Privacy policy

1. WHO IS THE CONTROLLER?

 By virtue of the Personal Data Protection regulations, the user (hereinafter, the “User“) hereby authorises the personal data provided through the websites https://www.anantaraconcorsoroma.com (hereinafter, the “Website“), to be processed by:

 

  • Company name: ROCO HOSPITALITY GROUP S.R.L (hereinafter, “ROCO“)
  • Registered office

 

2. FOR WHAT PURPOSE AND ON WHAT LEGITIMATE BASIS WILL YOUR PERSONAL DATA BE PROCESSED?

 The personal data provided by users through the Website will be processed in accordance with the purposes detailed below, on the bases of legitimacy indicated.

Specifically, the following purposes shall apply to the Website:

  • If the User enters their data in the section of registration to the competition, his/her data will be processed by ROCO for the purpose of the registration to the 2025 Anantara Concorso Roma. The legal basis for the processing is the contractual relationship established with the User when the registration is made.
  • ROCO shall also use the User data to carry out the selection of participants. The legal basis for the processing is the contractual relationship established with you when the registration is made.
  • If the User is selected to participate in the Concorso, ROCO will process participants’ data for the purpose of organising or managing the Concorso and the meals included. The legal basis for the processing is the express, free and unequivocal consent of the User.
  • Finally, if the User accepts, we will send commercial communications with the intention of informing about similar events, unless the User indicates that he/she does not wish to receive them, in which case, we will not do so. The legal basis for the processing is the express, free and unequivocal consent of the User. In any case, in each electronic communication sent, the interested party may unsubscribe in order to stop receiving this type of communication.

 

3. WHAT ARE THE CATEGORIES OF PERSONAL DATA TO BE PROCESSED?

ROCO will process the following categories of Personal Data: 

  • Identification data: Name, surname(s) and ID card number.
  • Contact details: Telephone, e-mail and postal address.
  • Financial data: payment details, if necessary.
  • Others: Vehicle details.

As well as any other personal data that Users provide on the Website through the forms established therein.

The data required by ROCO through the registration forms on the Website are those necessary to comply with the established contractual or legal purpose, unless otherwise indicated, so that refusal to provide them will make it impossible to provide the service.

4. WHAT TYPE OF STAKEHOLDER TYPOLOGY APPLIES TO EACH WEBSITE?

In accordance with the purposes described in point 2, the following category of data subjects will be processed:

  • Potential participants
  • Participants
  • Co-owner/partner/guest accompanying owner/personal assistant

 

5. HOW LONG DO WE PROCESS YOUR PERSONAL DATA?

ROCO will keep Users’ personal data only for the time necessary for the purposes for which they were collected, as long as the consents granted are not revoked. Subsequently, if necessary, ROCO will keep the information blocked until the prescription of the legal liabilities that may have arisen as a consequence of the processing of the Users’ personal data, at which time the Personal Data will be irreversibly deleted.

 

6. DATA SECURITY

ROCO has implemented the necessary technical and organisational measures to guarantee the security of your personal data and prevent its alteration, loss, processing or unauthorised access, considering the state of the technology, the nature of the data stored and the risks to which they are exposed.

 

7. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?

The User’s personal data may be communicated to the following entities:

  • To service providers who help us to carry out our business.
  • Where necessary to comply with our legal obligations to public administrations, judges, courts, etc.

 

8. ARE INTERNATIONAL TRANSFERS POSSIBLE?

In order to fulfil the aforementioned purposes, we may use service providers located outside the European Economic Area or in countries that have not been declared to have an adequate level of protection. In any case, we ensure the security and legitimacy of the processing of the User’s personal data.

To this end, we require adequate guarantees from these service providers in accordance with the provisions of the GDPR so that they have, for example, binding corporate rules that guarantee the protection of information in a manner similar to that established by European standards or that they subscribe to the latest standard clauses approved by the European Commission.

 

9. DATA PROTECTION RIGHTS

As the owner of the data, the User may send a letter to ROCO, at the address indicated in the heading of this Privacy Policy, attaching a photocopy of his/her identity document, at any time and free of charge, in order to exercise the following rights:

a) Right of Access:

You will have the right to be informed by ROCO as to whether or not it is processing your personal data and, if so, to have access to such data and to receive information on the purposes for which they are processed, the categories of data affected by the processing, the recipients to whom your personal data were communicated and the foreseen period for which the data are to be kept, among other information.

b) Right of rectification and deletion:

You have the right to request the deletion of personal data provided that the legal requirements are met, and the rectification of inaccurate data concerning you when, among other reasons, such data are no longer necessary for the purposes for which they were collected.

c) Limitation of processing, revocation of consent and total or partial objection to processing:

In certain circumstances (e.g. where the applicant disputes the accuracy of his or her data, while the accuracy of the data is being verified), he or she may request that the processing of his or her personal data be restricted and processed only for the purpose of pursuing or defending claims.

You will also have the right to revoke the consent given and to object to the processing at any time, for reasons related to your situation, in the event that the processing is based on our legitimate interest or on the legitimate interest of a third party (including processing for the purpose of direct marketing and the elaboration of the corresponding profiling). In this case, ROCO will cease processing, unless legitimate grounds are demonstrated.

d) Portability of your data:

You will have the right to receive the personal data that you have provided to ROCO in a structured, common and machine-readable format, and to be able to transmit them to another data controller without being prevented from doing so by the data controller to whom you have provided them, in the cases legally foreseen for this purpose.

e) Automated individual decisions:

Furthermore, in addition to the aforementioned rights, in the event of automated decisions, including profiling, you have the right to obtain human intervention by ROCO and to express your point of view and challenge the decision.

f) Others:

Similarly, where personal data are transferred to a third country or to an international organisation, you have the right to be informed about how you can access or obtain a copy of the appropriate safeguards relating to the transfer.

In any case, you may contact ROCO’s Data Protection Officer with proof of your identity at ROCO’s registered office indicated above or at the following e-mail address: dpo@nh-hotels.com.

Likewise, you may lodge a complaint regarding the protection of your personal data before the competent authority, when the interested party considers that ROCO has infringed the rights that are recognised by the applicable data protection regulations.

 

10. LIABILITY

This Website is not intended for children, and we do not knowingly collect data relating to children. 

You guarantee that you have informed any third parties whose data you are providing, if you have done so, of the points covered in this privacy statement. In addition, you guarantee that their authorization has been obtained to provide their data to us for the indicated purposes. 

You will be liable for any false or inaccurate information provided, and for direct or indirect damage caused to us or to third parties.

 

Last update: July 2024.