Privacy Policy

Privacy Policy


This page sets out the data processing and security policies that Remarhotels S.r.l. implements for users visiting the website and, more generally, for all data subjects who interact with the company in any capacity. This notice is provided pursuant to Article 13 of EU General Data Protection Regulation 2016/679 (hereinafter referred to as “GDPR”), in particular for those who interact with the web services of Remarhotels S.r.l., accessible online at: https://www.remarhotels.com.
This notice applies solely to the website https://www.remarhotels.com and not to any other websites that users may access via links.


DATA CONTROLLER
Pursuant to Article 4(7) of the GDPR, the Data Controller for your personal data is Remarhotels Società a Responsabilità Limitata, with registered office at Via Poli no. 6, 00187 – Rome (hereinafter referred to as “Company”).
The Supervisor and Contact Person for data processing, specifically appointed and authorised, is the General Manager of the Company.


DATA PROCESSORS
In carrying out its activities, the Data Controller may engage external parties, formally designated as Data Processors pursuant to Article 28 of the GDPR, including web agencies managing the website and data centres providing hosting services for the site. An updated list of designated Data Processors may be requested from the Data Controller.


PLACE OF DATA PROCESSING
Processing operations connected to the web services of this website take place at the premises of the Data Controller and the Data Processors, and are handled exclusively by technical personnel authorised to carry out such processing.
No data derived from the web service is communicated or disseminated. Personal data provided by users submitting requests for informational materials is used solely for the purpose of fulfilling the requested service or performance, and is communicated to third parties only where strictly necessary for that purpose.


TYPES OF DATA PROCESSED
The IT systems and the software procedures used to operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is inherent in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects; however, by its very nature, it could — through processing and cross-referencing with data held by third parties — allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s response (success, error, etc.) and other parameters relating to the user’s operating system and computing environment. These data are used solely to obtain anonymous statistical information about the use of the website and to monitor its correct operation, and are deleted immediately after processing. The data may be used to ascertain liability in the event of hypothetical cybercrime offences against the website; subject to this eventuality, web contact data are not retained for more than thirty days.


PROCESSING METHODS
Personal data are processed by electronic means for the time necessary to achieve the purposes for which they were collected. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorised access.


PURPOSES, LEGAL BASIS AND NATURE OF DATA PROVISION
The website in question does not feature data acquisition forms; accordingly, no personal data of browsing users is collected.
The processing operations connected to the management of this website relate to the following purposes:
research and statistical analyses on anonymous aggregated data, aimed at  measuring the performance of the Website, monitoring traffic, and  assessing usability and user interest in order to make it more functional and efficient. Consent: not required, as no personal data processing is involved.
compliance with statutory and regulatory obligations. The legal basis for  processing is Article 6(1)(c) of the GDPR. Consent: not required.
establishing, exercising or defending a right before a court of law, or whenever judicial authorities exercise their jurisdictional functions. The legal basis for processing is Article 6(1)(f) of the GDPR, namely legitimate interest. Consent: not required.


TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The Data Controller undertakes to restrict the circulation and processing of personal data (e.g. storage, archiving, and retention of data on its own servers) to countries within the European Economic Area, with an express prohibition on transferring such data to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or in the absence of the safeguard instruments provided for under EU Regulation 2016/679 – Chapter V (adequacy decision, Standard Contractual Clauses, or explicit consent of the data subject).


DATA RETENTION
The Company will process your Personal Data for the time strictly necessary to achieve the purposes set out in this notice. Subject to the foregoing, the Company will process Personal Data for the period permitted under Italian law in defence of its own interests (Art. 2947(1)(3) of the Italian Civil Code). Further information regarding the personal data retention period and the criteria used to determine such period may be requested by writing to the Data Controller.


“WORK WITH US” SECTION – CV MANAGEMENT
This notice, addressed to data subjects wishing to submit their application and/or send their curriculum vitae through the “Work with us” section of the website, is drafted in accordance with Article 13 of EU Regulation 2016/679. It is therefore also applicable in relation to the provisions of Article 111-bis of Legislative Decree 196/2003 and may be used by the Data Controller in connection with any job listings published on external websites or portals not directly managed by the Company (third-party recruitment firms).

Applicants are kindly invited to observe the following rules when submitting CVs in electronic format:
1. Complete your CV in European format (using, where possible, the template available online);
2. Submit your CV in .pdf format;
3. Avoid including in your CV any special categories of personal data as defined by Article 9(1) of GDPR 2016/679 (data relating to health status, religious, philosophical or political beliefs, etc.) that are not pertinent to the job offer.

The Company reserves the right not to acquire and to delete CVs that do not meet the above requirements.

Data Processors. Pursuant to Article 28 of GDPR 2016/679, the Company has formally designated as Data Processors the external parties involved in the processing and, in particular as regards what is relevant here, the companies delegated to manage the “Work with us” section of the website and, where applicable, the companies engaged in the recruitment process.
The complete list of Data Processors and Sub-Processors may be requested from the Data Controller at the contact details indicated.

