Sign In

Privacy Policy

This page describes how we collect and process the personal data of users who consult this website or make reservations through it. This information is provided pursuant to Article 13 of European Regulation No. 2016/679 (GDPR – General Data Protection Regulation) to those who interact with the web services of Romit s.r.l., accessible electronically from the address: www.venice-experience.net

What personal data do we collect?

“Personal Data” means all information that identifies or makes a person identifiable. The personal data we collect or receive may include the following categories of information:

  • General identification and contact information: first name and last name, residence, e-mail address, phone number, social media account ID, profile photos, and other publicly available data or data made available on social media.
  • Demographic information and important dates: gender, language preferences, nationality, birthdays, anniversaries, or special occasions.
  • Government-issued identification: passport, visas, or other government-issued identification documents (and the Personal Data contained therein).
  • Financial and payment information: credit, debit, or other payment data.
  • Travel and preference information: requests for special services and amenities, goods and services purchased, travel itinerary, tour group information, activity data, or employer details (for company-related bookings).
  • Claim information: insurance information, emergency contacts, complaints, or employment details (for worker’s compensation claims).

Who is the Data Controller?

The data controller is ROMIT SRL, with registered office in 30172 Venice – Mestre, Via Torino n. 151/C, hereinafter referred to as “the Controller.”

How do we use your personal data?

Your personal data is used for the following purposes:

  • Performance of contractual activities – service provision (to acquire and confirm the booking of accommodation services and ancillary services, as well as to provide the requested services; to register the customer in order to comply with legal obligations, also imposed by the Municipality or Police Headquarters).
    • Types of data processed: First name, last name, phone number, address, postal code, province, country, state, and e-mail, payment data and personal details, travel information, additional requests.
  • Performance of pre-contractual activities – quote request (request for a quote with subsequent contact by the Controller).
    • Types of data processed: First name, last name, email, and phone number, travel information.
  • Fulfillment of tax or legal obligations.
    • Types of data processed: Personal data and contact data, data relating to the execution of the contract.
  • Sending newsletters for informational and advertising purposes (sending, by automated contact methods, newsletters, promotional messages, and updates on rates and offers).
    • Types of data processed: Personal data and contact data. Your personal data will also be processed exclusively for purposes strictly connected and instrumental to the fulfillment of the obligations inherent to the aforementioned points.

Who is the Data Protection Officer (DPO)?

The data controller has appointed a personal data protection officer (Data Protection Officer, “DPO”). You can contact the DPO at the following email address: privacy@cadeicuori.it. The external data processor for website management and personal data acquisition during the booking phase is Zucchetti Hospitality s.r.l. for the data entered using the Beddy management software, which owns the hotel booking engine integrated into this website.

What is the nature of providing your personal data?

The provision of your data for the purposes referred to in points (i), (ii), and (iii) of Article 1 does not require any formal consent as it is preparatory and essential to the contractual or pre-contractual relationship. The data subject must, in fact, provide the Company with the data necessary for the performance of the contractual relationship, as well as the data necessary to comply with obligations established by laws, regulations, EU legislation, or provisions of Authorities legitimately empowered by law and supervisory and control bodies. Data not essential for the performance of the contractual relationship, such as those provided for the purposes referred to in Article 1 point (iv), are qualified and considered supplementary, and their provision by the data subject, if requested, is optional and subject to consent. The consent given may be revoked by the data subject at any time. Such revocation will in no way affect the lawfulness of processing based on consents given before the revocation.

How is your personal data processed?

Personal data will be recorded, processed, and stored in the Company’s management systems and/or in the Company’s electronic and paper archives, or in any case with the aid of computerized or automated tools, in compliance with the adequate technical and organizational measures referred to in Article 32 of the GDPR. The processing of the data subject’s personal data may consist of any operation or set of operations among those indicated in Article 4, paragraph 1, point 2 of the GDPR. The processing of personal data will be carried out using tools and procedures suitable for guaranteeing their integrity, security, and confidentiality and may be carried out, directly and/or through delegated third parties, both manually using paper supports and with the aid of IT tools or electronic instruments. The data, for the purposes of correct management of the relationship and fulfillment of legal obligations, may be included in the Company’s internal documentation and, if necessary, also in the records and registers required by law. The data subject’s personal data may be processed by employees of the Company’s corporate functions responsible for pursuing the purposes indicated above. These employees have been expressly authorized to process data and have received adequate operational instructions pursuant to and for the purposes of Article 29 GDPR.

