According to the art. 13 of the EU Regulation 2016/679 of 27 April 2016 (GDPR),
we provide interested parties with information on the treatments performed by us.

I – Data Controller

Hotel Gest Plus S.r.l. is a company that has been operating for years in the world of luxury hotels, guaranteeing reception services in the name of excellence and constant research of the highest quality. In the exercise of its activities, it collects some information about customers and visitors that come into contact with its structure.

The owner of the data processing is the HOTEL GEST PLUS S.r.l. (P.IVA 12096941005), in the person of its legal representative pro tempore, with headquarters in Via Lucullo number 3, 00187, Rome.

II – Type of data collected

The HOTEL GEST PLUS S.r.l. collects your personal data to provide your services, and such collection takes place through the voluntary communication of the same upon your arrival at the hotel, or through prior telephone / email communication, or by browsing the site of the structure and booking rooms, or still via internet platforms that offer booking services.

The data we collect are of various kinds, and include all the information necessary to guarantee the best possible service. To this end we request the identifiers of our visitors, such as name, surname, address and zip code, as well as a copy of the identity document. We also collect your contact details, such as e-mail, telephone and fax, to be able to contact you and / or respond to any of your requests or needs, as well as the data relating to your stay (days of stay, type of room, rate applied) and payment (credit card number, expiry date and holder). Sometimes, according to your specific needs, it will be possible to collect some particular categories of data, only as a result of your voluntary and spontaneous provision (communication of particular food intolerances, or motor disabilities, etc.). At our facility there are surveillance cameras, so you could be picked up by our system. All the information you voluntarily provide to us during your stay (for example anniversaries and special occasions) will also be collected.

While browsing on our site or through our Wi-Fi, some technical data may be automatically collected, such as the IP address, the type of browser used to navigate, some information on the features of the device (PC, tablet or smartphone). For more information, please see our Cookie Policy.

III – Recipients of personal data

The HOTEL GEST PLUS S.r.l. entrusts some out-sourcing services to subjects outside its organization, so your data could be transmitted to them. To guarantee the security and confidentiality of the information transmitted, these subjects are appointed Data Processors, pursuant to art. 28 GDPR, and will be required to comply with the instructions given by HOTEL GEST PLUS S.r.l. with regard to the methods, the purposes and the security measures applicable to the processing entrusted to them. The managers will manage the reservations on behalf of HOTEL GEST PLUS S.r.l., will keep the accounts of the same, will offer web hosting services and business data storage. For users who book through the website, we point out that the Company in charge of processing and managing the reservations is BLASTNESS S.r.l., based in P.zza J.F. Kennedy 27, 19125 La Spezia (SP), Tel. 0187 599737- Fax 0187 020349 - email:

The company UTG NET S.r.l. is appointed as data controller, handling the technical assistance and management of the hotel information system. The Serenissima Informatica S.p.a. is appointed as data controller, being the owner of the Protel customer management platform. The company Hotel Gest Plus S.r.l. is responsible for processing, limited to e-mails, for the possible forwarding of commercial information regarding the Brand Tridente Collection (

Your data may also be transmitted to debt collection companies and banking institutions for the management of receipts and payments deriving from the execution of the stay, as well as to external suppliers and / or consultants to satisfy the provision of the services requested.

Outside of these cases, the data will not be communicated or given to anyone, unless there is explicit consent to share the data with third parties, or that this is necessary to provide the service requested by the interested party or to fulfill requests of the Judicial or Public Security Authorities or fulfill legal obligations.

At the hotel management you can request the updated list of external data processors.

IV – Purpose of the Processing

The data we collect will be used for different purposes, firstly to fulfill the contractual obligation assumed towards the customers, therefore to provide you with assistance before and after the booking or to answer the questions you will ask us, to process the payment for your stay and send you the receipt, as well as accepting your special needs and requests to personalize your stay. To ensure the security and monitoring of our facility, video cameras have been installed so you could be filmed.

