PRIVACY POLICY

This Privacy Policy is made pursuant to art. 13 of the European Regulation n. 679/2016 and applies exclusively to all Data collected through the Website https://www.magnapars.it/. This Privacy Policy is subject to updates that will be published regularly on the Website. This Privacy Policy, and the Cookie Policy, establish the basis on which the personal data of the interested party will be processed.

Data Controller

The Data Controller of the data collected by this website is Magna Pars S.R.L. based in Via Forcella, 6 – 20144 Milan. email: reservations@magnapars.it

Personal Data Processed

Personal Data means any information concerning an identified or identifiable natural person (Data Subject). Is considered as identifiable the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as name, identification number, location data, on-line identifierline, one or more features of its physical identity.

Category of personal data processed

Among the Personal Data processed by this Website, autonomously or through third parties, there are Common Data such as:

• • Personal data (such as name, surname, date of birth, age, sex, etc.)

• • Contact details (e-mail, address, telephone number)

• • Internet browsing data (including data derived from the use of social icons and social login buttons) collected through cookies installed on your computer or mobile device (for more information, see the Cookie Policy)

• • If a request is sent through the “Contact” section of the Site, the provision of some Personal Data is necessary for the Data Controller to satisfy the requests, so the relevant fields of the registration form are marked as mandatory.

• • Cookies and usage data

Processing of personal data

The Personal Data provided or acquired will be subject to Processing based on the principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with current regulations. The Data Controller processes Users’ Personal Data by taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. The processing is carried out using computer tools and/ or telematics, with organizational methods and logic closely related to the purposes indicated.

Purpose of the processing of personal data and legal basis 

Personal Data may be collected autonomously by the Data Controller or through third parties. In this case, the computer systems and software procedures used to operate this Website collect some Personal Data of the Users, of a technical-informatical nature  (e.g. IP address, type of browser used, operating system, domain name and addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal operation of the Internet. Such data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/ or to check its proper functioning and will be deleted immediately after processing.

The data that the interested party chooses to provide voluntarily will be processed in compliance with the conditions of lawfulness ex art. 6 GDPR and will be processed to allow the Website to provide its services, as well as for the Purposes indicated below, and will be kept for the time necessary to fulfill said Purposes. Specifically, the purposes of processing are:

1) Responding to requests and providing information

The Data will be processed in order to be contacted again or to respond to specific requests addressed to the Controller by the Data Subject for communications of a nature relating to the Services of the same Controller, via e-mail or other means of communication such as telephone.

Legal basis: this processing is optional and based on the consent of the Data Subject, however the provision of the Data is necessary for the pursuit of the stated purpose.

Data retention period: until the consent of the interested party is revoked.

2) Pre-check-in phase

In the pre-check-in phase, the person concerned can fill out a digital form to facilitate the reception and stay procedures at the accommodation facility. The form may request: identification and personal data (e.g. name, surname, date and place of birth);

contact details (phone, email); booking information (date of arrival/departure, number of guests, preference for stay); optional catering preferences (e.g. dinner request, food intolerances); any information relating to health conditions relevant for the stay (e.g. allergies, disabilities); loading a copy of the identity document, in accordance with current legislation (e.g. art. 109 TULPS).

The data are processed to speed up check-in operations; comply with the legal obligations of guest registration; improve the reception and services offered, respecting the preferences expressed by the interested party.

Legal basis for processing: The processing of personal data and a copy of an identity document is necessary to comply with a legal obligation (art. 6, para. 1, lett. c GDPR); The processing of residence preferences, food and any health-related data is optional and based on the explicit consent of the Data Subject (art. 6, lett. a and art. 9, para. 2, lett. a GDPR).

Data retention period: The data collected for legal obligations will be kept for 5 or 10 years, according to tax and public security regulations;

The data collected on a voluntary basis (preferences, health data) will be kept until the withdrawal of consent and in any case no later than 12 months after the end of the stay.

3) Processing of Children’s Data

The Data Controller does not intentionally collect personal data of children under 18 years without the consent of the person exercising parental responsibility, except in cases where the law allows it (e.g. registration obligation pursuant to art. 109 of TULPS).

