Collectively, we refer to the Websites, the Apps and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.” By using the Services, you agree to the terms and conditions of this Privacy Statement
What is the ‘Personal Information’ and the collection process?
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. We may collect Personal Information such as:
- Name, gender, home and work address, telephone number and email address, your business title, date and place of birth, nationality, passport, visa or other government-issued identification information;
- Guest stay information, including the hotels where you have stayed, date of arrival and departure, goods and services purchased, special requests made, information and observations about your service preferences (including room type, facilities, holiday preferences, amenities requested, ages of children or any other aspects of the Services used);
- Telephone numbers dialled, faxes sent/received or receipt of telephone messages when connected to the telephone services we may provide guests during their stay;
- Credit and debit card number;
- Savoy Membership Program’s information, online user accounts details, profile or password details and any frequent flyer or travel partner program affiliation;
- Employer or other relevant details if you are an employee of a corporate account, a vendor or other type of business partner (e.g., travel agent or meeting and event planner);
- Additional contact information about you that we may obtain through third parties with whom we do business (e.g. travel agents or similar providers);
- Profile picture;
- Social media account ID or user ID;
If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement..
Our service providers and we may collect Personal Information in a variety of ways, including:
Through Our Online Services: :
We may collect Personal Information when you make a reservation or otherwise purchase goods and services from us, communicate with us via online chat services, inform us of any special requests or preferences you may have, or sign up for a newsletter or participate in a survey, contest, or promotional offer.
Through Our Offline Services:
We may collect Personal Information from you offline, such as when you visit one of our branded properties, make a reservation over the phone or contact customer service.
From Other Sources:
We may receive your Personal Information from other sources, such as public databases, joint marketing partners, and other third parties. This may include information from your travel agent, airline, credit card, and other partners, and from social media platforms (including from people with whom you are friends or otherwise connected). For example, if you elect to login to, connect with or link to, the Online Services using your social media account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles.
From Authorized Licensees:
Savoy may from time to time enter into a license or similar agreement with a third party to sell products and services under its label. Such an “Authorized Licensee” is independent from the Savoy. Examples of Authorized Licensees include entities such as Blastness srl (the operator of the Savoy web site and its services) or like PromoInside the developer of Savoy App.
Why is Personal Information Collected and their use?
1 - To Provide Superior Customer Service to our Guests
Your Personal Information is collected to assist us in making your reservation and providing the services you request, to ensure we meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that arise from your stay with us. Our goal is to provide you with superior customer service, whether you stay with us once or many times. By keeping, certain stay related Personal Information on file, such as information regarding guest history and itemized spending, Guests have the ability to confirm prior transactions and reconcile statements or invoices as well as having personal commercial treatments.
For our business purposes, such as data analysis, audits, security and fraud monitoring and prevention (including through the use of TVCC, card keys, and other security systems), developing new products, enhancing, improving or modifying our Services, to send administrative information and quality assurance surveys, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
2 - To Keep Our Guests Informed
We may use the Personal Information you provide and that we collect from our business partners to send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you as well as internal market research, direct promotional offers (Marketing to You Program), periodic customer satisfaction.
To personalize your experience when you stay in Savoy and/or within its direct and indirect subsidiaries and affiliates and with respect to the Online Services by presenting products and offers tailored to you.
In order to do this, your information may be shared with a third party, for example, a customer relationship management company and/or a marketing and communications company. These companies are under contract with Savoy and are contractually required to protect all Personal Data to which they have access.
If you do not wish to receive from Savoy the information described above, you may indicate your wishes on your registration card when you stay with us or you may advise one of our properties or send an e-mail to: firstname.lastname@example.org
3 - For Marketing Research
Finally, we may wish to contact Guests to conduct surveys or focus groups to receive your views of our properties and service delivery.
To allow you to participate in sweepstakes, contests and other promotions and to administer these activities.
Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Information. We suggest that you read any such rules carefully.
A third party under contract may collect such information with us and they will be contractually required to protect your Personal Information as explained below.
Occasionally we will combine information from a number of Guests to understand better trends and Guest expectations.When this occurs, the Personal Information identifiers are removed and the aggregate information cannot be linked to any specific Guest.
If you do not wish to receive from Savoy the information described above, you may indicate your wishes on your registration card when you stay with us or you may advise one of our properties or send an e-mail to: email@example.com
Disclosure of personal information
Your Personal Information may be disclosed in connection with the following services that we provide as a global hotel company:
The Personal Information you provide to us for making a reservation is made available for the purpose of meeting your reservation request. After your stay, we retain your Personal Information including details of your stay, preferences, room/accommodation type and amenities used.
