1. How the website works
By means of the website www.thegrittipalaceboutique.com (the “Site”), managed by Gritti Management S.r.l. - The Gritti Palace Hotel (“The Gritti Palace”), a hotel managed by Starwood Group, the User accesses and may look through exclusive Gritti Palace products (such as foods, fragrances, gift vouchers, etc.). In addition, by registering to the Site, the User may also place orders and purchase said products, as well as receive further services offered by the Site.
3. Data Controller
The Data Controller is The Gritti Palace Hotel, based in Milan, Piazza della Repubblica 20.
The data is mainly processed at the Data Controller’s premises, within the European Union and, with respect to services provided by third parties, also outside the European Union.
In case of transfer of the data in countries which do not ensure standard of protection equivalent to Italy, The Gritti Palace undertakes to adopt all the necessary measures to legitimize said transfer.
4. Modalities of data processing
The data is processed mainly with electronic, computerized and automated means, for the period of time which is strictly necessary to seek the purposes for which it was collected.
The Gritti Palace processes the data in compliance with the law, adopting adequate security measures able to prevent non-authorized accesses, dissemination, non-authorized alteration or destruction of the data.
5. Purposes of data processing
Users’ data will be processed exclusively for the following purposes:
- Activation and operative management of the services offered by the Site (e.g. Users’ registration, fulfilment of Users’ orders, processing of payments, customer service, etc.), as well as for the carrying out and management of the respective administrative and/or accounting purposes. In this respect, the providing of the data by the User is voluntary but the refusal to provide the same data will cause the impossibility to obtain the service requested (e.g. processing and fulfilment of the order). In this regard, the legal basis of processing is the performance of services expressly requested by the User;
- Information to the User, by means of newsletter email communication to the email address provided by the same User, in relation to new products and/or services offered by The Gritti Palace similar to the ones already purchased by the User. In this respect the consent from the User is not necessary (so-called “opt-out” mechanism), but the latter may always oppose the processing. To such extent, any communication concerning The Gritti Palace’s new products and/or services will give the User the possibility to refuse further similar communications. The legal basis of the processing in this case is the legitimate interest of The Gritti Palace, as provided by the art. 130.4 of the Privacy Code and the premises no. 47 to the GDPR: in relation to this purpose the User will be always allowed to object to such processing, by clicking on the link in the communications or by contacting The Gritti Palace.
- With the previous consent from the User, marketing activities, such as the sending of newsletters of invitations to The Gritti Palace’s events and initiatives, invitations to participate in surveys and market researches, commercial and promotional communications concerning products and/or services by The Gritti Palace. The purposes above will be carried out with automated and non-automated means (e.g. email, sms, ordinary mail, etc.). In order to carry out such activities it is necessary to acquire the consent from the User: the consent will be required upon registration and may be always revoked, also partially; for example, the communications sent by email will give the User the possibility to refuse further sending. The legal basis of the processing is the express, specific and voluntary consent of the User , and the refusal to provide the same will only prevent the User from receiving invitations, promotions and offers, of course not affecting the possibility of using the services and functionalities of the Site;
- With the previous consent from the User, marketing activities such as the sending of newsletters of invitations to events and initiatives, the sending of informational and promotional material on products/services of other companies of the Group, invitations to participate in surveys and market researches, with automated and non-automated means (e.g. email, sms, ordinary mail, etc.) in relation to services and/or offers by other companies of the Group. In order to carry out such activities it is necessary to acquire the consent from the User: the consent will be required upon registration and may be always revoked, also partially. The legal basis of the processing is the express, specific and voluntary consent of the User, and the refusal to provide the same will only prevent the User from receiving invitations, promotions and offers by the other companies of the Group, of course not affecting the possibility of using the services and functionalities of the Site;
- With the previous consent from the User, marketing activities, such as the sending of newsletters of invitations to The Gritti Palace’s events and initiatives, invitations to participate in surveys and market researches, commercial and promotional communications concerning products and/or services by The Gritti Palace personalized according to the User’s preferences, interests and habits, as analysed and elaborated by The Gritti Palace as collected in specific sections of the Site. In order to carry out such activities it is necessary to acquire the consent from the User: the consent will be required upon registration by the User and may be always revoked, also partially. The legal basis of processing is the express, specific and voluntary consent of the User, and the refusal to provide the same will only prevent the User from receiving personalized invitations, promotions and offers, of course not affecting the possibility of using the services and functionalities of the Site;
- Purposes connected to the execution of obligations provided by law, regulations, EU and national provisions, orders imposed by competent authorities, which represent the legal basis for the relevant processing operations.
6. Personal data undergoing processing
The Gritti Palace receives and collects, through the Site, information related to the Users visiting its pages and using the services offered by the Site. In particular, The Gritti Palace will collect and process the following information.
