Our Privacy Policy


(EU REGULATION 2016/679, hereinafter “Regulation”)

We inform you that personal data is processed by Babila Hostel S.r.l. (hereinafter referred to as the “Company”), based in Arezzo at Via Pietro Leopoldo n.4, in the person of its legal representative, taking into account the innovations introduced with EU Regulation 679/2016. In particular, it is specified that:

1) The data controller is Babila Hostel S.r.l., in the person of its legal representative, based in Arezzo at Via Pietro Leopoldo n.4, C.F. and VAT number: 02412270510 – E-mail: info@babilahostel.it.

2) The purpose of data processing.

The company processes common data necessary for the execution of the contract entered into with the same. All data in our possession is stored only in the case of sending a booking request by e-mail or through the forms on the site. These data (name and surname, e-mail and telephone number, as well as the data relating to the request) are stored in the facility management software. The information collected may concern:

  1. a) Information provided directly.
  2. b) Information necessary for the request and subsequent confirmation of the booking.
  3. c) Personal data: name, surname, e-mail, mobile phone, identity document (or equivalent documents).
  4. d) Information necessary for the use of the Payment Services (e.g. credit card).

Any further sensitive/particular data concerning (non-exclusive list) ethnic origins; social, health, family conditions and their relationships that should be brought to the attention of this company, will be treated only with the explicit consent of the interested parties. The data may be processed and/or transferred for promotional, advertising and marketing initiatives, also through profiling procedures of the same, only if explicit consent has been given by the interested parties, which can always be revoked. At any time you can send an e-mail to info@babilahostel.it and our staff will update or delete your personal data, giving written confirmation by e-mail.

3) Legal basis of data processing.

The processing of personal data is carried out by the company exclusively if necessary for the execution of the contract stipulated with it or for precise provisions of the law and/or provisions of the Authorities or for legitimate interest and if the interested party has given consent where required by law or by specific contractual clauses.

4) Recipients of data processing.

Recipients of data processing are natural and/or legal persons who, in execution of the contract and/or for legal obligations, must be made aware of the contract/obligation/juridical transaction which led to the disclosure of the processed data.

5) Transfer of data abroad.

The data is not transferred abroad without the consent of the interested party.

6) Data retention.

The company keeps the data for a period necessary to achieve the specific purposes of the processing, in compliance with the contractual and/or regulatory obligations and in any case no later than days. 30. The treatment will be carried out both with manual and/or IT tools with organization and processing logics strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data in compliance with the organizational, physical and logics envisaged by the provisions in force.

7) The rights of the interested parties.

The interested parties will be able to exercise the rights provided for by the regulation and by the related implementing measures. In particular, they will have the right:

  1. a) to obtain access to their personal data and information on the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed,
  2. b) to know the envisaged retention period of personal data;
  3. c) to ask the data controller or manager to rectify or cancel personal data or limit the processing of personal data concerning them or to oppose their treatment, if they are no longer necessary for the purposes of the treatment or processed unlawfully. This right is not admissible if there is a legal or contractual obligation or a legitimate interest. These rights are exercised with a simple communication, even via e-mail, to the addresses of the holder indicated above. The answer will be provided, in an intelligible form, preferably by e-mail, at the latest within one month of the request. They will also have the right to lodge a complaint, if the interested parties believe that their rights and the procedure have not been respected, to the Guarantor for the Protection of Personal Data (contact details on garanteprivacy.it). They will in any case have the right to obtain, with a reasoned and documented request, the rectification or integration of data, if inaccurate or incomplete. This fulfillment will be performed without delay, subject to verification of what is requested. In some cases, they may also request that the treatment be limited, if the conditions established by the legislation exist. For data processed with automated systems, they will also have the right to receive, if they request it from the addresses indicated above, in a commonly used and readable structured format, personal data concerning them for the purpose of communicating them to another holder (right of portability ).

8) Video surveillance.

The premises of the structures belonging to our company can be protected by video surveillance systems aimed at protecting the people we host, the machinery, the work tools and, in general, the company’s assets. Data processing takes place exclusively in the presence of the legitimate interest of the Data Controller and is carried out in compliance with the provisions of the law, in compliance with the conditions of lawfulness established by the Regulation. The video surveillance activity can be carried out: remotely, automatically in the event of an alarm or continuously in the event of particular risk or emergency situations. The access or passage of interested parties at the entrances, premises and spaces pertaining to the company necessarily involves the shooting of images that may concern them. Recorded images are stored on electronic or magnetic media. The data collected will be processed by the personnel appointed by the company and may be made available to collaborators and/or external subjects specifically appointed by the Data Controller (maintenance workers, cleaners, supervisors, etc.) as well as by the Authorities. The data collected in this way will be kept for the time strictly necessary for the checks and, in any case, for a period not exceeding 36 hours from the time of registration, except for the longer term permitted by the General Provision of the Guarantor for the protection of data. personal data or that possibly necessary to fulfill specific requests from the Authorities in relation to investigative activities in progress. At the end of the retention period, the recorded images are deleted from the relevant electronic, computer or magnetic media. Interested parties have the right of access; right to cancellation (“oblivion”); right to limitation of treatment; right to data portability; right of opposition; right to lodge a complaint with a Supervisory Authority and to contact the Data Controller, the Data Protection Manager (see contact email above), the Guarantor (www.garanteprivacy.it).

FOR WHATEVER NOT PROVIDED FOR IN THIS INFORMATION REFER TO THE EU REGULATION 679/2016 and to the website of the Guarantor: http://www.garanteprivacy.it