Information on the processing of personal data.


Dear Client, we would hereby like to inform you that your personal data will be stored carefully in the operating offices of So.ges srl in So.ges srl in Certosa di Pontignano.
The data Process Controller is So.ges srl ( VAT 05019310480) , with registered office in Via Dei Caboto, 49 50127 Firenze, phone 055.6532526, fax 055.0191905, e-mail to be used for communications: privacy@soges-group.com
You may exercise all the rights and faculties set forth in this policy.
We would also like to inform you that your signature at the bottom of this form is valid as consent to your data being processed, solely for what you authorised based on this information.



1. Type of data collected

At the time of booking we collect the following data: name, address, phone number, e-mail address, possibly an invoicing address that is not the one of residence, booking details and other information possibly communicated to the organisation or requested by it. Data related to the names and information of people travelling with the user if the latter has provided them will also be processed.

If the booking is made by credit card the number, expiry date, name of card owner are collected and used.

Further personal data can also be collected and requested to personalise services the client would like to use such as, as an example, meals and other services paid for.



2. Purpose and legal basis of data processing

User data is collected and used for the following purposes:

a. To make the booking and manage payments

Data provided by you will be processed to assist you during bookings, confirm your booking and enable the supply of services provided by the location you will be lodging in.
Use of your data to perform those activities does not require your consent as if you refused to provide data we could not confirm the booking.

b. Personalize services offered

Besides data provided by you to make the booking, more data can be requested and collected to personalise services against payment that the client wants to use: for example meals and other services against payment.
If it is necessary to know and process sensitive data in order to perform those activities (for example food intolerances, illnesses) you will be asked for your consent.

c. New bookings

The data provided by you could be used to speed up the registration procedures for any subsequent stays. Your consent will be needed for that purpose.

d. Advertising Campaigns

Data provided by you could be used to create and promote advertising campaigns.
Your consent is needed to process your data for those purposes.



3. Methods used to process data

Data will be processed in the offices of So.ges and in any other place where the parties involved in processing are located.
Processing will be carried out using both electronic and non electronic means, in compliance with fundamental liberties and without damaging your confidentiality, inspired by the principles of transparency, fairness and for purposes that do not go beyond the aforementioned collection purposes.
The data provided by the data subject will be stored in the operating offices of the Company for the time needed to fulfil the obligations for which it was collected.
That data will also be stored to fulfil obligations (tax and accounting) remaining after the contract has terminated.
After the contract has terminated, your data will be processed anonymously.
If processing is based on your consent, it will be stored for 24 months from the date the relationship ceases, unless consent given should be revoked.



4. Communication and dissemination of data

Personal Data subject data provided to the structure at the time of booking is mainly to third parties whose activities are needed to fulfil services related to the relationship established.
In fact, that data can be communicated to service companies that some activities performed in the structure are assigned to (suppliers of technical services, postal services) and to employees and collaborators of So.Ges appointed to process data (administrative, commercial personnel) and to other companies providing computer storage services appointed as processors.

The personal data may not be disseminated otherwise, except if that should arise from a specific legal obligation including as an example the obligation to send Police Headquarters the general details of clients lodging or to fulfil administrative, accounting and fiscal obligations.



5. Providing data

Data has to be provided to finalise the contract



6. Refusal to provide data

Any refusal by the data subject to provide his/her personal data could mean that the organisation is not able to provide the services.
If the data subject should not consent to his/her personal data being processed if the consent provided enables the booking to be personalised with additional, optional services, or to receive advertising offers, that processing will not take place for those purposes; without this having any effects on the supply of the services requested, nor on those for which he/she has already provided consent.



7. Rights of the data subject

The data subject has the right at any time to access its data and exercise rights connected to the processing of data concerning him/her.
These rights include:
a) obtain updating, rectification, limits to processing or when desired integration of data;
b) having data deleted, being made anonymous or blocked if processed in breach of the law;
c) objecting at any time to its data being processed if specific situations should occur;
d) revoking consent previously given to data processing without this prejudicing the lawfulness of processing based on consent given before it was revoked;
e) the portability of data;
f) presenting a complaint to the data protection Authority. (Personal Data protection authority – www.garanteprivacy.it).



8. How to exercise rights

The data subject may exercise rights acknowledged by Regulation 2016/679 by sending a request to the contact details of the Controller indicated in this document.


I the Undersigned ……………… born on ……………………… in …………………………..
o Authorise
o Do not authorise

So.Ges srl as process controller to process my data to personalise services offered to me during my stay with the organisation.

Date Signature

I the Undersigned …………… born on ……………………………… in ………………………
o Authorise
o Do not authorise

So.Ges srl as process controller to use my data to create and promote advertising campaigns.

Date Signature

I the Undersigned …………… born on ……………………………… in ………………………
o Authorise
o Do not authorise

So.Ges as process controller to use my data to speed up registration procedures if there should be subsequent stays.

Date Signature
Book now