Privacy policy – EN

Privacy Policy – GDPR

EMA HOTELS SRL (single shareholder),
with registered office at Via Maestri del Lavoro, 3 – 40017 San Giovanni in Persiceto (BO), Italy,
Tax Code and VAT No. 03337061208,
(hereinafter the “Data Controller”), in its capacity as Data Controller,
informs you pursuant to Article 13 of Legislative Decree No. 196 of 30 June 2003 (Italian Privacy Code) and Article 13 of Regulation (EU) 2016/679 (GDPR) that your personal data will be processed through the website www.emahotels.it in the manner and for the purposes described below.

1. Subject of the processing

The subject of the processing is personal identification and contact data (by way of example and not limited to: first name, last name, address, telephone number, email address, tax data), hereinafter referred to as “personal data” or “data”, voluntarily provided by users when:

  • filling in contact forms on the website
  • requesting information or quotations
  • making bookings or availability requests
  • subscribing to newsletters
  • registering for events or initiatives promoted by the Data Controller
  • sending assistance requests or general communications

2. Purposes of the processing

Personal data are processed for the following purposes:

A) Without the data subject’s explicit consent

(Art. 6(1)(b), (c) and (f) GDPR), for:

  • managing and maintaining the website
  • responding to information, quotation and contact requests
  • managing bookings and hotel services
  • fulfilling contractual and pre-contractual obligations
  • complying with legal, fiscal and administrative obligations
  • preventing fraud or misuse of the website
  • exercising the Data Controller’s rights, including in legal proceedings

B) Only with the data subject’s explicit consent

(Art. 6(1)(a) and Art. 7 GDPR), for:

  • sending informational and promotional newsletters
  • direct marketing and commercial communications
  • invitations to events or initiatives promoted by the Data Controller
  • customer satisfaction and opinion surveys

3. Processing methods

Personal data are processed using paper-based, electronic and telematic tools, in accordance with principles of lawfulness, fairness and transparency, and in compliance with the security measures required by the GDPR.

Data are stored on servers located within the European Union and/or with third-party providers duly appointed as Data Processors.

Data retention periods are:

  • 10 years from termination of the contractual relationship for service-related purposes
  • 2 years from data collection for marketing purposes, unless consent is withdrawn earlier

4. Data security

The Data Controller adopts appropriate technical and organizational measures to ensure the security, integrity and confidentiality of personal data, including:

  • HTTPS secure transmission protocols
  • protection against unauthorized access
  • backup and data integrity procedures

5. Access to data

Personal data may be accessed by:

  • employees and collaborators of the Data Controller, duly authorized
  • IT, hosting, email and newsletter service providers
  • companies providing technical assistance, accounting or legal consultancy
  • banks and payment service providers

Such parties act as Data Processors or Independent Data Controllers, as applicable.

6. Data communication and disclosure

Personal data will not be disclosed.

Data may be communicated to public authorities or judicial bodies only where required by law.

The website may use anonymous tracking tools for statistical and marketing purposes (e.g. remarketing), without directly identifying the user.

7. Data transfer

Personal data are mainly processed and stored within the European Union.
Any transfer outside the EU will take place in compliance with Articles 44 et seq. of the GDPR.

8. Nature of data provision

Providing data for the purposes set out in section 2.A is necessary.
Failure to provide such data will make it impossible to deliver the requested services.

Providing data for the purposes set out in section 2.B is optional and consent may be withdrawn at any time.

9. Data subject’s rights

Data subjects may exercise the rights provided under Articles 15–22 GDPR, including:

  • right of access
  • right to rectification
  • right to erasure (“right to be forgotten”)
  • right to restriction of processing
  • right to data portability
  • right to object
  • right to lodge a complaint with the Supervisory Authority

10. How to exercise your rights

You may exercise your rights at any time by contacting:

  • by registered mail to:
    EMA HOTELS SRL – Via Maestri del Lavoro, 3 – 40017 San Giovanni in Persiceto (BO), Italy
  • by email to: info@emahotels.it

11. Minors

This website is not intended for individuals under the age of 18.
The Data Controller does not knowingly collect personal data relating to minors.

12. Data Controller

EMA HOTELS SRL (single shareholder)
Via Maestri del Lavoro, 3
40017 San Giovanni in Persiceto (BO), Italy
Tax Code and VAT No.: 03337061208

The company is subject to management and coordination activities pursuant to Article 2497-bis of the Italian Civil Code by Rolima S.r.l., based in Bologna.

13. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time.
Users are therefore encouraged to review it periodically.

Scroll to Top