To Service Providers:
We may disclose Personal Information to our third-party service providers who provide services such as spa and restaurants within our hotel, website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services.
To Authorized Licensees:
Travel Related Services:
We may share your Personal Data with select third parties with whom we have agreements allowing them to offer our products to you. For example, this sharing enables these third parties to provide you with a single source for purchasing packages that include other travel-related services such as airline tickets or rental cars. Please note that this Privacy Statement does not address any information you subsequently provide directly to one of these third parties, such as information necessary to reserve a rental car.
Internal Contests development and other Promotions.
Through Social Media:
We may disclose your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
We may also use and disclose Personal Information, as we believe to be necessary or appropriate:
(a) under applicable law, including laws outside your country of residence;
(b) to comply with legal process;
(c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
(d) to enforce our terms and conditions;
(e) to protect our operations or those of any of our affiliates;
(f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and
(g) to allow us to pursue available remedies or limit the damages that we may sustain.
Other information collection mode and their use (Cookies and similar) Cookies Policy
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
Browser and device information
App usage data
Information collected through cookies, pixel tags and other technologies
Demographic information and other information provided by you
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Statement.
Our third party service providers and we may collect Other Information in a variety of ways, including:
Through your browser or device:
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this information to ensure that the Online Services function properly.
Through your use of the Apps:
When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
Cookies are pieces of information stored directly on the computer or mobile device that you are using. Cookies allow us to collect information such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. Our service providers and we use the information for security purposes, to facilitate navigation, to display information more effectively, to collect statistical information, to personalize your experience while using the Online Services and to recognize your computer in order to assist your use of the Online Services, such as for the online reservation process. We also gather statistical information about use of the Online Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them.
Using pixel tags and other similar technologies:
Using Adobe Flash technology
(including Flash Local Shared Objects) (“Flash LSOs”)) and other similar technologies: We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Online Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel . You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to as “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including those used in connection with the Online Services. For more information, you may also wish to refer to https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Online Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Online Services. We may also derive your approximate location from your IP address.
Physical Location & Mobile Location-Based Services:
We may collect the physical location of your device by, for example, using satellite, cell phone tower, WiFi signals, or other technologies. We may use your device’s physical location to provide you with personalized location-based services and content, including enabling you to find a hotel near you.
If you have downloaded one of our Apps, you may enroll to receive special offers by agreeing to the use of technologies that enable us to collect information about your location when you are in our near participating hotels through your mobile device’s Bluetooth or similar capabilities. We will collect this information if you opt-in through the App (either during your initial login or later) to receive the special offers and by enabling these capabilities on your mobile device. If you have done so, the App will continue to collect location information when you are in or near a participating hotel until you log off (i.e., the App will collect this information if it is running in the background) or use your phone’s or other device is setting to disable your mobile device’s applicable similar capabilities for the Savoy App.
We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.
By aggregating information:
Aggregated Personal Information does not personally identify you or any other user of the Services (for example, we may aggregate Personal Information to calculate the percentage of our users who have a particular telephone area code).
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information (such as combining your name with your location). If we do, we will treat the combined information as Personal Information as long as it is combined.
Third Party Services: This Privacy Statement does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link, third party payment services, or any third-party website that is the landing page of the high-speed Internet providers at our hotels. The inclusion of a link on the Online Services does not imply endorsement of the linked site or service by us or by our affiliates. We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Information. In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
Third Party Advertisers: : We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Online Services and other websites or online services, based on information relating to your access to and use of the Online Services and other websites or online services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice, and to learn about your choices in connection with it, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/. You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps.
Protection of ‘’Guest’s’’ Personal Information – Data Protection
We seek to use reasonable organizational, technical and administrative measures to protect our ‘’Guest’’ Personal Information data within our organization. We endeavor to protect the privacy of your account and other Personal Information that we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information. Also, while we endeavor to put adequate contractual protections in place we cannot guarantee the security of any Personal Information in databases hosted by third parties.
When you log-in to complete or modify a Booking Profile, Guest Service Profile, your online interaction with us is protected from eavesdropping using the highest level encryption technology based on the browser you use. In order to ensure your privacy and the protection of information you choose to share with us, we allow only encrypted communications from all of our web forms.
