en
ita eng
Hotel Shangri-La Roma
Book now
close
Book now
Cancel/modify reservation
Book now
close
Privacy Policy 2

Privacy Policy

Information on the processing of users' personal data
Artt. 13 and 14 of Regulation (EU) 2016/679 (hereinafter also referred to as “GDPR”)

Why this notice: FA.PA. Srl (hereinafter also “FA.PA.” or “Data Controller”) is committed to respecting and protecting your privacy and wants you to feel secure both during simple navigation of the site and in the event that you decide to register by providing us with your personal data to use the services made available to its Users and/or Customers. On this page, FA.PA. and the Joint Controllers, as better indicated below, intend to provide information on the processing of personal data relating to users who visit or consult the website accessible electronically from the address http://www.shangrilaroma.it (the “Site”).

The information is provided only for the Data Controller's website and not for other websites that may be consulted by the user via links (for which reference should be made to their respective privacy information/policies).

The reproduction or use of pages, materials, and information contained within the Site, by any means and on any support, is not permitted without the prior written consent of FA.PA.. Copying and/or printing for exclusively personal and non-commercial use is permitted (for requests and clarifications, contact the Data Controller at the contact details provided below).

Other uses of the contents, services, and information present on this site are not permitted.

Regarding the content offered and information provided, FA.PA. will ensure that the contents of the Site are kept reasonably updated and reviewed, without offering any guarantee on the adequacy, accuracy, or completeness of the information provided, explicitly declining any responsibility for any errors of omission in the information provided on the Site.


Origin - Navigation Data
FA.PA. informs that the personal data provided by you and acquired contextually to the request for information and/or contact, registration on the site, and use of services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including navigation data and data used for any purchase of products and services offered by FA.PA., but also the so-called “navigation” data of the site by Users, will be processed in compliance with applicable legislation. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes “IP addresses” or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (success, error, etc.), and other parameters relating to the user's operating system and IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the FA.PA. website. It should be noted that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the Data Controller's site or other sites connected or linked to it.


Origin - Data provided by the user
FA.PA. collects, stores, and processes your personal data for the purpose of providing the products and services offered on the Site, or for legal obligations. Regarding some specific Services, Products, Promotions, etc., the Data Controller may also process your data for commercial purposes. In such cases, specific, separate, optional, and always revocable consent will be requested using the methods and contact details indicated below. The optional, explicit, and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, as well as the completion of questionnaires (e.g., forms), communication via chat, push notifications via APP, social networks, call centers, etc., involves the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to requests. We also point out that when using a mobile connection to access digital content and services offered directly by FA.PA. or by our Partners, it may be necessary to transfer your personal data to such third parties.

We highlight that you may access the Site or connect to areas where you may be enabled to publish information using blogs or message boards, communicate with others, for example coming from the FA.PA. page on Facebook®, Google+®, Twitter®, and other social network sites, review products and offers, and publish comments or content. Before interacting with these areas, we invite you to carefully read the General Conditions of Use, taking into account that, in some circumstances, the published information can be viewed by anyone with Internet access and all the information you include in your publications can be read, collected, and used by third parties.


We may process data of a special/sensitive nature as defined by the GDPR voluntarily provided by you in the notes field of the booking form, as they are instrumental to the provision of our services (food allergies, disabled persons, health status information, etc.). The data in question will be processed in accordance with the general Authorization of the Garante for the protection of personal data n.5 and will be treated by us with the utmost confidentiality and will not be subject to dissemination.

CONTACTING THE USER - ADDRESS MANAGEMENT AND SENDING EMAIL MESSAGES:
Mailing List or Newsletter: This type of service allows for the management of a database of email contacts, telephone contacts, or any other type of contacts, used to communicate with the User.
These services may also allow for the collection of data relating to the date and time messages are viewed by the User, as well as the User's interaction with them, such as information on clicks on links included in messages.

INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS:
This type of service allows for interactions with social networks, or other external platforms, directly from the pages of this Application.
The interactions and information acquired by this Application are in any case subject to the User's privacy settings for each social network.
If an interaction service with social networks is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.
Facebook Like button and social widgets (Facebook, Inc.): The 'Like' button and Facebook social widgets are interaction services with the Facebook social network, provided by Facebook, Inc.

Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy
+1 button and Google+ social widgets (Google Inc.): The +1 button and Google+ social widgets are interaction services with the Google+ social network, provided by Google Inc.
Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy Tweet button and Twitter social widgets (Twitter): The Tweet button and Twitter social widgets are interaction services with the Twitter social network, provided by Twitter Inc.

Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy

Purposes of processing and legal basis
Data is processed for the following purposes:

1) strictly connected and necessary to the execution of the reservation on the website www.shangrilaroma.it, to the services and/or Apps developed or made available by the Data Controller, to the use of the relative information services, and to the management of requests for contact or information;

2) for ancillary activities related to the management of User/Customer requests and sending feedback, which may include the transmission of promotional material; for the completion of the reservation, including aspects relating to credit card payment, updates on room availability, and services temporarily unavailable;

3) use of the credit card provided as a guarantee for any charge as a penalty in case of cancellation beyond the deadline granted to exercise the right of withdrawal defined in the booking confirmation, or in case of failure to arrive on the agreed date (no-show procedure);

4) related to the fulfillment of obligations provided for by EU and national regulations, the protection of public order, the ascertainment and repression of crimes, and the protection of the rights of FA.PA., as well as to fulfill current administrative, accounting, and tax obligations;

5) direct marketing, i.e., sending advertising material, direct sales, conducting market research, or commercial communication of products and/or services offered by FA.PA.; this activity may also concern products and services of Omnia Hotel Group companies and be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events, and offers aimed at rewarding users/customers, carried out using “traditional” methods (for example, paper mail and/or calls from an operator), or via “automated” contact systems (for example, SMS and/or MMS, telephone calls without operator intervention, e-mail, fax, interactive applications), pursuant to art. 130 paragraphs 1 and 2 of Legislative Decree 196/03 and subsequent amendments;

6) direct marketing, i.e., sending advertising material, direct sales, conducting market research, or commercial communication of products and/or services offered by Fleming 2009 srl – an Omnia Hotels Group company, and be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events, and offers aimed at rewarding users/customers, carried out using “traditional” methods (for example, paper mail and/or calls from an operator), or via “automated” contact systems (for example, SMS and/or MMS, telephone calls without operator intervention, e-mail, fax, interactive applications), pursuant to art. 130 paragraphs 1 and 2 of Legislative Decree 196/03 and subsequent amendments.

Providing data for the purposes referred to in points 1), 2), 3), and 4), connected to a pre-contractual and/or contractual phase or functional to a user request or provided for by a specific regulatory provision, is mandatory. Otherwise, it will not be possible to receive the information and access any requested services. Regarding points 5) and 6) of this Policy, consent to data processing by the user/customer is instead free and optional and always revocable without consequences on the usability of products and services, except for the impossibility for the Data Controller to keep users/customers updated on new initiatives or particular promotions or advantages that may be available. FA.PA. may send commercial communications relating to products and/or services similar to those already provided, pursuant to Directive 2002/58/EU, using the e-mail coordinates, or paper ones, indicated by you on such occasions, which you may oppose using the methods and contact details indicated below.

Methods, logic of processing, storage times, and security measures
Processing is also carried out with the aid of electronic or automated means and is performed by FA.PA. and/or by third parties that FA.PA. may use to store, manage, and transmit the data. Data processing will be carried out with the logic of organization and processing of your personal data, also relating to logs originated from access and use of services made available via web, products and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data. Personal data processed will be stored for the times provided for by the applicable legislation at the time.

Always regarding data security, in the sections of the website prepared for particular services, where personal data is requested from the navigating user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encodes information before it is exchanged via the Internet between the user's computer and FA.PA.'s central systems, making it unintelligible to unauthorized parties and thus guaranteeing the confidentiality of the transmitted information; furthermore, transactions carried out using electronic payment instruments are made directly using the Payment Service Provider (PSP) platform, and the Data Controller only keeps the minimum set of information necessary to manage any disputes. Precisely in reference to personal data protection aspects, the user/customer is invited, pursuant to art. 33 of the GDPR, to report to FA.PA. any circumstances or events from which a potential “personal data breach” may derive, in order to allow an immediate evaluation and the adoption of any actions aimed at countering such an event, by sending a communication to privacy.hsl@omniahotels.com or contacting Customer Service. The measures adopted by FA.PA. do not exempt the Customer/User from paying necessary attention to the use, where required, of passwords/PINs of adequate complexity, which they must update periodically, especially if they fear they have been violated/known by third parties, as well as guarding them carefully and making them inaccessible to third parties, in order to avoid improper and unauthorized use.

