Name: Hotel Villa Pamphili Roma
Address: Via della Nocetta, 105, Roma, RM, 00164, Italia
Telephone: +39 06 40064500
Price range: €€€

PRIVACY

INFORMATION NOTICE PURSUANT TO EU REGULATION 2016/679

DATA CONTROLLER

Aries Group S.r.l Via Lampedusa 11/A - 20141 Milano (MI)Data Controller's email address: info@ariesgroup.it

TYPES OF DATA COLLECTED AND PURPOSE OF PROCESSING

The data (name, surname, residence, telephone number, email address, tax code) are collected to allow the stay at our facility. The communication of one's own data, by the data subject, is a key requirement for the completion of the reservation and to stay at our premises:

to acquire and confirm your reservation for accommodation and ancillary services, and to provide services you have requested;
in order to fulfil the obligation provided for by the "Consolidated Law on Public Safety (Testo unico delle leggi di pubblica sicurezza)" (art.109 R.D 18.16.1931 no.773) which requires us to communicate guests’ personal details to the Police Headquarters for public security purposes.
to comply with applicable administrative, accounting and fiscal obligations

METHODS OF PROCESSING

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, amendment or destruction of Personal Data. The processing is carried out by means of computer and/or telematic systems, with organizational methods and logics strictly related to the indicated purposes

PLACE AND TIME OF STORAGE

The data collected are stored (in paper and/or electronic format) at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located or at in-cloud services of third party companies. For more information, please contact the Data Controller.

Data for the purpose of fulfilling a contract is stored as required by law.

At the end of the period of their storage, or following a request for withdrawal, the data is erased.

RIGHTS OF THE DATA SUBJECT

This information notice lists the data subject's rights:

access , i.e., to access one's own data at any time upon request to obtain information regarding the purposes and methods of processing;
rectification , i.e., to be able to obtain, at any time, changes to their data "without undue delay";
right to be forgotten, i.e., to be able to request and obtain, at any time, the erasure of one's own data;
restriction of processing, i.e., to restrict the Controller’s use of one's own data (only for certain purposes, and not for others, or to prohibit any use and therefore the Controller only carries out storage);
data portability, i.e. the right to receive all personal data concerning him or her; or the direct transmission of such data to another data controller;
object to the processing, i.e. to be able to object, at any time, to the processing if there is no legal basis (where consent is not required), or to the processing for the purpose of direct marketing without giving any explanation, to the processing for scientific, historical, statistical purposes, and finally to the automated decision-making process

In addition, the data subject has the right to file a complaint with the competent authority.

The rights listed above may be restricted for security and defence reasons.

The Data Controller, with regard to the exercise of his/her rights, must reply to the data subject within one month from receipt of the request or within 3 months, in more complex cases, with the obligation to inform the data subject of the reasons for such extension within one month from receipt of the request.

For the exercise of its professional activity, the Data Controller provides to third parties the data it collects, appointing them as Data Processors, the processors process the data in accordance with the methods specified by the Data Controller (details on such processing may be requested to the Data Controller).

The data collected by the Data Controller are aimed at the execution of contracts, the data subject cannot refuse to provide their data if they intend to use the services provided by the Data Controller.

None of the data collected will be transferred to non-EU countries.

VIDEO SURVEILLANCE POLICY

1. Introduction

Pursuant to Article 13 of EU Regulation 2016/679 (hereinafter referred to as “GDPR”), we inform you that personal data collected through the active video surveillance system at the operational unit located at Via della Nocetta 105, 00164 Rome (RM), (hereinafter referred to as “Hotel Villa Pamphili”) are processed by Aries Group S.r.l., with registered office at Via Lampedusa 11/A, Milan, VAT number 11337310962 (hereinafter referred to as “Aries” or the “Controller”), in its capacity as Data Controller, in accordance with the provisions of this policy, in compliance with INL authorization and applicable regulations.

2. Purpose of Data Processing

The personal data collected, consisting of video images of the individuals recorded, are processed through the video surveillance system exclusively to protect the corporate assets of Hotel Villa Pamphili and to ensure the safety of individuals present and activities conducted within the premises. The system also serves as a deterrent against potential criminal offenses.

The recorded images are accessed solely and exclusively by authorized personnel for the aforementioned purposes.

3. Legal Basis for Processing

The legal basis for processing is the legitimate interest of the Data Controller in protecting the corporate assets of Hotel Villa Pamphili, ensuring the safety of individuals present, and securing ongoing business activities.

4. Processing Methods, Collected Information, and Data Types

The video surveillance system operates continuously, 24 hours a day, 7 days a week, throughout the year. The processing exclusively involves the recording of video images; no audio recording is performed.

The monitored areas are clearly marked with appropriate signage.

Access to the recorded footage is strictly limited to authorized personnel only.

A detailed list of the camera locations within the system is available for consultation at the hotel reception.

5. Data Processing Methods

The processing of personal data for the aforementioned purposes is carried out by the Data Controller in compliance with applicable legal provisions. Specifically:

Data is processed using both manual and electronic tools designed to ensure security and confidentiality.
The Data Controller implements appropriate technical and organizational measures to restrict access to personal data to duly authorized personnel only.
Data processing is conducted exclusively by the Data Controller, by individuals within its organization trained for this purpose, or by service providers operating under a contract or other legally binding agreements in accordance with applicable regulations.

6. Data Retention

Recorded images are stored for a maximum period of 24 hours, except in cases where a longer retention period is necessary due to holidays, business closures, operational suspensions, or requests from Public Security Authorities, Regulatory Authorities, or Judicial Authorities.

After the retention period expires, the recorded footage is automatically deleted from the system.

7. Data Disclosure

Personal data collected via the video surveillance system is not publicly disclosed. Disclosure to third parties is strictly limited to achieving the above-mentioned purposes and/or fulfilling legal or contractual obligations.

Third-party recipients of the data may include:

Personnel responsible for managing, maintaining, or administering the video surveillance system;
Security service providers;
Legal or other professional consultants providing advisory services;
Regulatory, supervisory, or inspection authorities.

Where these third parties operate independently of the Data Controller, they are classified as separate data controllers.

8. Data Transfers

The Data Controller does not transfer personal data to countries other than the one where it was collected or to international organizations.

9. Data Subject Rights

Pursuant to Articles 15 to 22 of the GDPR, data subjects may exercise the following rights at any time, free of charge, by contacting the Data Controller:

Obtain confirmation of whether personal data concerning them is being processed.
Be informed about the purposes and methods of data processing.
Access their personal data.
Obtain a copy of their personal data and information regarding its storage location.
Request the update, rectification, or integration of their data.
Obtain the deletion of personal data, as provided by Article 17 GDPR.
Object to the processing of personal data.
File a complaint with the relevant national supervisory authority (Italian Data Protection Authority – Garante per la Privacy). More information is available on the official website: garanteprivacy.it.
Exercise the right to data portability, meaning they may request an electronic copy of their personal data for transfer to another entity.
Restrict the processing of their personal data in accordance with Article 18 GDPR.

To exercise any of the above rights, data subjects may submit a request via email to:

privacy@ariesgroup.it
Data Controller
Aries Group S.r.l.

Restaurants & Bars

OPEN AIR

Wellness

Conference Events

PRIVATE EVENTS