Privacy Policy


made pursuant to Legislative Decree 196/03 and subsequent amendments and articles 13-14 of the “European regulation on the protection and processing of personal data” – REG. 2016/679 (GDPR)

Pursuant to Legislative Decree 196/03 and subsequent amendments and to EU Regulation no. 2016/679 (hereinafter “GDPR 2016/679”), laying down provisions for the protection of persons and other subjects regarding the processing of personal data, we wish to inform you that the personal data you provide will be treated in compliance with the aforementioned legislation and obligations of confidentiality to which NUOVA NABILA SRL is bound.

Data Controller, Data Processing Manager and Data Protection Officer (so-called DPO)

The Data Controller is NUOVA NABILA SRL, in the person of the pro tempore President of the Board of Directors, with registered office in REGGIOLO (RE), Via G. Marconi, 4 e-mail

The list of subjects identified as Data Processors can be requested by sending an e-mail to the following address

The Data Protection Officer (so-called DPO) appointed by the Data Controller pursuant to art. 37 and ss. GDPR is Paolo Storchi, who can be contacted at the following e-mail address

Data processed, purpose of the processing and nature of the provision of data

The Data Controller collects and processes the following data:

1) Navigation data through the website: the computer systems and software procedures used to operate the hotel website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of the websites from which access was made, information on the pages visited by users within of the site, the time of access, the stay on the single page, the analysis of the internal path and other parameters relating to the operating system and the user’s IT environment. In this regard, the user is invited to read the Cookie Policy on the company website that regulates this type of data.

2) Data provided voluntarily by the online user: the personal data provided voluntarily by the user through the use of the format on the hotel website are: personal data and contact details and e-mail. These data will be used exclusively to contact the user and verify the booking request sent.

The provision of personal data and the authorization to process for this purpose is optional, however failure to provide it and consent prevents the user from being contacted by the Data Controller.

3) Data provided voluntarily by the user at the facility: the personal data provided voluntarily by the user at the facility are: name, surname, place and date of birth, residence, tax code, pec / SDI code for electronic invoicing. The provision of such data is optional, however failure to provide it, partial or incorrect, prevents the provision of the requested services.

Personal data will also be communicated to the competent authority at the time of check-in at the facility in order to fulfill legal obligations of a physical, accounting and administrative nature.

4) Additional purposes: promotional, commercial and marketing: only with the express consent of the user, the personal data of the same may be used by the Data Controller, both electronically (such as sending sms, whatsapp, email, etc.) and using traditional (such as mail, telephone, fax and / or attachment on the invoice), also for the following purposes: a) sending newsletters to report manifestations or events relating to the “Hotel Villa Nabila” structure and the adjoining restaurant “Stradora Ristrò-Cockail” , or for promotions or commercial offers; b) dissemination in any form of their images or videos extrapolated during the provision of the services requested during the stay in the hotel or during events organized by the Data Controller, on the website, on social networks (and in particular on Facebook, Instagram, Twitter, Pages Linkedin, TripAdvisor etc …) in print and / or any other means of dissemination.

The consent to the processing of personal data for the purposes referred to in point 4) is optional and any refusal or revocation of the same does not affect the provision of the services requested from Nuova Nabila Srl The personal data collected will not be sold for any reason to third parties and the public.

payment details

Payment management services take place only in hotels and not on online platforms.

Processing methods

The data requested and provided by you are used in compliance with the principles of correctness, lawfulness and transparency.

The processing of the data you provide will be carried out in an automated and / or manual form, in compliance with the provisions of art. 32 of the GDPR 2016/679, by persons specifically appointed and in compliance with the provisions of art. 29 GDPR 2016/679.

Legal basis of the processing and retention period

With the exception of navigation data (1), with reference to the treatments carried out for the purposes of:

– referred to in points 3), the legal basis of the processing lies in the relationship between the parties for the provision of the services requested from the Data Controller.

– referred to in points 2) and 4) the legal basis of the processing lies in the respective consents possibly given by the user.

In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, the data will be kept for the period of time necessary for the fulfillment of legal obligations, as well as for the achievement of the purposes for which they are collected and processed and as required by the reference regulations and in any case for 10 years. .

Communication and dissemination scope

The data you provide are not subject to disclosure to indeterminate subjects, but may instead be disclosed to public and private subjects, bodies and institutions for the achievement of the purposes specified above and in the cases provided for by law or regulation.

By way of example, here are some subjects to whom the Hotel can / must communicate its data:

institutional subjects, according to legal obligations, such as, by way of example, the Police Headquarters to which the hotel is required to communicate the user’s data at the time of check – in, or other competent authorities according to legal obligations;
any qualified persons who provide the Data Controller with services and / or services that are instrumental to the purposes indicated above;
qualified subjects, such as, for example, credit institutions, insurance companies and entities, suppliers, who provide the company with services and / or services that are instrumental to the management of reservations, the organization and carrying out of events and exhibitions, including of a promotional nature , and to the sending of commercial communications;
consultants who assist the company in various capacities with particular reference to legal, tax, social security, accounting and organizational aspects as well as any other person to whom the data must be communicated on the basis of an express rule of law (eg accountant).

Transfer of personal data

The data will not be transferred to third countries outside the European Union.

Rights of the interested party

Pursuant to articles 15 to 22 of EU Regulation no. 2016/679, in relation to the processing of personal data provided by you, you have the right to ask at any time:

access: you can request confirmation as to whether or not data concerning you are being processed, as well as further clarifications about the information referred to in this Notice, as well as to receive the data, within the limits of reasonableness;
rectification: you can request to rectify or supplement the data you have provided or in any case in our possession, if inaccurate;
cancellation: you can request that your data acquired or processed be deleted, if they are no longer necessary for our purposes or where there are no disputes or disputes in place, in case of withdrawal of consent or your opposition to processing, in case of treatment unlawful, or if there is a legal obligation to cancel;
the limitation: you can request the limitation of the processing of your personal data, when one of the conditions referred to in art. 18 of the GDPR; in this case, your data will not be processed, except for storage, without your consent except as specified in the same article in paragraph 2.
the opposition: you can oppose the processing of your data at any time on the basis of our legitimate interest, unless there are legitimate reasons for proceeding with the processing that prevail over yours, for example for the exercise or our defense in place judicial; your opposition will always and in any case prevail over our legitimate interest in processing your data for marketing purposes;
portability: you can ask to receive your data, or to have them transmitted to another owner indicated by you, in a structured format, commonly used and readable by an automatic device.
Furthermore, pursuant to art. 7, par. 3, GDPR, we inform you that you can exercise your right to withdraw your consent at any time, without affecting the lawfulness of the treatment based on the consent given previously. Finally, we inform you that you have the right to lodge a complaint with the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data.

To exercise these rights, report problems or ask for clarification on the processing of your personal data, you can send an e-mail to

We also inform you that it is possible to forward your requests also by post, by writing to the Data Controller, as identified above, specifying the subject of the request.

Information updated as of 10/06/2019.