Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. Privacy Policy of B&B HOTELS in Italy
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

Privacy Policy of B&B HOTELS in Italy

PRIVACY POLICY

Pursuant to Article 13 of Regulation (EU) 679/2016 ("GDPR").

 

PDF Version

Update date: 23/07/2024

 

As provided for by the applicable legislation on the protection of personal data represented by Legislative Decree 196/2003, as subsequently amended ("Code for the Protection of Personal Data"), and the GDPR (jointly, "Privacy Policy"), we inform you that B&B Hotels Italia S.p.A. having its registered office in Via G. Leopardi 1, 20123, Milan (MI), C.F. 06291950969, in the person of its legal representative pro tempore ("B&B Italia"), will collect the personal data that you provide through the different channels (as identified below) for the purposes detailed below as joint data controller with the other companies belonging to the B&B Hotels group - a complete list of the companies is available by contacting B&B Italia - (jointly, "Joint Data Controllers"). 

 

1. Booking Channels.

This policy applies to reservations made through the following channels:

a. website https://www.hotel-bb.com/ ("Site") and B&B Hotels mobile application ("Application");

b. reception at B&B Italia hotel facilities ("Reception"); and

c. kiosks installed at the hotel facilities ("Kiosk"). Through the Kiosk, you will also be able to take advantage of the real-time identification service via webcam and check-in and sign-in at the hotel facilities, as an alternative to the traditional methods of guest recognition.

 

2. Categories of data processed

The Joint Data Controllers will process the personal data you provide for the purposes detailed under section 3 below ("Personal Data"). In particular, the following Personal Data are processed:

 

For the purposes under points from 1 to 6 of section 3:

- Identification data (e.g. title, first and last name);

- Contact data (e.g. e-mail address and telephone number);

- Data related to professional life (e.g. company, location);

- Reservation data (e.g., hotel, date of arrival and departure, number of rooms, name and age of other guests, information on any preferences about the reservation expressed by the guest (e.g., breakfast included, smoking room, preferred plan);

- History of reservations at hotel facilities;

- Payment details (e.g., transaction number, payment method, purchase details, billing information, discounts, receipts, balances, outstanding payments);

- Copy of identification document (i.e., passport, driver's license or electronic or paper ID card) and the data therein, such as, e.g., first name, last name, gender, date and place of birth, citizenship, place of residence, date of issuance and expiration date, document number;

- Customer feedback; and

- For real-time webcam identification carried out through the Kiosk, images and videos of guests collected through the webcam and not subject to recording are also processed.

 

For the purposes under points from 7 to 9 of section 3:

- Customer number;

- Browsing data;

- Identification data (e.g. title, surname, first name); 

- Contact details (e.g. email address and telephone number); 

- Data relating to business life (e.g. company, location); and 

- Booking history at the hotel facilities. 

 

For the purpose under point 10 of section 3:

- Identification data (e.g. title, first and last name);

- Contact data (e.g. e-mail address and telephone number);

- Preferred language; 

- Identification number; 

- Data relating to the accumulated points; 

- Booking history at the hotel facilities; 

- Payment details (where relevant).

 

3. Purposes, legal basis for processing and data retention period

The Joint Controllers will process your Personal Data for the achievement of precise purposes and only when there is a specific legal basis provided by the Privacy Policy.

The following table lists the purposes for which your Personal Data is processed by The Joint Controllers and the legal basis on which the processing is based.

 

Purpose of processing

Legal basis

Retention period

  1. Management of booking and contracting of hotel services, including handling of requests and complaints.

Execution of the contract

Throughout the duration of the contract.

In the case of pre-litigation activities, until the dispute is dismissed or a settlement agreement is reached.

In the case of litigation activities, until the time limits for ordinary and extraordinary remedies have expired.

  1. Compliance with current administrative, accounting and tax obligations

Fulfillment of a legal obligation

Payment and billing data are kept for 10 years after the conclusion of the contractual relationship with the customer or after an occasional transaction.

  1. Centralization of reservations received through the different channels within a single management software (Central Reservation System)

Execution of the contract

Throughout the duration of the contract.

In the case of pre-litigation activities, until the litigation has been dismissed or a settlement agreement has been reached.

In the case of litigation activities, until the time limits for ordinary and extraordinary remedies have expired.

  1. Carrying out the operations of verifying the identity of hotel guests (both in traditional mode and by real-time recognition through Kiosk) and transmitting their personal data to the relevant authorities.

Fulfillment of a legal obligation

24 hours after the acquisition of identification documents.

Images and videos of guests processed through the Kiosk are not recorded.

  1. Service improvement: development of satisfaction surveys and management of feedback on services provided.

Legitimate interest of the Joint Controllers and related to the improvement of services provided

For the period of time needed to process the survey results and customer feedback or until the data subject exercises his/her right to object.

  1. Conducting business statistical analysis

Legitimate interest of the Joint Controllers and related to the best management of the conducted business and related relationships with clients and prospects

For the period of time needed to process the statistical analysis or until the data subject exercises his/her right to object.

