Arrival
10 Gennaio 2024
Departure
11 Gennnaio 2024
Book
close

Privacy

Premise

NER 26 Hotel Srl (or even The Cross Hotel), as Data Controller (from now on: "Data Controller") pursuant to EU Regulation 679/2016 (from now on: "Regulation") – considers privacy and protection of personal data one of the main objectives of its activity. We therefore invite you, before communicating any personal data to the Data Controller, to carefully read this Privacy Policy because it contains important information on the protection of your personal data. It describes the personal data processing activities carried out by the Hotel through the www.jeromehotel.com website (from now on: "Site"), the related commitments undertaken in this regard and constitutes an integral part of it with regard to the services offered.

The Cross Hotel may process your personal data when you visit the Site and use the services and features on it. In the sections of the Site where the user's personal data are collected, a specific information is normally published pursuant to art. 13 of EU Reg. 2016/679.Where required by EU Reg. 2016/679, the user's consent will be requested before proceeding with the processing of his personal data. If the user provides personal data of third parties, he must ensure that the communication of data to The Cross Hotel and the subsequent processing for the purposes specified in the applicable privacy policy complies with EU Reg. 2016/679 and the legislation to which it refers. We also inform you that the processing of your personal data will be based on principles of correctness, lawfulness, transparency, purpose limitation and conservation, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to art. 5 of the Regulation.

Your personal data will therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations provided for therein. By processing personal data we mean any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction. We inform you that the personal data being processed may consist - also depending on your decisions on how to use the services - of textual information, photographic or video images and any other information suitable to make the interested party identified or identifiable, depending on the type of services requested.

INDEX

Below we provide the index of this Privacy Policy so that you can easily find information concerning the processing of personal data that interest you.

• 1. DATA CONTROLLER
• 2.LAWS AND REGULATIONS
• 3. PERSONAL DATA SUBJECT TO PROCESSING
- 3.1.Navigation data
- 3.2.Data provided voluntarily by you
- 3.3.Third party data provided voluntarily by you
- 3.4.Personal information we receive from other sources
- 3.5. Data processed in the Interaction with social networks
- 3.6.Special categories of data
- 3.7.Cookies
• 4. PURPOSE OF THE PROCESSING
• 5. LEGAL BASES AND MANDATORY OR OPTIONAL NATURE OF THE PROVISION
• 6. RECIPIENTS OF PERSONAL DATA
• 7. TRANSFERS OF PERSONAL DATA
• 8.SECURITY AND QUALITY OF PERSONAL DATA
• 9. RETENTION OF PERSONAL DATA
• 10.SPECIAL DATA SUBJECT TO SPECIAL PROCESSING
• 11.MINORS
• 12. RIGHTS OF THE INTERESTED PARTY
• 13. METHODS OF DATA PROCESSING
• 14.LINK TO OTHER WEBSITES
• 15.MODIFICATIONS
• 16.CONTACT US

1. DATA CONTROLLER

The data controller is:
NER 26 Hotel Srl Tax Code: 15281861003, VAT number 15281861003, with registered office located in Via di S. Croce in Gerusalemme, 40 00185 Rome, represented by the Legal Representative pro-tempore.

2. LAWS AND REGULATIONS

The sources of regulation to which we refer for the protection of personal data are:

• "REGULATION (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR");
• National Code regarding the protection of personal data (Legislative Decree no. 196 of 30 June 2003), as amended by Legislative Decree 101/2018;
• National Supervisory Authority for the protection of personal data, through provisions and guidelines issued by the same on the subject.

3. PERSONAL DATA SUBJECT TO PROCESSING

The visit and consultation of the Site does not generally involve the collection and processing of the user's personal data except for navigation data and cookies as specified below. In addition to the so-called "navigation data", personal data voluntarily provided by the user may be processed when he interacts with the functionality of the Site or requests to use the services offered on the Site. These data could consist of an identifier such as the name, your email, an online identifier or one or more characteristic elements suitable to make the interested party identified or identifiable, depending on the type of information that you could report in the text of the message with which you have decided to interact with us (hereinafter only "personal data"). The personal data processed through the Site are as follows:

• 3.1.Navigation dataThe computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties.