In the event that the minor is included in the pre-check-in form, the data will be processed exclusively for purposes of personal registration and stay, as provided by current legislation.

The provision of such data must be made exclusively by the responsible adult (parent, guardian or other authorised person).

Any additional data (e.g. allergies or special needs related to the child) will be processed only with the explicit consent of the parent/guardian.

4) Processing of Special Categories of Data (art. 9 GDPR)

In the pre-check-in form, the data subject may voluntarily provide information relating to particular categories of personal data (e.g. health data, intolerances, disabilities, specific dietary needs).

These data will only be processed:

for purposes related to the improvement of the stay and services offered (e.g. adaptation of catering, accessible accommodation);

after express consent of the Data Subject, pursuant to art. 9, para. 2, lett. a GDPR.

The conferment is optional but the lack of consent could limit the possibility of the structure to personalize adequately the service. Data will be processed with enhanced security measures and stored only for the time strictly necessary for the specific purpose.

5) Information and pre-contractual obligations

The data will be processed to contact the Data Subject again and respond to his specific requests for information, such as informative communications on products and services offered by the Controller, request for quotes and/ or pre-contractual assistance for the purchase of products. The contact can be made by e-mail, telephone or filling out the contact form on the site.

Legal basis of processing:

Execution of pre-contractual measures at the request of the data subject (art. 6.1 lit. b GDPR) When the processing is necessary to respond to requests for information or estimates.

Consent of the Data Subject (art. 6.1 lit. a GDPR) When data is collected for subsequent commercial contacts and/ or promotional offers.

Data retention period:

The data provided for requests for information or quotes will be kept for a maximum of 12 months, unless a contractual relationship occurs.

If the data subject has given consent to be contacted again for future offers, the data will be stored until the consent is withdrawn.

6) Booking of the stay

Personal data provided by the Data Subject through the online booking form (e.g. name, email, telephone number, dates of stay, number of guests, any preferences) will be processed in order to manage the booking request; confirm the availability and proceed with the reservation itself; contact the Data Subject in case of need (e.g. changes, confirmations, service communications).

Legal basis: The processing is necessary to carry out pre-contractual measures at the request of the data subject (art. 6, para. 1, lett. b GDPR).

Retention period: Data will be retained for the time required for tax/legal obligations up to 10 years

7) Processing required under a contract

The data will be processed for the following purposes:

– Execution of the contract concluded between the Data Subject and the Data Controller for the sale of the Products/Services on the Website.

– Management of the contractual relationship, including communication related to booking and invoicing.

Compliance with legal, administrative and tax obligations arising from the sale of services.

Legal basis of processing: the legal basis for processing is:

Performance of the contract (art. 6.1 lit. b GDPR) The processing is necessary to provide the product/service purchased by the data subject.

Legal obligation (art. 6.1 lit. c GDPR) The processing is necessary to comply with tax, administrative and accounting obligations.

Data relating to payments

Data retention period

The personal data processed for contractual and administrative purposes will be kept for the time necessary to perform the contract and, subsequently, for a maximum period of 10 years, in accordance with legal obligations in tax and accounting matters. Online payments are processed by external payment service providers (e.g. PayPal, Stripe, Shopify Payments). The Data Controller does not directly store the credit card or payment details of the Data Subject, but only receives a confirmation of payment from the service provider.

8) Fulfilment of any obligations under applicable laws

The Data will be processed to comply with any type of obligation contemplated and provided by applicable laws, regulations, related regulations, commercial practices and tax/ fiscal matters, including for the purposes provided for by the anti-money laundering legislation of Legislative Decree No. 231/2007 and subsequent amendments.

Legal basis: this processing is necessary to comply with a legal obligation to which the Data Controller is subject.

Data retention period: period specified by law and in any case for a maximum of 10 years for the purpose of fulfilling the related administrative and tax obligations.

9) Soft spam

The Data Controller may send the Data Subject commercial and promotional communications by e-mail relating to Products/Services similar to those already purchased by the Data Subject, without the need for prior consent, pursuant to art. 130, paragraph 4, of the Privacy Code, as amended by D.lgs. 101/2018. The Data Subject has the right to object at any time to such communications, using the unsubscribe link present in each email received or by contacting the Controller at his e-mail address.

