Privacy Policy pursuant to Article 13 of the EU Regulation 2016/679
(Information updated to May 25, 2018)
Gombihotel srl, as Data Controller of personal data, according to articles 13 and 14 of the EU Regulation 2016/679 concerning the protection of Personal Data ("GDPR"), hereby communicate the following information.

Data Controller

Gombihotel srl, according to the art. 24 of the Rule UE 2016/679 related to the protection of the physical people with respect of the processing of the personal data, as well as to the free circulation of such data (following: "Rule UE"), the Data Controller of the personal data and pursuant to the art. 13 of the Rule UE, informs that the acquired personal data, also with reference to the eventual legal relationships, will be processed in the respect of the abovementioned regulation.

In relationship to the aforesaid processing data, the Data Controller furnishes, besides, the following information.

"Personal Data" (art. 4 number 1 of the Rule UE 2016/679), is any information regarding an identified physical person or identifiable ("party"); it is considered identifiable the physical person that can be identified, directly or indirectly, with particular reference to an identification as the name, an identification number, the location, an identification online or to one or more characteristic elements of his/her physical identity, physiological, genetics, psychic, economic, cultural or social characteristic;

Per "trattamento" (ex art. 4 numero 2 del Regolamento UE 2016/679), si intende qualsiasi operazione o insieme di operazioni, compiute con o senza l'ausilio di processi automatizzati e applicate a dati personali o insiemi di dati personali, come la raccolta, la registrazione, l'organizzazione, la strutturazione, la conservazione, l'adattamento o la modifica, l'estrazione, la consultazione, l'uso, la comunicazione mediante trasmissione, diffusione o qualsiasi altra forma di messa a disposizione, il raffronto o l'interconnessione, la limitazione, la cancellazione o la distruzione; Tale trattamento deve essere improntato ai principi di correttezza, liceità, trasparenza tutelando la Sua riservatezza e i Suoi diritti.



Personal data processed for public security which do not need any explicit consent.

The processed personal data are mostly referred to:

  • Dati identificativi (ragione o denominazione sociale, ovvero nome e cognome delle persone fisiche, indirizzo sede, telefono, fax, e-mail, dati fiscali, dati bancari e dati relativi alla carte di pagamento elettronico);
  • Dati “particolari” in quanto idonei a rilevare immagini (tratti somatici, informazioni biometriche) attraverso il sistema di videosorveglianza posizionato e debitamente segnalato all’interno della struttura, per scopi di sicurezza e tutela del patrimonio


Personal data processed for the accomplishment of other services which need an explicit consent, particularly:

Data collection for the external communication of personal data referred to stay.

Consent collect

- Processing personal data for the periodic mailing of communications e/o documentation related to the updating of the fares and offers.

Consent collect

The processed personal data are directly provided by the party.


Contacts of Data Controller

Name and Last name or company name: GOMBITHOTEL Srl
Office: Via Ghislanzoni 41, 24122 Bergamo (BG)
Telephone: 035247009
Email: info@gombithotel.it


The purposes of Personal Data Processing

The purposes of Personal Data Processing are:
  • Adempimento di obblighi previsti da leggi, regolamenti, dalla normativa comunitaria, ovvero da disposizioni impartite da Autorità e da Organi di Vigilanza e Controllo (Questura) in relazione o comunque connessi al rapporto giuridico in essere e/o futuro.
  • Fulfillment of administrative, accounting and fiscal process;
  • Management of administrative process;
  • Provision of assistance services;
  • Support in the fulfillment of processes;


The following list specifies the categories of data, of personal data and their storage:


Purposes of Personal Data Processing: Purpose 1
Legale bases of Processing: Legal obligation
Categories of processed personal data : Identification data , Registered data
Time-limits for storing the Data: Until contract’s expiry and for a further period of 10 year
Recipients categories: *

Purposes of Personal Data Processing: Purpose 2
Legale bases of Processing: Agreement
Categories of processed personal data : Identification data , Registered data
Time-limits for storing the Data: Until contract’s expiry and for a further period of 10 year
Recipients categories: *
Purposes of Personal Data Processing: Purpose 3
Legale bases of Processing: Agreement
Categories of processed personal data : Identification data , Registered data
Time-limits for storing the Data: Until contract’s expiry and for a further period of 10 year
Recipients categories: *
Purposes of Personal Data Processing: Purpose 4
Legale bases of Processing: Agreement
Categories of processed personal data : Identification data , Registered data
Time-limits for storing the Data: Until contract’s expiry and for a further period of 10 year
Recipients categories: *
Purposes of Personal Data Processing: Purpose 5
Legale bases of Processing: Agreement
Categories of processed personal data : Identification data , Registered data
Time-limits for storing the Data: Until contract’s expiry and for a further period of 10 year
Recipients categories: *


* Recipients' categories:

Data controller is represented by the principal recipient of processed data.

