Skip to main content

Privacy Policy

Learn more about your privacy rights

INFORMATION ON THE PROCESSING OF PERSONAL DATA of the users visiting the websites of Extro Hotels

Pursuant to Article 13 of EU Regulation 2016/679

This page contains a description of the policies for managing the website in regard to processing the personal data of the users who visit the site and their privacy. This information is provided pursuant to article 13 of RGPD 679/2016 – Law concerning the Protection of Personal Data - and the individuals who interact with the web services of EXTRO HOTELS, which is accessible by telematics means through the following web address: www.extrohotels.com

which corresponds to the home page of the official websites of Extro Hotels. This informative note is provided only for the aforementioned website and not for other websites eventually accessed by the user through links.

 

THE “CONTROLLERS”

Following access to this website, data pertaining to persons that are identified or identifiable may be processed. The “Data Controllers” of the personal data collected following a visit to this extrohotels website website or any other data used for providing our services are:

 

PLACE WHERE DATA IS PROCESSED

Data processing pertaining to the web services of this website [(physically hosted by Travelclick in a server located in a country that is not a member of the European Union, “The U.S.A.”, according with the UE-USA “Safe Harbor Frameworks” www.travelclick.com ) is carried out at the aforementioned headquarters and said data is processed only by the technical personnel in charge of processing of the Data Processing Office, or by eventual persons in charge of processing who are entrusted to process occasional maintenance operations. 

The personal data obtained from the users who submit hotel reservation requests or through informative material (informative notes, newsletters, registration, etc) is used only to carry out the services or assistance requested and is not transmitted to third parties, except in the following possible cases: 

  • Business partners of Extro Hotels to whom the Data Controller transmits the data exclusively in order to avoid on-line reservations, Travelclick;
  • Persons, companies or professional offices who lend assistance and consulting services to Extro Hotels concerning accounting, administrative, legal, financial and tax matters; 
  • Subjects who are authorized to have access to the data by law or through requests by the authorities; 
  • Google Analytics.

The credit card data used for booking will be automatically canceled at the end of the stay.

 

 

CATEGORIES OF PROCESSED DATA

 

Navigational data

The informatics systems and the software procedures used for the functioning of this website, during their normal functioning, acquire some personal data for which the transmission of said data is implicit in the use of Internet communication protocols. This concerns information that is not collected in order to be associated with identifiable interests but due to its nature, through elaboration and association with data obtained by third parties, could allow identification of the user. The data which fall within this category are: the IP address or the name and domain of the computer used by the user who accesses the website, the address which is revealed in the URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used in submitting the request to the server, the dimensions of the file obtained as a response, the numerical code indicating the server response status (successful, error, etc.) and other parameters pertaining to the operating system and the informatics used by the user. 

This data is used only to gather anonymous statistical information regarding the use of the website and to control its correct functioning and is cancelled immediately after elaboration. The data may be used for ascertaining responsibility in the case of hypothetical informatics crimes damaging to the website: except in this last case, the data of the web contacts cease to exist after seven days.

 

Data voluntarily provided by the user

Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender’s address, which is necessary in order to reply to any request, as well as of such additional personal data as is contained in the message(s). Data will be retained only for registration request to send the newsletters or special offers and will not be disclosed to anyone. The personal information regarding the individual who visited the website is not collected or used. The visitors remain anonymous. The only exception to this rule concerns the information for personal identification needed to fulfill the contractual obligations of reservations on behalf of the user.

 

Reservations

In the event of reservations made through the website, the user must provide his name, address, telephone number and information regarding the payment manners and credit card used. Extro Hotels will use said information only for elaboration of the reservations and to send specific information, which is relevant to the confirmation of said, such as a receipt, the reservation code and the conditions.

The information provided will not be used for marketing purposes and will not be sold, transmitted, given by contract or sent to third parties an any way, with the exception of our provider of on-line reservation services, Travelclick, only for online reservations purposes.

In any event, the administrator of the website guarantees the use of scrupulous procedures in order to protect the navigational data and the use of particular precautions to protect the data pertaining to the credit card, which is provided during on-line reservations. 

