Check In
10 07 2024
Check Out
11 07 2024
Cancel / modify reservation
book now
close
Privacy Policy 2

Privacy Policy

WHY THIS NOTICE
This notice is provided pursuant to Article 13 of Regulation (EU) 679/2016 (“General Data Protection Regulation” – GDPR), laying down provisions concerning the processing of personal data 679/2016.

SCOPE OF APPLICATION / WEBSITE
This notice is valid for:
The company Opera SRL, with registered office at Via Donizetti, 36 – 20122 - Milan;
The hotels/properties included in the Portfolio managed by Opera SRL. The list of hotels and properties is regularly updated and can be consulted on the website www.opera-hotels.com

The information provided herein relates solely to what is indicated in the Scope of application and not to other websites that may be consulted by the user via external links. The Data Controller is not responsible for the processing of personal data and information by such third parties. If the User provides information on third-party websites, the personal data protection provisions and terms of use applicable on those third-party websites shall apply, which the User is invited to read.


DATA CONTROLLER
The Data Controller is:
OPERA SRL, Via Donizetti, 36 – 20122 - Milan
e-mail: info@opera-hotels.com


DATA PROCESSED
Personal data includes any information or data through which a natural person can be identified, either directly or indirectly.
Opera S.r.l. is firmly committed to protecting and respecting the privacy of users. This Privacy Notice explains in detail which personal data may be processed depending on the specific circumstances, indicating in Article 3 the purposes for which such data may be processed.

  • Browsing data
    The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
    This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
    Such data are necessary for the use of the web service. These data are also used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning.
  • Personal data that we may collect through contact forms or addresses available on the website
    When the User requests information, we may collect personal data such as name, e-mail address, and additional information that the User may choose to enter in the “message” field.
  • Personal data that we may collect through online registration/check-in:
    When the User contacts us or completes the forms available on the website, we may collect personal data which may include: personal and contact details; nationality; payment data, such as credit card number and other related information; information on additional services/products purchased.
  • Personal data that we may collect in connection with the recording of incoming calls:
    When the User contacts us by telephone, some calls may be recorded and transcribed using artificial intelligence tools, subject to the User’s consent, who will be informed via an automated message of the possibility of recording the telephone conversation. Should the User choose not to interrupt the call, this shall be deemed as expression of the principle of continuation of the call and therefore consent to the recording. The personal data processed include any identification data (first name, last name); contact data (telephone number); call metadata and voice content of the conversation.


PURPOSES OF PROCESSING
To comply with legal, administrative, accounting and tax obligations to which the Data Controller is subject
To manage online bookings, in order to process the User’s requests;
To respond to information requests submitted by the User;
To collect stay-related information and carry out statistical processing of data in aggregated form;
In the event of consent to the recording of the telephone call, the data collected will be processed to improve service quality, monitor request flows, analyse marketing campaigns, optimise internal processes and for statistical purposes;
On the basis of the applicable legislation, the Data Controller may use the e-mail contact details provided at the time of the purchase of one of our services and/or performances in order to propose services and performances similar to those purchased by the User. However, should the User not wish to receive such communications, they may notify the Data Controller at any time by writing to info@opera-hotels.com; in such case, the Data Controller will promptly discontinue the aforementioned activity.

DISCLOSURE OF PERSONAL DATA
The User’s personal data may be disclosed:

  • to the properties/hotels included in the Data Controller’s Portfolio that need to process the data for the correct provision of the selected services and exclusively for the purposes described above;
  • to third parties providing outsourced services to the Data Controller and acting as Data Processors on the basis of a contract/appointment (you may request the updated list of Data Processors at any time);
  • to Public Authorities, judicial authorities, as well as to those subjects for whom disclosure is mandatory by law. Such subjects will process the data in their capacity as independent Data Controllers.

The User’s personal data are processed exclusively by personnel duly authorised to process personal data and subject to a duty of confidentiality.

