This Policy broadly describes our practices.

This page describes how the website is managed with regard to the processing of the personal data of its users.
Processing is always based on principles of lawfulness and correctness in compliance with all applicable regulations, and appropriate security measures are taken to protect the data.

This Privacy Policy also serves as brief information pursuant to Art. 13 of the General Data Protection Regulation (EU) 2016/679, as well as pursuant to the cookie regulation no. 229 of 8 May 2014, through which we wish to inform website visitors about the use of the data entered as well as about the cookies used by the website.

The information is also provided pursuant to Recommendation 2/2001 adopted by the Working Party established by Art. 29 of Directive no. 95/46/EC to the users of the web services of this site, for the purpose of the protection of personal data, which may accessed from the address www.ipi-spa.com

By using any of our services and/or by accepting this Policy, for example when signing up for one of our services, you consent to the collection and use of your personal information as described in detail in this Policy.

This Policy broadly describes our practices.
Please note that this Policy does not apply to the processing of personal information on behalf of and/or under the instructions of third parties, such as airlines, car rental companies and other service providers, companies that organise or offer travel packages, business partners or corporate clients.

PERSONAL INFORMATION WE COLLECT
The personal information we collect as IPI Group includes:

Your first and last name, e-mail address, telephone number and home address;
Your credit card details (card type and number, name on card, expiry date and CVC code);
Information about your stay, including dates of arrival and departure, special requests and your service preferences (preferences concerning rooms, services or other);
Information you provide about your marketing preferences or promotional offers;
Collection at our property:
We collect additional personal information during registration/check in at our hotel, including information required by local laws;
Event profiles:
If you plan to organise an event with us, we will log the specific data concerning the event or meeting, along with date, number of guests, guest room details and, in case corporate events, information about your organisation (name, annual budget, number of events sponsored each year). We also collect information on guests who are part of your group or event. If you visit us as part of a group, we may request your personal information from the group and may send you marketing information with your express consent following your stay with a group or participation in an event. If you visit us within the context of an event, we may share your personal information with the event organisers. If you are an event organiser, we may also share information about your event with third-party service providers who may send you commercial information about event services;
Social media:
If you choose to participate in social media offers or activities sponsored by IPI Group companies, we may collect certain information from your social media profiles, according to the settings you opted for within the social media service, such as location, check-in, activity, interests, pictures, status updates and friends list.
We may also allow you to join specific contests in order to submit pictures, such as those from your stay with us, which you may share with your social media contacts in order to receive ratings, shared offers, or other promotions;
Information we collect from third parties:
We may also collect information about you from third parties, including information from our partners (travel agencies, airlines, payment cards) and other partners, or from social media depending on your service-specific settings, as well as from third-party sources;
Information that we collect automatically: When you use our website, we automatically collect information, some of which may be personal data. This may include: language settings, IP address, location, device settings, device operating system, log-in information, time of use, requested URL, status report, user agents (such as browser version information), browsing history, result (visit or booking), user booking code, type of information viewed. We may also collect data automatically through cookies.
The data may also be used to ascertain liability in the event of hypothetical computer crimes targeting the website.

PURPOSE OF PROCESSING, LEGAL BASIS AND LAWFULNESS OF PROCESSING
Data are processed for the following purposes:

Management of customer relations (management of bookings, issue of invoices, estimates), to perform any contractual obligations. Personal data may be disclosed to subsidiaries and/or affiliates and/or companies belonging to the same group as the Company, as well as to persons, companies or professional firms that provide services and assistance or consultancy activities to the Company for the purposes highlighted in the specific information and the same will not be used by the Company for other purposes;
Fulfilment of regulatory obligations, in particular accounting and tax obligations;
litigation management;
Relating to the service offered, i.e.:

