Information pursuant to Article 13 of EU Regulation 679/2016 (GDPR)

Royal Victoria Hotel, as the Owner of the website and in the context of all its activities, provides you with the following information regarding the processing of personal data related to browsing and using the following website. The Data Controller is committed to protecting the confidentiality and rights of the Data Subject in accordance with the principles of fairness, legality, and transparency.


  1. The Data Controller

The Data Controller of the data as described in this notice is Royal Victoria Hotel, with registered office at Lungarno Pacinotti – 56126 Pisa, Tuscany, VAT number 00093080505. The Data Controller has not appointed a Data Protection Officer and can be contacted at the address


  1. Categories of Data, Purposes of Processing, and Legal Basis

The Data Controller, through the user’s use of the website, will process the following types of data:

  • Necessary browsing data: The computer systems and software procedures used to operate this website acquire some personal data as part of their normal operation, the transmission of which is implicit in the use of Internet communication protocols. These are pieces of information that do not allow for the identification of the data subject, but which, by their very nature, could allow users to be identified if processed and associated with data held by third parties. Such data, necessary for the use of web services, are processed for the following purposes:
  • Obtaining statistical information about the use of the services (most visited pages, number of visitors by time of day or daily, etc);
  • ensuring the proper functioning of the offered services;
  • Investigating responsibility in the event of computer crimes.

Personal data will be processed by the Data Controller in accordance with Article 6 par. 1 lett. f) GDPR.

  • User data: The Data Controller may process personal data related to the user in connection with its activities (e.g., name, surname, tax code, VAT number, contact information, banking and payment references) for the conclusion and management of related relationships, always in a lawful and fair manner, while preserving the data in compliance with the security obligations prescribed by European Regulation EU 2016/679. The Data Controller may process:
  • personal data provided by filling in the dedicated spaces on the website for information requests, in order to respond to user requests;
  • data necessary to carry out all administrative, accounting, and tax-related activities related to the purpose referred to in point a), as well as to comply with the provisions of national and foreign laws and regulations, or to execute an order of the judicial authority or other authorities to which the Data Controller is subject;
  • exercise the rights of the Data Controller, with particular reference to the right to defense in legal proceedings.

The personal data mentioned above will be processed by the Data Controller to fulfill pre-contractual and contractual measures in which the data subject is a party, in accordance with Article 6 par. 1 lett. b) e c) GDPR.

The provision of data for the purposes outlined in point 2 is optional; however, failure to provide the data and/or explicit refusal to process it may result in the Data Controller’s inability to proceed with the requested services.

  • Newsletter: Name and email address provided through the subscription form for the newsletter service, for the purpose of sending communications related to the promotion of products, services, distribution of informative, advertising, and promotional materials. The Data Controller reserves the right to send newsletters or questionnaires directly to the interested party only if the individual has given specific consent to receive personal messages by subscribing to our newsletter. At any time, you may revoke your consent to the processing or exercise one of the rights under Articles 15-22 of the GDPR by contacting the Data Controller directly at the email address:;
  • Personalized Marketing: Data concerning the preferences of the data subject for the purpose of conducting analyses, through an automated process, aimed at improving the user’s shopping experience on the website by adapting the Data Controller’s marketing activities and the content of personalized offers.

The data mentioned above may be processed by the Data Controller only with the prior consent of the data subject, who may, at any time, withdraw their consent. For further information, please refer to the respective cookie policy.

The provision of data for the purposes outlined in points 3 and 4 is optional; however, failure to provide the data and/or explicit refusal to process it may result in the Data Controller’s inability to proceed solely with the requested services.

  • Cookies: Regarding the cookies processed by, please refer to the respective cookie policy.

The processing carried out through tools such as technical cookies does not involve the collection of personal data related to the individual user and, therefore, does not require the consent of the data subject or any other legal basis. They are necessary to ensure the Data Controller the use and improvement of the website.

With regard to non-technical cookies, the legal basis is the consent of the data subject. All data not necessary for the purposes outlined above will not be processed by the Data Controller and will be promptly deleted.

  • Aggregate Data: Anonymous and aggregated analysis of the use of the services provided to identify habits and preferences of data subjects for statistical purposes and to improve the quality of the services provided. The Data Controller will process this data to pursue a legitimate interest in accordance with article 6 par. 1 lett. f) GDPR.


  1. 3. Data Processing Methods

Personal data will be processed in accordance with the principles of fairness, lawfulness, and transparency, primarily in digital form. The processing will be carried out directly by the Data Controller or by individual professionals in the service of the Data Controller. Among the recipients of your personal data are also authorized persons, such as the employees of the Data Controller, secretarial staff, and those responsible for specific functions related to website management, who are constantly identified, properly trained, and duly appointed and authorized. The processing may be carried out with or without the use of electronic or automated tools, safeguarding data protection from intrusions, unauthorized access, alteration, and loss of data through the adoption of appropriate security measures.


  1. 4. Personal Data Retention Periods

Personal data will be stored for the time necessary to achieve the purposes for which they were processed, subject to any longer period required to comply with legal obligations based on the nature of the data or document. Personal data related to the newsletter service will be retained until the data subject revokes their consent.

After the expiration of the retention periods, the Data Controller will take measures to delete or anonymize the data, unless they need to be retained due to legal obligations.


  1. 5. Categories of Data Recipients

Your data may be disclosed to:

  • Collaborators of the Data Controller specifically appointed within their respective competencies;
  • Debt collection companies and/or credit institutions;
  • IT consulting firms, marketing agencies, online payment service providers, entities belonging to Royal Victoria Hotel, and entities that provide various services or assistance and consultancy activities to the Data Controller;
  • Judicial, administrative, or supervisory authorities;

The above-mentioned entities operate independently as separate data controllers or as data processors specifically appointed by the data controller, whose list is kept at the data controller’s headquarters.

Your personal data may be subject to communication or disclosure in cases provided for by law.

There are no treatments involving the data of minors.


  1. 6. Data Subject Rights

Pursuant to Articles 15-22 of the GDPR, the rights recognized to you concerning the processing of your data through the website include:

  • access to your personal data and obtaining a copy of them;
  • obtaining the rectification and integration of your data;
  • obtaining the erasure of your data, in cases provided for by law;
  • obtaining the restriction of the processing of your personal data under
    certain conditions;
  • exercising the right to data portability, where the conditions apply;
  • objecting to the processing of personal data where there are reasons related to your particular situation;
  • not being subject to automated decision-making;
  • withdrawing consent to the processing at any time;
  • filing a complaint with the Data Protection Authority by visiting the website

You can exercise the rights mentioned above by contacting the Data Controller at the email address:

× Chat with us