Cenobio Hotel – Cenobio s.a.s. di Maria Lucia Gaudiano & C

Privacy Policy
Dear Customer, we have always paid attention to the protection of your personal data. Therefore, we have implemented the included in the (UE) 2016/679 regulation.

The Data Controller is Cenobio s.a.s. di Maria Lucia Gaudiano & C, “The Company”, Via Gattini, 4 Bis

Type of data collected

The types of data collected on this website, autonomously or through third parties services, are: first name, last name, email, cookies and usage data.

All the details about each type of data collected can be found in their dedicated sections within this privacy document or are shown contextually prior to the collection of the data. Personal data can either be given by the customer or, in case of usage data, collected automatically during the navigation experience on this site.

If not clearly stated, all the data collected on this site are compulsory. If the user fails to submit all the information requested, the provision of the service might be compromised. When the site clearly states that the data in question is not compulsory, the user can refrain from submitting such data without having any repercussion on the service provided. Users who have further doubts on the data collected should contact The Company.

The data collected on this site by The Company and any third parties service associated with the Company, will be processed exclusively for the purposes stated in this document and for the management of the services offered to the Data Controller customers.

The user is responsible for any collection, publication and sharing of third parties Personal Data through this website and can guarantee to have the right to do so, freeing The Company from any responsibility towards third parties.

Data processing method

The data will be processed with paper-based, electronic or telecommunication means, and with suitable security measures to safeguard the security and confidentiality of your personal data.

The transfer, storage and processing of user data collected through the Site are ensured through appropriate technical measures. All user information is protected over HTTPS encrypted connection.

User data are collected and stored on a secure server and can be accessed by members of staff (finance, commercial, marketing, legal) as well as third party companies associated with The Company and the operations necessary to run the business (IT companies, comms agencies, couriers, hosting providers). A full list of providers can be requested to The Company.

Purposes and Legal basis of the processing

The personal data shall be processed for institutional purposes associated with or useful for our Company’s business, and therefore to:

i) perform the hotel accommodation service and related transactions, or one or more contractually agreed transactions provided by The Company;

ii) comply with legal obligations of a tax, statutory, accounting and administrative nature;

iii) meet internal operating and business needs of the Data Controller, with respect to the service provided;

iv) supply, by email, conventional mail or telephone, information regarding products or services provided by the Data Controller;

v) supply marketing, advertising and promotional initiatives reserved to the Data Controller customers and implemented by the Data Controller or other related parties;

vi) carry out profiling activities through automated or online data processing in order to provide customized promotions based on the choices and habits of the user;

The legal basis of the data processing is the specific contractual relationship established and the freely given, specific and informed consent of the data subject.

Whereas consent is not required for processing personal data preordained to the performance of the contract and fulfilment of the legal obligations referred to in this paragraph “Purposes and Legal basis of the processing” section, points i), ii) and iii), please note that:

  • the supply of data for the purposes stated in points i), ii) and iii) above is optional, but necessary to perform the customer services, and the lack of consent could result in not allowing the service to be performed;
  • the consent to processing for the purposes stated in point iv), v), vi) is freely given and optional, and the data subject may object at any time and in any event to such processing, easily and free of charge, by contacting the Data Controller, even by email, and obtain an immediate reply confirming the termination of such processing; notwithstanding the foregoing, refusal to supply the personal data requested could result in impossibility to be promptly updated on the services offered by our company, to obtain customized promotions based on the choices and habits of the user and to use some services and benefits reserved to the Data Controller customers;

Recipients of data collected

The data collected will be processed exclusively for the purposes stated above and may be communicated to affiliates or other companies associated with The Company, either in Italy or abroad, exclusively for the management of the services offered to the Data Controller customers.

Using adequate security measures put into place by the Data Controller, your data may also be communicated to law enforcement agencies and other public and private parties to comply with legal, tax, administrative, financial and similar obligations. The data will not be disseminated in any case.

The Data Controller may provide user data to third parties only to fulfil some processes referred to the “Purposes and Legal basis of the processing” section, points v) and vi).

Data retention period

In observance of the above-mentioned principles, the data shall not be retained for longer than is strictly necessary for the purposes stated above, thus for the service offered or compliance with specific laws.

Rights of the data subject

The data subject may exercise his or her rights with the Data Controller, i.e. he or she may obtain confirmation as to whether or not personal data concerning him or her are being processed, and obtain their communication in an intelligible form.

The data subject shall also have the right to obtain the access, updating, rectification, integration, portability and erasure of the data and to impose limitations on their processing.

Moreover, the data subject shall have the right to object, wholly or in part, for legitimate reasons, to the processing of his or her personal data, even if pertinent to the purpose for which it is collected, for the sending of advertising or direct sales materials and for conducting automated market research or business communications, without prejudice to his or her right to lodge a complaint to the supervisory authority.

Those rights may be exercised by contacting the Data Controller.

The data subject shall also have the right to submit a claim to the Control Authority for data protection or to act legally.

Data processing details

All the personal data are collected for the following purposes and utilising the following services:

Contacting the User (contact form on this website)
The user, by filling the forms on this site, gives the consent for that data to be processed and used for communications between the Data Controller and the user with regards to booking details or any other info indicated in the form.