It is important to note that any e-mail communication is not secure. This is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail (for example, from the “Contact Us” section of our web site). We recommend that you do not include any confidential information (i.e. credit card information) when using e-mail. For your protection, our e-mail responses to you will not include any confidential information.
Finally, to be prudent, please be sure to always close your browsers when you are done using a form or the reservation site. Although the session will terminate after a short period of inactivity, it is best to close your browsers immediately upon completion.
Rights of the data subject
Under certain circumstances, you have rights under data protection laws in relation to your personal data as follows:
to request access to your personal data (commonly known as a “data subject access request”).:
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
to request correction of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
to request erasure of your personal data:
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. It also enables you to request that we delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party)
and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
to request restriction of processing your personal data:
This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy;(b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
to request transfer of your personal data to you or to a third party:
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
to withdraw consent at any time where we are relying on consent to process your personal data:
However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us by using the contact details set out below under “CONTACT US” or by emailing
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you wish to exercise any of those rights, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
Unless specifically requested, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, national identification number, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase, reservation, or promotion). There may also be residual information that will remain within our databases and other records, which will not be removed. In addition, there may be certain information to which we are unable to enable you to review, for legal, security, or other reasons.
We will retain your Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law.
Protection of Minors
Children and adolescents with limited legal capacity are as a matter of principle not allowed to transfer any personal data to our website without prior consent of their parents or legal guardian. Savoy will in no way knowingly collect personal data from children or adolescents with limited legal capacity, use these data in any form, or divulge these data to third parties without authorisation.
We do not knowingly collect, maintain or use Personal Information from individuals under 16 years of age in connection with. Additionally, we statement that no part of our Websites, Social Media Pages, and Apps is directed to individuals under the age of 16. If we do incidentally collect or maintain Personal Information from individuals under 16 years of age, you may request deletion of such information by contacting us as set forth under “Contact Us” below
Transferring your Personal Information outside UE
We do not intend to transfer any personal data we hold about you to a country outside the European Economic Area (“EEA”).
If however we do transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards applies:
- the countries to which it is transferred have been deemed to provide an adequate level of protection for personal data by the relevant regulators;
- we have put in place with the transferee specific contracts approved by the relevant regulators which give personal data similar protection to that it has in Europe; or
- if the transferee is in the US, it is registered with the Privacy Shield (or any similar replacement scheme) which requires it to provide similar protection to personal data as is required in Europe.
Changes to this Policy
Via Ludovisi, 15 Roma 00187
Tel +39 06421.551
Fax +39 0642155.555
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data in accordance with the Data Protection laws you have the right to lodge a complaint at the Italian Data Protection Authority – Garante per la protezione dei dati personali (http://www.garanteprivacy.it/).
We would, however, appreciate the chance to deal with your concerns before you approach the DPA so please contact us in the first instance.
Il Garante per la Protezione dei Dati Personali – Data Protection Authority
Piazza di Monte Citorio, 121 – 00186 Roma
Tel: +39-06-6967 71
Fax: +39-06-6967 73785
Titolare del Trattamento – Data Controller
Via Ludovisi 15
Tel: +39 06421551
Fax: +39 0642155555
Responsabile del Trattamento – Data Processor
Responsabile della Protezione dei Dati – Data Protection Officer
VR Solutions srl
Via Giuseppe Gallignani 47
Tel: +39 3409250697
Law References, rules, guidelines and legislation
This document is produced in line with the :
General Data Protection Document – GDPR
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The regulation is an essential step to strengthen citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens.
The Data Protection Law Enforcement Directive
Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data.
The directive protects citizens’ fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism
Consolidated Law on Public Security
Article 109 of the TULPS – Consolidated act on public security, establishes that the mangers of Lodging-Related establishments like hotels and other accommodation facilities, with the exception of alpine shelters included in a special list, are obligated to communicate to the public security authority every day the person-lodge‘s check in registration card
National Data Protection Authority
Italian Data Protection Authority: EU countries have set up national bodies responsible for protecting personal data in accordance with Article 8(3) of the Charter of Fundamental Rights of the EU.
European Data Protection Board
The EU’s national supervisory authorities are currently working together in the framework of the Article 29 Working Party. The European Data Protection Supervisor (EDPS) and the Commission are also members. As of 25 May 2018, the Article 29 Working Party will be replaced by the European Data Protection Board (EDPB). The EDPB has the status of an EU body with legal personality and is provided with an independent secretariat.
The EDPB has extensive powers to determine disputes between national supervisory authorities, to give advice and guidance on key concepts of the GDPR and Police Directive.