Information on the processing of personal data

pursuant to art. 13 General Data Protection Regulation - EU Reg. 2016/679

("Privacy Policy")

Dear User, below we provide some information about the processing of your personal data through the site (the "Site"). This information does not apply to other sites, even if they can be consulted through any links on the Site.


  1. The Joint Data Controllers

The purposes and means of the processing of personal data described in this privacy policy are determined jointly by the following subjects, who therefore act as joint data controllers pursuant to art. 26 of the Regulation:

VE.GA. Booking S.r.l., with registered office in Via Orsa Maggiore 36, 30028 San Michele Al Tagliamento (VE), VAT number 04478010277;


PRO.HOTEL S.R.L based in San Michele al Tagliamento (Venice), Via Orsa Maggiore, 34

VAT number 04465210278

Requests for clarification on this privacy policy and requests for the exercise of the rights described here can be submitted to these contacts: tel. +39 0431 43377 - e-mail

The Joint Controllers are both responsible for the treatments outlined in this privacy policy and the internal division of obligations reflects the organizational one in the provision of services. In particular, VE.GA. Booking S.r.l. manages the website administration tools and the related back-end (therefore it also takes care of informing interested parties about the treatments and their characteristics), while PRO.HOTEL Srl is the owner of the domain on which the Site is published and collaborates with VE.GA. Booking S.r.l. in the management of the same.


Pursuant to art. 26 of the Regulation, and despite the above provision, each interested party may:

  1. exercise their rights under the Regulations and described in art. 9 of this privacy policy towards and against each Joint Controller;
  2. request information regarding the obligations and roles of each Joint Controller in the processing described by this privacy policy, and the agreement between them, in compliance with the principle of transparency referred to in the Regulations.



  1. The contact details of the Data Protection Officer

Pursuant to art. 37 paragraph 2 of the Regulation, the Joint Controllers - as they are part of the same corporate group - have appointed a single person responsible for the protection of personal data (so-called DPO - Data Protection Officer) who can be contacted at no. +39 3938764353, or to the e-mail address


  1. The categories of personal data processed

Personal and identification data

Personal data means any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information. In particular, these personal data can be collected through the Site: name, surname, physical address, e-mail address.

Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.


This category of data includes, by way of example, the IP addresses or domain names of the computers used by users who connect to the Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response. , the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the interested party / user.

Data provided spontaneously by the user

The sending (always optional and at your discretion) of e-mails to the e-mail addresses indicated on the Site and / or through other interactions with the Site itself involves the subsequent acquisition of your address, necessary to respond to requests, as well as any other data personal data included in the communication. Specific information may be presented on the pages of the Site in relation to particular services provided by one or both of the Joint Controllers.

  1. Purpose and legal basis of the processing

The personal data you provide are processed for the following purposes:

  1. a) to allow your navigation on the Site;
  2. b) for the management of any contact requests (for example by e-mail sent directly to the address of one of the hotels on the Site);
  3. c) to respond to any requests from public authorities;
  4. d) to manage any legal disputes.


The legal basis of the processing carried out for the purposes referred to in points a) and b) consists of the adoption of pre-contractual and contractual measures at the request of the interested party (Article 6, paragraph 1, letter b of the GDPR).

The legal basis of the processing carried out for the purposes referred to in point c) is constituted by the need to fulfill a legal obligation to which one or both of the Joint Data Controllers are subject (Article 6, paragraph 1, letter c, GDPR).

The legal basis of the treatments carried out for the purposes referred to in points d) is constituted by the legitimate interest of one or both of the Joint Data Controllers to ascertain, exercise, defend their own right (Article 6, paragraph 1, letter f, GDPR ).


  1. The recipients of the data

Your personal data may be disclosed to third parties, for needs strictly related to the purposes set out above and in particular to the following categories of subjects:

  1. a) other companies of the entrepreneurial group to which the Joint Controllers belong;
  2. b) to professionals and third-party companies with which one or both of the Joint Controllers collaborate, if necessary for the operation of the Site, or for the management of the request sent through the Site, or for the management of any disputes relating to the use of the Site and the request submitted by the user;
  3. c) persons authorized to process data and who are committed to confidentiality or have a legal obligation of confidentiality (eg employees and collaborators).
  4. Processing methods

The processing of personal data is carried out using paper and IT tools in compliance with the provisions on the protection of personal data and, in particular, with the appropriate technical and organizational measures referred to in art. 32.1 of the Regulations, and with the observance of any precautionary measures that guarantee their integrity, confidentiality and availability.


  1. Plug-ins for Social Networks

Some pages of the Site may contain social network plug-ins (eg Google Maps, Facebook, Google+ and any others). By clicking on these plug-ins - which are recognizable with the same symbol as the reference social network - the browser connects directly to the social network servers and another browser page or tab is opened, connected to the social network. In the event that the user, when he clicks on the plug-in, is connected to his social account (connection that can remain active even if the social network page is closed, typically if returning to the address of the social network the user is already logged in with his account), some personal data may be associated with the social account. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the user's privacy in this context, can be found directly on the social network pages. If you do not wish to associate the visit to our Site with your social account, you must log off from the social network before visiting it.


  1. Transfers abroad

The Joint Data Controllers do not transfer personal data outside the European Union.

  1. The data retention period

Personal data are kept in the archives of the Joint Controllers and are kept for a period of 10 (ten) years starting from the last interaction with the user, in consideration of the statutory limitation period for any claims and / or disputes. arising from the candidate selection procedure.




  1. Rights of the interested party and complaint before the Guarantor

We inform you that you can contact us to exercise the following rights:

  1. a) access (Article 15 of the GDPR): you will be able to know if your personal data are being processed and obtain the information required by the aforementioned regulation;
  2. b) rectification (Article 16 of the GDPR): you can obtain the correction of your inaccurate personal data or the integration of incomplete ones;
  3. c) cancellation / oblivion (Article 17 of the GDPR): you can obtain the cancellation of your personal data, in the foreseen hypotheses;
  4. d) limitation of processing (Article 18 of the GDPR): you will be able to obtain that your personal data are subject to conservation only, with the exclusion of other treatments, in the foreseen hypotheses;
  5. e) portability (Article 20 of the GDPR): you can obtain your personal data in a structured format, commonly used and readable by an automatic device and also obtain direct transmission to another data controller, in the foreseen hypotheses;
  6. f) opposition (Article 21 of the GDPR): you may stop the further processing of your personal data for reasons related to your particular situation, unless our legitimate interests prevail, in the hypotheses provided;
  7. g) withdrawal of consent (Article 7.3 of the GDPR): you may withdraw consent at any time for cases in which the processing is based on the same.

We also inform you of your right to lodge a complaint with the competent Data Protection Authority. We remind you that the complaint, pursuant to art. 77.1 GDPR, can be promoted by the interested party at the Authority of the place where the interested party usually resides, where he works or where the alleged violation has occurred.


  1. Obligation / Optional nature of the provision, consent and opposition

The data collected is essential for browsing the Site. Failure to transmit them may make it impossible to browse the Site and / or the impossibility of following up on any requests submitted through the Site.


Last updated: May 13, 2019