Last Updated: 29-Oct-2024
This Antico Borgo Sanda (“we”, “our” or “us”) Privacy Policy (“Policy”) applies to the processing by us of personal information of (potential) guests, bookers and other customers (“Guests”) and visitors to our websites (see Annex I for a full list of our domains), mobile application, and social media accounts and pages (“Visitors”), including our job applicants. Antico Borgo Sanda takes Your personal information is processed by us.
Information we collect and process.
Antico Borgo Sanda collects the personal information of its Guests and Visitors for specified, explicit purposes only and will not process this personal information in a manner that is incompatible with those purposes. In some instances we must collect your personal information in order to enter into an agreement for services with you as a Guest. Where you do not provide this personal information, we may be unable to provide you with services as a Guest. We process (e.g. collect, use, disclose, store) the personal information of our Guests and Visitors for the purposes of operations management, marketing, analytics, recruitment, security management and legal and regulatory compliance, as defined below:
Personal information will be processed only if such processing is based on any of the legal grounds listed in section 6(1) of the General Data Protection Regulation (“GDPR”), notably consent (e.g. for profiling, necessary for the performance of a contract, legitimate interest). Where consent to the collection of personal information is revoked, we will stop processing the personal information.
Depending on whether you are a Guest or Visitor of our website, Antico Borgo Sanda may capture the following information about you:
Purpose of Collection | Categories of Personal Information Collected | Specific Personal Information | Legal Grounds for Collection | Source of Personal Information |
Operations Management | Identifiers | Name, gender, mailing address, email address, telephone number, payment information, preferences and other request needs, health data (in case you book a room adapted for disabled guests or requested admittance of a service animal), other details you provide when making your booking, account information, social media handles and social media details | Necessary for performance of contract | Reservation systems, account creation, communications with us, check-in/check-out |
Customer Service and Customer Feedback | Queries, comments, feedback | Necessary for performance of contract | Surveys, chatbots, social media, your communication with us | |
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information | Recorded telephone conversation, transcript of conversation | Consent | Telephone conversations | |
Internet or Other Similar Network Activity | IP address, information on the use of the room systems (such as lights, blinds, media, climate control and door locks) and other systems (e.g. kiosk use) | Necessary for performance of contract | Website, mobile application, social media, chatbots, room systems | |
Geolocation Data | Location (including whether you are in your hotel room and number of individuals in your room) | Consent | Mobile application, mobile device | |
Commercial Information | Booking details, records of personal property (products) and hotel services purchased, including reservation information and your favorites | Legitimate interest | Purchases made at our hotels, online, or via our mobile application or via third-party websites | |
Marketing | Identifiers | Name, gender, mailing address, email address, telephone number, date of birth, place of residence, your profession, preferences and other request needs, other details you provide when making a booking, account information, social media handles and social media details, other details you have added to your account profile | Consent | Reservation systems, account creation, communications with us, check-in/check-out |
Internet or Other Similar Network Activity | IP address, online behavior on our websites and mobile application and obtained from social media platforms such as LinkedIn and Facebook or data brokers | Consent | Website, mobile application, social media, chatbots | |
Geolocation Data | Location | Consent | Website, mobile application | |
Commercial Information | Booking details, records of personal property (products) and hotel services purchased, including reservation information and your favorites | Consent | Purchases made at our hotels, online, or via our mobile application or via third-party websites | |
Analytics | Identifiers | Name, gender, mailing address, email address, telephone number, date of birth, place of residence, your profession, payment information, preferences and other request needs, health data (in case you book a room adapted for disabled guests or requested admittance of a service animal), other details you provide when making your booking, account information, social media handles and social media details, other details you have added to your account profile | Legitimate interest | Reservation systems, account creation, communications with us, check-in/check-out |
Customer Service and Customer Feedback | Queries, comments, feedback | Legitimate interest | Surveys, chatbots, social media, your communication with us | |
Internet or Other Similar Network Activity | IP address, information on the use of the room systems (such as lights, blinds, media, climate control and door locks) and other systems (e.g. kiosk use) | Legitimate interest | Website, mobile application, social media, chatbots, room systems | |
Geolocation Data | Location (including whether you are in your hotel room and number of individuals in your room) | Legitimate interest | Website, mobile application, mobile device | |
Commercial Information | Booking details, records of personal property (products) and hotel services purchased, including reservation information and your favorites | Legitimate interest. | Purchases made at our hotels, online, or via our mobile application or via third-party websites | |
Protected Characteristics Under California or U.S. Federal Laws | Nationality (where applicable), gender | Legitimate interest | Information you provide to use upon reservation or check-in | |
Legal & Regulatory Compliance | Identifiers | Name, gender, date and place of birth, visa information, place of residence, number of your ID (such as passport or driver’s license), ID expiration date | Compliance with legal obligation | Reservation systems, account creation, communications with us, check-in/check-out |