In order to comply with the legal obligations regarding public safety, we transmit the identifiers of customers staying at our facility at the Rome Police Headquarters. For tax and accounting purposes, we keep the payment details of your stay.

Only with your explicit consent, we will use the data collected to carry out promotional activities in line with the preferences expressed by you, to store your data in order to speed up the check-in procedures, in the case of subsequent access to our structure, and to send you communications coming from outside.

In some cases, to provide you with the requested services, we will ask for your personal data. If you do not provide us with the information requested, or we are prohibited from collecting such information, we may not be able to provide you with the requested services.

V – Legal basis of the processing

The treatments we carry out are justified by the execution of pre-contractual or contractual measures taken with regard to customers, as well as to fulfill the legal obligations imposed on us in matters of public security, judicial and tax.

If it does not fall under these bases, the processing is carried out at your voluntary bestowal of data, or with your explicit consent. In some and limited cases, the processing is carried out on the basis of the legitimate interest of the Data Controller (such as, for example, video surveillance recording or credit card data acquisition).

We may also process your data to ascertain, exercise or defend a right in a court of law or whenever the judicial authorities exercise their jurisdictional functions.

VI - Processing methods

Your personal data will be processed with paper and electronic tools and in totally or partially automated ways. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access. These measures will be of a technical nature, including for example backup systems, antivirus and firewall, and organizational, consisting in identifying subjects inside HOTEL GEST PLUS S.r.l. authorized to process and disciplinary policies / job descriptions to which they must comply. Periodically checks will be carried out on the effectiveness of security procedures and protocols.

VII - Processing of sensitive data

Should you provide us with specific data (art. 9 GDPR), this data will be processed in such a way as to guarantee the confidentiality, integrity, accuracy and security of the information contained therein.

VIII – Data retention period

We will keep your data only for the time necessary to provide the products and services requested, unless we have to keep them for longer periods as a result of laws, regulations, or for the resolution of disputes or judicial checks. If your data are no longer necessary due to legal or regulatory requirements and the legal basis for the processing is not based on a consent, HOTEL GEST PLUS S.r.l. will take reasonable steps to destroy such data or to make it permanently unidentifiable.

If the legal basis for the processing is the consent or voluntary provision of data by you, these will be kept until the consent is revoked, and in any case no later than 3 years from the acquisition.

The storage of the video surveillance images is limited, at most, to the twenty-four hours following the detection, subject to special requirements for further storage in relation to holidays or the closure of offices or establishments, as well as in the case in which a specific request must be accepted investigation by the judicial or judicial police.

The emails used for commercial purposes, subject to explicit consent, will be sent until the interested party exercises the right to cancel the newsletter that can be exercised directly from the email received.

IX – Rights of the interested parties

At any time you can request, with any available means, confirmation of the existence or not of data concerning you, and if so their detail; you can request the origin of these data, the methods and the purposes of their processing; you can request the modification and deletion of data, which will be extended to any third parties to whom they have been transmitted, as well as receive notification in the cases referred to in art. 19 GDPR. Furthermore, you can exercise the right to limit the processing, the right to object and request data portability. For all treatments based on your consent, you can revoke it a any time and without any formality. In case of "data breach", we will advise you without undue delay. As interested parties, you finally have the right to lodge a complaint with the supervisory authority.

For more information, comments or to exercise your rights, please contact the email address

X – Data transfer to third countries

In no case, except as provided in the Cookie policy, the data collected will not be transmitted to third countries.

Hotel Gest Plus S.r.l. ensures that the transfer of Personal Data to third countries will take place according to the appropriate guarantees provided in the GDPR. The transfers will be based alternatively on an adequacy decision or on the Standard Model Clauses approved by the European Commission; in the case of transfers to the USA, in compliance with the principles of the Privacy Shield. Further information and explanations can be obtained from the data controller.

This privacy policy is updated on 13/05/2019, Rome