Privacy Policy

This page describes the methods of managing the website in relation to the processing of personal data of users who consult it.
This notice is also provided pursuant to Article 13 of EU Regulation 2016/679, applicable as of May 25, 2018 – General Data Protection Regulation (hereinafter “GDPR”),
to those who interact with the web services of The Begin Hotels, accessible online at the following address: https://www.thebeginhotels.com/

This Privacy Policy applies exclusively to the website https://www.thebeginhotels.com and not to any other websites that the user may consult via links.
The notice also draws inspiration from Directive 2009/136/EC of 25 November 2009 and from the General Measure of the Italian Data Protection Authority no. 231
“Guidelines on cookies and other tracking tools” of 10 June 2021.


DATA CONTROLLER
Pursuant to Article 4(7) of GDPR 2016/679, the Data Controller is THE BEGIN S.r.l., with its registered office at Via Clivo di Monte Gallo 48, 00165 Roma, Italy.

DATA PROTECTION OFFICER (DPO)
In accordance with Article 37 of GDPR 2016/679, THE BEGIN S.r.l. has appointed a company Data Protection Officer (DPO), who can be contacted at: privacy@thebegin.it.
The DPO acts as the primary point of contact for all matters relating to the processing of personal data, including the exercise of data subjects’ rights.

DATA PROCESSORS
Personal data collected through this website may be processed and disclosed, in compliance with legal requirements, to:
- Group companies;
- Companies providing hosting, maintenance, and management of the website;
- Companies providing IT infrastructure management and technical support services;
- Vertical Booking S.r.l., with registered office at Piazza Pontida 7 – 24122 Bergamo, for service bookings through the integrated platform on the site;
- GGF GROUP S.r.l., with its operating office at Via Albertini, 36 Gross Blocco I3 – 60131 Ancona, for booking, marketing, administrative, and centralized human resources management activities, as external data processor;
- Third parties managing cookies (as per the Cookie Policy);
- Providers of email marketing platforms;
- Public bodies or offices, where required by legal and/or contractual obligations;
- Independent professionals, professional firms, companies, or associations providing consultancy or assistance for administrative, accounting, financial, or legal defense purposes;
- Public institutions and authorities as required by applicable accounting and tax laws.

An updated list of appointed Data Processors pursuant to Article 28 GDPR 2016/679 may be requested from the Data Controller.

PLACE OF DATA PROCESSING
Data processing connected to the web services of this site takes place at the Data Controller’s and Data Processors’ premises.
No personal data deriving from the web service will be communicated or disseminated, except as indicated herein.
By using third-party cookies, processing may also take place outside the European Union by Google or other companies that install third-party cookies.
For further details, please refer to the relevant Cookie Policy displayed in the pop-up at the bottom left of the website.


TYPES OF DATA PROCESSED

Browsing Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects but, by its very nature, could, through processing and association with data held by third parties, allow the identification of users.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

These data are used solely to obtain anonymous statistical information on site usage and to check its proper functioning and are deleted immediately after processing. Data may be used to establish liability in the event of potential cybercrimes against the site; except for this case, web contact data do not persist for more than thirty (30) days.

Data Voluntarily Provided by the User
The voluntary and explicit sending of email to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to reply to requests, as well as any other personal data included in the communication.
The voluntary completion of data acquisition forms for the request of specific services or participation in offers entails the subsequent processing of the personal data provided for the execution of a contract to which the data subject is a party or for pre-contractual and/or contractual measures requested by the same.

The company has implemented specific measures to ensure that data processing is always preceded by the user’s explicit acknowledgment of this Privacy Policy.

Among the personal data voluntarily provided and collected by this website, either independently or through third parties, are, for example: name, surname, tax code, date of birth, telephone number, email address, company name, address, country, province, postal code, city.

Unless expressly required, special categories of personal data as defined under Article 9(1) GDPR (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a person, health data, or data concerning sex life or sexual orientation) must not be submitted.

When making a booking, users may voluntarily provide information regarding food intolerances and/or allergies to ensure the proper delivery of services.

Cookies
For a detailed description of the processing carried out through Cookies or other tracking tools, please refer to the Cookie Policy available via the cookie banner and, for further details, to the Guidelines issued by the Italian Data Protection Authority on 10 June 2021.

Minors
The services provided by this website are not intended for minors, and the Data Controller does not knowingly collect data, including personal data, relating to minors.
If the Company becomes aware that it has collected personal data of a minor, it will immediately delete such data, unless there is a legal obligation to retain it or such processing is required under a judicial authority order. Users are therefore invited to contact us should they believe that the Data Controller has inadvertently collected information relating to a minor.

Third-Party Data
This Privacy Notice also applies to third parties (e.g., payers other than the hotel guest, travel companions) whose personal data may have been provided to us by you.
In this regard, you declare that you are entitled to disclose such data and undertake to inform the third parties concerned of the content of this Privacy Notice, indemnifying the Data Controller against any claims, requests, or damages from such third parties in connection with unlawful data disclosure.


INTERACTION WITH SOCIAL NETWORKS IN BOOKINGS
This type of service allows interaction with social networks, or other external platforms, directly from the booking form pages.
Interactions and information obtained from this website are subject to the user’s privacy settings for each social network.

SOCIAL BUTTONS
The Company’s website uses social plug-ins for the following platforms: Facebook and Instagram.
This means that by clicking on specific buttons (social buttons/widgets) displaying the icons of these social networks, the user is automatically redirected to the selected provider’s platform, where they may interact directly with the Company’s social profile.
Users are therefore invited to review the Privacy Policy of the respective platform and consult the Company’s Cookie Policy section for a comprehensive description of this feature.