Legal basis of processing: The processing is based on the legitimate interest of the Data Controller (art. 6, lit. f GDPR) to promote products or services similar to those already purchased by users. This legitimate interest is balanced with the right of the data subject to object at any time, as provided for in Recital n. 47 of the GDPR.

Data retention period: The data of the interested party will be processed for this purpose until the interested party exercises the right to object.

10) Newsletter

The personal data provided by the Data Subject will be processed for sending newsletters containing promotional, commercial and advertising communications, as well as updates on initiatives and events of the Data Controller. For the sending of the newsletter, the Owner may process name and surname (if provided by the user), email address. The Data Controller may also have interactions with the emails sent (e.g. opening the newsletter, clicking on links), where provided by the tracking systems used by the Data Controller.

Legal basis of processing: the processing is based on the explicit and free consent of the data subject, pursuant to art. 6, para. 1, lett. a GDPR. Subscription to the newsletter is optional and failure to provide data does not affect the use of other services of the site.

Data retention period: The data will be processed until the revocation of consent by the Data Subject, who may exercise the right to unsubscribe at any time:

Through the unsubscribe link at the bottom of every newsletter you receive.

By direct request to the Data Controller, sending a communication to the email address.

11) Statistics

The data will be processed to carry out statistical analysis and market research aimed at understanding users’ preferences and behaviors in order to improve the products and services offered, Analyze the interaction of users with the website to optimize navigation and user experience. Analyses will be carried out on aggregated and anonymous data where possible. If the data cannot be made completely anonymous, it will be processed in a pseudonymised form and subject to the protections of the GDPR.

Legal basis of processing:

Consent of the data subject (art. 6, para. 1, lett. a GDPR) If the data is collected through analysis tools that track user behavior.

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR) If the analyses are carried out exclusively on anonymous and aggregated data.

The Data Subject may revoke consent at any time and deactivate tracking by:

The cookie management banner on the site.

Your browser settings, which allow you to block tracking cookies.

Direct request to the Data Controller at email address [insert email].

Data retention period: The data will be kept until you revoke your consent or for the maximum period set in each analysis tool.

12) Profiling for advertising campaigns

The personal data of the Data Subject will be processed for the analysis and evaluation of interests, habits and consumer choices, in order to create personalized profiles based on the user’s preferences, send information and promotional material about Services/Products offered by the Controller, Display personalized advertisements on third-party platforms (e.g. Facebook Ads, Google Ads, email marketing).

Legal basis of processing: The processing is based on the explicit and free consent of the data subject, pursuant to art. 6, para. 1, lett. a GDPR.

The data subject has the right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent given before withdrawal.

The data subject may object to profiling and stop processing by:

– The privacy management settings in your account (if available).

– The unsubscribe link in each promotional communication received.

– Direct request to the Data Controller at.

Data retention period: The data of the interested party will be processed until the consent is withdrawn.

13) Work with us

Through the “Work with us” section on the site, interested parties can send their application by email attaching their curriculum vitae, in addition to any additional information provided voluntarily by the candidate. The data will be processed exclusively to evaluate the application and contact the interested party if the profile is compatible with the needs of the Data Controller.

Legal basis of processing: The data processing is based on the consent of the Data Subject (art. 6, para. 1, lett. a GDPR). The provision of data is optional, but necessary to be able to evaluate the application and proceed with a possible recontact.

Data retention period: The data collected will be retained until the consent of the interested party is revoked or, in the absence of revocation, for a maximum of 12 months from the date of sending the form.

Communication of data

In addition to the Data Controller, in some cases, they may have access to the Data:

a) categories of specially trained Representatives involved in the organization of the Website (administrative, commercial, marketing, legal staff, system administrators);

b) external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies) also appointed Data Processors by the Data Controller pursuant to art. 28 GDPR. The updated list of Controllers, if appointed, may always be requested from the Data Controller;

c)  public or private entities that may access the Data in compliance with legal obligations;

d) subjects who perform ancillary and instrumental tasks in relation to the Data Controller’s activity.