LEGAL BASIS FOR PROCESSING
Each processing of the User’s personal data is justified by one of the following legal bases:
Pre-contractual/Contractual: Processing is necessary for the performance of a contract between the parties.
Legal obligation: Processing is necessary to comply with a legal obligation.
Legitimate interest: Processing is necessary for the pursuit of the legitimate interest of the Data Controller, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the User which require protection of personal data.
Consent: Processing is possible only where you have given your consent for specific purposes. In such case, you may withdraw the consent previously given at any time by contacting the Data Controller as indicated in the relevant section.

METHODS OF PROCESSING AND DATA RETENTION
The processing of the User’s personal data will be carried out both electronically and in paper form, using methods and tools designed to ensure maximum security and confidentiality, by qualified and duly authorised subjects in compliance with the GDPR.
The data are stored on servers located within the EU. In any event, it is understood that the Data Controller, should it become necessary, may transfer data outside the EU. In such case, the Data Controller ensures that the transfer of data outside the EU will take place in compliance with applicable legal provisions (Articles 45, 46, 47, 49 GDPR).
In particular, in the event of data transfers EU–USA, where the data recipient has adhered to the Data Privacy Framework (DPF) (EU Commission Adequacy Decision, July 2023), the transfer will take place directly; otherwise, where the data recipient has not adhered to the Data Privacy Framework, Opera will ensure, prior to proceeding with the transfer, that appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place in order to guarantee enforceable rights for data subjects/Users.
The User’s personal data are retained only for as long as necessary to fulfil the purposes for which they were collected, and also to comply with any legal, accounting or reporting requirements.
In determining the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, as well as applicable legal requirements.
In particular:
Data collected for accounting and tax purposes will be retained for a period not exceeding 10 years from the User’s last contact, in compliance with the minimum record-keeping requirements imposed by Italian law.
Data relating to your credit card are retained for a maximum period of 30 days from payment.
Data collected during the recording of telephone conversations will be retained for a maximum of 12 months.

RIGHTS
With regard to the processing indicated, the User may request at any time (using the contact details indicated in paragraph 1) confirmation as to whether or not personal data concerning them are being processed, and in relation thereto has the right to:
request access to the data in order to obtain information on the purposes of the processing, the recipients to whom the data may be disclosed, the duration of the processing (where possible) and the existence of automated decision-making, including profiling, and the consequences thereof;
withdraw consent at any time, without prejudice to the lawfulness of processing based on consent given before its withdrawal;
request rectification of personal data where they are inaccurate or incomplete;
request erasure of the data where they are no longer necessary for the purposes of the processing, are inadequate with respect to such purposes, consent has been withdrawn or the data have been unlawfully processed;
request restriction of processing in the cases provided for by law;
request the transfer of the data to another Data Controller, in a commonly used and machine-readable format, without hindrance from the current Data Controller;
object to the processing of your data and, in particular, has the right to object to decisions concerning them that are based solely on automated processing of their data, including profiling;
lodge a complaint with the competent Authority where you believe that the processing concerning you violates the applicable data protection legislation, by accessing the website http://www.garanteprivacy.it;


COOKIES
For information on how this website uses cookies, please consult the Cookie Policy

CHANGES
The Data Controller reserves the right to amend or simply update the content of this Privacy Policy, in whole or in part, also as a result of changes in the applicable legislation. Such changes shall be binding as soon as they are published on the Website. If you continue to access or use the service after such publication, you shall be deemed to have expressly accepted such changes. The Data Controller therefore invites you to regularly consult this section in order to become aware of the most recent and updated version of the Privacy Policy, so as to remain informed about the data collected and the use made thereof by the Data Controller.

Date: 10/02/2026

Special Offers

Stay Longer

Stay Longer

Find out more
Flex & Save

Flex & Save

Find out more
Breakfast Inclusive Rate

Breakfast Inclusive Rate

Find out more
Milano Gourmet Experience

Milano Gourmet Experience

Find out more
The Secret Garden

The Secret Garden

Find out more