 

Personal Data Processing Collected from Curriculum Vitae

Providing spontaneous and voluntary of the Curriculum Vitae data will be considered as implicitly informed consent by the data subjects for personal data processing contained, only following the purposes related to the selection of potential candidates.

The data processed for the purpose of selection of candidates are personal useful to search for the particular profile. In general, the nature of the data is normal, except in some cases where you may indicate any sensitive data necessary to identify the specific requirements of the regulations, such as specifying a particular protected classes, the suitability for certain jobs and / or start-ups required, within the limits set by the General Authorisations of the Garante no. 1 and 2 of December 15, 2016 (Published in the Official Gazette no. 303 of December 29, 2016);

The provision of data relating to the selection of candidates is required. Any refusal to provide such data makes it impossible to perform an orderly selection and the possible recruitment. The data in question will not be disclosed to anyone. 

 

General Rules for providing the CV

Any CV received spontaneously, replying to a job advertisement, will be stored directly by person in charge of the processing in accordance with the safety guidelines of personal data adopted in compliance with the security measures ex Chapter IV Section 2 of GDPR 679/2016. 

To send Curriculum Vitae use only the following addresses: Human Resources Dpt, Extro Hotels, Viale Isonzo, 14 - 20135 MILANO by the e-mail address: [email protected]

 

 

PERIOD FOR DATA RETENTION - CRITERIA USED 

 

According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation (EU) 2016/679, collected personal data shall be kept in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed.

 

Data retention periods depend on the purposes of the processing:

  • purposes related to technical navigation data for the correct functioning of the website: retention only for the related session, after which the data are deleted;
  • purpose of reply to info request/services supply request (up to 12 months for contact requests; 10 years for administrative / accounting / financial documentation relating to the provision of a service);
  • data collection for staff recruitment (up to 24 months);
  • newsletter, marketing or promotional communications in general until withdrawal of consent;
  • purpose of di administrative / accounting / financial management: 10 years as as required by law for the conservation of administrative / accounting / financial documentation.

 

 

COOKIES & JAVASCRIPT TECHNOLOGIES

 

In this website we are applied cookies technologies for different purposes, including computer technology authentication or to monitor sessions, and to store specific technical information regarding the users that access the server of Travelclick, the website maintenance and hotel booking service provider.

 

Description of the cookie mechanisms adopted:

  • Cookie implanted in the user/contracting party’s terminal directly (that will not be used for other purposes) such as session cookies used for on-line booking on the website, authentication or customisation cookie (for example, the choice of the browsing language); these cookies remain active only for the duration of the session.
  • Cookie used to statistically analyse accesses/site visits (the so-called “analytic” cookie) that are used for statistical purposes, profiling or marketing, and to collect aggregate information with the possibility of tracing back to the identification of the individual user personal computer. In these cases, since current legislation requires that, when using analytic cookie, the user is given clear and adequate instructions to easily oppose implementation of such (including any mechanisms to make the cookies anonymous), we give instructions on how to disable installed cookies below. The duration of analytic technical cookie is averagely of 30 minutes.

 

How to modify settings on the cookies

Most browsers allow to clear cookies from your computer hard drive, block acceptance of cookies or receive a warning before a cookie is stored. 

Therefore, to remove cookies we encourage you to follow the instructions on the pages of the various browsers:

 

Chrome: https://support.google.com/chrome/answer/95647?hl=it

Fire fox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Microsoft Edge: https://privacy.microsoft.com/it-IT/windows-10-microsoft-edge-and-privacy 

Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

“Third-party” cookies

Third-party cookies are code parts set by a website different than the website you are currently browsing.

