Privacy Policy

Learn More About Your Privacy Rights


The Data Controller, Hotma Hotels S.r.l., informs you, according to art.  13 EU Regulation n. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following ways and for the following purposes:  


1.   Object of the Treatment

The data that the Data Controller collects are name, surname, residence/domicile, copy of identity document, e-mail, tax code and/or VAT, type of room, and any third parties with whom the stay will be shared.

In the event that the interested party requests the use of rooms of a particular type (e.g. for physically disabled people), the Data Controller will not collect any information on health data, unless the processing is necessary to protect a vital interest of the data subject.  


2.   Purpose of the Treatment

Your data are processed for the correct fulfilment of contractual and/or legal obligations to perform the Hotel Services. In addition, your data are processed to comply with the obligation laid down in the "Consolidated Law of Public Security" (Article 109 R.D. 18.6.1931 No. 773) to communicate to the Police Headquarters, for public safety purposes, details of the guests by the rules laid down by the Interior Ministry. The data acquired for this purpose will not be stored at the accommodation unless the guest provides specific authorization. The provision of data for the purposes outlined above is necessary (i) for the provision of Hotel Services and (ii) to fulfil the purposes of public security. In this regard, there is an obligation to provide such data for the achievement of the above purpose; their failure, partial or incorrect provision could result in the impossibility of providing the Hotel Services requested by you and therefore the impossibility of hosting it at our reception facility.


Your data are processed only with your specific and distinct consent (art. 7 GDPR) for the following marketing purposes:

1. To send advertising/promotional material via e-mail-applications-social communication networks, SMS-chat and/or telephone contacts.

2. Use of the data for the sending, including by e-mail and other means of communication, of advertising/promotional material to promote products or services and offers in the context of their physical businesses, of its websites and as part of the activities managed by affiliated companies or third parties specialized in marketing activities.

3. Reading the purchase preferences. Use of data relating to your purchases to improve the commercial offer and to carry out specific promotions of products and/or services.

4. Market research. Use of data for carrying out market research, including by e-mail, regarding the products and services offered by the Data Controller.


3.   Method and time of treatment

The processing of your data is carried out through the operations indicated in Art. 4 n.  2)  GDPR and specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your data are subject to both, paper and electronic, and/or automated processing.

The Data Controller will process data for the time necessary to fulfil the above purposes, and in any case, for no more than ten years from the termination of the relationship for the Service Purposes and no more than 12 months from data collection for the Marketing Purposes.

At the end of the indicated periods, the data will be deleted and/or made anonymous.


4.   Access to data

Your data may be made accessible for the purposes referred to in art. 2. A) and 2. B):

• To employees and collaborators of the Data Controller or associated companies in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators. 

• To third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors. 


5.   Data communication

Without the need for express consent (art. 6 lett. b) and c) GDPR), the Data Controller may communicate his data for the purposes referred to in art. 2. A) to those subjects to whom the communication is mandatory by law for the fulfilment of the aforementioned purposes. These parties will process the data as independent data controllers.

Your data will not be divulged.


6.   Data transfer

Personal data are stored on computer systems located within the European Union. It remains, in any case, understood that the Data Controller, if necessary, will be able to move the data to computer systems outside the EU. In this case, the Data Controller ensures that the transfer of data outside the EU will take place by the applicable legal provisions, after stipulating the standard contractual clauses provided by the European Commission.


7.   Nature of data provision and consequences of refusal to respond

The provision of data for the purposes referred to in art. 2. A) is mandatory. In their absence, we cannot guarantee the Services of art. 2. A).

The provision of data for the purposes referred to in art. 2. B) is optional. You may, therefore, decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you may not receive newsletters, commercial communications and advertising related to the Services offered by the Owner. You will still be entitled to the Services referred to in art. 2. A).


8.   Rights of the Interested Party  

As the data subject, you have the rights under Art. 15 GDPR

Where applicable, it also has the rights referred to in the Articles. 16-17-18-19-20-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.


9.   How to exercise your rights

You may at any time exercise your rights by sending a communication to the Data Controller at the following address Hotma Hotels SRL Via Trivulzio, 1 - 20146 - Milano (MI), or by e-mail at the following e-mail address 


10. Data Controller, Data Processors

The Data Controller of the personal data collected is Hotma Hotels SRL - P. IVA: 00356800102 with a registered office in Via Trivulzio, 1 - 20146 - Milano (MI), also contactable at the following email address 


The complete list of data processors and persons in charge of the data treatment can be requested by sending an email to the following address