Time of treatment

As expressly provided for in art. 5, co. 1, lett. e) of the GDPR, the Data are stored for the time necessary to the Processing of the same in relation to the performance of the service requested by the Data Subject, or required by the Purposes described above in this document. At the end of the retention period, the Personal Data will be deleted and therefore, the rights of access, deletion, rectification and portability of the Data can no longer be exercised.

Cookie

This website uses cookies. Cookies are small text files that can be used by websites to make the Data Subject’s experience more efficient and to personalize content and ads, provide social network functions and analyze traffic. Cookie Policy

Place of processing and transfer of data abroad

The Data are processed at the operating location of the Controller. For further information, you can contact the Controller. The Data may be processed by natural persons and/or legal entities acting on behalf of the Data Controller and under specific contractual obligations and located in EU member countries or non-EU countries. In the event that the Data is transferred outside the EEA, the Controller will take all contractual measures to ensure adequate protection of the Data.

Exercising the data subject’s rights

The interested party has the right to exercise the options provided for in art. 7, 15-22 of European Reg. 679/2016.  In particular, you have the right to withdraw your consent at any time and, upon simple request to the Data Controller, you may request access to the Personal Data, receive the Personal Data provided to the Controller and, where possible, transmit them to another Controller without hindrance (c.d. portability), obtain the update, restriction of processing, the rectification of Data and the deletion of those processed in violation of current legislation. You have the right, for legitimate reasons, to object to the processing of personal data concerning you and to the processing for the purposes of sending advertising material, direct sales and market research. You also have the right to lodge a complaint with the Data Protection Authority, as the supervisory authority for the protection of personal data, or to apply to the appropriate courts. The data subject may exercise his rights by contacting the Data Controller via e-mail at: reservations@magnapars.it

Tools used for processing personal data 

Web platform/CSM

The website is developed and managed by WordPress, an open source platform that allows dynamic creation and administration of web content. The use of WordPress involves interaction with components that may collect and process Personal Data for user management, e-commerce, activity tracking, security and technical analysis purposes.

Legal basis of processing: The execution of a contract or pre-contractual measures at the request of the data subject (art. 6, para. 1, lit. b GDPR), and the legitimate interest of the Controller in the technical, administrative and commercial management of the site (art. 6, par. 1, lit. f GDPR).

Data retention period: The data processed through WordPress are kept for the time necessary to ensure the operation of the site, the provision of the services requested and the fulfillment of legal or tax obligations. Storage times may vary depending on the configuration of installed plugins.

Location of processing: The data is processed via servers located mainly in Ireland, but some integrated services may use geographically located servers, including outside the European Economic Area. In this case, appropriate protective measures are taken pursuant to art. 44 et seq. of the GDPR. Privacy Policy

SITE FORM

By filling in the contact form and the pre-check-in form with your personal data, you consent to their use to respond to requests for information or any other purpose indicated in the header of the form.

This website uses:

WordPress (Aut O’Mattic A8C Ireland Ltd.)

The site uses the features offered by the WordPress platform for the creation and management of contact forms. The data entered by users are transmitted to the Data Controller in order to process requests.

Legal basis of processing: The consent of the data subject (art. 6, para. 1, lett. a GDPR), expressed through the voluntary completion of the form.

The execution of a contract or pre-contractual measures, if the form is aimed at a service request (art. 6, para. 1, lett. b GDPR).

Data retention period: The data acquired through contact forms are stored for the time necessary to process the User’s request or according to the deadlines defined by the specific purposes (e.g. contact, registration, booking).

Place of processing: Ireland – Privacy Policy

MANAGING E-MAIL ADDRESSES

These services allow you to manage a database of email contacts, telephone contacts or any other type of contact used to communicate with the Data Subject. These services could also collect data on the date and time of viewing messages by the Data Subject, as well as the interaction of the Data Subject with them, such as information about clicks on links inserted in messages.