Place of data processing. Processing operations connected to the activity in question will be carried out at the premises of the Data Controller and the Data Processors, and will be handled exclusively by staff expressly authorised to carry out such processing.

Types of data processed. The data subject to processing will be the information provided by the user in any covering letters and the data contained in the Curriculum Vitae.
With regard to the processing in question, the personal data subject to processing will be those necessary for the assessment of the application as set out in the CV submitted by the applicant. Special categories of personal data are excluded from processing, save as specified infra.

Processing methods. Personal data are processed primarily by electronic means, except for CVs received by post, and will in any case be processed for the time necessary to achieve the purposes for which they were collected. Specific security measures, implemented pursuant to Article 32 of the GDPR, are in place to prevent data loss, unlawful or improper use, unauthorised access, and unwanted modifications.

Purposes, Legal Basis and Nature of Data Provision. The Personal Data provided by the user through the curriculum vitae will be processed by the Data Controller for the following purposes:

i) assessment, recruitment or selection of personnel, with the objective of collaboration, fixed-term or permanent employment and/or internship. The legal basis for processing, with regard to ordinary personal data, is Article 6(1)(b) of GDPR 2016/679, insofar as the processing is necessary for the performance of pre-contractual measures taken at the request of the data subject (in accordance with Article 111-bis of Legislative Decree 196/2003). With regard to any processing of data falling within special categories, where necessary for the same purpose, the lawfulness condition is identified in Article 9(2)(b) of the GDPR, insofar as the processing is necessary to fulfil obligations and exercise specific rights of the data controller or the data subject in the field of employment law, social security and social protection (e.g. membership of so-called “protected categories”).

The data in question will be processed with the application of appropriate security measures and, in compliance with the principle of data minimisation, only the personal data strictly necessary for the management of operations indispensable to fulfil the obligations, including pre-contractual obligations, assumed by the Data Controller in its field of activity will be processed.


Scope of personal data communication. Personal data acquired in connection with the processing in question may be communicated to:

  • Public  Bodies or Offices, pursuant to legal and/or contractual obligations;
  • Any  external consultants and companies specifically appointed to provide  legal, tax and fiscal advisory services.


Data retention. CVs will be retained at the Company’s registered office for a period not exceeding 18 months and will be processed in full compliance with the minimum security measures referred to in Article 32 of GDPR 2016/679.
Upon expiry of that period, CVs will be deleted in accordance with applicable regulations.
CVs will in any case be retained at the Company’s registered office and will not be communicated to third parties.

 

AUTOMATED PROCESSING
The Company does not carry out processing based on automated decision-making, including profiling, that produces legal effects or that may significantly affect the data subject.
For any profiling activities carried out through cookies, please refer to the relevant Cookie Policy.


SOCIAL BUTTONS
The Company’s website may use, as social plug-ins, certain platforms managed by third parties (by way of example: Facebook, LinkedIn and Instagram). This means that by clicking on specific buttons (referred to as social buttons/widgets), the user is automatically and directly redirected to the provider of the chosen social network, where they may initiate an interaction with the Company’s corporate profile.
Users are therefore invited to read and take into account the privacy policy of the selected platform, and to visit the section of the website dedicated to the Company’s Cookie Policy for a more complete and detailed description of the features of this functionality.


DATA SUBJECTS’ RIGHTS
Data Subjects may freely exercise the rights provided for under Articles 15 et seq. of the GDPR, namely:

  • withdraw consent at any time. The Data Subject may withdraw consent to the processing of their Personal Data previously given;
  • object  to the processing of their Data. The Data Subject may object to the processing of their Data where it is based on a legal ground other than consent;
  • access  their Data. The Data Subject has the right to obtain information  about the Data processed by the Controller, on certain aspects of the processing, and to receive a copy of the Data being processed;
  • verify  and request rectification. The Data Subject may verify the accuracy of their Data and request that it be updated or corrected;
  • obtain  restriction of processing. Where certain conditions are met, the  Data Subject may request that the processing of their Data be restricted. In such case, the Controller will not process the Data for any purpose other than storage;
  • obtain  erasure or removal of their Personal Data. Where certain conditions are met, the Data Subject may request that the Controller erase their Data;
  • receive  their Data or have it transferred to another controller. The Data  Subject has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another  controller. This provision applies where the Data is processed by automated means and the processing is based on the Data Subject’s consent, on a contract to which the Data Subject is a party, or on pre-contractual measures related thereto;
  • lodge a complaint. The Data Subject may lodge a complaint with the competent data protection supervisory authority or take legal action before a court.


Requests should be sent by email to: direzionecommerciale@remarhotels.com. Alternatively, the Data Subject may contact the Data Processor directly at the facility.


UPDATE AND REVISION
This privacy policy was last updated on 25 March 2026 and may be subject to future revisions.