1. Data Controller and contact details
The data controller is Mi.NO.TER S.p.A., with registered office at Via Galassi No. 2, 09131 Cagliari, VAT No. 00303050926, email: privacy@thotel.it, certified email (PEC): minoter@pec.minoter.it (the PEC mailbox only accepts messages from other PEC addresses). The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at: dpo@minoter.it.
2. Types of data processed
2.1 Browsing data
The IT systems used to operate the Website acquire, during normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. Such data is processed exclusively for technical purposes, aggregated statistical purposes and to ensure the correct functioning of the Website. Logs are stored for 7 days, unless further retention is required for security purposes or following requests from judicial authorities.
2.2 Data voluntarily provided by the user
Attraverso il Sito è possibile conferire dati personali (es. nome, cognome, recapiti) tramite form di contatto o richiesta di assistenza. L’utente che trasmette dati riferiti a terzi garantisce di disporre di un’idonea base giuridica per la comunicazione dei dati al Titolare.
2.3 Cookies and similar technologies
The Website uses technical cookies and, subject to consent, analytical and profiling cookies. A Consent Management Platform (CMP) compliant with the Italian Data Protection Authority Guidelines of 10 June 2021 is adopted.
3. Purposes of processing and legal bases
3.1 Website operation and use
Allow navigation, delivery of online services, security management and prevention of abuse. Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Data Controller).
3.2 Replying to user requests
Management of requests for information, contact or assistance. Legal basis: Article 6(1)(b) GDPR.
3.3 Compliance with legal obligations
Fulfilment of regulatory obligations and cooperation with Authorities. Legal basis: Article 6(1)(c) GDPR.
3.4 Marketing and promotional communications
Sending commercial communications relating to the services of the Data Controller. Legal basis: Article 6(1)(a) GDPR. Retention: until withdrawal and in any case within 24 months.
3.5 Profiling through cookies
Personalisation of content through the use of third-party profiling cookies. Legal basis: Article 6(1)(a) GDPR. Retention: maximum 12 months (specific retention periods are indicated in the Cookie Policy).
3.6 Protection of the Data Controller’s rights
Management of disputes and prevention of fraud. Legal basis: Article 6(1)(f) GDPR.
4. Nature of data provision
The provision of data for contractual or pre-contractual purposes is necessary; failure to provide such data makes it impossible to process the request. The provision of data for marketing or profiling purposes is optional and refusal of consent does not affect the use of the Website.
5. Minimum age
The Website services are not intended for persons under 18 years of age. The user declares that they are an adult when submitting their data.
6. Recipients of personal data
Data may be communicated to:
• persons authorised by the Data Controller;
• IT, hosting, maintenance, communication, marketing and customer support service providers appointed as Data Processors pursuant to Article 28 GDPR;
• professional consultants within the limits of their assignments;
• public authorities where required by law.
7. Transfers of data to third countries
Where necessary, the Data Controller may transfer data to third countries, ensuring the safeguards provided by Articles 44–49 GDPR.
8. Data retention periods
• Browsing data: 7 days.
• Contact requests: time necessary to respond and up to 12 months.
• Contractual data: duration of the relationship and 10 years after termination.
• Marketing: 24 months.
• Profiling: 12 months.
9. Security measures
The Data Controller adopts appropriate technical and organisational measures pursuant to Article 32 GDPR, including traffic encryption, access control systems, backup policies, monitoring and periodic audits.
10. Data subject rights
Users may exercise the rights provided by Articles 15–22 GDPR: access, rectification, erasure, restriction, portability, objection and withdrawal of consent. Requests may be sent to the Data Controller or DPO using the above contact details. In the event of a personal data breach, where applicable, the data subject will be informed pursuant to Article 34 GDPR
11. Complaint to the supervisory authority
The data subject has the right to lodge a complaint with the Italian Data Protection Authority or the authority of the Member State where they reside or work. Information available at: www.garanteprivacy.it.
12. Updates to this notice
This notice may be updated following regulatory changes or changes in processing activities. In case of significant changes, a notice will be displayed on the Website.
Cookie Policy – THotel
1. Data Controller
The data controller regarding the use of cookies is Mi.NO.TER S.p.A., Via Galassi No. 2, 09131 Cagliari, email: privacy@thotel.it. The Data Controller has appointed a DPO, contactable at: dpo@minoter.it.
2. What cookies are
Cookies are small text files sent by visited websites to the user's device, where they are stored and later retransmitted to the same websites during subsequent visits. They allow the correct functioning of the website, a better browsing experience and, subject to consent, content personalisation.
3. Types of cookies used
3.1 Technical cookies (necessary)
Essential cookies that guarantee navigation and basic Website functions. They do not require consent. Examples: • session cookies; • authentication cookies; • cookies necessary for the consent banner.
3.2 Analytical cookies
Used to collect aggregated and anonymous statistical information about traffic and Website usage. Anonymised analytical cookies do not require consent; non-anonymised analytical cookies require consent.
3.3 Profiling cookies (marketing)
Used to track browsing activity and provide personalised content. They are installed only after consent. These cookies may be managed by third parties such as Google, Meta and advertising platforms.
4. Consent management through CMP
The Website uses a Consent Management Platform compliant with the Italian Data Protection Authority Guidelines of 10 June 2021. Users may accept all cookies, reject them, manage preferences by category or modify consent at any time through the “Review cookie preferences” link in the footer.
5. Cookie list
The updated list of cookies used by the Website, including duration, purposes and controllers, is available in the CMP panel.
6. Transfers to third countries
Some third-party cookies may involve transfers of data outside the European Economic Area. Such transfers are carried out in compliance with Articles 44–49 GDPR.
7. How to disable cookies through the browser
Users can disable cookies through their browser settings.
Useful links: Chrome: support.google.com/chrome/answer/95647
Firefox: support.mozilla.org/it/kb/Attivare e disattivare i cookie Safari: support.apple.com/it-it/guide/safari/sfri11471/mac
Edge: https://support.microsoft.com/en-us/windows/manage-cookies-inmicrosoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16- ede5947fc64d
Disabling technical cookies may affect the correct functioning of the Website
8. Data subject rights
Users may exercise the rights provided by Articles 15–22 GDPR by contacting the Data Controller or DPO.
9. Updates to the Cookie Policy
This Cookie Policy may be updated due to regulatory changes or technical developments of the Website. In case of significant changes, a notice will be displayed through the banner.