• 3.2. Data provided voluntarily by LeiExcept for the reference to specific information, this Privacy Policy is also intended for the processing of data voluntarily provided by you through the Site to obtain information regarding the services provided by the Hotel, or when you decide to book a stay, in which case you are requested, as basic data, your name and e-mail address. We may also ask you for your home address, telephone number, nationality, payment details, the name of any other people travelling with you and any preferences for your stay. If you want to contact us, or contact us by other means (for example on social media), we will also collect information via these channels. You may be interested in subscribing to our newsletter to receive information on advantageous promotions that we reserve for this channel. In this regard, we invite you not to insert, in the forms contained within the Site, information that may fall within the category of particular categories of personal data referred to in art. 9 of the Regulation (for example, data referring to your state of health or that of other subjects), unless expressly requested (see below, "special categories of data").

• 3.3.Third party data provided voluntarily by youYou may also need to book a stay for other people travelling with you, or to make a booking on behalf of another person. In these cases, during the booking process you will have to provide data about them as well. In these cases, the information provided will be used only as described in the appropriate pages of the service, you can read all the details there. We want to specify that it is our responsibility to ensure that the individuals about whom you have provided information are aware of this, and that they have agreed to how The Cross Hotel uses their information (i.e. as described in this privacy policy). In this sense, we specify that if you provide or otherwise process personal data of third parties in the use of the Site, you guarantee from now on - assuming all related responsibility - that this particular hypothesis of treatment is based on the prior acquisition - on your part - of the consent of the third party to the processing of information concerning him.

• 3.4.Personal information we receive from other sourcesIn addition to information you provide to us directly, we may also receive other information through various sources, for example business partners such as affiliates, independent third party sub-suppliers, which can be combined with information received directly from you. For example, The Cross Hotel's booking services are available not only on The Cross Hotel, but are also integrated with the services of affiliate partners that you can find online. When you use these services, you communicate the details of your bookings to our business partners, who then send them to us. We also rely on international external providers to manage payments between users and properties: these service providers share payment information, to help us manage it and take care of your booking, so as to guarantee you the best possible experience. Partner properties may also share information about you with The Cross Hotel, for example when you have questions about an ongoing booking, in the event of a dispute over a booking or if there is any communication about your booking through The Cross Hotel.

• 3.5.Data processed in the interaction with social networksSome services allow interaction with social networks, or other external platforms. The interactions and information acquired are in any case subject to the User's privacy settings related to each social network. In the event that an interaction service with social networks is installed, it is possible that, even if Users do not use the service, it collects traffic data relating to the pages in which it is installed. By way of example:
- Like button and social widgets of Facebook and InstagramThe "Like" button and social widgets of Facebook are services of interaction with the social network Facebook and Instagram, provided by Facebook Ireland Ltd. Personal data collected: Cookies and navigation and usage data. Place of Processing: Ireland – Privacy Policy
- Tripadvisor Social Widgets button (Tripadvisor)Tripadvisor social widgets are services of interaction with the web review portal on hotels, B&Bs, restaurants, tourist attractions, controlled by Tripadvisor LLC through the appointed representative for the European Union. Personal data collected: Cookies and Navigation and usage data. Place of Processing: USA – Privacy Policy
- LinkedIn social widgets buttonThe "Like" button and Facebook social widgets are services of interaction with the social network Facebook and Instagram, provided by Likedin Corporation through the Data Processor LinkedIn Ireland Unlimited Company.

Personal data collected: Cookies and Navigation and usage data. Place of Processing: USA – Privacy Policy

• 3.6.Special categories of dataIn the interaction with the Site, no information is requested that may lead to the processing of data that fall within the category of particular categories of personal data referred to in art. 9 of the Regulation

• 3.7.CookiesInformation on cookies served by the Site is available in the specific section of the site

4. PURPOSE OF THE PROCESSING

Your personal data will be processed, with your consent where necessary, for the following purposes:

• 4.1. allow navigation of the Site;
• 4.2. find specific requests for information addressed to the Hotel and contact it by e-mail, mail, telephone or SMS, depending on the contact method you have chosen;
• 4.3. manage requests for booking stays, auxiliary transport services, etc. either through our online services or by means of direct contact with the structure or through external business partners, also through the use of the credit card of the interested party that can be used for purposes related to guaranteeing the service requested for any charge as a penalty in case of cancellation after the agreed deadline to exercise the right of withdrawal indicated in the booking confirmation, or in case of no-show within the defined deadline;
• 4.4. fulfill any obligations under applicable laws, regulations or community legislation, or satisfy requests from the authorities, such as:
- to fulfill the obligation provided for in Article 109 of Royal Decree no. 773 of 18.6.1931, which requires us to register and communicate to the Police Headquarters the personal details of the customers accommodated;
- to fulfill the obligation to communicate to the Regional Tourism Observatory, in order to monitor the tourism sector through the acquisition, management and dissemination of information and statistical data relating to the flow between regional tourist supply and demand (Regional Law no. 13/2007, articles 28 and 31, as amended by Regional Law no. 17/2011).
• 4.5. carry out direct marketing activities via e-mail for products and / or services similar to those previously purchased, unless you expressly refuse to receive such communications, which you can easily express during registration or on subsequent occasions, opposing the processing;
• 4.6. subject to consent to carry out marketing activities such as:
- send you information and promotional material relating to the activities and services of The Cross Hotel and its Business Partners;
- send you personalized offers based on preferences, likes, personalizations or other elements of so-called profiling;
- send you surveys to improve the service ("customer satisfaction");
- newsletters and any other communications,
These communications may be made by e-mail or text message, by paper mail and / or the use of the telephone with operator and / or through the official pages of The Cross Hotel on social networks; it should be noted that the Data Controller collects differentiated consents for the marketing purposes described here and for sending newsletters, pursuant to the General Provision of the Guarantor for the Protection of Personal Data "Guidelines on promotional activities and combating spam", of 4 July 2013; if, in any case, you wish to oppose the processing of your data for marketing purposes performed with the means indicated herein, you may at any time do so by contacting the Data Controller at the addresses indicated in the "Contacts" section of this policy, without prejudice to the lawfulness of the processing based on the consent given before the revocation.
• 4.7.for statistical purposes, without it being possible to trace your identity. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

5. LEGAL BASES AND MANDATORY OR OPTIONAL NATURE OF THE PROVISION

The legal basis concerning the processing of personal data for the purposes referred to in section 4.1, 4.2 and 4.3 is art. 6(1)(b) of the Regulation ([...] the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same), as the treatments are necessary for the provision of services. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the requested services. The purpose referred to in section 4.4 represents a legitimate processing of personal data pursuant to art. 6(1)(c) of the Regulation ([...] the processing is necessary for compliance with a legal obligation to which the data controller is subject). Once the personal data have been provided, in fact, the processing is indeed necessary to fulfill legal obligations indicated in the purpose described above, to which The Cross Hotel is subject. The processing carried out for the marketing and profiling purposes described in section 4.5 is based on legitimate interest pursuant to art. 6(1)(f) of the Regulation ([...] processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, in particular if the interested party is a minor): for the treatments carried out for these purposes and with this legal basis, the interested party may exercise the right to object. For processing carried out for marketing purposes, the legitimate interest is applicable within the limits established by the Regulation and art. 130 c. 4 of the Code regarding the protection of personal data (Legislative Decree 196/2003), if the processing should be aimed at providing services similar to those already subscribed or in which the interested party has expressed interest, unless express refusal to receive such communications, which may be expressed by opposing both during registration and on subsequent occasions. The processing carried out for the marketing and profiling purposes described in section 4.6 is based on the release of your consent pursuant to art. 6(1)(a) ([...] the interested party has given consent to the processing of personal data for one or more specific purposes) and art. 22(2)(c) of the Regulation. The provision of your personal data for these purposes is therefore entirely optional and does not affect the use of additional services. If you wish to revoke your consent to the processing of your data for marketing and profiling purposes, you may do so at any time by contacting the owner at the addresses indicated in the "Contacts" section of this policy. It should also be noted that the processing referred to in section 4.7 is not performed on personal data and therefore can be freely carried out by The Cross Hotel.