Will personal data be provided to third parties?

For each of the personal data categories described above, we may share some of your personal information with:

  • Our employees or collaborators;
  • Our professional consultants;
  • Third-party companies possibly appointed by the Controller to carry out the obligations assumed by the latter for the implementation of the processing provided for by the purposes referred to in points (i) and (ii) of Article 1;
  • Third-party companies that provide essential support services for processing and have direct or indirect access to your data;
  • Third-party companies appointed by the Controller for data processing provided for by the purposes referred to in point (iii) of Article 1.
  • All subjects (including Public Authorities) who have the right to access the data by virtue of regulatory or administrative provisions. We may also disclose certain types of personal information to online advertising partners and analytics providers and search engines that assist Romit srl in the improvement and optimization of the Sites, or for advertising, analytical, attribution, or research purposes as described in the Cookie section. All collaborators or suppliers used by the Controller for the processing of your personal data have been appropriately and legally authorized and instructed on the methods and purposes of the processing attributed to them and will act in compliance with and in accordance with this policy. Payment data is transmitted to payment service providers for the completion of the transaction.

Will your personal data be transferred to non-EU countries?

Your personal data will only be processed in countries located within the European Union. Should your data be processed in a non-EU state, the rights attributed to the latter by Community law will be guaranteed, and timely communication will be given to the data subject.

How long will your personal data be stored?

Your personal data will be stored for the time necessary to achieve the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. This may involve retaining information after your stay. We will delete your personal data when it is no longer reasonably necessary for any of the purposes described in this Privacy Policy.

What are your rights regarding your personal data?

Pursuant to Articles 13, paragraph 2, letters b) and d), 15, 18, 19, and 21 GDPR, we inform you that you have the right to:

  • Access: confirm whether or not personal data concerning you is being processed and the right to access such data; requests that are manifestly unfounded, excessive, or repetitive cannot be answered.
  • Rectification: correct/obtain the correction of personal data if incorrect or outdated and to complete them if incomplete.
  • Erasure/Right to be forgotten: obtain, in some cases, the erasure of the personal data provided; this is not an absolute right, as the Company may have legitimate or legal reasons to retain them.
  • Restriction: data will be stored but cannot be processed or further elaborated, in cases provided for by law.
  • Portability: move, copy, or transfer data from the Company’s databases to third parties. This applies only to data provided by the data subject for the performance of a contract or for which consent has been given and expressed, and the processing is carried out by automated means.
  • Object to direct marketing: Revoke consent to processing for marketing purposes, both direct and indirect; the exercise of this right does not in any way affect the lawfulness of processing carried out before the revocation.
  • Withdraw consent at any time, if the processing is based on consent.
  • Lodge a complaint pursuant to Article 77 GDPR with the competent supervisory authority based on your habitual residence, place of work, or the place of violation of your rights; for Italy, the competent authority is the Garante per la protezione dei dati personali, contactable via the contact details on the website http://www.garanteprivacy.it.

The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated above. Requests relating to the exercise of your rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and a high number of requests may this term be extended by a further 2 (two) months. It is specifically and separately informed, as required by Article 21 GDPR, that if personal data is processed for marketing purposes, the data subject has the right to object at any time; if the data subject objects to the processing, personal data may no longer be processed for such purposes. The exercise of rights is not subject to any formal restrictions and is free of charge. The email address for exercising your rights is privacy@cadeicuori.it.

How will third-party websites use your personal data?

Our Site may include links to third-party websites, plug-ins, and applications. We are not responsible for, and this Privacy Policy does not apply to any personal information practices of third-party websites and online services or the practices of other third parties (except where we adopt, incorporate, apply, or expressly refer to this Privacy Policy).

Contact Us

If you have any questions or concerns regarding this Privacy Policy or the processing of your personal data, please contact our Privacy Officer via email at privacy@cadeicuori.it

© Romit 2025. All Rights Reserved ROMIT SRL
Via Torino 151/C
30172 Venezia Mestre
C.F. e P.IVA 02689580278