Newsletter

By subscribing to the newsletter, the Data Subject’s email address is automatically included in a contact list to which e-mail messages containing information, including commercial and promotional information, relating to this Website may be sent. The email address of the Data Subject may also be added to this list as a result of registration on this Site or after making a purchase. The interested party can choose at any time to unsubscribe from the newsletter by clicking on a specific button that will be found in the emails. After clicking on the delete button, your data will be deleted immediately by the “email marketing” software. Personal data collected: email and name. This website uses the newsletter service provided by:

Mailchimp (The Rocket Science Group) 

The Data Controller uses the service Mailchimp (The Rocket Science Group LLC, USA) to send newsletters containing updates, offers, commercial and promotional communications.

Data processed: name, email address, statistical data (e.g. opening email, click).

Purpose of the processing: Management of subscriptions to the newsletter, sending information and promotional communications, statistical analysis on interaction with emails.

Legal basis: Explicit consent of the Data Subject (art. 6, para. 1, lett. a GDPR), freely given during registration.

How to unsubscribe: The Data Subject can revoke their consent at any time through the link at the bottom of each communication or by writing to the Data Controller. The revocation entails termination of sending and deletion of data from the system.

Place of processing: USA. Mailchimp acts as data controller pursuant to art. 28 GDPR. The data transfer takes place on the basis of the Standard Contractual Clauses approved by the European Commission. Privacy Policy

(https://mailchimp.com/it/legal/data-processing-addendum/)

SPAM PROTECTION AND SECURITY

This website has an SSL certificate and uses the HTTPS protocol to secure the moment when personal data is entered. With the use of this protocol, the transactions and data that are transmitted on the websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.

This website also uses tools that analyse the traffic potentially in order to filter it from parts of traffic, messages and content recognized as SPAM.

reCAPTCHA

This website uses reCAPTCHA which is a service subject to the privacy policy and terms and conditions of using Google.

Statistics

The statistical services allow the Data Controller exclusively to monitor and analyze traffic data and serve to track the behavior of the Data Subject. This website uses the following services:

Google Analytics 4

This website uses Google Analytics 4 (GA4), an analysis service provided by Google LLC, to collect anonymous statistical information on the use of the website in order to improve the services offered. Google uses the collected Personal Data for:

Track and review the use of this website.

Compile reports on the site’s activities.

Share data with other Google services for analysis and optimization.

Google may also use Personal Data to personalize ads on its advertising network and may transfer such information to third parties if required by law or if those parties process the data on behalf of Google. In Google Analytics 4, IP addresses are only used at the time of collection and then deleted before storage.

Legal basis of processing: the data processing via Google Analytics 4 is based on:

Consent of the Data Subject (art. 6, para. 1, lett. a GDPR) if the data is collected via non-anonymized tracking cookies.

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR) if the data is collected anonymously and aggregated without identifying the user.

Personal Data collected: Usage data (information about your interactions with the site) and Cookies (if enabled).

Data retention period: The data collected through Google Analytics is stored for a maximum of 14 months, unless otherwise specified by the Controller.

The data subject can deactivate tracking by:

The cookie management banner on the site.

The browser add-on for disabling Google Analytics, available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Place of processing: USA – Irlanda Privacy Policy

Meta (Meta Platforms, Inc.) pixel conversions tracking

This site uses the Facebook Pixel, a conversion tracking service provided by Meta Platforms, Inc., which measures the effectiveness of advertising campaigns made through Facebook and Instagram. The Facebook Pixel monitors conversions that can be attributed to ads published on Facebook, allowing the Data Controller to:

Measure the performance of advertising campaigns.

Create custom audiences based on user interactions.

Retargeting users who have visited the website.

Personal Data collected: Cookies and tracking tools and usage data (user interactions with the site and advertisements).

Legal basis of processing: the use of the Facebook Pixel for marketing and tracking purposes is based on:

Explicit consent of the data subject (art. 6, para. 1, lett. a GDPR) The Facebook pixel is only activated with the user’s consent via the cookie banner.

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR) If tracking is limited to anonymous statistical analysis.

Data retention period: The data collected by the Facebook Pixel is stored for a maximum of 180 days, unless otherwise set by Meta.