6. RECIPIENTS OF PERSONAL DATA

For the purposes referred to in section 4 of this Privacy Policy, your personal data may be shared with third parties, either because you have consented to do so, or for legal reasons related to them. These are personnel operating in the organization of the owner authorized to process and / or our service providers and other third parties as described in detail below:
• 6.1. Electronic invoicing: If you receive a receipt or invoice by email, a summary of the goods and services provided to you during your stay will be sent to the payment card provider and, if you participate in a corporate billing program and use a corporate payment card, the payment card provider may transmit this summary to your employer. Once we have transferred your information, the privacy policies of your employer, payment card provider and card issuer apply.
• 6.2. Group events or meetings: If you attend an event or meeting, the information collected for the planning of that event or meeting may be shared with the organizers and, if appropriate, with the guests who organize or participate in the event or meeting.
• 6.3. Business partners: We may work with other companies to provide you with products, services or offers based on your needs and experiences and share your information with our business partners accordingly. For example, we may receive assistance from our business partners for car rental or other services and share your personal information with them to offer you the services you request.
• 6.4. Service Providers: We rely on third parties who provide services on our behalf and, if necessary, we may share your personal information with them. These are subjects who typically act as data controllers, namely:
- companies that provide support in the management of services for receiving bookings made through The Cross Hotel's website;
- companies that provide web mailing services for the automated sending of communications such as invitations, promotions, newsletters;
- persons, companies or professional firms that provide assistance and advice to Hotel Jerome in tax, accounting, administrative, legal, tax, financial, regulatory compliance;
- subjects delegated to carry out technical maintenance activities of the IT infrastructures of the Hotel and the website. In general, our service providers contractually commit to protecting your personal information through the signing of confidentiality agreements by their staff and will not be able to use or share it, unless required by law.
• 6.5.Telemarketing: If you stay at our hotel, we may share your telephone number and email with the portfolio of brands indicated above, for telemarketing purposes in accordance with your preferences and applicable law. We may also receive your phone number from our partners or other sources and use it for telemarketing purposes.
• 6.6.Other reasons: We may disclose your personal information to:
- comply with applicable laws;
- respond to requests from government or public authorities,
- comply with a valid legal process,
- protect the rights, privacy, safety or property of The Cross Hotel, site visitors, guests, employees or the public,
- allow us to implement available remedies or limit the harm we may sustain,
- enforce the terms and conditions of our websites,
- Coping with an emergency.
• 6.7.Aggregated or anonymized data with removed personal information: We may, from time to time, provide third parties with data that has been aggregated or anonymized. This means that your personal information that could be used to identify you has been removed from the data. The data provided to third parties in this way is not personal data; however, the right to object is retained.
• 6.8. Credit institutions or insurance companies and brokers (only in the event of claims that may occur in the hotel).
• 6.9. Persons authorized by The Cross Hotel to process personal data, necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or have an appropriate legal obligation of confidentiality.
The complete list of data processors is available by sending a written request to the Data Controller at the addresses indicated in the "Contacts" section of this policy.

7. TRANSFERS OF PERSONAL DATA

We primarily store and process your personal data in Italy/EU/European Economic Area ("EEA"). If we transfer your personal data outside the EEA, we hereby assure you that the transfer of data outside the EEA will take place in accordance with the applicable legal provisions, subject to verification of the certification of compliance with the principles and protocols adopted by non-EU states with the European UnionThe data may be transferred outside the EEA, if the level of data protection implemented by them has been deemed adequate by the European Commission pursuant to of art. 45 of the GDPR, through a specific adequacy decision. The owner also declares that, in the absence of an adequacy decision of the European Commission on the level of protection of the interested parties guaranteed by the countries pursuant to art. 45 of the GDPR, the transfer of data will take place, where possible, subject to the signing of the Standard Contractual Clauses (SCC) adopted by the European Commission pursuant to art. 46, 2, lett. c) and exceptionally, subject to the consent of the interested party.

8. SECURITY AND QUALITY OF PERSONAL DATA

The Cross Hotel undertakes to protect the security of the user's personal data and complies with the security provisions of the applicable legislation in order to avoid data loss, illegitimate or illicit use of data and unauthorized access to them. In addition, the information systems and computer programs used are configured in such a way as to minimize the use of personal and identifying data; These data are processed only for the achievement of the specific purposes pursued from time to time. The Cross Hotel uses multiple advanced security technologies and procedures to help protect users' personal data; For example, personal data is stored on secure servers located in places with protected and controlled access. The user can help and contribute to update and maintain correctness of their personal data by communicating any changes relating to their address, their qualification, contact information, etc.