In respect to the above-mentioned purposes, personal data can be also communicated to companies and/or persons, on behalf of Data Controller. These companies and/or persons can be:

  • Management accounting Advisors;
  • Labor consultants;
  • Law offices;
  • Services Companies IT and software suppliers;
  • Control and supervision organizations.

The list of the external Recipients / Persons is available by Data Controller.


Transfer of Data to Third Countries both UE and extra-UE

Transfers of personal data cannot be made out of the national territory.


Storing period

See list n° 1, column 4 (storing period)


Data Subjects' Rights

The Data Subject has the following rights:

  • Access to Personal Data [art. 15 of the Rule UE] (possibility to be informed on the proceeding of his/her own Personal Data and receive copies of it);
  • Correct of his/her own Personal Data [art. 16 of the Rule UE] (right to correct the inaccurate personal data);
  • Promptly cancel his/her own Personal Data ("forgetfulness right ") [art. 17 of the Rule UE] (right to the cancellation of his/her own data); restriction of proceeding of his/her own Personal Data in the cases specified by art. 18 of the Rule UE, for example in case of illegal proceeding or dispute for the inaccuracy of the Personal Data [art. 18 of the Rule UE];
  • Portability of personal data [art. 20 of the Rule UE], the party can require in a structured format his/her own Personal Data in order to transfer them to other Data Controller;
  • Opposition to the proceeding of his/her own Personal Data [art. 21 of the Rule UE] (the party has, as you/he/she will have, right to the opposition of the proceeding of his/her own personal data);
  • Opposition to automated proceedings, [art. 22 of the Rule UE] (the party has, as you/he/she will have, right not to be submitted to automated proceeding).


It is possible to obtain further information asking to the Data Controller the complete extract of the above mentioned articles.


The abovementioned rights can be practiced sending an email to info@gombithotel.it, in respect to the art. 19 of the Rule UE, in order to inform the recipients of personal data, the eventual rectifications, cancellations or limitations of the proceeding.

If the purpose depends on the consent, the party it has the faculty to proceed, in every moment, to the cancellation sending an email to: info@gombithotel.it.

According to art. 7 of the Rule UE, the cancellation of the consent doesn't involve prejudice on the lawfulness of the proceeding


Right to lodge a complaint

In case of eventual damages, the data subject it has the right to propose claim to the Guarantor for Personal Data Protection, according to the formalities pointed out by the same Authority to the following web address www.garanteprivacy.it


Obligatory provision of personal data

Si informa che qualora le finalità di trattamento abbiano come base giuridica un obbligo legale o contrattuale (o anche precontrattuale), l’interessato deve necessariamente fornire i dati richiesti.
In caso contrario vi sarà l’impossibilità da parte del Titolare di procedere al perseguimento delle specifiche finalità di trattamento.


Our company doesn’t use any automatized decision process.

Processing of personal data

Personal data will be processed in papery form, through a computerized and telematics system and will be included in database (clients, users, etc.) which will be accessible to employees expressly designated as Responsible of personal data. They will be able to access, to use, to elaborate, to compare personal data respecting their confidentiality, their security and also their accuracy, their updating and the respect of the purpose of their proceeding.


Changes and updatings

La presente informativa è valida dalla data indicata nella sua intestazione.
GAMBIHOTEL Srl potrebbe inoltre apportare modifiche e/o integrazioni a detta informativa anche quale conseguenza di eventuali e successive modifiche e/o integrazioni normative. Le modifiche saranno notificate e l’interessato potrà visionare il testo dell’informativa costantemente aggiornata sul sito internet www.gombithotel.it, nella sezione dedicata all’informativa Privacy.