The data subject can revoke their consent and deactivate the Facebook Pixel via the following link:

The cookie management banner on the site.

The settings of your Facebook account, in the section “Preferences for ads”.

The Facebook deactivation tool: https://www.facebook.com/settings/?tab=ads.

Place of processing: Ireland – Privacy Policy

TAG MANAGEMENT

Using tag management systems allows you to install and manage code snippets (called Tags) within the HTML pages of a website. This technology allows you to Load tracking and analysis tools without manually modifying the source code of the site, manage multiple services simultaneously with a single snippet. The use of such services may result in your Data being passed to third-party tools that use these tags.

Google Tag Manager (Google LLC o Google Ireland Limited)

The site uses Google Tag Manager, a service provided by Google LLC that allows you to integrate and manage third-party tags such as analytics, remarketing and conversion tracking tools. Google Tag Manager itself does not collect personal data, but it can enable other tracking tools that do. If these tools involve the collection of personal data, the processing will be subject to their respective privacy policies and your consent.

Google Tag Manager does not directly collect personal data, but may manage tags that collect:

Cookies and tracking tools (if enabled).

Site usage data (user interactions with the site).

Legal basis of processing:

Legitimate interest of the Controller (art. 6, para. 1, lett. f GDPR) If the Tag Manager is used only for the technical management of tags without activating non-essential tracking.

Consent of the data subject (art. 6, para. 1, lett. a GDPR) If Google Tag Manager is used to activate tracking tools and personalized advertising (e.g. Google Analytics, Facebook Pixel).

Data retention period: Google Tag Manager does not keep any personal data of the user. However, third party services activated through may collect and retain data in accordance with their respective policies.

If Google Tag Manager is used to enable tracking tools, the data subject may withdraw consent by:

The cookie management banner on the site.

Your browser settings to block third-party cookies.Luogo del trattamento: USA – Irlanda – Privacy Policy

INTERACTION WITH SOCIAL NETWORKS

These services allow you to interact with social networks directly from the pages of this website. The interactions and information acquired from this website are in any case subject to the privacy settings of the data subject relating to each social network. If an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, it collects traffic data related to the pages in which it is installed.

Facebook (Meta Platforms, Inc.)

Facebook buttons are services of interaction with the social network Facebook, provided by Meta Platforms, Inc. Collected Personal Data: Cookies and Usage Data.

Legal basis of processing The integration of these services could involve the processing of Personal Data, which is based on:

Explicit consent of the Data Subject (art. 6, para. 1, lett. a GDPR) If the site uses tracking cookies for marketing or personalization purposes.

Legitimate interest of the Controller (art. 6, para. 1, lett. f GDPR) If the data is collected only to allow interaction with social networks without further tracking.

The Data Subject can revoke consent and limit social network tracking by:

The cookie management banner on the site.

The privacy settings of your account on social networks.

Browser settings, which allow you to block third-party cookies.

Place of processing: Ireland – Privacy Policy

Instagram (Meta Platforms, Inc.)

Instagram buttons are services of interaction with the social network Instagram, provided by Meta Platforms, Inc. Collected Personal Data: Cookies and Usage Data.

Legal basis of processing The integration of these services could involve the processing of Personal Data, which is based on:

Explicit consent of the Data Subject (art. 6, para. 1, lett. a GDPR) If the site uses tracking cookies for marketing or personalization purposes.

Legitimate interest of the Controller (art. 6, para. 1, lett. f GDPR) If the data is collected only to allow interaction with social networks without further tracking.

The Data Subject can revoke consent and limit social network tracking by:

The cookie management banner on the site.

The privacy settings of your account on social networks.

Browser settings, which allow you to block third-party cookies.

Place of processing: Ireland – Privacy Policy

REMARKETING AND RETARGETING

These services allow this Website to communicate, optimize and serve advertisements based on the past use of this Website by the Data Subject. This activity is carried out through the tracking of Usage Data and the use of Cookies or Tracking Tools.

Facebook Remarketing (Meta Platforms, Inc.)

