Forgot password

Discover more
home corporate
Starhotels Premium
Starhotels Premium
Starhotels Collezione
Starhotels Collezione

Policy pursuant to Art. 13 of EU Regulation 2016/679 for Suppliers

Pursuant to Art. 13 of the EU Regulation 679/2016 (hereinafter referred to as GDPR - GeneralData Protection Regulation) and the legislation on the protection of personal data, the company Starhotels S.p.A. (hereinafter referred to as "Starhotels"), informs you of the processing of your personal data, which will be carried out in compliance with the principles of lawfulness, correctness, transparency, purpose, minimisation, accuracy and limitation of retention.

Data Controller

Pursuant to Art. 4(7) of GDPR 2016/679, the Data Controller is the Company Starhotels S.p.A., with administrative offices in Florence - 50144, Viale Belfiore No. 27. Tel. 055 36921 - fax 055 36924. email: privacy@starhotels.it

Data Protection Officer

Pursuant to Art. 37 of GDPR 2016/679, STARHOTELS S.p.a. has appointed a company Data Protection Officer (DPO), who can be contacted at the following email address: dpo@starhotels.com. Certified email (PEC): starhotels_dpo@legalmail.it

Data Processors

Where necessary for the performance of its institutional activities, Starhotels will identify and formally appoint Data Processors, i.e., in accordance with the provisions of Art. 4(8) of the GDPR, "natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller". Data subjects may, at any time, request the updated list of Data Processors from the Data Controller.

Purpose and legal basis of processing

Personal data will be processed by Starhotels for the following purposes:

- establishment, management and execution of the contractual relationship or for the performance of pre-contractual measures between the Supplier and the Data Controller;

- fulfilment of regulatory obligations based on national or European Union law, including administrative and tax obligations;

- protection of an interest or a right in out-of-court and judicial proceedings, or for the management of relations for administration, accounting, orders, shipments, invoicing, services, and the management of any litigation;

The legal bases of the processing, for the individual purposes set out, are therefore to be found in Art. 6(1)(b) (performance of contract and pre-contractual measures), (c) (performance of a legal obligation) and (f) (legitimate interest) of the Regulation.

Categories of data processed and nature of provision

For the pursuit of the described purposes, the following categories of personal data may be processed:

- so-called "common" data (e.g. first name, surname, email, telephone, accounting data, tax data).

The Data Controller's staff will not require and, for the purposes described, it is not necessary to process special categories of personal data as referred to in Art. 9(1) of the Regulation.

The provision of data is optional, but failure to provide it, either in whole or in part, may make it impossible for Starhotels to finalise the relationship and/or pursue the stated purposes.

Data processing methods

Personal data will be processed by computer, electronic and analogue means with the application of appropriate security measures to guarantee the protection and confidentiality of personal data.

Data retention times

Your personal data will be processed and retained for the time strictly necessary for the pursuit of the above-mentioned purposes. In particular, for administration, accounting, contracts, quotation management, invoicing and management of any litigation, the retention period will be 10 years.

Recipients and dissemination of personal data

The data collected will be processed exclusively for the above-mentioned purposes.

Furthermore, your data may be communicated, always in compliance with appropriate security measures, to public authorities and private parties for the fulfilment of specific legal obligations, including those of a fiscal, administrative and financial nature. Personal data will not be disseminated. In particular, they may be communicated, where necessary, to:

- Professionals and consultants, consulting companies, factoring companies, credit institutions, debt collection companies, credit insurance companies, business information companies, transport companies;

- Public and private entities, including as a result of inspections or audits such as, for example: financial administrations, tax police bodies, judicial authorities, the Ufficio italiano Cambi, the Labour Inspectorate, ASL, social security bodies, ENASARCO, Chamber of Commerce, etc;

- Other Starhotels Group companies.

Place of data processing and areas of transfer

The data are processed at the headquarters of the Data Controller and at the Data Processors specified in the list held by the Data Controller.

Personal data will be processed within the Italian territory or in any event within the European Union and will not be subject to transfer to non-EU countries or International Organisations.

If, during the course of the relationship, a transfer should become necessary, the data controller guarantees compliance with the provisions of Chapter V of the GDPR.

Rights of the data subject

The Data Controller guarantees the exercise of the rights set out in articles 15 et seq. of the GDPR, in particular:

1. Right of access;

2. Right of rectification;

3. Right to erasure (so-called right to be forgotten);

4. Right of restriction of processing;

5. Right of portability;

6. Right of opposition.

In the event that the personal data relates to deceased persons, the aforementioned rights may be exercised, in accordance with the provisions of Art. 2-terdecies of Legislative Decree 101/2018, by those who have an interest of their own, or are acting to protect the data subject, in their capacity as their representative, or for family reasons worthy of protection.

Requests regarding the exercise of rights should be addressed to the Data Controller at: privacy@starhotels.it.

Automated processing and profiling

The data controller does not carry out automated processing, including profiling.

Right to complain and protection of the data subject

Finally, we would like to remind you that if you feel that your privacy rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority, with headquarters at Piazza Venezia 11, 00187 - Rome, Tel. (+39) 06 696771, email: protocollo@gpdp.it, Certified email (PEC): protocollo@pec.gpdp.it



1 Night