Reset Password

The Best Bologna Apartments We offer a curated selection of the finest rental properties in the vibrant and historic city of Bologna. Plan The Perfect Holiday Find your perfect stay through our website. We offer an exceptional selection of apartments in the lively and beautiful Bologna District. Get Ready, Pack Up And Go Book your apartment with us and discover the most diverse collection of rental properties in the heart of historic Bologna. The Best Bologna Apartments We offer a curated selection of the finest rental properties in the vibrant and historic city of Bologna.
  1. Home
  2. Privacy Center
  3. Privacy policy – Customers and guests
Your search results

Privacy policy – Customers and guests

Subject: Information regarding the processing of personal data pursuant to current national legislation and the European Regulation (GDPR 679/2016).

BOLOGNA DISRTICT SRL VAT 04228771202, with registered office at Via Castiglione n. 6, Bologna (Bo) 40124, email: amministrazione@bolognadistrict.com, informs you that it is the Data Controller of the data qualified as personal by the Privacy Code and EU Regulation 679/2016, and subsequent adaptation rules that the company holds for the establishment and execution of contractual relationships, present or future, with you and/or your organization.

Therefore, in full compliance with the principles of fairness, lawfulness, and transparency, the Data Controller provides the following information.

1. Type of data processed

BOLOGNA DISRTICT SRL processes your personal identification data (including name, surname, company name, address, phone number, email address, banking details).

The Data Controller does not possess any specific data of yours (or belonging to specific categories of data according to art. 9 of EU Regulation 679/2016), nor does it possess any biometric, genetic, or judicial data. In some cases, BOLOGNA DISRTICT SRL may also obtain certain specific data (such as information about your health if provided during booking). In this case, in compliance with the minimization principle, the Data Controller undertakes not to retain any communicated specific data or request further information other than what is strictly necessary to ensure the protection of your health.

The data will be processed in accordance with the principles of purpose limitation, data minimization, accuracy, storage limitation, relevance, non-excessiveness, and confidentiality.

In case of access to the Wi-Fi Hot Spot network provided by BOLOGNA DISRTICT SRL in the areas adjacent to its headquarters, activating the service allows access to the Internet via WI-FI in specifically enabled areas. In the event of access, the processed data will be:

  • Common Data: Login data (Third-party platform profile used; Voucher code; Email or phone number); Browsing data (IP address, URI/URL addresses, access time and duration, etc.)
  • Special Data: none

2. Purposes of processing

Your data will be processed for the following purposes:

  • a) For the conclusion of a contract and for subsequent fulfillment of legal, tax, and accounting obligations. Legal basis: execution of a contract and/or pre-contractual measures.
  • b) To enable effective management of service, financial, and commercial relationships or for administrative needs related to orders and invoices. Legal basis: compliance with legal obligations.
  • c) To allow access to specific and additional services, for commercial communications, and for sending advertising and/or promotional material. Legal basis: consent.
  • d) For any verification, exercise, or defense of a right in judicial or extrajudicial proceedings. Legal basis: legitimate interest.

Your data is not subject to automated processing.

Access to the hotspot service: To access the WiFi service, online registration is required; the access password will be sent to the mobile phone number or email address provided during registration. The data subject has consented to the processing of their personal data for this purpose.

Customer satisfaction survey: Subject to express consent, the provided data will be processed to follow up on communications aimed at measuring customer satisfaction. Consent may be revoked at any time by sending a communication to the above contacts.

Legal basis: the data subject has given consent to the processing of their personal data for the aforementioned purpose.

3. Processing methods

The processing of personal data is carried out using the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) of EU Regulation 679/2016, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, limitation, communication, deletion, and destruction of data.

The data are subject to both paper-based and electronic processing.

4. Retention period

The Controller will process the data for the time necessary to execute the contractual relationship and also subsequently for compliance with legal obligations or for administrative and accounting purposes.

Data stored on paper support are deleted after 3 months, while they remain stored in the system. Subsequently, solely for archival purposes, the data will be processed for a period of 10 years from the date of termination of the relationship, for any reason.

Data relating to banking details are stored for 3 days, while identity documents are retained for 1 week and then deleted.

The Controller will process the collected data for purpose d) of point 2) (allowing access to specific and additional services, such as receiving newsletters for promotional offers) for 2 years from collection for marketing purposes and 1 year for profiling purposes, while allowing the User to modify and/or revoke their consent at any time.

