The present privacy information page is provided in compliance with art. 13 of Regulation 2016/679 (GDPR) (General Data Protection Regulation) to users who access our website and regards all personal data processed according to the modalities below.

THE DATA CONTROLLER The Data Controller is Sogear srl, owner of HOTEL DÉSIRÉE, located at Spartaia – 57030 Procchio – Marciana Phone +39 (0565) 907-311 E-mail:

The personal data processed in this website are collected as they are provided directed by their owner, or otherwise supplied automatically. The personal data provided directly by the owner include all personal information provided to the Data Controller, regardless of the modality, directly by the owner. In particular, the following personal information is collected and processed: • E-mail • Check-in date Check-out date • Number of adults • Number of children • Number of rooms The data collected automatically are browsing data. These data, although not collected in order to be associated to the user’s identity, may indirectly make it possible to identify the user, through the processing and the association of the data collected from the Owner. In particular: • IP address • Browser and browsing device After sending newsletters, the platform used allows for the identification of the moment a message is opened and the clicks on the newsletter itself, together with details relative to the IP address and the browser/device used. Collecting these data is crucial for the functioning of the implicit renewal systems of the processing (see entry Processing Modes) and an integral part of the operativeness of the sending platform.

The data are processed exclusively for the purposes for which they are collected, as described below. We use the data supplied to us for: • reservation services, request of budget estimates • only following the specific consent of the user, to allow for the subscription to specific services and other services such as sending informative and marketing communication via e-mail or other electronic tools. Providing the data listed in the section “Collected Data” is compulsory to allow the user to access the service. For this reason, consent is compulsory and rejecting the processing, i.e. the absent, inaccurate or partial providing of these data may result in the impossibility to provide the service correctly. Supplying the data for the purpose of sending newsletters for promotional, informative or research purposes is optional refusing to give consent for the processing will make it impossible to be updated on marketing initiatives and/or promotional campaigns, to receive offers or other promotional material and/or to receive personalised offers. Hotel Désirée does not share any of the user’s information to third parties without their consent, except where determined by the law. In any case, none of these data will be shared or transferred to a non-EU country.

Users are allowed to withdraw their consent to receiving promotional and marketing communications immediately by sending a request to or by clicking on the unsubscribe link at the end of each promotional and marketing e-mail they receive.

Personal data are processed with automated tools only for the amount of time necessary to achieve the goals for which they were collected; in any case, this processing includes an annual verification of the stored data in order to delete data that are considered obsolete, except when the law declares that data must be stored. Data processing usually takes place at the headquarters of the Hotel Désirée company, by personnel or external collaborators properly designated as in charge of the processing. The full list of data processing owners and of those in charge of processing the personal data can be requested by sending a request to Subscription and its relative processing are considered valid up to the moment the user unsubscribes via link provided in each newsletter, or 12 months after the last communication of which there is evidence of direct interaction (clicking, opening, replying). Specific safety measures are adopted to prevent data loss, illicit or improper use of these data, or unauthorised access to them.

According to art. 7 of the Privacy Code and article 13 GDPR, each user has the right to obtain a confirmation of the existence or lack thereof of their personal data, even if not yet registered, and their communication in an intelligible fashion. In particular, data owners have the right to obtain from Hotel Désirée the indication: 1. of the origin of their personal data; 2. Of the purpose and modalities of data processing; 3. of the logic applied in the event of processing that uses electronic/computer tools; 4. Identification information of the data controller, of the people in charge and of the designated representatives; 5. of the subjects and categories of subjects with which the data can be shared or that may come to know these data as designated representatives in the territory of the State, as people in charge or as people responsible. In addition, users have the right to obtain from Hotel Désirée 1. the update, correction i.e. Integration of their own data; 2. Deleting, turning data into anonymous or blocking the data processed in violation of the law; 3. Access to their own data, i.e. confirmation that their personal data are being processed or not; 4. limitation of the processing; 5. data portability, i.e. the right to receive, in a structured fashion, personal data pertaining to them; 6. right to complain to the Control Authority. Finally, users have the right to oppose, partially or in full, due to legitimate reasons, the processing of their own personal data, albeit relevant for the goal of the data collection. In particular, users have the right to oppose the processing of their personal data with the goal of sending marketing material or direct sales material, or for market surveys or for commercial communication surveys. The requests described above must be e-mailed to

Hotel Désirée reserves the right to modify, add to or periodically update this Privacy Information Policy in compliance with the applicable regulations or with the measures adopted by the Privacy Authority regarding personal data. These modifications or integrations are always reported to the users through a link at the Privacy Policy page in the website and will be directly reported to the users via e-mail. We invite users to read the Privacy Policy on a regular basis to check the updated Policy and decide whether or not they wish to continue to use the services offered. The crucial points that should be kept in mind, while preparing the document as well as in its continuous operativeness, are • The list of the data collected during sign up • The notification of the automatic collection process provided after sending a newsletter • The specified duration of the data processing • The description of any automatic profiling processes. Duration of the processing Sign up and relative data processing are valid until the user unsubscribes to the service, through the link in each newsletter e-mail, or 12 months after the last communication of which there is direct evidence of interaction (clicking, opening, replying).

Special Offers