Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. Privacy Policy of B&B HOTELS in Italy
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Clear dates
Rooms
-+
+ Add another roomValidate
Discount code
Valid Breakfast voucher to be added at checkout
Add a discount code
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

Privacy Policy of B&B HOTELS in Italy

PRIVACY POLICY

Pursuant to Article 13 of Regulation (EU) 679/2016 ("GDPR").

 

PDF Version

As required by the applicable personal data protection legislation, consisting of Legislative Decree 196/2003, as subsequently amended ("Personal Data Protection Code"), and the GDPR (collectively, "Privacy Legislation"), we inform you that B&B Hotels Italia S.p.A., with registered office at Via G. Leopardi 1, 20123, Milan (MI), Tax ID no. 06291950969, in the person of its legal representative pro tempore ("B&B Italia"), will collect the personal data you provide through various channels (as identified below) for the purposes described below as a joint data controller together with the other companies belonging to the B&B Hotels group—a complete list of these companies is available by contacting B&B Italia—(collectively, "Joint Controllers").

 

  1. Booking Channels

 

This policy applies to bookings made through the following channels:

  1. the website https://www.hotel-bb.com/ ("Website") and the B&B Hotels mobile application ("App");
  2. the reception at B&B Italia hotel facilities ("Reception"); and
  3. kiosks installed at hotel facilities ("Kiosk"). Through the Kiosk, you can also use the real-time identification service via webcam and perform check-in and access to the hotel facilities, as an alternative to traditional guest identification methods.

 

  1.  Categories of Data Processed

 

The Joint Controllers will process the personal data you provide to pursue the purposes outlined in section 3 ("Personal Data"). Specifically, the following Personal Data is processed:

For the purposes referred to in points 1 to 6 of section 3:

  • identification data (e.g., title, first name, and last name);
  • contact data (e.g., email address and phone number);
  • data related to professional life (e.g., company, location);
  • booking data (e.g., hotel, date of arrival and departure, number of rooms, name and age of other guests, information on any booking preferences expressed by the guest, e.g., breakfast included, smoking room, preferred floor);
  • booking history at hotel facilities;
  • payment data (e.g., transaction number, payment method, purchase details, billing information, discounts, receipts, balances, outstanding payments);
  • a copy of the identification document (i.e., passport, driver's license, or electronic or paper ID card) and the data contained therein, such as: first name, last name, gender, date and place of birth, citizenship, place of residence, date of issue, and expiration date, document number;
  • customer feedback; and
  • for real-time identification via webcam carried out through the Kiosk, images and videos of guests collected via webcam that are not subject to recording are also processed.

For the purposes referred to in points 7 to 9 of section 3:

  • customer number;
  • navigation data;
  • identification data (e.g., title, first name, and last name);
  • contact data (e.g., email address and phone number);
  • data related to professional life (e.g., company, location); and
  • booking history at hotel facilities.

For the purpose referred to in point 10 of section 3:

  • identification data (e.g., title, first name, and last name);
  • contact data (e.g., email address and phone number);
  • selected language;
  • identification number;
  • information on accumulated points;
  • booking history at hotel facilities; and
  • payment data (where relevant).

 

  1. Purposes, Legal Bases of Processing, and Data Retention Period

 

The Joint Controllers will process your Personal Data for specific purposes and only with a specific legal basis provided by the Privacy Legislation.

The Joint Controllers will process your Personal Data only for a determined period of time appropriate to the purpose of the processing. After this period, your Personal Data will be deleted or anonymized and used for statistical purposes.

The following table lists the purposes for which your Personal Data is processed by the Joint Controllers, the legal basis on which the processing is based, and the retention period for each of the aforementioned purposes.

Purpose of ProcessingLegal BasisRetention Period
  1. Management of booking and hotel service contracts, including the management of requests and complaints submitted by you.
Performance of a contractFor the entire duration of the contract. In case of pre-litigation activities, until the dispute has been dismissed or a settlement has been reached. In case of litigation activities, until the terms for ordinary and extraordinary remedies have expired.
  1. Fulfillment of current administrative, accounting, and fiscal obligations.
Fulfillment of a legal obligationPayment and billing data are retained for 10 years from the conclusion of the contractual relationship with the customer or after a one-time transaction.
  1. Centralization of bookings received through different channels into a single management software (Central Reservation System).
Performance of a contractFor the entire duration of the contract. In case of pre-litigation activities, until the dispute has been dismissed or a settlement has been reached. In case of litigation activities, until the terms for ordinary and extraordinary remedies have expired.
  1. Performance of identity verification operations for guests of the hotel facilities (both traditionally and through real-time recognition via Kiosk) and transmission of their personal data to the competent authorities.
Fulfillment of a legal obligation24 hours from the acquisition of the identification documents. Images and videos of guests processed via the Kiosk are not recorded.
  1. Service improvement: processing of satisfaction questionnaires and management of feedback on the services provided.
Legitimate interest of the Joint Controllers related to the improvement of services providedFor the time necessary to process the results of the questionnaire and customer feedback or until the data subject exercises the right to object.
  1. Carrying out commercial statistical analyses.
Legitimate interest of the Joint Controllers related to better business management and relationships with customers and prospectsFor the time necessary to process the statistical analysis or until the data subject exercises the right to object.
  1. Direct marketing (sending informative and/or advertising material via electronic means, phone, or mail) and market analysis.
Consent of the data subject2 years from the last collection of consent (or until consent is withdrawn).
  1. Soft Spam (promotional activities for products and/or services of the Joint Controllers similar to those the data subject has already purchased).
Legitimate interest of the Joint Controllers in offering the data subject commercial offers for products and/or services of the Joint Controllers similar to those already purchased by the data subject.2 years from the collection of consent (or until consent is withdrawn).
  1. Profiling (personalization of commercial communications).
Consent of the data subject7 years from the collection of consent.
  1. Management of B&me loyalty programs (management of B&me program membership and B&me CLUB program membership).
Performance of the contract related to the loyalty programsFor the entire duration of the contract. In relation to pre-litigation activities, until the dispute has been dismissed or a settlement has been reached. In relation to litigation activities, until the terms for ordinary and extraordinary remedies have expired.

