the booking engine,or other
• We may share health and safety-related data or preference data with any partners providing services, i.e. food & beverage,  in order to improve the guest experience.
• the public, if you have published data in our blogs, forums and discussion groups;
• accident response groups or business continuity providers; our analytics partners and customer relationship management; our business partners, communications and advertising;
• online travel agencies used by you to make a reservation or request information;
• the payer, such as the employer who pays on your behalf and receives billing data;
• legal entities, temporarily or permanently, depending on joint ventures, collaborations, financing, sales, mergers, reorganizations, changes in legal form, dissolution or similar events. In the event of a merger or sale, your personal data will be definitively transferred to the takeover company or the new owner;
• public authorities, where required by law;
• any other terzapart, subject to your consent.
  
  Security of user data

Palazzo Caruso strives to protect your data with the measures specified below. Unfortunately, it is not always able to guarantee absolute safety. The security of your data may be compromised by unauthorized entry or use, hardware or software failures, events beyond our control, and other factors. Nevertheless, we will respect our obligation to implement appropriate technical and organizational measures to ensure a level of security of personal data appropriate to the protection against the risks of data breach.

. Credit card data is transmitted and stored in encrypted format and is decrypted only when necessary for the debiting of payment or as a guarantee of future stays. Access to uncrypted credit card data is limited to the persons in charge, as is good practice. Palazzo Caruso  protects the security of user data during transmission using technology  ...... ........ which encrypts the data entered and is certified by.

It is important to note that email communications are not secure. This is an inherent risk to email usage. You should be aware of this when asking for information or sending forms by e-mail (for example, from the "Contact us" section of the website). It is recommended not to enter sensitive information (for example, credit card details) when using email.

Finally, as a precautionary measure, it is advisable to always close the browser after you have finished using a form or the site dedicated to reservations. Although the session closes after a short period of inactivity, it is preferable to close the browser immediately after you finish. The user must ensure that they use strong login credentials when setting up their account and protect themselves from unauthorized access to the password and computer.

How long is user data stored?

Personal data will be stored for as long as necessary for the pursuit of the above purposes or in accordance with the provisions of applicable law. If you reside in the European Economic Area or the United Kingdom, you can contact us for more details about our retention periods in relation to your personal data.

User rights

• Right of the data subject to request access (SAR) Data subjects may request a copy of their personal data in writing. Where possible, we will allow our users to access their data.
• Sar compliance is subject to certain limitations and exemptions and respect for other people's rights. In each request it must be clearly specified that a SAR is being presented. Where applicable, the data subject may be required to submit proof of identity and to make a payment..
• Right of rectification. Data subjects may request the rectification of inaccurate or incomplete personal data.
• Right to withdraw consent. Interested parties may at any time withdraw their consent to the processing of personal data carried out by us on the basis of their previous consent. Such revocation shall not affect the legality of the previously given consent-based processing. The user who withsees his consent may not be able to use certain services for which the processing of personal data is essential.
• Right of opposition to treatment including profiling. We will comply with valid requests for opposition, unless there is an prevailing and binding legal basis for the continuation of our processing or if there is no other legitimate reason to refuse the request of the data subject. We will promptly grant all valid requests to unsubscribe in connection with commercial communications.
• restriction. Interested parties may request the restriction of our processing of their personal data in various circumstances. We will comply with this request, unless there is a legal reason not to do so, such as a legal obligation to continue processing your personal data in a certain way.
• Right of cancellation. The data subject can request the deletion of personal data on his account, which Palazzo Caruso  will provide unless there are legal impediments. For example, there may be a legitimate and prevailing reason for the storage of your personal data, such as a legal obligation that Palazzo Caruso  is required to observe

Right to complain to a supervisory authority. We suggest that interested parties contact us about questions or complaints about how we process their personal data. However, each data subject has the right to contact the relevant supervisory authority directly