Privacy & Cookie Policy

hotel balocco


pursuant to article 13 of Regulation (EU) 2016/679


Pursuant to current legislation on the protection of personal data, with particular reference to art. 13 of Regulation (EU) 2016/679, as Data Controller of personal data, I inform you that your personal data, collected exclusively for the purpose of establishing, perfecting and managing your contractual relationship with our company, will be processed in full compliance with the obligations and principles of the law, guaranteeing full protection of the fundamental rights and freedoms that are recognized to you, with particular regard to the principles applicable to the processing of personal data pursuant to art. 5 of the Regulation.


The personal data controller is “VSA HOTELS S.r.l.“Via Benozzo Gozzoli,60 - 00142 Rome (RM) – VAT number 02330490901. For any information, he can be contacted at the e-mail address


The processing of your personal data, directly supplied by you, is carried out by us for the execution of fulfilment of the obligations deriving from the laws applicable to the execution of a contract; This treatment concerns: Personal, tax, banking and contact details. These data are processed to fulfil legal and/or contractual obligations, such as, for example, billing, payment, etc.;


The processing of personal data is aimed solely at the execution/management of a contract and at the fulfilment of obligations established by laws connected to the contractual relationship.

1. to acquire and confirm your reservation for accommodation services and ancillary services and to provide the requested services. Since these are treatments necessary for the contractual agreement's definition and its subsequent implementation, your consent is generally not required. In case of refusal to provide personal data, we cannot confirm the reservation or respond to your specific requests. The processing will cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and in the manner indicated in the following points;

2. to fulfil the obligation established by the "Consolidated text of public safety laws" (article 109 R.D. 18.6.1931 n. 773), which requires us to communicate to the Police Headquarters, for public safety purposes, the personal details of the guests accommodated according to the procedures established by the Ministry of the Interior (Decree of 7 January 2013). The provision of data is mandatory and does not require your consent, and in case of refusal to provide them, we will not be able to host you in our structure. We do not store the data acquired for this purpose unless you give us consent to storage as set out in point 4;

3. to fulfil current administrative, accounting and tax obligations. For these purposes, the processing is carried out without the need to obtain your consent. The data is processed by our managers and appointees and by us and is communicated externally only in fulfilment of legal obligations. In case of refusal to provide the data necessary for the above fulfilments, we will not be able to provide you with the requested services. We keep the data acquired for these purposes for the time required by current legislation (10 years, and even longer in the case of tax assessments);

4. for the protection of people, property and corporate assets through a video surveillance system in the external and internal areas of the structure, identifiable by the presence of appropriate signs. Your consent is not required for this processing, as it pursues our legitimate interest in protecting people and property against possible assaults, thefts, robberies, damage, and acts of vandalism and for fire prevention and occupational safety purposes. The recorded images are deleted after seven days, except for holidays or other cases of closure of the financial year. They are not communicated to third parties except when it is necessary to adhere to a specific investigative request from the judicial authority or police.


Personal data will be processed in paper, computerized and telematic form and entered in the pertinent databases which the persons in charge of data processing will be able to access. The processing may also be carried out by external parties who provide specific processing, administrative or instrumental services necessary for the achievement of the aforementioned purposes. All data processing operations are implemented in such a way as to guarantee the integrity, confidentiality and availability of personal data.


Your personal data may be communicated externally to fulfill obligations established by law. In relation to these purposes, your personal data will be communicated, by way of example but not limited to, to tax consultants, credit institutions, public institutions, companies and law firms for the protection of contractual rights.


Your data is processed within the European Economic Area.


You may exercise the rights recognized to you at any time, including:

a) access your personal data, obtaining evidence of the purposes pursued by the Data Controller, of the categories of data involved, of the recipients to whom the same may be communicated, of the applicable retention period, of the existence of automated decision-making processes;

b) obtain without delay the rectification of inaccurate personal data concerning you;

c) to obtain, in the foreseen cases, the cancellation of your data;

d) to obtain the limitation of the treatment, when possible;

e) to request the portability of the data provided to third parties specifically indicated by you, or to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another holder, without any impediment, in all cases where this is required by law;

f) to oppose at any time the processing of your data on the basis of our legitimate interest unless there are legitimate reasons for proceeding with the processing that prevails over yours for the exercise of our defence in court.

g) not to be subjected to a decision based solely on automated processing, including profiling

f) to lodge a complaint with the Personal Data Protection Authority.