The site uses the Facebook Remarketing service, provided by Meta Platforms, Inc., which links user activity on the website with the advertising network of Facebook and Instagram. The site uses Facebook Pixel to:

Show personalised advertisements to users who have visited the site.

Create audience groups to target specific ads.

Analyse conversions and measure the effectiveness of advertising campaigns.

Personal data collected:

Cookies and Tracking Tools.

Usage data (user interactions with the site and advertisements).

Legal basis of processing

The use of Facebook remarketing is based on:

Explicit consent of the data subject (art. 6, para. 1, lett. a GDPR) The Facebook pixel is only activated with the user’s consent via the cookie banner.

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR) If the data is collected only in anonymous form for statistical analysis.

The information collected by the Facebook Pixel is anonymous to the Site Owner, but Facebook can link it back to the user’s profile. Facebook may use this data for its own advertising purposes, including on third-party websites, in accordance with its Privacy Policy. The Controller has no direct control over the use of data by Facebook.

Data retention period: The data collected by the Facebook Pixel is stored for a maximum of 180 days, unless otherwise set by Meta.

The data subject can revoke their consent and deactivate remarketing by:

The cookie management banner on the site.

The settings of your Facebook account, in the section “Preferences for ads”.

The Facebook deactivation tool: Manage your advertising preferences.

Place of processing: Ireland – Privacy Policy

Instagram Remarketing (Meta Platforms, Inc.)

The site uses the Facebook Remarketing service, provided by Meta Platforms, Inc., which links user activity on the website with the advertising network of Facebook and Instagram. The site uses Instagram Pixel to:

Show personalised advertisements to users who have visited the site.

Create audience groups to target specific ads.

Analyse conversions and measure the effectiveness of advertising campaigns.

Personal data collected:

Cookies and Tracking Tools.

Usage data (user interactions with the site and advertisements).

Legal basis for processing: the use of Instagram Remarketing is based on:

Explicit consent of the data subject (art. 6, para. 1, lett. a GDPR) Meta Pixel is only activated with the user’s consent via the cookie banner.

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR) If the data is collected only in anonymous form for statistical analysis.

The information collected by the Meta Pixel is anonymous to the site owner, but Meta can link it to your profile. Meta may use this data for its own advertising purposes, including on third-party websites, in accordance with its Privacy Policy (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect). The Data Controller has no direct control over the use of data by Instagram.

Data retention period: Data collected by the Meta Pixel is stored for a maximum of 180 days, unless otherwise specified by Meta.

The data subject can revoke their consent and deactivate remarketing by:

The cookie management banner on the site.

The settings of your Instagram account, in the “Preferences for ads” section.

The Facebook deactivation tool: Manage your advertising preferences.

Place of processing: Ireland – Privacy Policy

Google Ads

The site uses Google Ads, a service provided by Google Ireland Limited, to manage paid advertising campaigns and track conversions (user actions after clicking on an ad, such as purchases, subscriptions or views). The service may make use of cookies and tracking tools (e.g. conversion tags, remarketing, tracking codes) to optimize the advertisements viewed by users based on their previous actions on the site or on other websites.

Legal basis of processing:

Consent of the data subject (art. 6, para. 1, lett. a GDPR), expressed through the cookie banner for marketing and profiling activities;

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR), to measure the effectiveness of advertising campaigns and optimize advertising expenditure, provided that the data is anonymised.

Data retention period:

Cookies and conversion data may be stored by Google for a variable period depending on the settings of the Owner and the configuration of their advertising account. You can permanently disable the targeting and remarketing functions by disabling the “personalized advertising” function in your Google account.

To do so, simply follow this link: https://www.google.com/settings/ads/onweb/

Place of processing: The data is processed by Google Ireland Limited, based in Ireland. However, data may also be transferred to servers located in the United States or other third countries. In these cases, Google ensures appropriate safeguards, including the GDPR Standard Contractual Clauses and adherence to the Data Privacy Framework (if applicable). Privacy Policy

automation/terms.htm and https://www.salesmanago.com/info/gdpr.htm)

CONTENT ON EXTERNAL PLATFORMS

These services allow you to view content hosted on external platforms directly from the pages of this website and interact with them.

