Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

Last updated: April 14, 2025

1. Data Controller

Roma Five Suites
Address: Via Cesare Battisti 133, 00187 Rome (RM), Italy
Email: privacy@romafivesuites.com
Website: www.romafivesuites.com

2. Purpose of Processing

Personal data are processed for the following purposes:

• Responding to requests and providing information;

• Managing bookings and stays;

• Fulfilling legal, tax, and contractual obligations;

• Sending promotional communications, subject to consent;

• Analyzing website traffic and improving services.

3. Legal Basis

Processing is based on:

• Execution of pre-contractual or contractual measures (Art. 6.1.b GDPR);

• Legal obligations (Art. 6.1.c GDPR);

• Data subject’s consent (Art. 6.1.a GDPR) for marketing activities and non-technical cookies;

• Legitimate interest of the Data Controller (Art. 6.1.f GDPR) for security and service improvement purposes.

4. Processing Methods

Processing is carried out using electronic and manual tools, adopting appropriate security measures to ensure the confidentiality, integrity, and availability of data.

5. Recipients and External Tools

Data may be communicated to external parties involved in activities related to the website and service management, including:

• Booking.com – for online booking management. Booking.com acts as an independent data controller for data collected directly through its platform.

• KrossBooking – channel manager used for synchronization and booking management; acts as an external data processor.

• Google LLC – through:

  • Google Analytics for statistical traffic analysis;

  • Google Maps for map integration on the contact page;

• Meta Platforms Ireland Ltd. – through:

  • Instagram, for promotional purposes and social presence;

• Parties providing technical, accounting, and legal support.

All providers are selected to ensure adequate levels of security and GDPR compliance.

6. Data Transfer Outside the EU

Some providers (e.g., Google, Meta) may process data outside the European Economic Area. In such cases, processing occurs in compliance with the standard contractual clauses approved by the European Commission or other legal bases provided by the GDPR.

7. Data Retention Period

• Contact data: until the request is fulfilled and up to 12 months.

• Contractual data: 10 years for tax and accounting obligations.

• Marketing data: until consent is withdrawn and in any case no longer than 24 months.

8. Data Subject Rights

The user may exercise the rights provided by Articles 15-22 of the GDPR:

• Access, rectification, deletion;

• Restriction and objection to processing;

• Data portability;

• Withdrawal of consent (without affecting the lawfulness of prior processing);

• Complaint to the Supervisory Authority (www.garanteprivacy.it).

Requests: info@romafivesuites.com

Cookie Policy

What are cookies?

Cookies are text files that websites send to the user’s device to store information useful for navigation or service provision.

Types of Cookies Used

The website uses:

• Technical cookies: Essential for the website’s operation (e.g., preferences, user session). Do not require consent.

• Analytical cookies (Google Analytics): Used to collect aggregated and anonymous data on website usage. Set in anonymized mode (IP masked). If not anonymized, consent is required.

• Third-party cookies:

  • Google Maps – to display the property’s location.

  • Booking.com – for widgets and booking systems;

  • Instagram – for widgets or sharing buttons;

These cookies may collect data even outside the website, according to their respective privacy policies.

Consent Management

Upon first visit, the user can accept or reject non-technical cookies through the management banner. Preferences can be changed at any time via the browser settings or the “We value your privacy” pop-up.