Privacy policy for prospective customers and clients


Dear Data Subject,
This Policy is provided pursuant to and for the purposes of Article 13 of the Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) on the protection of natural persons in relation to the processing of personal data; it describes how the Data Controller (Biasuzzi S.p.A.) processes your data in the administration of the procedures relating to the stay proposal and, should you decide to accept it, in the management of your stay and the related services.

Purposes and legal basis for personal data processing operations considered mandatory/necessary

Your personal data will be processed for the following purposes, which are consistent with the concept of legitimate interest:

  • to fulfil your request for accommodation and related services or to respond to your specific requests before and after the implementation of the agreement, as well as to handle any disputes;
  • to comply with statutory obligations concerning administration, accounting, civil law, taxation, regulations, European Union and/or non-European Union laws, and especially to comply with the obligation provided for by the Consolidated Law on public security (“Testo unico delle leggi di pubblica sicurezza”, Art. 109 R.D. 18.6.1931 n. 773), which requires us to inform the Police Headquarters, for the purposes of public safety, of the personal data of the guests staying with us, according to the procedures established by the Ministry of the Interior;
  • to protect the assets of the company (in relation to theft, robbery, damage, vandalism, fire prevention, etc.) and to protect the integrity of our guests using a video surveillance system in some areas of the facility, suitably marked by appropriate signs. In order to ensure maximum security for both vehicle and visitor access:
  • to allow vehicle access through the population register control system (ANPR) by reading car number plates. The information recorded (access times, presence or absence of the car within the facility) will be used exclusively for organisational and security purposes;
  • to allow visitors access to the facility using the RFId support (wristband) through which the turnstiles at the various entrances can be enabled. The information recorded (access times, presence or absence of the guest within the facility) will only be used for organisational and security purposes;

Data storage period

Your personal data will be stored:

  • for administrative-accounting purposes, even after the termination of the agreement, for the completion of all obligations connected with or arising from it for the period of time prescribed by the prevailing laws in force at the time and in accordance with the limitation period of rights arising from the agreement itself;
  • for access control purposes (RFID, Licence plate verification), the data will be kept for the entire year after your departure from the facility;
  • for the purpose of protecting persons, property and assets of the company through a video surveillance system for 24 hours, except for public holidays or other cases of closure of the facility, and in any case for not more than one week.

Nature of data provision and consequences in the event of refusal

The provision of data is mandatory for all legal and contractual obligations, as well as for security reasons within the Village, and therefore any refusal to provide such data in whole or in part may result in the impossibility for the Company to carry out the agreement or to correctly fulfil all related obligations.

Recipient categories

Exclusively for the above-mentioned purposes, the data collected and processed may be treated by internal authorised personnel, as well as communicated to the following external parties:

  • Public Administration and/or public bodies, whose communication is required by law due to your stay (e.g. public security forces, inspection bodies, healthcare institutions, etc.)
  • Credit institutions;
  • Insurance companies;
  • lawyers and legal advisors;
  • Animation agency to follow up the entertainment activities you join on a voluntary basis;
  • Appointed catering companies;
  • Commercial managers;
  • Software houses providing cloud-based management systems;
  • Companies of the Biasuzzi Group operating abroad.

The latter will be appointed as data processors by means of an agreement or other legal act in the event that they process data on behalf of our Company.

Data transfer to a third country and/or an international organisation

Your personal data will be subject to transfer to third countries within the EU.

Rights of data subjects

You have the right (see Articles 15-22 of the GDPR) to ask our Company to access your personal data and to correct them if they are inaccurate, to cancel them or limit their processing if the conditions are met, or to refuse their processing for legitimate interests pursued by our Company, as well as to obtain the data portability provided by you only if they are subject to automated processing based on your consent or the agreement.
You also have the right to withdraw your consent for the processing purposes that require it, without prejudice to the lawfulness of the processing performed until the time of withdrawal.
You also have the right to file a complaint with the competent supervisory body, the “Garante” – Authority for the protection of personal data.

Data subjects

The data controller of your personal data is Biasuzzi S.p.A. – divisione Turismo.