Menu opener
Close
Please fill in the destination field
There are no suggestions
Please select period for 20 days max
Start date cannot be set in the past.

Please select period for 20 days maxStart date cannot be set in the past.

From
To
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

Biometric Privacy Policy

B&B Hotels Italia S.p.A., with registered office in Via Domenichino 19, 20149 – Milan (Italy), VAT no. 06291950969, (“B&B ITALIA”) and Casper BidCo, with registered office in Boulevard Romain Rolland, 29, 92120 – Montrouge (France), registration number 850 790 908 (“Casper BidCo”), in their capacity as joint controllers (“Joint Controllers”), process the personal data provided by you if you have chosen to take part in the Online Check-In pilot project launched by the Joint Controllers, i.e., to perform Online Check-In operations using facial recognition technology after making a reservation of a stay at the B&B Hotel Milano City Center Duomo (the “Hotel”).

1.  Types of data processed

The Joint Controllers will process the personal data provided by you during the Online Check-In pilot project using the B&B mobile app with facial recognition technology (“Personal Data”). In particular, the following Personal Data are processed:

1.1.  Copy of your passport and the data it contains, including: name, surname, date and place of birth, document number and expiry date;

1.2.  Biometric data relating to the characteristics of your face (the facial images will not be retained, but will be used to check your identity by comparing them with your passport photograph, and will then be irreversibly deleted); and

1.3.  An encrypted string that gathers information from the identity check, i.e. the validity of your passport and the correspondence of your identity with the passport photograph, and confirms the positive match (“String”). It is specified that it is in no way possible for your face and the copy of your passport to be traced using the String.

2.  Purposes and legal bases of processing

The Personal Data are collected and processed solely to check the identity of the person who will be staying at the Hotel, for the purpose of providing the hotel service. This will be done using innovative facial recognition technology, to facilitate and speed up the check-in procedures at the Hotel. Specifically, we inform you that on arrival at the Hotel you must in any case go to reception to allow the staff in charge to check your personal identity, in the traditional way but more quickly.

The legal basis for processing is your express consent. Only the Personal Data contained in your passport will be disclosed to the competent public security authorities, only as regards the information required by B&B ITALIA to fulfil the obligations laid down in Article 109 of Italian Royal Decree (R.D.) no. 773 of 18 June 1931 (Consolidated Law on public security, TULPS) in the methods laid down in the related Decrees.

3.  Mandatory or optional nature of the provision of Personal Data in pursuing the purposes

The provision of Personal Data is required for checking your identity using facial recognition technology in order to facilitate and speed up the check-in procedures at the Hotel. You may in any case check in at the Hotel reception with the staff in charge of this procedure, in the traditional way.

4.  Automated decision-making process, logic used and effects

The choice of checking your identity using facial recognition technology means that your identity will be checked in a fully automated manner. In particular, the Joint Controllers will use a fully automated procedure to check the validity of your passport and the correspondence between the image in your passport and your face. In any case, you will have the possibility to dispute the decision taken, also by directly contacting the Joint Controllers by e-mail at the following address privacy-italy@hotelbb.com. In any case, if the identification process is unsuccessful, you may check in at the Hotel reception with the staff in charge of this procedure.

5.  Recipients of the Personal Data

Without prejudice to the compliance with the principle of minimisation and proportionality, the Personal Data may be made accessible to the following parties for the above-listed purposes:

a) to employees and collaborators of the Joint Controllers, on the basis of the instructions received from the Joint Controllers themselves and under their authority;

b) to companies, consultants or professionals used by the Joint Controllers to provide their services, including, in particular:

  • Move On B&B Hotels, with registered office in Rue du Général Paulet, 271 – 29200 Brest (France), registration number 831 737 168, duly appointed as processor;
  • Ariadnext LLC, with registered office in ZAC des Champs Blancs, 1219 Avenue des Champs Blancs, F-35510 Cesson-Sévigné (France), VAT no. FR79 520 769 225 (“Ariadnext”), supplier appointed for the development and technical management of the facial recognition identification system, duly appointed as sub-processor; and
  • other third parties involved in the provision of the Online Check-In service, duly appointed as sub-processor, including: Smile, Converteo, Capgemini, Orange Business Services, ExaltIT, Lunabee, Adyen, Chapp, Dormakaba, Vertical Booking.

c) only the Personal Data contained in your passport, to parties (including public authorities) who have access to the personal data by virtue of regulatory or administrative orders.

The Personal Data will be subject to the highest security standards. The String and the copy of the passport will be retained exclusively in encrypted form and for the period specified below in sub 7. Under no circumstances will the Personal Data be disclosed or in any case communicated to an indefinite number of parties.

6.  Transfer of personal data

The Personal Data will be processed in the European Union.

7.  Personal data retention period

The images of your face will not be retained, but will be used exclusively to check your identity by comparing them with your passport photograph, which will take 2-3 seconds, and will then be irreversibly deleted.

The copy of your passport will be retained from the time of comparison as defined above until no later than 24 hours following your arrival at the Hotel. This retention period shall not in any case exceed 72 hours from the receipt of the e-mail in which the Joint Controllers notify you of the possibility to perform Online Check-In operations, starting from 48 hours prior to your arrival at the Hotel. The Personal Data contained in the String will be retained for the same period.

The Personal Data contained in your passport will be retained for 5 years from their registration by the competent person in charge at the Hotel, on the basis of the information given in the copy of the passport.

All Personal Data will be irreversibly deleted at the end of the respective periods indicated above.

It is specified that if the identity check performed using the Online Check-In procedure is unsuccessful, all your Personal Data will be immediately and irreversibly deleted.

8.  Rights of the data subject

In relation to the processing of Personal Data, you may exercise the rights laid down in Articles 15 to 22 of the General Data Protection Regulation 2016/679 (“GDPR”). In particular, you have the right to obtain from the Joint Controllers the integration or deletion of your Personal Data (so-called right to be forgotten); the right to obtain the restriction of the processing and the right to portability of your Personal Data, the right to object to the processing of your Personal Data and the right to lodge a complaint with the Data Protection Authority, if there are grounds to do so, using the following contacts: Piazza Venezia 11, 00187 Rome, fax: (+39) 06.69677.3785, telephone switchboard: (+39) 06.696771, e-mail: protocollo@gpdp.it. You also have the right to withdraw your consent to processing (without prejudice to the lawfulness of the processing prior to withdrawal) and to dispute the automated decision taken by the Joint Controllers, and to request human intervention by a person in charge at B&B ITALIA. Furthermore, pursuant to art. 26 of the GDPR, you have the right to request the essential contents of the joint controller agreement between the Joint Controllers.

You may exercise these rights by contacting the Joint Controllers at the e-mail address privacy-italy@hotelbb.com and/or the Hotel staff.

There are no restrictions to the methods used to exercise your rights, and it is free of charge.