Sending of promotional offers on our services and updates on our rates and offers as well as greetings by regular mail or by fax or email;
Provision of hotel services such as the external communication of data concerning your stay for the sole purpose of making it possible to receive items, messages and telephone calls addressed to you;
Processing, with your prior written consent, of the so-called sensitive data that you voluntarily provide in order to ensure a better level of hospitality at our hotel;
We may use your e-mail address to send you, with your express written consent, our newsletters and holiday greetings;
With regard to the purposes stated in item 2 letter a) we rely on the performance of a contract: the use of your data may be necessary in order to be able to implement the contract with us. For example, if you use our services to make an online booking, we will use your data to fulfil our obligation to complete and manage your booking under the contract between us;
With regard to the purposes stated in items 2 b) and c), we rely on legitimate interests: we use your information for our legitimate interests, i.e., for administrative, legal or fraud detection purposes. When we use personal information for our legitimate interests, we always balance your rights and interests regarding the protection of your personal information against our rights and interests;
Depending on the purpose, we may also rely on our obligation to comply with applicable laws.
We will ask for your consent to process your personal information for the purposes set out in applicable legislation, which you may withdraw at any time by contacting us at the addresses set out at the end of this notice. Certified e-mail: ipi@legalmail.it

IDENTITY AND CONTACT DETAILS
This website is managed by the Controller, in the person of the owner and legal representative of the company IPI S.p.A, Via Nizza 262/59, 10126 Turin, e-mail ipi@legalmail.it
The Controller guarantees the security, confidentiality and protection of the data in their possession at all stages of data processing.
The Processor, whom you can contact if you wish to exercise your rights referred to in Art. 12 and/or for any clarifications on personal data protection, can be reached at: dpo@ipi-spa.com
The data collected are used in compliance with the applicable privacy regulation (GDPR 679/2016).

PLACE OF PROCESSING
The processing operations connected to the web services of this website take place at the Controller’s premises and are handled only by the staff in charge of processing and by the supplier in charge of Internet services and hosting/housing services of the website. Moreover, such processing is handled exclusively by the technical staff of the Office in charge of processing, or by any persons appointed for occasional maintenance operations under the strict control of the Controller.

NATURE OF THE PROVISION OF DATA
For the purposes stated in item 2), in the case of booking a hotel stay, the provision of data is compulsory, and failure to provide such data may make it impossible to fulfil the request. For the purposes stated in item 2a), the provision of data is optional and does not prevent the provision of the requested service (hotel stay).

REFUSAL TO PROVIDE DATA
The data subject may refuse to provide the Controller with their navigation data. This can be done by disabling the transmission of such data in accordance with the instructions provided by the browser in use.

RECIPIENTS OF THE DATA
The processed data shall not be disclosed, sold or exchanged with third parties without the express consent of the data subject. The scope of communication of the data is limited exclusively to those responsible for the fulfilment of contractual operations and compliance with legal obligations. The relevant data may therefore be communicated to third parties belonging to the following categories:

Subjects providing IT management services;
Firms or companies providing assistance and consultancy services;
Administrations, Public Bodies and Competent Authorities, for the fulfilment of legal obligations and/or provisions of public bodies;
Group and/or network companies or private parties either directly involved in the performance of the service or legally entitled to view the relevant data.
In any case, the aforementioned subjects shall only receive the data that are strictly necessary and relevant to the purposes of the specific processing.

OPTIONAL PROVISION
Except for the specific requirements related to navigation data, the user is free to provide personal data through the forms of the website (web forms). This may also be done to request newsletters, information material, commercial offers or other communications. Failure to provide such data may make it impossible to fulfil the request.

DATA SHARING
Other service providers: We use service providers to manage your data on our behalf. This management serves the purposes described in this Policy, such as processing payment for bookings and sending marketing material for further analytical purposes. These service providers are bound by confidentiality agreements and do not have permission to use your personal data for other purposes;
Competent authorities: We share personal data with law enforcement, police and other government authorities when required by law or when absolutely necessary for the detection, prevention or prosecution of fraud or crime.