Type of data collected: first name, last name, email.

Mailing list or newsletter
By subscribing to our newsletter or mailing list, the user’s email address will be automatically entered into a contact list which can be able to receive email messages containing information, also commercial and promotional ones, related to this website. The user’s email address could be added to the same list also as a result of a purchase or registration on this website.

Type of data collected: first name, last name, email.

Contacts management and messages

These type of services are used to store and manage email contacts, phone contacts or any other type of contacts in order to communicate with the user. Those services could also collect data with regards to the date and time when a message has been read as well as info on the number of clicks on the links within the messages.

Interactions with social networks and other external platforms

These types of services allow the interactions with social networks, or other external platforms, directly from this website. All the info and data collected by this site through those services is still subject to the privacy settings set by the user on those platforms. In the case of a widget being installed but not used, there is still the chance of it collecting data in the background.

Facebook “Like” button and social widgets (Facebook, Inc.)

The “Like” button and other Facebook widgets are services used to interact with Facebook, provided by Facebook, Inc.

Type of data collected: Cookies and usage data

Location: USA – Privacy policy


The services included in this section allow the Data Controller to monitor and analyse the data related to the website traffic and user behaviours on the site.

Google Analytics (Google, Inc.)
Google Analitycs (GA) is a web analytics service provided by Google Inc. (“Google”). Google utilises data collected on this site with the purpose to provide insights, create reports and share info with other services provided by Google. Google might use the info collected to personalise and contextualise the advertising on their advertising networks.

Type of data collected: Cookies and usage data

Location: USA – Privacy policy and opt-out

Google Maps Widget (Google Inc.)

Google Maps is a service of interactive maps provided by Google Inc. It allows The Company to integrate the maps service on this site.

Type of data collected: Cookies and usage data

Location: USA – Privacy policy

Usage of external platforms contents

These type of services allow the user to be shown and to interact with third parties content on this website. In the case of such a service being present on this site, it is possible that it could collect web traffic information with respect to the pages visited, even if not used.

Cookie policy

Cookies are used on our website to give users a better browsing service and experience.

What are cookies?

Cookies are small text files sent from the websites to the terminal of the party concerned (usually the browser), where they are stored before being referred back to the website upon the same user’s next visit. A cookie cannot retrieve any other data from your hard drive, pass on computer viruses or capture email addresses. Each cookie is unique to the user’s web browser.

Legal defence

User’s personal data can be used by The Company in case of legal proceedings to protect The Company against abuses in the usage of this site or of related services by the users. The user declares to be aware of the obligation The Company might have in sharing the personal data with the authorities.

Specific info

Based on user request, in addition to the info provided in this privacy policy, The Company could provide specific additional and contextual information with regards to specific services or the collection and processing of personal data.

System’s Logs and maintenance

Due to technical reasons and maintenance necessities, this site and its connected third parties could collect system’s logs, basically files that record all the interactions the user has had with the services and that could also contain personal data like the IP address of the user.

Info not-present in this policy

Any info not contained in this privacy policy can be requested to The Company at any time as previously stated in this document.

Do Not Track requests

At this time, this site doesn’t respond to such “Do Not Track” or similar preferences you may have configured in your web browser, and this site may continue to collect information in the manner described in this Policy.

Changes to the policy
The Company reserves the right to change, modify, or amend this Policy at any time. If we make a material change to this Policy, we will indicate on the Site that our privacy practices have changed and will provide a link to the new policy. If we make material changes to how we use your Personal Information, we will notify you by e-mail to the e-mail address specified in your account (if applicable) and/or through a notice on the Site’s home page, and we will provide you with an opportunity to opt-out of such new or different use.

Definitions and legal references

Personal Data

The Company may collect “Personal Data” from the user, meaning information that identifies the user as an individual or from which the user may be identified. For example, The Company may collect:

  • contact information, such as your name, mailing address, e-mail address, and telephone number;
  • records and copies of your correspondence if the user contacts The Company;
  • IP addresses, URI, time and date of the request, channel used to submit the request, info about the status of the request
  • country of origin, browser details, time spent on page and other time dimensional details as well as details with regards to actions performed on this site

The User

By user we mean the individual that utilise this site that, unless specified, correspond to the person concerned.

The Person Concerned

The person whom Personal Data refers to.

Data processor

A natural person or legal entity that processes personal data on behalf of the controller according to the rules stated in this privacy policy.

Data Controller 

The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data. It is possible to have joint data controllers in certain circumstances. The Data Controller, unless specified otherwise, is The Company.

This Website (or app)

Hardware or software implemented to collect users Personal Data.


The service offered by this site according to the policy present on the site.

European Union (UE)

Unless specified differently, any reference in this document with regards to the European Union is to be considered to any current country member of the Union and the EEA (European Economic Area).

Legal references

This privacy policy document has been implemented based on multiple regulations and in accordance with Regulation (UE) 679/2016 including articles 13 and 14.

Unless specifically stated, this privacy policy is to be considered applicable to this site only.

Last updated: May 2018