Privacy Policy

WHY THIS NOTICE 
This privacy notice is provided pursuant to Article 13 of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), which contains provisions regarding the processing of personal data. 

SCOPE OF APPLICATION / WEBSITE 

This privacy notice applies to: 

1. Opera SRL, with registered office at Via Donizetti 36 – 20122 Milan, Italy; 
2. The hotels/properties included in the portfolio managed by Opera SRL. The list of hotels and properties is updated regularly and can be consulted on the website www.opera-hotels.com

The information provided herein applies solely to what is specified in the Scope of Application and does not cover any other websites that may be accessed by the user via external links. The Data Controller is not responsible for the processing of personal data and information carried out by these third parties. If the user provides information on third-party websites, the data protection provisions and terms of service of those third-party sites will apply. We encourage users to read them carefully. 

1. DATA CONTROLLER 
   The Data Controller is: 

OPERA SRL, Via Donizetti, 36 – 20122 - Milan, Italy  

e-mail: info@opera-hotels.com 

1. PERSONAL DATA 

Personal data includes any information or data through which a natural person can be identified, either directly or indirectly.  

Opera S.r.l is firmly committed to protecting and respecting users' privacy. In this Privacy Policy, we will provide detailed information on which personal data may be processed depending on specific circumstances, and in Article 3, we will specify the purposes for which such data may be processed. 

1. Browsing Data

The information systems and software procedures responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implied in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

This data is necessary for the proper functioning of the web service. These data are also used solely for the purpose of gathering anonymous statistical information about the use of the site and to monitor its proper functioning.

1. Personal Data We May Collect Through Contact Forms or Addresses on the Website:

When the User requests information, we may collect personal data such as the name, email address, and any additional information the User chooses to include in the "message" field. 

1. Personal Data We May Collect Through Online Registration / Check-in:

When the User contacts us or fills out the forms on the website, we may collect personal data that may include: personal and contact details; nationality; payment information, such as credit card number and other related details; information on additional services/products acquired.  

1. PURPOSES OF DATA PROCESSING 

1. Fulfill legal, administrative, accounting, and tax obligations to which the Data Controller is subject 

1. Manage online bookings in order to fulfill the User's requests; 

1. Follow up on the information requests made by the User; 

1. Collect stay information and perform statistical processing of the data in aggregate form; 

1. Based on current regulations, the Data Controller may use the email address provided during the purchase of one of our services and/or performances to offer similar services and performances to those purchased by the User. However, if the User does not wish to receive such communications, they may notify the Data Controller at any time by writing to info@opera-hotels.com. In this case, the Data Controller will promptly cease the aforementioned activity. 

4. COMMUNICATION OF PERSONAL DATA

The User's personal data may be communicated to: 

- to the structures/hotels within the Data Controller's portfolio that need to process the data for the proper provision of the chosen services and solely for the purposes described above; 

- to third parties that provide outsourcing services to the Data Controller and act as Data Processors based on a contract/appointment agreement (the list of updated Data Processors can be requested at any time); 

- to Public Authorities, judicial authorities, and those entities to whom communication is mandatory by law. These entities will process the data in their capacity as independent Data Controllers. 

The User's personal data is processed exclusively by personnel duly authorized to process personal data and bound by a confidentiality obligation. 

5. LEGAL BASIS FOR PROCESSING

Each processing of the User's personal data is justified by one of the following legal grounds: 

Pre-contractual/Contractual: The processing is necessary to execute a contract between the parties.  

Legal Obligation: The processing is necessary to comply with a legal obligation.  

Legitimate Interest: The processing is necessary for the pursuit of the legitimate interest of the Data Controller, provided that the interests or fundamental rights and freedoms of the User, which require the protection of personal data, do not override.  

Consent: Processing is only possible if you have given consent for specific purposes. In this case, you can withdraw your consent at any time by contacting the Data Controller as indicated in the dedicated section. 

6. PROCESSING AND STORAGE OF DATA

The processing of the User's personal data will be carried out both electronically and manually, using methods and tools designed to ensure the highest level of security and confidentiality, by qualified and specifically authorized individuals, in compliance with the provisions of the GDPR.  

The data is stored on servers located within the EU. However, it is understood that the Data Controller, where necessary, has the right to transfer the data outside the EU. In such cases, the Data Controller ensures that the transfer of data outside the EU will be carried out in accordance with the applicable legal provisions (Articles 45, 46, 47, 49 of the GDPR). 

The User's personal data is kept only for as long as necessary to fulfill the purposes for which it was collected, and also to comply with any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, as well as the applicable legal requirements. 

In particular: 

• Data collected for accounting and tax purposes will be kept for no longer than 10 years from the User's last contact, in compliance with the legal requirements for the minimum retention period of accounting and tax records imposed by Italian law. 

• Data related to your credit card will be kept for a maximum of 30 days from the payment. 

7. RIGHTS

With regard to the processing mentioned, the User may request at any time (using the contact details provided in paragraph 1) confirmation as to whether or not their personal data is being processed, and in relation to this, the User has the right to:  

• Request access to the data in order to obtain information about the purposes of the processing, the recipients to whom the data may be communicated, the duration of the processing (where possible), and any consequences of processing based on profiling; 

• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; 

• Request correction of personal data if it is found to be inaccurate or incomplete; 

• equest the deletion of data if it is no longer necessary for the Data Controller for the purposes of processing, is inadequate for the purposes of processing, the User has withdrawn their consent, or the data has been processed unlawfully; 

• Request restriction of data processing in the cases provided for by the law; 

• Request the transfer of data to another Data Controller in a commonly used and machine-readable format, without hindrance from the current Data Controller; 

• Object to the processing of their data, and specifically, has the right to object to decisions concerning them if based solely on automated processing of their data, including profiling; 

• Lodge a complaint with the competent authority if they believe that the processing concerning them violates the applicable data protection laws: by visiting the website http://www.garanteprivacy.it;  
  
  

8. COOKIES
   For information on how this site uses cookies, please refer to the Cookie Policy.

9. MODIFICATIONS

The Data Controller reserves the right to modify or simply update the content of this Privacy Policy, in whole or in part, also due to changes in the applicable law. Such modifications will be binding as soon as they are published on the Site. If you continue to access or use the service after such publication, it will be assumed that you have expressly accepted these changes. Therefore, the Data Controller encourages you to regularly visit this section to be aware of the most recent and updated version of the Privacy Policy, in order to stay informed about the data collected and how it is used by the Data Controller.