Scope of communication and data transfer
For the pursuit of the purposes indicated above, FA.PA. may communicate and have personal data of users/customers processed, in Italy and abroad, by third parties with whom we have relationships, where these third parties provide services at our request. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data. Data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, protection and security obligations equivalent to those guaranteed by the Data Controller will be imposed on the recipients of the data. In the case of using services offered directly by Partners, we will only provide the data strictly necessary for their execution. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and, where required, the guarantees applicable to data transfers to third countries will be applied. We may also disclose personal data to our commercial service providers for marketing reasons, appointed for this purpose as external data processors. Furthermore, personal data may be communicated to competent public bodies and authorities for compliance with regulatory obligations or for the ascertainment of responsibility in case of computer crimes against the site, as well as communicated to, or allocated at, third parties (as processors or, in the case of electronic communication service providers, as autonomous controllers) who provide IT and electronic services (e.g.: hosting, management, and development of websites) used by FA.PA. for the performance of technical and organizational tasks and activities instrumental to the functioning of the website. The subjects belonging to the categories listed above operate as separate Data Controllers or as Processors appointed for this purpose by FA.PA..
Personal data may also be known by FA.PA. employees/consultants who are specifically trained and appointed as Persons in Charge of processing.

Rights of data subjects
You may exercise the rights recognized to you by law at any time, including the right:
a) to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable storage period, and the existence of automated decision-making processes;
b) to obtain without delay the rectification of inaccurate personal data concerning you;
c) to obtain, in the cases provided for, the erasure of your data;
d) to obtain the restriction of processing or to object to it, when possible;
e) to request portability, where applicable to the processing, of the data you provided to FA.PA., i.e., to receive them in a structured, commonly used, and machine-readable format, also to transmit such data to another controller, within the limits and constraints provided for by art. 20 of the GDPR;
Furthermore, you may lodge a complaint with the Supervisory Authority pursuant to art. 77 of the GDPR.

For the processing referred to in points 5) and 6) of the purposes, the Customer may always revoke consent and exercise the right to object to direct marketing (in “traditional” and “automated” form). The opposition, in the absence of contrary indication, will refer to both traditional and automated communications.

The Data Controller
The Data Controller is FA.PA. SRL with registered office in Viale Algeria, 141 - 00144 Rome. The rights indicated above can be exercised at the request of the Data Subject in the manner made known on the Company's Website or by using the following references: FA.PA. - Privacy Ref. - Viale Algeria, 141 - 00144 Rome, email: privacy.hsl@omniahotels.com
The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the content and any indications included in this version of the information notice published by the Data Controller at the time the site is accessed. FA.PA. informs that this policy may be modified without prior notice and therefore recommends periodic reading.

The Joint Controllers
FA.PA. SRL uses, within the framework of processing customer data, IT systems jointly with third parties, all companies belonging to the Omnia Hotels Group, which therefore become “Joint Controllers” of the processing pursuant to art. 26 of the GDPR, and relationships with them are regulated by a specific contractual agreement.
The text of the joint controllership agreement, in its essential contents, is available at FLEMING 2009 s.r.l., with registered office in Viale Pinturicchio, 84 - 00196 Rome and may be viewed and made available upon written request to the PEC address: fleming2009@legalmail.it

The list of Joint Controllers and their respective identification details is indicated below:
• FLEMING 2009 s.r.l., with registered office in Viale Pinturicchio, 84 – 00196 Rome;
• ALFA HOTEL 2007 SRL, with registered office in Piazza Monteleone di Spoleto, 20 – 00191 Rome;
• BELLA HOTEL 2007 SRL with registered office in Via Vittorio Veneto, 24 – 00187 Rome;
• DONNA LAURA 2011 S.r.l. with registered office in Lungotevere delle Armi, 21 – 00195 Roma;
• FA.PA. S.R.L. with registered office in Viale Algeria, 141 – 00144 Rome;
• LO.AN. S.r.l. with registered office in Viale XXI Aprile, 4 – 00162 Roma;
• ST. MARTIN S.R.L. with registered office in Viale Pinturicchio, 84 – 00196 Rome;
• DOUHET 2005 S.r.l. with registered office in Piazza Monteleone di Spoleto, 20 – 00191 Roma;
• SHANGRI 2019 S.r.l. with registered office in Viale Pinturicchio, 84 – 00196 Roma;
• GERI 2009 S.r.l. with registered office in Viale Pinturicchio, 84 – 00196 Roma;
• SAR 2009 S.r.l. with registered office in Via Ludovisi, 43 – 00187 Roma;
• S.I.A.G.A. S.p.a. with registered office in Via Boncompagni, 19 – 00187 Roma.

This privacy policy was updated on November 25, 2021