ITALIAN LEGISLATIVE DECREE no. 196 dated 30/06/2003
OFFICIAL GAZETTE of the ITALIAN REPUBLIC - S.O. no. 123/L published 29/07/2003

This page describes the handling procedures used for personal data of visitors to the site.

It is also a document providing information in accordance with article 13 of the Italian Legislative Decree no. 196/2003 - Code relating to the protection of personal data of persons who use the web services provided by Grand Hotel Duca D'Este that can be accessed via internet through the following web address:

The information document relates exclusively to the Grand Hotel Duca D'Este site and not to any other websites which may be visited by the user via links.

The information document conforms to the provisions contained in It. Leg Dec. no. 196/03 and to Recommendation no. 2/2001, which the European authorities for the protection of personal data adopted on 17 May 2001, when meeting as the Group created in accordance with article 29 of Directive no. 95/46/EC, in order to identify certain minimum requirements relating to the collection of personal data on-line, and, in particular, the procedures, timescales and type of information that those responsible for the processing of data must provide to users when the latter connect to web pages, irrespective of the purposes of their connection.


Whenever this site is visited, data relating to identified or identifiable persons or companies may be the subject of data processing.

The “owner” in charge of processing is the Grand Hotel Duca D'Este situated in Tivoli Terme (RM) - Italy.


The processing of data relating to web services provided on this site is performed at the aforesaid Grand Hotel Duca D'Este and is only carried out by qualified personnel belonging to the Office assigned with this task, or by persons who may be assigned the task of performing occasional maintenance work. No data arising from the web services are passed on or disseminated.

Personal data supplied by users who ask for information to be sent to them (newsletters, documents, answers to queries etc.) are used for the sole purpose of carrying out the service requested and are provided to third parties only when this is necessary in order for the service to be carried out.


Internet use data

The IT systems and software procedures, which are used to make this website function, acquire, under normal working procedures, certain personal data which are transmitted automatically when internet communication protocols are used.

This information is not gathered for the purpose of being associated with identified interested persons, but, because of its very nature, it may, through being processed and associated with data held by third parties, allow the users to be identified.

This category of data includes IP addresses or the domain names of the computers used by the users who connect to the site, the addresses in URI form (Uniform Resource Identifier) of the resources requested, the time of the request, the method used in submitting the request to the server, the dimension of the file obtained in reply, the numerical code showing the state of the answer provided by the server (success, error, etc.) and other parameters relating to the user’s operating system and IT environment.

These data are used for the sole purpose of collecting anonymous statistical information regarding the use of the site and to check that the site functions correctly, and is deleted immediately after being processed.

The data could be used in order to assess liability in the case of alleged IT offences that cause damage to the site: except in the case of such an event, data relating to web contacts do not currently remain for more than seven days.


No personal data of users are acquired by the site for this purpose.

Cookies are not used for the transmission of information of a personal nature, nor are so-called permanent cookies of any type used, or systems for tracking users.

The use of so-called session cookies (which are not memorised permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of identification details for the session (consisting of arbitrary numbers generated by the server), that are necessary in order to allow safe and efficient exploration of the site. So-called session cookies used on this site avoid recourse to other IT techniques that may prejudice confidentiality relating to the users’ use of internet and do not allow the user’s personal identification data to be acquired.


Apart from what was stated above regarding internet use data, the user is free to supply the Privacy Guarantor with any personal data provided in request forms or given to the Office if contacted to gain information about publicity materials or other communications.

Failure to provide personal data may mean that it will not be possible to obtain an answer to a request. For the sake of clarity, it should be remembered that in some cases (not part of ordinary management of this site) the Authority may request details or information pursuant to article 157 of the It. Leg. Dec. no. 196/2003, for the purposes of checking on personal data processing procedures. It is compulsory to reply in such cases, otherwise an administrative sanction may be applied.


Personal data are processed using automated equipment for such time as is absolutely necessary to supply the service for which it was acquired.

Specific security measures are observed in order to prevent the loss of data, their illicit or incorrect use and unauthorised access to them.


The persons to whom the personal data refer are entitled at any time to obtain confirmation of the existence or otherwise of their data and to know their contents and origin, verify their correctness or ask for information to be added or updated or amended (article 7 of the It. Leg. Dec. no. 196/2003).

Pursuant to the same article interested parties are entitled to ask for the cancellation, transformation into an anonymous form or the blocking of data processed in violation of the law, and also, in all circumstances and for legitimate reasons, to object to them being processed.

Requests should be made to Grand Hotel Duca D'Este.

This document, published on the site constitutes the “Privacy Policy” of this site and shall be subject to updating (the various versions can be consulted on the same site).