Nature of the provision of data

The personal data requested is collected by Immobiliare Caracalla S.r.l., hereafter referred to as the “Pepoli 9”, and processed using electronic media, in order to respond to requests sent by filling in the form on the website and/or registration for events organised by the Pepoli 9. Provision of the data is compulsory as the services requested cannot be provided without it.

Data Controller

The collected data will be protected within the Hotel Pepoli 9 in Rome – Via Pepoli 9 from Immobiliare Caracalla S.r.l., which act as joint data controllers pursuant to and by the effects of EU Regulation 2016/679.

Data Protection Officer

Pepoli 9, pursuant to Article 37 of GDPR EU 2016/679, has identified and appointed a Data Protection Officer (DPO), who can be contacted at the email address

Processing purpose

The data provided will be held by the data controller for the following purposes and in compliance with EU Regulation 2016/679 (GDPR):

  1. to perform operations needed for registration to the site, which allows users access to areas reserved for registered users, the ability to access and manage a user profile, view documents related to the user’s relationship with the Pepoli 9 and interact in a private professional forum;
  2. data provided by the data subject will be used in the context of services provided by the website (for example, information requests made using the “Contacts” forms and registration for events and initiatives such as webinars, conferences and seminars using the relevant forms);
  3. to send newsletters, information and promotional material about initiatives, projects and services offered by the Pepoli 9, if the user has given their consent;
  4. to access accounts with third-party services (social networks);
  5. to install technical and analytics cookies on the user’s device;
  6. to provide to third parties for purposes instrumental to that required to perform the services requested by the data subject or comply with legal requirements;
  7. to execute requests from the data subject to exercise their rights;
  8. to ensure data is processed in a correct and lawful manner, safeguarding confidentiality, including applying appropriate security measures.

Forms to be filled in, related to a request for contact and registration for events and initiatives, include data that is strictly necessary in order to respond to matters of interest and failure to provide said data will make it impossible to implement the request, but they also include optional data. Compulsory data is usually clearly marked as such.

Data will be processed within the context of this website using electronic or telematic instruments, based on principles connected with the purposes for which the data was collected and in compliance with the security regulations in force for the purposes specified.

Legitimate interests of the
data controller

Pepoli 9, subject to consent from the user/customer, will process data for contacts related to information, promotions and advertisements, for offers related to products and services, for marketing initiatives, for sales initiatives in line with the interests and preferences shown, for remote retailing initiatives, for surveys and market research and for interactive sales communications. Special categories of personal data provided directly o indirectly (in accordance with Article 9 and 10 of EU Regulation 2016/679) will not be used to profile the user/data subject.

Promotional information will be sent by electronic mail. Data provided for the sales, advertising and promotional purposes mentioned above may also be used by Pepoli 9 on behalf of third parties, without however communicating to the latter the data provided by the data subject.

Data recipients

Data will be made available to third parties, who will act as data controllers and who provide services that satisfy the user’s request or to whom communication of the data is required in order to comply with legal requirements, regulations or EU legislation, for purposes connected with provision of a service requested by the data subject.

It may also be made available to law enforcement agencies (e.g. for the prevention and reduction of crimes, including those of a digital nature), the judiciary, the authorities and public agencies responsible for individual areas, for the purpose of their institutional activities or if needed to assert or defend our rights in court. A list of said third parties may be requested directly from Pepoli 9 in accordance with the methods specified in this privacy policy.

Personal data will be made available to persons expressly authorised by Pepoli 9 – and for this purpose appointed to the role of data controller – who carry out processing activities deemed essential for pursuit of the purposes specified above. The types of data controllers appointed are specified in the privacy policy on a case-by-case basis. In general, they are persons in charge of providing specific services, such as administration, the management of information services, current and potential customer relations and sales and marketing.

The data provided will not be transmitted outside of Italy.

Access to accounts with third-party services

These types of services allow interaction with social networks, or other external platforms, directly from the pages of the website. The interaction and information acquired in this way are in any case subject to the user’s privacy settings for each social network.

If a social network interaction service is installed, it is possible that, even if a user does not use the service, the same will still collect traffic data related to the pages in which it is installed.

The Facebook “Like” button and social widgets are services used to interact with the social network Facebook, provided by Facebook Inc., through which cookies are installed and usage data is collected.