9. RETENTION OF PERSONAL DATA

Personal data processed for the purposes referred to in section 4.1, 4.2 and 4.3 will be kept for the time strictly necessary to achieve those same purposes. In any case, since these are treatments carried out for the provision of services, The Cross Hotel will keep personal data for the period of time provided and permitted by Italian law to protect its interests (Art. 2946 c.c. and ss.). Personal data processed for the purposes referred to in section 4.4 will be kept until the time required by the specific obligation or applicable law. For the purposes referred to in section 4.5, your personal data will be processed until you have objected to the processing. For the purposes referred to in section 4.6 and 4.7, your personal data will instead be processed, as a general rule, until your consent is revoked. If you withdraw from the services provided by The Cross Hotel without having revoked these consents, the data may also be processed after your withdrawal. It is envisaged that a periodic annual check is carried out on the data processed and on the possibility of being able to delete them if no longer necessary for the intended purposes. With reference to personal data processed for Marketing Purposes or Processing for profiling purposes, the same will be kept in compliance with the principle of proportionality and in any case until the purposes of the processing have been pursued or until the revocation of the specific consent by the interested party intervenes. Specifically, the Data Controller will process the data for no more than 2 years from the collection of data for Marketing Purposes and one year for data collected for profiling purposes. More information regarding the data retention period and the criteria used to determine this period can be requested by sending a written request to the owner at the addresses indicated in the "Contacts" section of this policy. In any case, the possibility for The Cross Hotel to keep your personal data for the period of time provided for and permitted by Italian law to protect its interests (Art. 2947 (1) (3) c.c.) is reserved.

10. SPECIAL DATA SUBJECT TO SPECIAL PROCESSING

The term "confidential data subject to special treatment" means information relating to racial or ethnic origin, political opinions, religion or other beliefs, trade union membership, health, life or sexual orientation, genetic information, criminal record and biometric data used for the purpose of unique identification. We generally do not collect particular data, unless it is provided voluntarily by the user. We may use the data you have provided us about your health to provide you with a better service and meet your particular needs (for example, by providing special access measures for persons with disabilities). They are therefore data whose protection is intended to guarantee freedom of thought and opinion, the dignity of the person and freedom from possible discrimination, for the treatment of which explicit consent is required, even if not necessarily written, because they concern particularly private aspects of the individual and can be used for discriminatory purposes.

11. MINORS

The new European Regulation (GDPR) has prescribed, in Article 8, the obligation not to allow the direct offer of information society services (therefore registration to social networks and messaging services) to children under 16, unless the consent of the parents is collected (it is necessary to ascertain that the consent is given by the guardian) or of those who take their place. The registration to an online service, therefore, is subject to the rules for the conclusion of contracts, for which the subject must be able to appreciate the nature and consequences of his consent. In any case, parental consent is not always necessary. According to Article 8 of the new European regulation, parental consent is required only if the processing of children's data is legitimized on the basis of consent. If, on the other hand, the processing has another legal basis, such as compliance with a legal obligation, legitimate interests, etc., parental consent is not required. In addition, this limit can be further lowered by the nation states (but the limit cannot fall below 13 years). In this perspective, the Italian legislator has set the age limit to be applied in Italy at 14 years, with the decree adapting the Code Privacy.Il our website does not intend to intentionally request or collect personal data of persons under the age of 16. If we are informed or otherwise discover that a child's personal data has been mistakenly collected, we will take commercially reasonable steps to delete that information.

12. METHODS OF DATA PROCESSING

The processing of personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, blocking. The processing of personal data takes place by persons in charge of the organization responsible for managing requests, using manual, computerized and telematic tools with logic strictly related to the purposes themselves and in any case in order to guarantee the security and confidentiality of the data in full compliance with the provisions of art. 32 of the EU Regulation. Archiving can be done both electronically and on paper. It should be noted that the processing methods implemented do not imply the need to subject the data subject to a decision, which may include a measure, which assesses personal aspects concerning him, which is based solely on automated processing and which produces legal effects concerning him or similarly significantly affects his person, without human intervention. Both with regard to the data on its devices, and for any data present at the provider, the data controller has implemented appropriate technical and organizational measures to guarantee an appropriate level of security, in full compliance with the provisions of art. 32 of the EU Regulation. More information is available by sending a written request to the owner at the addresses indicated in the "Contacts" section of this statement.