Commercial Information | Booking details, records of personal property (products) and hotel services purchased, including reservation information | Compliance with legal obligation | Purchases made at our hotels, online, or via our mobile application or via third-party websites | |
Protected Characteristics Under California or U.S. Federal Laws | Nationality | Compliance with legal obligation | Information you provide to use upon reservation or check-in | |
Security Management | Identifiers | Name, gender, mailing address, email address, telephone number, and other data relevant to the no stay list | Legitimate interest | Reservation systems, account creation, communications with us, check-in/check-out |
Education information | Degrees, certifications, education transcripts, diplomas received | Consent | Job application, employment assessments and screenings, other communications with us | |
Biometric Information | Images captured via closed circuit television (CCTV) surveillance systems | Legitimate interest | CCTV surveillance systems | |
Geolocation Data | Location (including whether you are in your hotel room and number of individuals in your room) | Legitimate interest | Mobile application, mobile device, CCTV surveillance systems | |
Recruitment | Identifiers | Name, gender, mailing address, email address, telephone number, date and place of birth, visa information, place of residence, your profession, ID number | Consent | Job application materials, other communications with us |
Internet or Other Similar Network Activity | IP address. | Consent | Website | |
Personality, Professional or Employment-Related Information | Traits, resume, diplomas received, references | Consent | Job application, employment assessments and screenings, other communications with us | |
Biometric Information | Photographs, other images captured on video | Legitimate interest | Job application materials | |
Protected Characteristics Under California or U.S. Federal Laws | Nationality (where applicable), gender | Legitimate interest. | Job application materials |
Sharing Your Information
We will never sell your personal information to third parties. However, we may share your personal information in a limited number of circumstances, including:
The following choices and rights with regards to your personal information are available to you:
You have the right to request that we provide to you the following information about our collection and use of your personal information:
You have the right to request that we delete, restrict or, if you believe that our processing of your personal data is incorrect or inaccurate, change any of the personal information collected from you and retained, subject to certain exceptions. Once your verifiable consumer request is confirmed, we will delete, restrict or change, as the case may be, and direct our service providers to delete, restrict or change your personal information. Your request to delete the personal information collected may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the GDPR.
In some cases, you may receive your personal data provided by yourself in a structured, commonly used and machine-readable format.
Where we process your personal data based on a “legitimate interest”, you may have the legal right to object to the processing of your personal data.
Where we process personal data based on your consent, you have the right to revoke such consent at any given time.
You have the right to set instructions regarding the storage, deletion or communication of your personal data after your death.
You have the legal right to lodge a complaint with the competent authority.
When handling any data access, erasure, or correction requests, we will first confirm the identity of the individual making the request or query and consider our obligations under applicable data protection laws and regulations. Such requests are usually provided free of charge, however, a reasonable fee may be applied to cover our administrative costs for requests that are manifestly unfounded, excessive or repetitive. We always aim to provide you with a response within 15 days.
Our Cookies Policy
This section explains which cookies and similar techniques (hereafter simply referred to as “cookies”) we use on our websites. Antico Borgo Sanda makes use of functional and technical cookies on its website; first party tracking cookies may be used, but only after Visitors have provided their consent thereto. Third parties will only be allowed to place cookies on citizenM’s website if Visitors have provided their consent to the use of such third party cookies. Visitors can withdraw their consent at any time by setting their browser to disable cookies or to remove all cookies from their browser.
Marketing Cookies: With your consent Antico Borgo Sanda places marketing cookies and trackers to advertise our products and services but to you. The marketing cookies also allow us to provide you with relevant offers based on your online browsing, search and booking behaviour.
Website Functionality and Optimization: We use cookies that are necessary to provide the requested service. For instance, technical cookies allow you to proceed through different pages of a website with a single login and they remember selections in shopping carts and (order) forms that are filled out on our websites. We also use cookies to measure your behavior on our websites to learn about the online experience of our website visitors and to improve our websites. In doing so, we also collect the technical features of your terminal equipment and software used by you, such as the type of operating system, the browser settings, the installed plug-ins, the time zone and the screen size of your device.
Cross-Site Tracking: With your consent, third parties can store tracking cookies on your device if you visit our website. Such cookies enable these third parties to track your online browsing behaviour across different websites. A common purpose of such tracking cookies is to provide you with targeted advertisements across the websites you visit. We do not control or influence the use by third parties of the information collected through these third-party cookies. Please read the privacy policies of these third parties to find out more about how they use cookies and process your personal information.
Social Media: With your consent, our websites use cookies to interact with social media platforms. These cookies are also used to optimize your experience of the social media websites. Please be aware that these cookies may also allow social media platforms to track your online behavior for cross-site tracking purposes.
Withdrawal of Consent: You can withdraw your consent at any time by setting your browser to disable cookies or to remove all cookies from your browser.
Protecting Your Personal Information
Antico Borgo Sanda has used and will continue to use reasonable endeavors to protect personal data against loss, alteration or any form of unlawful use. Where possible, personal information will be encrypted and stored on a virtual private server that is secured by means of state of the art protection measures. A strictly limited amount of people, i.e. those people that must have access to personal data for the purpose of their job, have access to personal information. If and to the extent personal information will be stored in a cloud infrastructure provided by third party cloud providers, these providers will be bound by written contract to process personal data provided to them only for the purpose of providing the specific service to citizenM and to maintain appropriate security measures to protect these personal information. citizenM strives to make limited use of paper files which contain personal information. If the use of paper files cannot be avoided such paper files are stored in a closed cabinet and are destroyed in accordance with the applicable retention terms.
Data Breaches: Antico Borgo Sanda will protect the personal information it processes against loss and unlawful processing. If despite such protection a data breach occurs, Antico Borgo Sanda will report such data breach to the appropriate regulatory authorities where it leads to a considerable likelihood of serious adverse effects on the protection of personal information, if it has serious adverse effects on the protection of personal information, or if otherwise advisable or required by law. The data breach will also be reported to the affected individuals if it is likely to adversely affect their privacy or if otherwise required by law. In order to ensure that a data breach will receive adequate attention and, if required, be reported, we have implemented a Data Breach Policy, which describes the procedure that must be followed in case of a data breach.
Data Processing Register: Antico Borgo Sanda will record the details of each data process in a data processing register. All new data processes will undergo a data protection impact assessment (“DPIA”) prior to their implementation. All existing data processes will undergo a DPIA every three years. The purpose of the DPIA is to determine if the relevant data process is likely to result in a high risk to the privacy of Guests or Visitors and, if so, which appropriate measures must be taken to safeguard such personal information.
Data Retention: Antico Borgo Sanda will retain personal information only for the period necessary to fulfill the purposes for which it has been collected, i.e. 3 years from the later of the Guest’s stay, opening our citizenM app, visit of citizenM’s website or opening of citizenM’s newsletter or targeted advertisements, unless a longer retention period is required or permitted by law (which is typically the case in the context of citizenM’s obligations under tax law). The personal information of job applicants will become part of your employment record and will be used for employment purposes if the job application is successful. To the extent any psychological assessment reports are part of a recruitment file, these will be stored in a separate file accessible on a strict need-to-know basis only. Personal information of job applicants that are not successful will be retained in accordance with applicable statutory retention periods unless they provide express written consent to register their name and contact details for a period of one year for the sole purpose of contacting them in case of new job opportunities that may interest them. During this one year period you can always have your details removed from our files by sending an e-mail to info@borgosanda.com.
Cross-Border Data Transfers: As we operate internationally, and provide you with relevant services through resources and servers around the globe, sharing your personal information across borders is essential for you to receive our services. You therefore acknowledge and agree that citizenM may transfer your data globally, so that you can use our services. Your personal information may be transferred to a citizenM hotel or our (support) partners in a country outside of the country where it was originally collected or outside of your country of residence or nationality. For technical and organizational reasons and in the context of our digital cloud infrastructure, personal information is also transferred to servers located in the switzerland, or to servers located in countries outside of the European Economic Area. In this regard, we have entered into so-called EU model clauses with receiving parties or make use of Privacy Shield certified partners to ensure compliance with our data protection obligations, or have ensured that a receiving party has in place so-called “binding corporate rules”. Please contact us if you wish to receive more information on the specific safeguards we have implemented to ensure an adequate level of data protection regarding such transfers.
Monitoring & Audit
Compliance with this Antico Borgo Sanda Privacy Policy will be monitored and audited regularly. The personal data processing register will be updated promptly upon the implementation of a new personal data process. The completeness and accurateness of the personal data processing register will be verified quarterly. The list of partners placing third party cookies on citizenM’s website will be updated monthly. Compliance with this Privacy Policy will be audited annually.
Revisions to this Global Privacy Policy
We have done our best to make sure that this Privacy Policy explains the way in which we process your personal information and rights you have in relation thereto. However, we may change this Privacy Policy from time to time to make sure it is still up to date. When necessary, we will alert you to these changes by posting a prominent notice on our website.
Contact Information/How to Update Your Personal Information
If you have any questions or comments about our Privacy Policy or would like to exercise any of your rights as outlined in this Policy, please email us at info@borgosanda.com