Pursuant to art. 13 and ss. of EU Regulation 2016/679 and in relation to the personal data that Sissy Hotel Srl will come into possession of from the time of registration on the website, we inform the user of the following:
1. Data Controller. The data controller is Sissy Hotel Srl, with registered office in Via Sannio, 18 20137 Milan
VAT No. 13175500969.
2. Purpose of data processing. The processing is aimed at the correct and complete provision of the services requested in favor of the user. Furthermore, the data provided may be used for marketing activities, within the limits permitted by law, as well as, in the event of express consent, for sending newsletters regarding our news, offers and updates, including details of our products and services. special offers, discounts or promotions, new products or services, and upcoming events or competitions.
Your personal data may be processed, without the need for your consent, in cases where this is necessary to fulfill obligations deriving from legal provisions in civil, fiscal, anti-money laundering, as well as from any other community legislation, rules, codes or procedures approved by Authorities and other competent national institutions.
In addition, your personal data may be processed to respond to requests from the competent administrative or judicial authority and, more generally, from public entities in compliance with legal formalities.
Furthermore, your personal data will be processed for the purposes relating and / or connected to the activities carried out by the Data Controller, such as specifically:
– for subjects who register on the site or who contact us via the site or via email for the provision of the services requested by them by entering data on the site or by sending emails, as well as for the storage of data to purposes of the operational and administrative management of contacts. In this regard, we remind you that during the negotiation phase, it is not mandatory to acquire consent if the processing is necessary to fulfill – before the conclusion of the contract – your specific requests;
– for the execution of the contractual relationship and ancillary services and / or related to such contracts. In such cases, we inform you that pursuant to the applicable legislation on personal data, the acquisition of your consent is not required if the processing is necessary to perform obligations arising from a contract;
– for the management of payments (with relative treatment – in accordance with the law – of payment data, including the identification details of credit cards or prepaid cards) of the services requested and any accessory economic charges, based on the provisions of the contract ; o fulfillment of legal, accounting, tax, administrative and contractual obligations related to the provision of the requested services;
– for the analysis and improvement of the services provided, such as the possible conduct of surveys to obtain suggestions from customers;
– for the provision of technical assistance to the customer, if required by the contract;
– your personal data, in addition, may be processed for the defense of a right in court or whenever it is necessary in order to ascertain, exercise or defend a right of the Data Controller;
– for surveys of the degree of customer satisfaction with the quality of the services provided;
– for the implementation of extraordinary transactions and company rentals or sales, in favor of the other contractually involved parties.
– It informs the subjects who register on the site or who contact us via the site or via email that the navigation and consultation of the Site do not require, or allow, any profiling activity.
– In any case, all data acquired during navigation are treated anonymously and can be used without the express consent of the User only for the purpose of accessing the Site, and presenting the services of Sissy Hotel Srl.
– In particular, as regards navigation data, we inform you that the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning.
– In addition, the data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
It is specified that your personal data may also be processed, subject to the release of your optional and express separate consent, for the following additional purposes functional to the activity of the Data Controller: market research, economic and statistical analysis; marketing of the services of the owner, sending advertising / information / promotional material and participation in initiatives and offers aimed at rewarding the customers of the owner. Data communication. Personal data may come to the attention of the persons in charge of the processing and may be communicated for the purposes referred to in point 2 to third party consultancy and assistance providers, to banks, to the companies of the owner’s group, to the commercial network, and, more generally , to all those public and private subjects to whom the communication is necessary for the correct fulfillment of the purposes indicated in point 2 or for legal obligations.
3. Transfer of data abroad. Personal data may be transferred to countries of the European Union and to third countries with respect to the European Union.
4. Data retention period. The personal data provided will be retained for the entire duration of the relationship between Sissy Hotel Srl and the user.


5. Right of access. The interested party has the right to ask the data controller for access to their personal data. Upon request, the data controller provides a copy of the personal data being processed. In the event of further copies requested by the interested party, the data controller may charge a fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
6. Right of rectification. The interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay.
Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
7. Right to cancellation (“right to be forgotten”). The interested party, with the exception of the provisions of Article 17, paragraph 3, of EU Regulation 2016/679, has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller has the obligation to delete personal data without undue delay, if there is one of the cases provided for in Article 17, paragraph 1, of EU Regulation 2016/679.
8. Right to limitation of treatment. The interested party has the right to obtain from the data controller the limitation of the processing using one of the hypotheses referred to in art. 18 of EU Regulation 2016/679.
9. Right to object to processing. The interested party has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to Article 6, paragraph 1, letters e) or f) of EU Regulation 2016/679.
The data controller refrains from further processing personal data unless he demonstrates the existence of compelling legitimate reasons for proceeding with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court.
10. Right to data portability. The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the data controller to whom he provided them only in the cases provided for by law and without affecting the rights and freedoms of others.
11. Withdrawal of consent. If the processing is based on art. 6, paragraph 1, letter a), or on art. 9, paragraph 2, letter a) of EU Regulation 2016/679, the interested party has the right to revoke the consent given at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.
12. Right of complaint. The interested party has the right to lodge a complaint with the Supervisory Authority.
13. Refusal to provide data. Any refusal by the interested party to provide personal data will make it impossible to provide the services requested.
14. Communication of data. Personal data may come to the knowledge of the persons in charge of the processing and may be disclosed for the purposes described to third parties exclusively for purposes related to the provision of the requested services.
15. Dissemination of data. Personal data are not subject to disclosure.