13. RIGHTS OF THE INTERESTED PARTY

At any time the interested party may exercise his rights towards the Data Controller, pursuant to EU Regulation 679/2016 through the addresses indicated in the contact section of the policy: To ensure the correct exercise of rights, the interested party must make himself unequivocally identifiable.
The Cross Hotel undertakes to provide feedback within 30 days and, in case of impossibility to respect these times, to justify any extension of the deadlines. The feedback will take place free of charge except in cases of groundlessness (eg there are no data concerning the applicant party) or excessive requests (eg repetitive over time) for which a contribution may be charged expenses not exceeding the costs actually incurred for the research carried out in the specific case. The rights relating to personal data concerning deceased persons may be exercised by those who have an interest of their own or act to protect the data subject or for family reasons worthy of protection. The interested party can also lodge a complaint with the supervisory authority. In case of violation of personal data suffered by The Cross Hotel, the owner will notify the competent supervisory authority of the violation within 72 hours of the occurrence and will also communicate the event to the interested party, except in cases of exclusion provided for by law.

Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679

The interested party has the right to obtain from the data controller confirmation that personal data concerning him or her is being processed and in this case, to obtain access to personal data and the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
• the envisaged retention period of the personal data or, if this is not possible, the criteria used to determine this period;
• the existence of the right of the interested party to ask the data controller to rectify or erase personal data or limit the processing of personal data concerning him or to oppose their processing;
• the right to lodge a complaint with a supervisory authority;
• the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

Right pursuant to art. 17 of EU Reg. 2016/679 - right to cancellation ("right to be forgotten")

The interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller has the obligation to delete personal data without undue delay, if one of the following reasons exists:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws the consent on which the processing is based in accordance with point (a) of Article 6(1) or point (a) of Article 9(2), and if there is no other legal basis for the processing;
• the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate reason to proceed with the processing, or opposes the processing pursuant to Article 21(2);
• the personal data have been unlawfully processed;
• the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
• personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of EU Reg. 2016/679

Right pursuant to art. 18 Right to restriction of processing

The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
• the accuracy of the personal data is contested by the data subject, for the period necessary for the controller to verify the accuracy of such personal data;
• the processing is unlawful and the interested party opposes the deletion of personal data and requests instead that its use be limited;
• although the data controller no longer needs it for the purposes of the processing, the personal data are necessary for the data subject to ascertain, exercise or defend legal claims;
• the interested party has opposed the processing pursuant to Article 21, paragraph 1, EU Reg 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
Right pursuant to art. 20 Right to data portability
The data subject shall have the right to receive in a structured, commonly used and machine-readable format the personal data concerning him or her provided to a data controller and shall have the right to transmit such data to another controller without hindrance from the controller.

Withdrawal of consent to processing

The interested party has the right to revoke consent to the processing of your personal data, by sending a registered letter with return receipt to the address indicated in the contact section, accompanied by a photocopy of your identity document, with the following text: "revocation of consent to the processing of all my personal data". At the end of this operation, your personal data will be removed from the archives as soon as possible, together with the photocopy accompanying the request.
In any case, you always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the protection of personal data), pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force.

14. LINKS TO OTHER WEBSITES

Our site may contain links to third-party websites. Please note that we are not responsible for the collection, use, management, sharing or disclosure of data and information by such third parties. If you provide information on, and use third-party sites, the privacy policy and terms of service of those sites will apply. We encourage you to read the privacy policies of the websites you visit before submitting personal information. In some cases, these sites may be co-branded and display our logos or other trademarks. To find out if you are on our website, check the URL of the page you are visiting.

15. MODIFICATIONS

The Cross Hotel reserves the right to modify or simply update the content of this Privacy Policy, in part or completely, also due to changes in the applicable legislation. The Cross Hotel will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. For this reason, we therefore invite you to regularly visit this section to become aware of the most recent and updated version of the Privacy Policy in order to be always updated on the data collected and on the use made of it by The Cross Hotel.

16. CONTACT US
To exercise the above rights or for any other request you can write to:
NER 26 Hotel S.r.l.
Via di S. Croce in Gerusalemme 00185 Rome,
Tax Code: 15281861003
VAT Code: 15281861003
Email: info@thecrosshotel.com 
Phone: +39 06 7027808
Website http://www.thecrosshotel.com