6.1 Web-browsing data
When the User browses through the Site, the latter collects certain information such as the pages visited, the links and/or buttons clicked by the User, the date and hour of the access, the User’s IP address, the browser used the operative system used (so called “web-browsing data”). Said data, for its nature, in certain cases could allow to identify the User, also by means of elaborations and connections with third party data. However, The Gritti Palace uses said data exclusively to obtain statistical and anonymous information about the use of the Site, for purposes strictly related to the control of its correct running. The data may also be used for the ascertainment of liabilities in case of IT crimes in damage of the Site.
6.2 Data voluntarily provided by the User
The Gritti Palace does not collect User’s data by external sources and limits to the minimum the collection of User’s personal data, exclusively in relation to the purposes illustrated in previous par. 5, meaning:
- Registration to the Site: when registering to the Site, the User will be asked to provide an email address and create a password for accessing the Site, as well as the User’s name, surname, date of birth, addresses and telephone numbers. The providing of said data is entirely voluntary, however, the refusal to provide all the mandatory information (marked with a *) will impede the possibility for the User to registering to the Site.
- Placement of the order and purchase of the products: in addition to the data requested in the Registration form, in order to place the orders and purchase the products, the User will be also asked to provide the address in which the products shall be delivered by The Gritti Palace. Furthermore, in order to allow the payment of the orders and products purchased, the User will be directed to a banking portal, where the User can proceed with the payment by inserting his/her credit card data and relevant security codes;
- Sending of the newsletters: both when the User registers to the Site and in other moments (e.g. when placing orders), the User may freely express (by selecting the specific tick-boxes) the consent for the use of his/her personal and contact data (e.g. email address) for the sending of newsletters from The Gritti Palace and/or third parties as illustrated in previous par. 5, lett. c, d, e. The providing of the consent by the User is entirely free and it will not affect the possibility of registering to the Site, the placing of the orders and purchasing of the products, the use of the other services offered by the Site
- Other data voluntarily provided by the User: during the use of the services offered by the Site, the User may also provide The Gritti Palace with other data, further to those indicated above, in order to receive additional information and/or services (e.g. by requesting information, reporting disservices or dysfunctions on the Site, etc.). Said data will be processed by The Gritti Palace exclusively for the purpose strictly related to the User’s request. The refusal to provide said data may affect the possibility, for the User, of receiving the service or information requested.
A cookie is a little file which a website sends to the browser and saves on the User’s computer when visiting a website. Cookies are used in order to allow or enhance the running of the website, but also to gain information on the Site or on the User’s web-browsing activities.
- Technical cookies
These cookies are essential to allow the User to browse on the Site and use its functionalities, such as the access to the reserved area of the Site (cookie of authentication). The strictly necessary cookies are used to record a univocal identifier in order to manage and identify the User with respect to other Users visiting the Site in the same moment, providing the User with a consistent and precise service (e.g. the shopping cart). These cookies are necessary to the correct working of the Site and to record the choices expressed by the User (e.g. username, language, etc.), to distribute requests on different servers, to record when the User gives his/her authorization or expresses the consent to specific options (e.g. newsletters), to allow the User to visualize contents and video through Adobe Flash Player.
Performance and Analytics Cookies
These cookies may come from The Gritti Palace or third parties such as GOOGLE ANALYTICS, session or persistent cookies, and their use is limited to the performance and enhancement of the Site. They collect information concerning how a User uses the Site, such as the pages visited. In addition, analytics cookies may recognize, measure and track the visitors of the Site, allowing us to improve and enhance the Site, by way of an example by ascertaining if the User easily finds the searched information, or by identifying the aspects of the Site are more interesting. Said cookies are used by The Gritti Palace to elaborate statistical analysis on the ways Users browse through the Site, on the number of pages visited or of clicks made on a page during the browsing.
7.3 First party targeting and profiling cookies
These cookies are used in relation to the contents visualized and the use of the Site by the User. This allows the Site to record and register the preferences showed by each User for the following visits, analysing the User’s behaviour on the Site and personalizing specific contents of the Site depending on the single User, in order to develop the contents and send advertising messages in line with the preferences showed by the User during the browsing of the Site. This category of cookies may be also used in order to limit the number of visualization of specific advertising, and to measure the effects of a specific advertising campaign.
We may also insert web beacons (GIFT or web bugs) in our web pages and emails in order to verify the clicks on the links or images contained there and the opening of the emails of newsletters. Such information are collected in order to calculate the number of Users which have visited the pages of the Site or clicked the content of the newsletters, allowing us not only to obtain statistical information, but also to identify the features and contents preferred by each User, in order to send personalized information.