 

  1.  Obligatory or Optional Nature of Personal Data Provision for the Pursuit of Purposes

 

Where the relevant legal basis is the performance of a contract or the fulfillment of a legal obligation, the provision of Personal Data is necessary for carrying out the activities indicated in the table above. In these cases, failure to provide Personal Data will make it impossible for the Joint Controllers to perform such activities and to allow you to make and enjoy a booking at the hotel facilities, to access the hotel facility, and to participate in the loyalty program, depending on the relevant purpose.

Where the relevant legal basis is the pursuit of a legitimate interest of the Joint Controllers, the provision of Personal Data is optional. Your refusal to provide such data will not prevent you from using the Service and accessing the hotel facility. In any case, the Joint Controllers may proceed with the processing on a different legal basis or where they believe there are compelling legitimate grounds that override your interests for the establishment, exercise, or defense of a right in court.

Furthermore, you are free to withdraw your consent at any time. In this case, the right to object to the processing of Personal Data for direct marketing purposes carried out through automated means also extends to the processing of Personal Data carried out through non-automated means, unless you only partially object to the processing. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

  1. Security of Personal Data

 

The Joint Controllers pay particular attention to the security of Personal Data. They have adopted technical and organizational measures appropriate to the level of sensitivity of the Personal Data, with the aim of ensuring the integrity and confidentiality of the data and protecting it against any fraudulent breach, loss, alteration, or dissemination to unauthorized third parties.

In any case, the security and confidentiality of data depend on the good conduct of each individual. Therefore, we recommend that you remain vigilant on these aspects.

 

  1. Recipients of Personal Data

 

Subject to compliance with the principle of minimization and proportionality, Personal Data may be made accessible to the following subjects for the purposes listed above:

  • employees and collaborators of the Joint Controllers, duly authorized, based on the instructions received from the Joint Controllers and under their authority;
  • companies, consultants, and/or professionals that the Joint Controllers use in the provision of their services, including, in particular, the software provider installed on the kiosks and the managers of the hotel facilities, as well as the payment service provider and the booking management software providers, duly appointed as data processors; and
  • competent authorities, for the performance of identity verification activities, within the limits of applicable law.

Personal Data will be subject to the highest security standards and, under no circumstances, will it be disseminated or otherwise communicated to an undetermined number of subjects.

 

  1. Transfer of Personal Data

 

The companies belonging to the B&B Hotels group provide their services in and from different countries. Furthermore, some of the companies acting as Joint Controllers under this policy are located outside the European Economic Area. Therefore, your Personal Data will be transferred outside the European Economic Area. In these cases, in the absence of an adequacy decision, the transfer will take place where there are suitable guarantees, for example, where standard contractual clauses defined by the European Commission have been adopted and, in any case, in accordance with what is established by current law.

In any case, you have the right to contact the Joint Controllers by sending an email as indicated in the "Data Subject Rights" section below, in order to obtain more information about this transfer and a copy of the protection measures adopted to protect your Personal Data.

 

  1. Data Subject Rights

 

In relation to the processing of Personal Data, you are granted the right to exercise the rights referred to in Articles 15 to 22 of the GDPR. In particular, you have the right to obtain from B&B the rectification, integration, or erasure (so-called right to be forgotten) of Personal Data; the right to obtain the restriction of processing and the right to data portability, and the right to lodge a complaint with the Data Protection Authority.

You can exercise these rights by sending a request to B&B Italia at the address: privacy-italia@hotelbb.com. You may also request the essential content of the agreement between the Joint Controllers, as provided for by the Privacy Legislation.

In any case, you can always contact the other Joint Controllers using the address: privacy-italia@hotelbb.com.

The exercise of these rights is not subject to any formal requirements and is free of charge.

  1. B&B HOTELS
  2. Privacy Policy of B&B HOTELS in Italy