SECURITY
The IPI Group relies on special procedures to prevent unauthorised access to, and misuse of data. We employ appropriate industry systems and procedures to safeguard the personal data you provide. We also rely on security procedures and technical and physical restrictions to prevent access to, and use of the personal data held on our servers. Only authorised personnel may access personal data during the performance of their work tasks.

DATA STORAGE
We shall store your personal information as long as necessary for the provision of the service, in accordance with applicable laws, for the purpose of dealing with any disputes with any third parties and in any event as long as necessary for the performance of our business, including the detection of, and protection against fraud or other illegal activities. All personal information held shall be subject to the provisions of this Privacy Policy. If you have any questions about the specific periods for which the personal data will be stored, please contact us at: ipi@legalmail.it

TRANSFER OF DATA
The Controller shall not transfer personal data to third countries or international organisations.

WITHDRAWAL OF CONSENT
With reference to Art. 23 of Legislative Decree 196/2003 and Art. 6 of GDPR 679/16, the data subject may withdraw their consent at any time.

RIGHTS OF DATA SUBJECTS
We want you to be able to control how we use your data. You can do this in the following ways:

You can ask us for a copy of the personal data we hold about you;
You can inform us of any changes to your personal data or you can ask us to correct any of the information we hold about you;
In specific cases, you may ask us to erase, block or limit the processing of the personal information we hold about you, or object to particular ways in which we are using your personal information;
In specific cases, you may also ask us to forward to a third party the personal information we hold about you. When we use your personal information based on your consent, you may withdraw that consent at any time in accordance with the procedure laid down by the law. Furthermore, when we process your personal information on the basis of legitimate interests or public interest, you have the right to object to the use of your personal information at any time in accordance with the procedure laid down by the law. We rely on you to ensure that your personal data is complete, accurate and up to date. Please inform us promptly of any changes or inaccuracies in your personal information by contacting: dpo@ipi-spa.com. We will handle your request in accordance with the applicable regulations. The data subject may exercise their rights described above with reference to Art. 15 “Right of access”, Art. 16 “Right to rectification”, Art. 17 “Right to erasure”, Art. 18 “Right to restriction of processing”, Art. 20 “Right to data portability”, Art. 21 “Right to object to automated individual decision-making” of the Regulation 679/2016 (GDPR) by writing to the Controller at the following address: IPI S.p.A, Via Nizza 262/59, 10126 Turin; E-mail: ipi@legalmail.it

LODGING A COMPLAINT
The data subject has the right to lodge a complaint with the supervisory authority of the Member State of their habitual residence.

Changes to this Privacy Policy
The Controller reserves the right to make changes to this Privacy Policy at any time by publishing them on this page. We invite you to visit this page regularly, referring to the last update date at the bottom.
If you do not accept the changes made to this Privacy Policy, you must stop using this application, and may request that your personal data be deleted by the Controller. This applies unless otherwise specified.

Information on this Privacy Policy
The Controller is responsible for this Privacy Policy.

Privacy for minors
Our website is intended for a general audience and does not offer services aimed at children. Should we discover that a minor has provided us with any personal information without the permission of their parent or guardian, we shall erase such information immediately. If any external links on pages of this website or sections of our applications contain links to other websites, these are not bound by this Privacy Policy. We encourage you to read carefully the privacy policies published on such external websites and to review their procedures for collecting, using, and disclosing personal information.

Defence in Court
The User’s personal data may be used for the Controller’s legal defence or in preparation for its possible establishment, against abuses in the use thereof or of related services by the User. Following a subpoena, court order or other legal action; In order to establish or exercise the rights granted to us by law; To defend us in the event of legal action against us or for any other purpose dictated by law. The User declares that they are aware that the Controller may be required to disclose personal data by public authorities.

Legal references
This Policy is drawn up in compliance with the obligations provided for by Legislative Decree 196/2003, GDPR 679/16, Art. 10 of Directive no. 95/46/EC, as well as Directive 2009/136/EC regarding cookies. This Privacy Policy concerns this website only.