This involves the transmission of cookies from third parties. Management of information collected from “third parties” is governed by the relative information notices to which we ask you to refer. For greater transparency and for convenience, we provide the information on the types of cookies used by third party service providers, purposes, retention period and the third parties who retain and access the information on our websites: 

 

Booking Engine:

Cookie Name
Provider
Expiry
Purpose
Cookie Name
JSESSIONID
Provider
Web3.0
Expiry
Session Expires
Purpose
This cookie is used to save the session id of current user.
Cookie Name
BIGipServerpool_reservations_80
Provider
Web3.0
Expiry
Session Expires
Purpose
This cookie is used to Check the number of available nodes in a BigIP Pool and Virtual Server checks
Cookie Name
REFERID
Provider
Web3.0
Expiry
30 Days
Purpose
This cookie is used to save the referid of campaign
Cookie Name
tc_cookie
Provider
Web3.0
Expiry
Session Expires
Purpose
Saves session data sent as request in encrypted format
Cookie Name
RoomKey
Provider
Web3.0
Expiry
7 Days
Purpose
To track users coming from Roomkey website

 


Web:

Cookie Name
Description
Provider
Duration
Category
Cookie Name
_utma
Description
Google analitycs
Provider
Duration
2 years
Category
persistent
Cookie Name
_utmb
Description
Google analitycs
Provider
Duration
30 minute
Category
persistent
Cookie Name
_utmc
Description
Google analitycs
Provider
Duration
End of browser session
Category
session
Cookie Name
_utmt
Description
Google analitycs
Provider
Duration
10 minutes
Category
persistent
Cookie Name
_utmz
Description
Google analitycs
Provider
Duration
6 months from set/update
Category
persistent
Cookie Name
_utmv
Description
Google analitycs
Provider
Duration
2 years from set/update
Category
persistent

 

Cookie Name
Description
Provider
Duration
Category
Cookie Name
JSESSIONID
Description
 
Provider
 
Duration
 
Category
session
Cookie Name
PREF
Description
Create By Google! User Preference Like Google Search Result
Provider
Google
Duration
 
Category
 
Cookie Name
avr_2463847210_0_0_4294901760_2126303314_0
Description
LoadBalancer
Provider
travelclick
Duration
1 year
Category
persistent
Cookie Name
BIGipServerpool_htb_grp1
Description
LoadBalancer
Provider
travelclick
Duration
1 year
Category
persistent
Cookie Name
avr_2463847210_0_0_4294901760_112926999_0
Description
Load Balancer
Provider
travelclick
Duration
1 year
Category
persistent
Cookie Name
useCookies
Description
Used by our Cookie Notice Status bar to identified if the user was agree or not
Provider
travelclick
Duration
1 year
Category
persistent
Cookie Name
useCookiesCounter
Description
Used by our Cookie Notice Status bar internal functionality
Provider
travelclick
Duration
1 year
Category
persistent

 

Nevertheless, if you block or erase cookies, it may not be possible to reset previously specified preferences or customised settings, and our capacity to customize the user experience will be limite.

More google analytics privacy policies available on http://www.google.com/policies/technologies/ads/

 

 

OPTIONAL DATA PROVISION

 

Except for that which is specified for the navigational data, the user is free to provide the personal data listed in the request forms of Extro Hotels or through contacts with the Office in order to make on-line reservations or to solicit the receipt of informative material or other communications. A lack of conferring this data may cause an impossibility to obtain what is requested.

 

PROCESSING ARRANGEMENTS

Personal data is processed with automated means for no longer than is necessary to achieve the purposes for which it has been collected. Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation. The technical specifications as per data protection concerning the minimum measures referred to in this data processing shall be regularly updated having regard to technical developments of computer systems used.

 

 

DATA SUBJECTS' RIGHTS

 

Data subjects are entitled at any time to exercise his rights as provided for in Section 7 of Law 196/03 and Chapter III GDPR 679/2016, in particular, the right to obtain confirmation as to whether or not personal data concerning they exist and the logic applied to the processing, the right to ask for their integration, the right to object to their processing on legitimate ground, and the right to request rectification, updating, erasure (right to be forgotten) or blocking of data that have been processed unlawfully, the right to obtain a copy of the personal data being processed  as well as the right to data portability. The requests should be sent to Extro Hotels, by e-mail address: ([email protected]).

 

 

RIGHT TO LODGE A COMPLAINT

 

If a data subject considers that the processing of personal data relating to him or her as performed via this website infringes the Regulation, he or she has the right to lodge a complaint with the Garante pursuant to Article 77 of the Regulation, or else to bring a judicial proceeding against the Garante pursuant to Article 79 of the Regulation.

Back to top