  1. Direct marketing (Sending information and/or advertising material by electronic means, telephone or mail) and market analysis

Consent of the interested party

2 years from collection of consent (or until consent is revoked)

  1. Soft Spam (Promotional activities of The Joint Controllers' products and/or services similar to those that the data subject has already purchased)

Legitimate interest of the Joint Controllers in making commercial offers to the data subject in relation to the Joint Controllers' products and/or services similar to those already purchased by the data subject

2 years from collection of consent (or until consent is revoked)

  1. Profiling (Personalization of commercial communications)

Consent of the interested party

2 years from collection of the consent

  1. Management of the B&me loyalty programme (management of membership of the B&me programme and the B&me CLUB subscription)

Performance of the loyalty programme contract

Throughout the duration of the contract.

In the case of pre-litigation activities, until the litigation has been dismissed or a settlement agreement has been reached.

In the case of litigation activities, until the time limits for ordinary and extraordinary remedies have expired.

 

4. Obligatory or optional nature of the provision of Personal Data for the pursuit of the purposes

Where the relevant legal basis is the performance of the contract or the fulfillment of a legal obligation, the provision of Personal Data is needed to carry out the activities indicated in the table above. In these cases, failure to provide Personal Data will result in the inability of The Joint Controllers to perform these activities and allow to make and benefit from a reservation at the hotel facilities, to access to the hotel facility, as well as to take part in the loyalty programme, depending on the relevant purpose.

Where the relevant legal basis is the pursuit of a legitimate interest of the Joint Controllers, the provision of Personal Data is optional. Your refusal to provide such data will not preclude the possibility of using the Service and accessing the hotel facility. In any case, The Joint Controllers may proceed with the processing on a different legal basis or where they consider that there are compelling legitimate reasons overriding your interests in establishing, exercising or defending a right in court.

In addition, you are free to revoke your consent at any time. In this case, the right to object to the processing of Personal Data for direct marketing purposes carried out through automated means also extends to the processing of Personal Data carried out through non-automated means, unless you only partially object to the processing. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.

 

5. Security of Personal Data

The Joint Controllers pay special attention to the security of Personal Data. They have adopted technical and organizational measures appropriate to the level of sensitivity of the Personal Data, with a view to ensuring the integrity and confidentiality of the data and protecting it against any fraudulent breach, loss, alteration or disclosure to unauthorized third parties.

In any case, the security and confidentiality of data depend on the good behavior of each individual. Therefore, we recommend that you remain vigilant about these profiles.

 

6. Recipients of Personal Data

Subject to compliance with the principle of minimization and proportionality, Personal Data may be made accessible to the following entities for the purposes listed above:

- to employees and collaborators of The Joint Controllers, duly authorized, based on the instructions received from The Joint Controllers and under their authority;

- to companies, consultants and/or professionals to which The Joint Controllers have recourse in the provision of their services including, in particular, the supplier of the software installed on the kiosks and the managers of the hotel facilities, as well as the supplier of the payment services and the suppliers of the reservation management software, duly appointed as data processors; and

- to the competent authorities, for the purpose of carrying out identity verification activities, to the extent required by applicable law.

Personal Data will be subject to the highest security standards and, under no circumstances, will it be disseminated or, in any case, communicated to an indeterminate number of parties.

 

7. Transfer of Personal Data

The companies belonging to the B&B Hotels group provide their services in and from different countries. In addition, some of the companies acting as Joint Controllers under this Policy are located outside the European Economic Area. Therefore, your Personal Data will be transferred outside the European Economic Area. In such cases, in the absence of an adequacy decision, the transfer will take place where appropriate safeguards are in place, for example where standard contractual clauses defined by the European Commission have been adopted and, in any case, in accordance with applicable law.

In any case, you have the right to contact The Joint Controllers, by sending an e-mail in accordance with the "Data Subject Rights" section below, in order to obtain more information about such transfer and to obtain a copy of the protective measures taken to protect your Personal Data.

 

8. Rights of the Data Subject

In relation to the processing of Personal Data, you are granted the right to exercise the rights set forth in Articles 15 to 22 of the GDPR. In particular, you have the right to obtain from B&B the rectification, integration or deletion (so-called right to be forgotten) of your Personal Data; the right to obtain the restriction of the processing and the right to the portability of your Personal Data; and the right to lodge a complaint with the Data Protection Authority.

You may exercise these rights by sending your request to B&B Italia at: privacy-italia@hotelbb.com. You may also request the essential content of the agreement between The Joint Controllers, in accordance with the Privacy Policy.

In any case, you may contact the other The Joint Controllers always using the address: privacy-italia@hotelbb.com

The exercise of rights is not subject to any formal constraints and is free of charge.

 

Consent Wording

□ I consent to the processing by the joint controllers to send me marketing communications relating to their services/products provided both through traditional means of communication such as paper mail and through remote means of communication such as e-mail, chat, telephone, SMS, automated call, instant message

(Optional consent)

□ I also consent to the joint controllers’ analysis of my preferences and habits in order to send me offers, promotions and communications tailored to my interests and needs

(Optional consent

  1. B&B HOTELS
  2. Privacy Policy of B&B HOTELS in Italy