Furthermore, pursuant to art. 7, par. 3, GDPR, we inform you that you can exercise your right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent previously given.To exercise all your rights as identified above, you can contact the Data Controller in the following ways:

• writing to “VSA HOTELS S.r.l.“ Via Benozzo Gozzoli,60 - 00142 Rome (RM)

• by sending an e-mail to

  Last updated on 05/29/2023

The purpose of this document is to inform the natural person (hereinafter “Data Subject”) about the processing of his/her personal data (hereinafter “Personal Data”) collected by the data controller, VSA HOTELS SRL, with registered office in Via Benozzo Gozzolli 60, Tax Code/VAT No. 02330490901, e-mail address, (hereinafter “Data Controller”), via the website (hereinafter “Application”).

Changes and updates will be effective as soon as they are published on the Application. In case of non-acceptance of the changes made to the Privacy Policy, the Data Subject shall stop using this Application and may ask the Data Controller to delete his/her Personal Data.

Categories of Personal Data processed

The Data Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

  • Contact Data: first name, last name, address, e-mail address, phone number, pictures, authentication credentials, any further information sent by the Data Subject, etc.
  • Fiscal and payment Data: tax code, VAT number, credit card data, bank account details, etc.
  • Data on the employment relationship: data entered in the curriculum vitae, data on spouse or children, social security data, etc.
  • Special Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify the natural person, data concerning health or sex life or sexual orientation, collected with the consent of the Data Subject. The Data Subject may withdraw consent at any time
  • Judicial Data: Personal Data related to criminal convictions, offences or security measures, collected with the consent of the data subject. The Data Subject may withdraw consent at any time.

The Data Controller processes the following types of Personal Data collected automatically:

  • Technical Data: Personal Data produced by devices, applications, tools and protocols such as, for example, information about the device used, IP addresses, browser type, type of Internet provider (ISP). Such Personal Data may leave traces which, combined with unique identifiers and other information received by the servers, can be used to create profiles of individuals
  • Usage Data: such as, for example, pages visited, number of clicks, actions taken, duration of sessions, etc.
  • Data relating to the exact location of the Data Subject: for example, geolocation data that precisely identifies the location of the Data Subject, which may be collected via the satellite network (e.g. GPS) and other means, collected with the consent of the Data Subject. The Data Subject may withdraw consent at any time.

If the Data Subject decides not to provide Personal Data for which there is a legal or contractual obligation, or if such data is a necessary requirement for the conclusion of the contract with the Data Controller, it will be impossible for the Data Controller to establish or continue any relationship with the Data Subject.

The Data Subject who communicates Personal Data of third parties to the Data Controller is directly and exclusively liable for their origin, collection, processing, communication or divulgation.

Cookies and similar technologies

L'Applicazione usa cookie, web beacon, identificatori univoci e altre analoghe tecnologie per raccogliere Dati Personali dell’Interessato sulle pagine, sui collegamenti visitati e sulle altre azioni che si eseguono quando l’Interessato utilizza l’Applicazione. Essi vengono memorizzati per essere poi trasmessi alla successiva visita dell'Interessato.

The Application uses cookies, web beacons, univocal identifiers and other similar technologies to collect the Data Subject's Personal Data on visited pages and links and other actions performed during the use of the Application. This data is stored and then used the next time the interested party browses the Application.

  • Strictly necessary cookies.Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
  • Performance cookies.Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
  • Targeting cookies.Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.
  • Functionality cookies.Functionality cookies are used to remember visitor information on the website, eg. language, timezone, enhanced content.
  • Unclassified cookies.Unclassified cookies are cookies that do not belong to any other category or are in the process of categorization.

You can change your consent to cookie usage below.

