Skip to content

Privacy Policy

Home
Privacy Policy

WHY THIS INFORMATION NOTICE

This information notice is provided pursuant to Article 13 of GDPR 679/2016, the “General Data Protection Regulation,” which sets out provisions on the processing of personal data 679/2016.

SCOPE OF APPLICATION/WEBSITE

This information notice applies to:

  1. The company Opera SRL, with registered office at Via Donizetti, 36  20122 Milan;
  2. Hotels/facilities included in the portfolio managed by Opera SRL. The list of hotels and facilities is regularly updated and can be consulted on the website  www.opera-hotels.com/en

The information herein pertains only to what is indicated in the Scope of Application and not to other websites that users may visit through external links. The Data Controller is not responsible for the processing of personal data and information by these third parties. If the User provides information on third-party websites, the data protection provisions and terms of use of the services on those sites will apply, and we encourage the User to read them.

1. DATA CONTROLLER

The Data Controller is:

OPERA SRL, Via Donizetti, 36 – 20122 Milan

e-mail: info@opera-hotels.com

2. DATA PROCESSED

Personal data includes any information or data through which an individual can be identified, either directly or indirectly.

Opera S.r.l. is firmly committed to protecting and respecting users’ privacy. This Privacy Policy details what personal data may be processed in specific cases, indicating in Article 3 the purposes for which such data may be processed.

a. Browsing Data
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. 
These data are necessary for the use of the web service. They are also used solely for the purpose of obtaining anonymous statistical information on site usage and to ensure its proper functioning.

b. Personal Data Collected Through Contact Forms or Addresses on the Site
When requesting information, we may collect personal data such as name, email address, and additional information the User enters in the “message” field.

c. Personal Data Collected Through Online Registration/Check-in
When contacting us or filling out forms on the website, we may collect personal data including: personal and contact details; nationality; payment data such as credit card number and related details; and information on additional services/products purchased.

3. PURPOSE OF DATA PROCESSING

I. Compliance with legal, administrative, accounting, and tax obligations required of the Data Controller;

II. Managing online bookings to fulfill the User’s requests; Managing online bookings to fulfill the User’s requests;

III. Responding to the User’s information requests;

IV. Collecting stay information and conducting aggregated statistical processing of data;

V. Based on applicable regulations, the Data Controller may use the email address provided when purchasing a service to offer similar services/products. However, if the User does not wish to receive such communications, they may notify the Data Controller at any time at info@opera-hotels.com, and the activity will be discontinued promptly.

4. DISCLOSURE OF PERSONAL DATA

The User’s personal data may be disclosed to:

– The hotels/facilities included in the Controller’s Portfolio that require data processing for the correct provision of selected services and exclusively for the purposes described above;

– Third parties providing outsourced services to the Data Controller and acting as Data Processors based on a contract/appointment (an updated list of Data Processors is available upon request);

– Public Administration, judicial authorities, and other entities where disclosure is legally required. These entities will process data as independent Data Controllers.

The User’s personal data are processed exclusively by personnel duly authorized and bound by confidentiality obligations.

5. LEGAL BASIS FOR PROCESSING

Each processing activity is justified by one of the following legal bases:

Pre-contractual/Contractual: Processing is necessary to execute a contract between the parties.

Legal Obligation: Processing is necessary to comply with a legal obligation.

Legitimate Interest: Processing is necessary for the pursuit of the Data Controller’s legitimate interest, provided that the User’s fundamental rights and freedoms do not override it.

Consent: Processing is carried out only when the User has given consent for specific purposes. Consent may be revoked at any time by contacting the Data Controller as specified in the relevant section.

6. DATA PROCESSING AND STORAGE METHODS

The User’s personal data will be processed both electronically and manually, using measures and tools designed to ensure maximum security and confidentiality, by qualified and duly authorized personnel in compliance with the GDPR.

Data is stored on servers located within the EU. However, if necessary, the Data Controller may transfer data outside the EU, ensuring compliance with applicable laws (Articles 45, 46, 47, 49 GDPR).

Personal data is retained only for the time necessary to fulfill the purposes for which it was collected, and to meet legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes by other means, as well as the applicable legal requirements.

Specifically:

  • Data collected for accounting and tax purposes will be retained for up to 10 years from the User’s last contact, in compliance with Italian legal requirements. 
  • Credit card data will be stored for up to 30 days after payment.

7. USER RIGHTS

Regarding the data processing activities mentioned above, the User may request at any time (using the contact details in Section 1) to:

  • Access their data to obtain information on the purposes of processing, recipients, processing duration (where possible), and any profiling activities;
  • Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal;
  • Request the rectification of personal data if it is inaccurate or incomplete.
  • Request the deletion of data if it is no longer necessary for the Controller for the intended processing purposes, is inadequate for the processing purposes, the user has withdrawn their consent, or the data has been processed unlawfully.
  • Request the restriction of processing under specific legal conditions;
  • Request data portability to another Data Controller in a structured, commonly used format;
  • Object to the processing of their data and, in particular, automated decision-making based solely on profiling;
  • Lodge a complaint with the competent Authority if they believe that data processing violates applicable privacy regulations: http://www.garanteprivacy.it.

8. COOKIES

For information on how this site uses cookies, please refer to the Cookie Policy.

9. CHANGES

The Data Controller reserves the right to modify or update this Privacy Policy, in whole or in part, due to changes in applicable law. Such changes will be binding as soon as published on the website. Continued access or use of the service after such publication implies acceptance of these modifications. We encourage Users to regularly check this section for the most updated version of the Privacy Policy to stay informed about data collection and processing.

Date: 03/02/2025