Access to the hotspot service: Contact details (platform user, email, SMS) are kept for 12 months from the last connection.

5. Obligation to provide data

Providing data is mandatory to achieve the purposes described in point 2 (letters a, b, d): your failure to provide it will result in the inability to establish or continue any pre-contractual or contractual relationship.

Providing data for the purposes of commercial communications (point 2 letter c) for sending advertising material and for receiving newsletters is entirely optional.

6. Revocation of consent to the processing of personal data

The personal data processed by the Controller are necessary to achieve the purposes described in point 2. It is your right to revoke consent at any time without affecting the lawfulness of processing based on the consent given.

7. Recipients

Your data may be made available for the purposes of art. 2 to the following categories of subjects:

  • Employees and collaborators of the Controller, in their capacity as authorized persons appointed by the Controller;
  • Third-party companies or other subjects (e.g., credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, companies dealing with accounting and financial statements processing) performing outsourcing activities on behalf of the Controller, as external data processors;

Furthermore, your data may be communicated to:

  • Supervisory bodies (such as IVASS),
  • Judicial authorities,
  • Public authorities,
  • All subjects to whom communication is mandatory by law for the fulfillment of the purposes indicated in point 2. These subjects will process the data as autonomous data controllers.

Your data will not be disclosed.

8. Video surveillance activities pursuant to art. 13 of GDPR Regulation (EU) 2016/679

BOLOGNA DISRTICT SRL, as the Data Controller, wishes to inform you that, pursuant to articles 12 and following of Regulation (EU) 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, for prevention purposes, organizational security, protection of corporate assets, the perimeter and common areas of the Company’s registered office duly marked by signage requested by the Guarantor for the Protection of Personal Data – are covered by a video surveillance system.

Images, like names and personal data, are personal data subject to the protections provided by Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals. Therefore, these particular personal data are acquired and stored by the Controller for the time strictly necessary to prevent the commission of illegal activities, ensure the security of the sites, enable the protection of corporate assets, all in compliance with the provisions of Regulation (EU) 2016/679 and the prescriptions imposed by the Guarantor.

The adopted system does not link, match, or compare the collected images with other personal data or any identification codes.

The images will be kept for the period provided by law and, in any case, not exceeding 72 hours unless otherwise required by the Judicial Authority. Systems are programmed to automatically delete all information through overwriting. Surveillance will never target areas exclusively reserved for employees or be used to remotely monitor work activity.

Data may be accessed by:

  • Subjects authorized by law (EU or Member State),
  • Our designated employees in accordance with Article 29 of the GDPR,
  • External surveillance companies acting as data processors within the EU.

Regarding this processing, you may assert the rights described in point 10 below. However, due to the nature of real-time surveillance, some rights like correction or integration of images may not be applicable.

9. Storage and data transfer

Your personal data are stored on local servers and paper archives located at the company’s headquarters in Bologna (BO) Via Castiglione n. 6, and therefore, within the European Union.

10. Exercise of rights by the data subject

At any time, the data subject can exercise their rights against the Data Controllers. According to art. 7 of Legislative Decree 196/2003 and articles 15 ff. of EU Regulation 2016/679, the data subject has the right to:

  • a) Obtain confirmation of the existence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form;
  • b) Obtain information on the origin of personal data, the purposes and methods of processing, the logic applied in case of processing carried out with electronic tools, the identification details of the Data Controller and processors, the subjects or categories of subjects to whom personal data may be communicated;
  • c) Obtain the update, rectification, or, when interested, integration of data;
  • d) Obtain the erasure of data in cases provided for by Article 17 of Regulation EU 2016/679, transformation into anonymous form, or blocking of data processed in violation of the law;
  • e) Obtain the limitation of processing in cases provided for by Article 18 of Regulation EU 2016/679;
  • f) Receive in a structured, commonly used, and machine-readable format, the personal data concerning them and the right to transmit them to another Controller;
  • g) Object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them;
  • h) Object to the processing for direct marketing purposes;
  • i) Lodge a complaint with the Guarantor for the Protection of Personal Data.

The exercise of these rights is not subject to any formal constraint and is free of charge.

For reference, consult Article 7 of the Privacy Code and articles 15 to 23 of EU Regulation 679/2016 at: www.garanteprivacy.it

11. How to exercise rights

To exercise your rights, you can directly contact the Data Controller by sending: