menu
Offers
CPH Boat
Sustainability
  • ELECTRIC CAR CHARGING STATION
  • PLASTIC FREE
  • DREAM&CHARME CERFIFICATION
Book your exclusive stay

check in

check out

Adulti

Bambini

Camere

Promo code

Modify / Cancel reservation
eng
  • Home
  • Privacy policy

    • Privacy policy

    Information on the protection of personal data

    Pursuant to Article 13 of EU Reg. 2016/679 "General Data Protection Regulation", hereinafter referred to as the "Regulation", ITI Sardegna S.r.l., hereinafter referred to as the "Company", with registered and operational office in loc. Porto Cervo, Arzachena (OT) c/o the CPH | Colonna Pevero Hotel, acting as Data Controller, is required to provide information regarding the processing of personal data carried out both within the www.cphpeverohotel.com domain and through electronic means or on-site at the hotel.

    The definitions of the terms used and the data subject's rights are set out in full at the end of this privacy notice.

    Why we provide this data processing notice

    Providing this data processing information notice is a legal obligation as well as an act of transparency. Here is why it matters:

    1. Compliance with the law: It is required by the General Data Protection Regulation (GDPR) and other local regulations. This ensures that personal data is collected, used, and stored correctly and lawfully.

    2. Transparency: The notice clearly explains what data is collected (e.g., name, contact details, check-in documents) and why (e.g., booking management, invoicing, legal obligations).

    3. Customer protection: It guarantees customers that their data will be protected, preventing misuse such as unauthorized marketing or sharing with third parties without consent.

    4. Guests' rights: It informs customers about their rights—such as accessing, rectifying, or erasing their data—and how to exercise them.

    5. Trust: Demonstrating commitment to data protection increases customer trust, enhancing the hotel's reputation.

    What data is processed

    In order to stay at our property, you must mandatory provide consent for the following data: name, surname, place and date of birth, ID/passport number, residential or domicile address, and phone contact details.

    If you wish to stay in touch with our organization, receive external messages in your room, take advantage of additional services offered by our staff, request a specific dietary regime, or communicate other needs, we will ask for your specific consent for each requested activity.

    You may exercise your rights at any time as detailed in the "Definitions" section.

    Data processing methods

    In relation to the specified purposes, the data provided by you in person or electronically will be subject to digital and paper processing and handled through specific procedures in order to customize the services that the Company is able to offer you.

    Data processing will be carried out in a way that guarantees confidentiality and the highest level of IT and physical security. It may be performed using manual and digital tools designed to store and transmit said data to our authorized personnel.

    The logic of the processing will be strictly related to the illustrated purposes; in particular, your data subject to contractual processing will be processed and stored using specific procedures and handled:

    • By the business units responsible for managing the aforementioned activities, or authorized to perform those necessary for the maintenance and/or execution and/or termination of the relationship established with you;

    • By third-party natural or legal persons who, under contract with the Company, provide specific processing services or perform activities connected, instrumental, or supportive to those of the Company itself.

    • Data retention period

    Your data will be stored for the period prescribed by current legislation and, in any case, until the aforementioned purposes are achieved, after which it will be deleted. With your explicit consent, your data may be stored for a maximum period of 5 years from your last visit to allow for a faster check-in at our property. If you have not expressed a wish to remain updated on the Property's activities, your data will be kept for the time strictly necessary for accounting balance verifications.

    Third-party communications

    Your data may be communicated to third parties, subject to your consent expressed in accordance with the law, such as:

    1. Banks appointed to settle payments according to the agreed methods;

    2. Insurance institutions for the settlement of any damage claims;

    3. Authorized entities or bodies for the fulfillment of relevant obligations within the limits of legal provisions;

    4. Organizations belonging to the ITI group to improve the quality of services that the Company is able to offer you;

    5. Natural or legal persons who, under contract with the Company, provide specific processing services or perform activities connected, instrumental, or supportive to those of the Company itself.

    Our website contains hyperlinks that constitute communication to other domains; however, the Company is not responsible for any data protection violations committed to your detriment by other websites that may have fraudulently cloned our web page or do not comply with the provisions of EU Regulation 2016/679. The list of External Data Processors is available at our offices.

    Data Controller and Data Protection Officer

    The Data Controller is ITI SARDEGNA S.r.l. with registered and operational office in loc. Porto Cervo, Arzachena (OT) c/o the Colonna Pevero Hotel.

    You are granted the right at any time to withdraw your consent to the processing of your data by activating the deletion procedure or to modify the processing. Obviously, erasure requests may result in the termination of the contract and services, if active.

    Our Company has appointed Dr. Eng. Luca Lestingi as RPD/DPO (Responsabile della Protezione dei Dati / Data Protection Officer). Any report of alleged violations of the data subject's rights may be communicated to info@progettosavi.eu

    Contacts

    If you wish to have more information on the processing of your personal data, or if you want to report an issue, lodge a complaint, or modify your data or the processing itself, you can send an email to privacy@cphpeverohotel.com You can also contact us by phone at +39 0789 907009, also to obtain answers regarding the management of information by the Company. Before providing answers, it will be necessary to verify your identity and answer a few questions. We will provide a response as soon as possible.

    DEFINITIONS

    For the purposes of this privacy notice, the following definitions apply:

    1. «personal data»: means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 

    2. «processing»: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

    3. «restriction of processing»: means the marking of stored personal data with the aim of limiting their processing in the future; 

    4. «controller»: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

       

    5. «processor»: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 

    6. «recipient»: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; 

    7. «third party»: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; 

    8. «consent of the data subject»: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

    9. «personal data breach»: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

    10. «data concerning health»: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

    11. «person in charge of processing (authorized person)»: The natural person authorized to carry out processing operations by the controller or processor;

    12. «domain»: the domain, accessible through the world wide web service of the internet network, consisting of data and applications for the transmission and eventual collection of information.

    13. «Lawfulness of processing»: Processing shall be lawful only if and to the extent that at least one of the following applies:

       

      a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

       b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
       c) processing is necessary for compliance with a legal obligation to which the controller is subject;
       d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
       e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
       f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
       

    RIGHTS OF THE DATA SUBJECTS

    In relation to the processing of personal data, the data subject has the right, pursuant to the Regulation (articles reproduced in full in the annex):

    • The data subject has the right to receive the information notice pursuant to Art. 13;

    • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information pursuant to Art. 15; 

    • The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement pursuant to Art. 16;

    • The data subject shall have the right to obtain from the controller restriction of processing pursuant to Art. 18;

    • The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it pursuant to Art. 19;

    • The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided pursuant to Art. 20;

    • The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims pursuant to Art. 21;

    • The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her pursuant to Art. 22;

    For the full text of EU Regulation 2016/679, please consult the website of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

    https://www.garanteprivacy.it/web/garante-privacy-en/home_en






    Book now