Legal basis and purpose of data processing

The processing of Personal Data is necessary:

  1. for the performance of the contract with the Data Subject and especially:
  1. fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
  2. registration and authentication of the Data Subject: to allow the Data Subject to register in the Application, to access it and to be identified in it, also via external platforms
  3. support and contact with the Data Subject: to answer the Data Subject's requests
  4. management of payment: to manage payments by credit card, bank transfer or other methods
  1. for legal obligations and especially:
  1. the fulfilment of any obligation provided for by the applicable norms, laws and regulations, in particular, on tax and fiscal matters
  1. for the legitimate interest of the Data Controller, for:
  1. marketing purposes by e-mail of products and/or services of the Data Controller  to directly sell the Data Controller's products or services using the email provided by the Data Subject in the context of the sale of a product or service similar to the one being sold
  2. management, optimization and monitoring of the technical infrastructure: to identify and solve any technical issue, to improve the performance of the Application, to manage and organize the information in a computer system (e.g. server, database, etc.)
  3. security and anti-fraud: to guarantee the security of the Data Controller’s assets, infrastructures and networks
  4. anonymous data based statistics: in order to carry out statistical analysis on aggregated and anonymous data in order to analyze behaviors of the Data Subject to improve products and/or services provided by the Data Controller and better meet the expectations of the Data Subject
  1. on the basis the Data Subject's consent, for:
  1. profiling the Data Subject for marketing purposes: to provide the Data Subject with information on the Data Controller's products and/or services through automated processing designed to collect personal information to predict or assess the Data Subject's preferences or behaviors
  2. retargeting and remarketing: to reach with a customized advertisement the Data Subject who has already visited or shown interest in the products and/or services offered by the Application using his Personal Data. The Data Subject may opt-out by visiting the Network Advertising Initiative page
  3. detection of the exact location of the Data Subject: to detect the presence of the Data Subject, to control logins, times and presence of the Data Subject in a specific place, etc.

On the basis of the legitimate interest of the Data Controllerowner, the application allows interactions with external web platforms or social networks whose processing of personal data is governed by their respective privacy policies to which please refer. The interactions and information acquired by this Application are in any case subject to the privacy settings that the Data Subject has chosen on such platforms or social networks. Such information - in the absence of specific consent to processing for other purposes - is used exclusively to allow the use of the Application and to provide the information and services requested.The Data Subject's Personal Data may also be used by the Data Controller to protect itself in judicial proceedings before the competent courts.Data processing methods and receivers of Personal DataThe processing of Personal Data is performed via paper-based and computer tools with methods of organization and logics strictly related to the specified purposes and through the adoption of appropriate security measures.Personal Data are processed exclusively by:

  • persons authorized by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
  • subjects that operate independently as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes set out in this policy (for example, business partners, consultants, IT companies, service providers, hosting providers);
  • subjects or bodies to whom it is mandatory to communicate Personal Data by law or by order of the authorities.

The subjects listed above are required to use appropriate measures and guarantees to protect Personal Data and may only access data necessary to perform their duties.Personal Data will not be indiscriminately shared in any way.PlacePersonal Data will not be transferred outside the territory of the European Economic Area (EEA).Personal Data storage periodPersonal Data will be stored for the period of time that is required to fulfill the purposes for which it was collected. In particular:

  • or purposes related to the execution of the contract between the Data Controller and the Data Subject, will be stored for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In the event of legal disputes, for the entire duration of such disputes, until the time limit for appeals has expired
  • for purposes related to legitimate interests of the Data Controller, they will be stored until the fulfilment of such interest
  • in compliance with legal obligations, by order of an authority and for legal protection, they shall be stored according to the relevant timeframes provided for by such obligations, regulations and, in any case, until the expiry of the prescriptive term provided for by the rules in force
  • for purposes based on the consent of the Data Subject, they will be stored until the consent is revoked. For marketing purposes for a period not exceeding 24 months.

At the end of the conservation period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.Rights of the Data SubjectData Subjects may exercise specific rights regarding the Personal Data processed by the Data Controller. In particular, the Data Subject has the right to:

  • be informed about the processing of their Personal Data
  • withdraw consent at any time
  • restrict the processing of his or her Personal Data
  • object to the processing of their Personal Data
  • access their Personal Data
  • verify and request the rectification of their Personal Data
  • restrict the processing of their Personal Data
  • obtain the erasure of their Personal Data
  • transfer their Personal Data to another data controller
  • file a complaint with the Personal Data protection supervisory authority and/or take legal action.

In order to use their rights, Data Subjects may send a request to the following e-mail address Requests will be immediately treated by the Data Controller and processed as soon as possible, in any case within 30 days.Last update: 02/04/2021

location de bateau
excursions quotidiennes
découverte de la côte d'émeraude