If a service of this type is installed, it is possible that, even if the Users do not use the service, it collects traffic data related to the pages in which it is installed.

This website uses

Google Maps (Google Ireland Limited)

Google Maps is a map display service provided by Google Ireland Limited that allows you to integrate interactive map content within the pages of the Website. The use of the service may involve the collection of usage data by Google, the installation of cookies and, in some cases, the tracking of the User even if this does not interact directly with the map.

Personal Data collected: Cookie; Usage data; approximate location; IP address.

Legal basis of processing:

Consent of the data subject (art. 6, para. 1, lett. a GDPR), expressed through the cookie banner for the activation of third-party content.

Legitimate interest of the Data Controller (art. 6, para. 1, lett. f GDPR), only for technical loading of the map without additional tracking.Luogo del Trattamento: Irlanda – Privacy Policy

Customer Alliance – Sticker reviews

This site incorporates a widget/sticker provided by Customer Alliance to show guest reviews. Integration takes place via an external link to the certified review portal. Data collected: Technical and usage cookies, data related to the navigation on the widget. Purpose: display of online reputation and reviews. Place of processing: Germany. Privacy Policy Customer Alliance: https://www.customer-alliance.com/it/informativa-privacy/. Property review page: https://reviews.customer-alliance.com/hotel/magna-pars-l-hotel-a-parfum-milano-YLmr48191uxx.html?_locale=it

Booking system – Vertical Booking

Requests and reservations made through the website are managed through the booking engine provided by Vertical Booking S.r.l., a company part of the Zucchetti group and specialized in technological solutions for hospitality. The data entered in the booking form (e.g. name, email, telephone, dates, preferences) are stored locally at the systems of the accommodation facility, without the use of external CRMs.

External owner of the technical service: Vertical Booking S.r.l., with registered office in Via Roma 28, 24060 Grumello del Monte (BG), Italy. Privacy Policy https://www.verticalbooking.com/it/privacy.html

Data processed: personal data, contacts, dates and preferences of stay.

Purpose: management of reservations and service communications.

Legal basis: execution of a contract or pre-contractual measures (art. 6, para. 1, lett. b GDPR).

Place of processing: the data is stored locally at the facility.

Data Compliance Alliance (DCA) certification

The booking system used on this site is certified by DCA – Data Compliance Alliance, an initiative that promotes high standards of security, transparency and GDPR compliance for digital platforms in the hotel industry.

The DCA logo on the website refers to the official certification page, which can be found here: https://dca-cert.com/

The presence of the certification confirms that the booking software (Vertical Booking) complies with the obligations of personal data protection, secure management of information and regulatory compliance provided by Regulation (EU) 2016/679 (GDPR).

Prenotazioni Bar e Ristorante – Superb Experience

Reservations for the hotel’s bar and restaurant are managed through the Superb Experience platform, an external provider specializing in online booking of dining experiences and tables. Through the appropriate form integrated in the site or accessible via external link, the interested party can enter their data to make a reservation. Data processed: name and surname; telephone number; email address; date, time and number of guests; any notes or preferences (e.g. intolerances, special requests). Purpose of the processing: management of reservations;

contact with the interested party for confirmations, changes or operational needs; personalization of the gastronomic experience (e.g. special menus).

Legal basis:

Execution of pre-contractual or contractual measures at the request of the data subject (art. 6, para. 1, lett. b GDPR).

For food preferences or health needs, explicit consent (art. 9, para. 2, lett. a GDPR).

Place of processing: The data may be processed on servers located in the European Union or, where necessary, transferred to third countries in compliance with the Standard Contractual Clauses (SCC) approved by the European Commission. External service provider: Superb ApS, a company based in Denmark.

Privacy Policy

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by advertising them to Users on this page. Please consult this page frequently, taking as a reference the last modification date given at the bottom. In the event of non-acceptance of changes made to this Privacy Policy, the Data Subject is required to stop using this Website and may request the Controller to remove their Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the Personal Data collected until that time. The Data Controller is not responsible for updating all links displayed in this Privacy Policy, therefore whenever a link is not working and/ or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.

Privacy Policy updated in July 2025