Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes how we process personal data. This information is provided pursuant to Art. 13 of the GDPR. This information does not apply to other third-party websites that may be accessed via links on this website, for which we assume no responsibility.
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 GDPR).
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
Pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”), this page describes how we process personal data. This information is provided pursuant to Art. 13 of the GDPR. This information does not apply to other third-party websites that may be accessed via links on this website, for which we assume no responsibility.
The optional, explicit, and voluntary sending of messages to the contact addresses indicated on this site and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.
Regarding the processing of personal data by the managers of the social media platforms used by the Data Controller, please refer to the information provided in their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of dedicated social media platforms to manage interactions with users (comments, public posts, etc.) and in compliance with applicable legislation.
Specific information may be present on the pages of the Site in relation to particular services or processing of the data provided.
For cookies and other tracking systems, see the cookies policy in the footer of the site.
The Data Controller is PERTUS S.r.l. with registered office in Via Crocefisso, 5 20122 Milan (MI) Italy, in the person of its Legal Representative pro-tempore, who can be contacted for any information by telephone +39 0341 350064, e-mail info@smartfit.it.
PURPOSE OF PROCESSING:
Navigation on this website.
The data required for the use of web services are also processed for the following purposes:
• Obtain statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
• Verify the correct functioning of the services offered.
The data will be used to ascertain liability in the event of hypothetical cybercrimes against the site.
LEGAL BASIS:
Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by third parties, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the operation of the website and browsing itself.
(Art. 6, paragraph 1, letter f and C47 of the GDPR)
STORAGE PERIOD:
Browsing data will be retained for the duration of the browsing session and in any case will not be retained for more than seven days (except where judicial authorities need to investigate criminal offenses).
NATURE OF PROVISION:
The provision of data is necessary for browsing the website.
PURPOSE OF PROCESSING:
Use of cookies and similar technologies.
See the cookies policy in the website footer.
LEGAL BASIS:
For non-technical cookies and similar technologies, processing is based on consent to the processing of personal data (Article 6, paragraph 1, letter a and C42, C43 of the GDPR).
Consent is given via the banner and the website’s cookie policy.
RETENTION PERIOD:
See the cookies policy in the website footer.
NATURE OF PROVISION:
See the cookies policy in the website footer.
In addition to browsing, personal data will be processed for:
PURPOSE OF PROCESSING:
A) CONTACTS, sending contact requests and/or information
LEGAL BASIS:
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the data subject’s request prior to entering into a contract; (C44)
STORAGE PERIOD:
Maximum 12 months
NATURE OF THE PROVISION:
Provision is necessary.
Failure to provide the necessary data will make it impossible to be contacted and receive information.
PURPOSE OF THE PROCESSING:
B) DIRECT MARKETING, for sending advertising or direct sales materials or for conducting market research, customer satisfaction surveys, or commercial and promotional communications, newsletters, via automated means (email, SMS) and traditional means (telephone and post).
The Data Controller uses reporting systems to compare and potentially improve the results of automated communications. Thanks to the reports, the Data Controller will be able to learn, for example: the number of readers, openings, unique “clickers,” and “clicks,” the devices and operating systems used to read the communication; Details of individual user activity; details of emails sent, whether delivered or not, and those forwarded; All this data is used to compare, and possibly improve, the results of communications.
LEGAL BASIS:
The processing is based on consent to the processing of personal data (C42, C43)
Article 6, paragraph 1, letter a) of the GDPR
RETENTION PERIOD:
Until consent is withdrawn
(or opt-out)
NATURE OF THE PROVISION:
Provision is optional.
Failure to provide the necessary data will make it impossible to receive direct marketing communications.
PURPOSE OF THE PROCESSING:
C) MANAGEMENT OF YOUR REQUESTS and requests from other interested parties, pursuant to art. 15 et seq. of the GDPR (rights of the data subject)
LEGAL BASIS:
The processing is necessary for compliance with a legal obligation to which the data controller is subject (C45)
Art. 6, paragraph 1, letter c) of the GDPR
RETENTION PERIOD:
5 years from the closure of the request, except in the event of disputes
NATURE OF THE PROVISION:
The provision of personal data is mandatory, as it is essential to comply with legal obligations.
PURPOSE OF THE PROCESSING:
D) ORGANIZATIONAL, ADMINISTRATIVE, FINANCIAL AND ACCOUNTING ACTIVITIES AND CUSTOMER/USER DATA MANAGEMENT.
LEGAL BASIS:
The processing is necessary for the performance of a contract to which the data subject is party (C44) or for compliance with legal obligations (C45).
RETENTION PERIOD:
10 years or different legal obligation
NATURE OF PROVISION:
The provision of personal data is mandatory, as it is essential to comply with legal obligations.
Personal data will be disclosed, also based on the purposes set out in specific areas, to entities that will process the data as independent Data Controllers or Data Processors (Article 28 GDPR) and processed by natural persons (Article 29 GDPR) who act under the authority of the Data Controller and the Processors on the basis of specific instructions provided regarding the purposes and methods of processing, for specific purposes based on the relevant area. The data will be disclosed to recipients belonging to the following categories:
• entities that provide services for the management of the information system and telecommunications networks used by the Data Controller (including email, the web platform, and sending newsletters);
• firms or companies providing assistance and consultancy;
• competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
The list of Data Processors is available by writing to info@hotellasosta.it or the other contact details indicated above.
Personal data will not be transferred to countries outside the EEC.
Personal data will be processed using traditional manual, electronic, and automated means. Please note that no fully automated decision-making processes are used.
You may exercise your rights under Articles 15 et seq. of the GDPR by contacting the Data Controller at info@smartfit.it, or using the contact details above. You have the right, at any time, to request access to your personal data (Article 15), rectification (Article 16), erasure (Article 17), and restriction of processing (Article 18). The Data Controller shall communicate (Article 19) any rectification, erasure, or restriction of processing to each recipient to whom the personal data has been disclosed. The Data Controller shall inform the data subject of these recipients upon request. In the cases provided for, you have the right to data portability (Article 20), and in such case, your data will be provided to you in a structured, commonly used, and machine-readable format. You have the right to object (Article 21) at any time to data processing based on legitimate interest, and, where the legal basis is consent, you have the right to withdraw your consent without affecting the lawfulness of processing based on consent before its withdrawal.
To no longer receive automated direct marketing communications (email, SMS, instant messaging), please send an email to info@smartfit.it with the subject “unsubscribe from automated marketing” or use our automatic unsubscription systems designed for emails only (opt-out).
To no longer receive traditional direct marketing communications (operator-assisted telephone calls and postal mail), please send an email to info@smartfit.it with the subject “unsubscribe from traditional marketing.”
To no longer receive any marketing communications, please send an email to info@smartfit.it with the subject “unsubscribe from marketing.”
You may withdraw your consent to (non-automated) profiling by sending an email to info@smartfit.it with the subject line “no profiling.”
If you believe that the processing of your personal data by the Data Controller violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which you habitually reside or work, or in the place where the alleged violation of the regulation occurred (Italian Data Protection Authority https://www.garanteprivacy.it/), or to take appropriate legal action.
The Data Controller reserves the right to modify, update, add, or remove portions of this policy. To facilitate review and modification of the text, the policy will contain the date of its update.
Updated: 10/10/2025