These services are not activated automatically, as they require express consent from the user. For further information about permissions needed, please refer to the documentation for Facebook permissions and Facebook’s privacy policy.

Similar considerations apply to plug-ins for the LinkedIn, Twitter and YouTube platforms on the website.

We invite you to read the privacy policies for said platforms to gain a better understanding of how your personal data is used.

Retention period

Based on the purposes identified, the following data retention periods have been defined:

  1. registration on the web site: until the user submits a request for deletion and for a maximum period of 24 months;
  2. services supplied by the website: until the user submits a request for deletion and for a maximum period of 24 months;
  3. sending newsletters related to services offered by Pepoli 9: until the user submits a request for deletion and for a maximum period of 24 months;
  4. access to accounts with third-party services (social networks): until deleted by the user and for a maximum period of 24 months;
  5. selection process for personnel and/or external suppliers: until deleted by the user and for a maximum of 5 years, unless a working relationship or collaboration begins with the data subject, for which legal obligations apply;
  6. installation of technical and analytics cookies on the user’s device: until deleted by the user and for a maximum period of 24 months;
  7. data made available to third parties for purposes instrumental to that strictly needed in order to perform the services requested by the data subject or comply with legal requirements: until the user submits a request for cancellation or for periods defined by law;
  8. to execute requests from the data subject to exercise their rights: until the user submits a request for deletion.

Retention times for personal data are documented in our processing activity records.

Rights of the data subject

The data subject is guaranteed the following rights:

  • Right to access data (Art. 15 EU Reg. 2016/679)
  • Right to rectification (Art. 16 EU Reg. 2016/679)
  • Right to deletion (Art. 17 EU Reg. 2016/679)
  • Right to limitation (Art. 18 EU Reg. 2016/679)
  • Right to data portability (Art. 20 EU Reg. 2016/679)
  • Right to object ( 21 EU Reg. 2016/679).

If data was acquired by the data controller as a result of receiving consent from the data subject, the latter has the right to withdraw said consent at any time.

Furthermore, if the data subject believes that one or more of his/her rights has been breached, they may submit a complaint to the Italian Data Protection Authority, in accordance with the guidelines indicated in the following link:

Pepoli 9 does not use automated decision-making processes.

The above rights may be exercised, at any time and completely free of cost, by writing to the email address or sending a request in writing to Pepoli 9, Via Pepoli, 9 – 00153 Rome.

Personal data security

Pepoli 9 adopts the most technologically advanced security standards to keep your personal information private and confidential, including the use of firewalls and data transmission through SSL (Secure Socket Layer). Furthermore, technical specifications are used to protect said data from unauthorised access by third parties.

Activation of the safe browsing mode can be checked at any time in a number of ways:

  • by receiving a warning from your browser;
  • by checking that the address of the page you are on is preceded by the letters Https;
  • by checking the symbol that appears bottom left or bottom right in the window of your browser software. If you see a full key or closed padlock, it means that SSL is active.

In any case, Pepoli 9 adopts appropriate preventive security measures designed to protect the confidentiality, integrity, completeness and availability of the personal data. As established by legislative provisions governing the security of personal data, technical, logistical and organisational measures have been developed with the aim of preventing damage, loss (even accidental), alteration and improper and unauthorised use of data. Similar preventive security measures are adopted by third-parties (data controllers) appointed to process data on our behalf, for which Pepoli 9 has defined rules of conduct and instructions related to the security procedures to be observed, monitoring activities to ensure their correct implementation.

Pepoli 9 is not responsible for false information sent directly by the user (e.g. correctness of an email address, postal address or other personal data), or information about the user supplied by a third party, even fraudulently.

Navigation data

During normal operation, the computer systems and software procedures used for the operation of this website acquire personal data, the transmission of which is implicit in the use of Internet communication protocols. The information collected is not intended to be associated with identified users, but by its very nature it could be possible, through processing and association with data held by third parties, to identify said users. This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the Uniform Resource Identifier (URI) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (success, error or similar) and other parameters related to the operating system and the user’s computer environment. This data is only used to obtain statistical information about use of the website and to check that the website is working correctly. It is deleted immediately after processing. The data could be used to ascertain responsibility in the case of hypothetical computer crimes against the website.