7.4 Third party targeting and profiling cookies –
The Gritti Palace avails itself of commercial partners in order to show advertising about the Site on third websites and to allow advertising network partners to show advertising contents related to the preferences of the User which has registered to the Site or visited it. These cookies are used by [Hotel Grande Bretagne, Athens – Hotel Imperial Vienna – (and Google, Facebook, Twitter, Instagram (we may invest in paid advertising of The Gritti Palace online store in these channels) in order to present to the User advertising banners when he/she is visiting other websites, showing the last contents visualized on the Site. During the User’s web browsing, these cookies are also used to show him/her products or services which may be of interest or similar to those previously visualized, based on the browsing chronology.
7.5 How to disable cookies on the browser
- Microsoft Internet Explorer: Click “Tools” in the top right corner and select “Internet settings”. In the pop-up select “Privacy”: here the User may change the cookies settings.
- Google Chrome: Click the “wrench” in the top right corner and select “Settings”. Then select “Show advanced settings” and change the “Privacy” settings.
- Mozilla Firefox: In the top left menu select “Settings”. In the pop-up window select “Privacy”: here the User may change the cookies settings.
- Safari: In the top right menu select “Preferences”. Then select “Security” and change the cookies settings.
In order to carry out such operation in the mobile telephone, please consult the handbook of the device.
Please be aware that by disabling all the cookies on the Site, certain functionalities of the Site may not be available (e.g. authentication).
7.6 Further information on cookies
The website www.allaboutcookies.org contains the instructions for the management of cookies of the most used browsers; alternatively, it is possible to consult the documentation related to the software used on the device.
8. Communication of data to third parties
The data provided by the User and those collected by the Site in the providing of the services (e.g. IP address) will not be disseminated and may be communicated, also abroad in Countries outside the EU, exclusively for the purposes and with the modalities above, to the following categories of entities:
- collaborators, consultants, professionals, companies of the Group providing to The Gritti Palace technical or organizational services (e.g. IT service providers), or collaborating with The Gritti Palace, for the correct providing and execution of its services or for marketing activities;
- persons, companies, professionals, companies of the Group providing assistance and advice to The Gritti Palace, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;
- companies of the Group, for the purposes illustrated in previous par. 5 lett. d, when required by law with the consent from the User;
- subjects and entities legitimated to access the data by law provisions or authorities’ order.
The subjects and entities indicated above will process the data in their quality as autonomous data controllers pursuant to applicable law or as Data Processors.
In particular, in case of communication of data to subjects established in non-EU countries, The Gritti Palace adopts the measures provided for by the Privacy Code and the GDPR to legitimize the transfer of data to third countries and specifically.
The list of names of the subjects to which the data are or may be communicated is available by contacting The Gritti Palace at the address indicated in par. “Contacts and Users’ rights”.
9. Data retention
Personal data are processed for the time necessary to provide the services requested by the User and for the performance of related and instrumental activities, as indicated in paragraph 5 above, and are deleted upon the termination of the purposes for which they were collected and processed.
To ensure the continuous update of the data, The Gritti Palace will deactivate the User’s account and the services requested after a period of 12 months of inactivity by the same User. The User will always have the possibility of registering again.
9. Contacts and Users’ rights
The User, in its quality as data subject (i.e. the natural person whose data is processed) can exercise specific rights by contacting The Gritti Palace with the modalities indicated below.
In particular, the User has the right to obtain:
(i) the confirmation as to the existence of data concerning him/her, even if not recorded yet, and the communication of the same data in intelligible form;
(ii) the indication of the origin of the data, purposes and modalities of the processing, subjects and categories of subjects to which the data may be communicated or which may know the data in their quality as representatives in the State’s territory, as data processors, or persons in charge of the processing;
(iii) the updating, rectification or, in case of interest, integration of the data;
(iv) the erasure, anonymization or the blocking of the data unlawfully processed.
The User has the right to oppose, also partially for the single channels of communication, on legitimate grounds, the processing of the data and to oppose the processing for commercial information, marketing, profiling and market research purposes.
Furthermore, where applicable, the User shall also exercise the rights referred to in Sections 16 to 21 of the GDPR, in particular:
- the rectification of data, namely the update or amendment of data;
- the erasure of data;
- the restriction of processing;
- the portability of the data.
Furthermore, the User has the right to object, for legitimate reasons, to processing of data and – also partially in relation to different channels of communication – to processing of data for marketing purposes by The Gritti Palace or third parties.
Lastly, the User has the right to lodge a complaint to the Data Protection Authority in relation to processing of data referred to in this Policy.
The rights listed above may be exercised by means of the specific functions available on the Site, or of the links inserted in the email, or by sending an email to the following address: firstname.lastname@example.org, email@example.com, Maurizio.firstname.lastname@example.org
In case the amendments are particularly meaningful, The Gritti Palace may communicate them to the User by means of a different channel (e.g. by sending an email).
For any enquiries, please use the contact details below
Phone: +39 041 794611