METHODS OF PROCESSING
Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.


PURPOSES, LEGAL BASIS AND NATURE OF PROCESSING
The personal data you provide through the website will be processed by THE BEGIN S.r.l. for the following purposes:

- To subscribe to offers, purchase gift items, make a reservation, or request information. Legal basis: Article 6(1)(b) GDPR – processing necessary for the performance of pre-contractual or contractual measures requested by the data subject. Consent not required.

- To subscribe to the newsletter and receive periodic promotional and commercial communications from THE BEGIN S.r.l. by email. Legal basis: Article 6(1)(a) GDPR – Explicit consent required.

- To assess job applications by acquiring résumés submitted via the dedicated careers section. Legal basis: Legislative Decree 196/2003, Article 111-bis, and Article 6(1)(a) GDPR – Explicit consent required.

- For research and statistical analysis on aggregated and anonymous data, aimed at measuring website performance, traffic, usability, and user interest. Legal basis: Not applicable, as no personal data is processed. Consent not required.

- For profiling purposes through third-party cookies. Legal basis: Article 6(1)(a) GDPR, in accordance with Directive 2009/136/EC – Consent required (see Cookie Policy).

- To comply with legal and regulatory obligations. Legal basis: Article 6(1)(c) GDPR 

- For the establishment, exercise, or defense of legal claims, or whenever courts are acting in their judicial capacity. Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Data Controller. Consent not required.



MANAGEMENT OF CURRICULA
This notice, prepared in accordance with Article 13 of EU Regulation 2016/679, may also be used by THE BEGIN S.r.l. in connection with job postings published on third-party job sites not directly managed by the Company.
THE BEGIN S.r.l. reserves the right to review résumés received by email or via online job advertisements in accordance with this Privacy Policy.

Résumés considered “of interest” will be retained for 24 months and processed in compliance with the security measures of EU Regulation 2016/679.
After 24 months, résumés will be destroyed, or candidates may be contacted to request authorization to provide an updated résumé.
Résumés will not be disclosed to third parties.

Candidates are kindly requested to follow these rules when sending résumés in electronic format:
- Use the European CV format;
- Send the CV in PDF format;
- Avoid including special categories of data as defined under Article 9 GDPR (e.g., health data, religious, philosophical, or political beliefs) not relevant to the job offer;
- Provide explicit consent for the processing of special categories of personal data relevant to the establishment of an employment relationship (e.g., belonging to protected categories under Law 68/99).

The Company will provide a specific privacy notice pursuant to Article 13 GDPR during interviews with candidates.
The processing of résumés will be limited strictly to activities related to evaluation, recruitment, or personnel selection for collaboration, fixed-term or permanent employment, internships, or thesis projects carried out at our headquarters.


TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
The Data Controller undertakes to restrict the circulation and processing of personal data (e.g., storage, archiving, retention on its servers) to countries within the European Union, expressly prohibiting their transfer to non-EU countries that do not ensure an adequate level of protection (or in the absence of) as defined by Chapter V of EU Regulation 2016/679 (adequacy decision, Standard Contractual Clauses, explicit consent of the data subject, or EU-US Data Privacy Framework).


DISCLOSURE OF PERSONAL DATA
Personal data collected through this website may be disclosed, in addition to the subjects listed under “Data Processors,” to the following categories of recipients:
- Authorized personnel of THE BEGIN S.r.l.;
- Public bodies or offices as required by legal and/or contractual obligations;
- Debt collection agencies and banks for the management of payments related to the stay;
- Partners or service providers when disclosure is necessary to provide hotel services to the data subject;
- Third-party companies that install profiling cookies.

As stated above, an updated list of external data processors appointed under Article 28 GDPR 2016/679 may be requested from the Data Controller.


DATA RETENTION
THE BEGIN S.r.l. will process personal data of users for the time strictly necessary to achieve the purposes set out in this notice and for as long as permitted by Italian law to protect its interests (Art. 2947(1)(3) Civil Code).
Users will remain subscribed to the Company’s newsletter until they exercise their right to unsubscribe, which may be done easily by clicking directly on the link provided in each email.


AUTOMATED PROCESSING
THE BEGIN S.r.l. does not send profiled emails but uses profiling cookies. For details on profiling cookies and their interaction with social tools, please consult the Cookie Policy available through the relevant banner.


RIGHTS OF DATA SUBJECTS
Users may freely exercise their rights under Articles 15 et seq. of GDPR 2016/679, including:
- Withdraw consent at any time. Users may withdraw their previously given consent to the processing of their personal data;
- Object to processing. Users may object to processing carried out on a legal basis other than consent;
- Access their Data. Users have the right to obtain information on the data processed by the Controller and to receive a copy thereof;
- Verify and request rectification. Users may verify the accuracy of their Data and request its update or correction;
- Obtain restriction of processing. Under certain conditions, users may request restriction of processing, in which case the Controller will process the Data only for storage purposes;
- Request erasure. Under certain conditions, users may request deletion of their Data by the Controller;
- Data portability. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible;
- Lodge a complaint. Users may lodge a complaint with the competent Data Protection Authority or take legal action.


EXERCISING YOUR RIGHTS
To exercise the above rights, data subjects may contact the Data Protection Officer at the following email address: privacy@thebegin.it


UPDATES AND REVISIONS
This Privacy Policy was last updated on 20-08-2025 – Revision 5 and may be subject to future amendments.