Privacy Notice


pursuant to Art. 13 of the General Data Protection Regulation n. 679/2016 (“GDPR”)


S.A.G.I.M. S.r.l (Società Amministrazioni Gestioni Immobiliari Milano), having its legal address in Via Vivaio 8, Milano, C.F. & P.IVA 01215020155, in its capacity as Data Controller (hereinafter: the Controller), provides information about the processing of your data, pursuant to Article 13 of the EU Regulation 2016/679 and Legislative Decree no. 196/2003 and following amendments.


  1. Object of the processing

The data you provide:

– name and surname, e-mail address, telephone number and home address;

– Credit card details (card type and number, name on the card, expiration date and CVC code);

– Personal information about your stays, including arrival and departure dates, special requests and your service preferences (preferences on rooms, services or other).

Data collected automatically

While browsing the site, the following information may be collected, such as:

– Internet protocol (IP) address;

– browser type;

– parameters of the device used to connect to the site;

– name of the internet service provider (ISP);

– date and time of visit;

– web page of origin of the visitor (referral) and exit;

This data is used to analyze user trends and collect data in aggregate form, administer and ensure the security of the site and is in no way attributable to the identity of the User.


  1. Purpose of Processing

Your data will always be processed in compliance with the law:

  1. Without your Consent, for Service Purposes (art. 6 letter b), e) GDPR), and in particular:

– carry out a service or one or more contractually agreed operations (e.g. complete and manage your online booking, provide you with customer assistance;

– the execution of fiscal or tax obligations;

– be able to contact you again, via the contact details you communicated, to process any requests made in the forms available on this website;

– comply with obligations of laws and regulations (national or European), or carry out an order from judicial authorities or supervisory bodies;

– exercise or defend the rights of the Data Controller in court;

  1. With your express consent (art. 7 GDPR), for the following purposes:

– promote new products, services or offers that may be of interest to you, by sending advertising, information, promotional and update material through ordinary letters, telephone calls, e-mails, SMS, WhatsApp and newsletters.


  1. Mandatory or otherwise of the data

The provision of data for the purposes referred to in point 2 letter. a) it is necessary for the purposes of the Service, the lack of data and/or any express refusal to process will make it impossible for the Data Controller to follow up on your requests or fulfill the requests of the competent authorities. The provision of Data for the purposes referred to in point 2 letter. b) is optional, with the consequence that you may decide not to receive promotional communications relating to the Owner’s offers.


  1. Data Processing

Your data are processed through the tools referred to in Article 4, no 2 of GDPR, specifically:  collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Specifically, they are processed whether they are produced on paper or digitalised with adequate measures to ensure data security and confidentiality.


  1. Data Retention

The Controller will use your personal data up to 10 years from the termination of the working relationship for service-related purposes and for the time determined by the law, and for 24 months from the termination of the working relationships for marketing purposes, and for not longer than 12 months for profiling purposes pursuant to Article 2, let b). For the purposes referred to in Article 2, let c), your data will be stored for the entire stay. Afterwards, your data will be anonymised and processed for aggregated and anonymous statistical analyses. Security footage recorded for the purposes of let. a), comma IV) shall be deleted after 24 hours.


  1. Data Access Data Communication

Your data will be processed:

– by S.A.G.I.M. S.r.l authorised staff

– by commercial partners and service providers performing outsourcing work on behalf of S.A.G.I.M. S.r.l in their capacity as external processing authorities, performing activities which are connected to those of the Collector.

The Collector might communicate your data without your express consent for service-related purposes:

– to legal authorities, upon their request;

– to bodies referred to in point 6;

–  to those individuals to whom it is necessary to communicate data for legal and contractual reasons, to enable the fulfilment of the purposes described above (e.g. financial credits, professional firms, commercial partners).

S.A.G.I.M. S.r.l can communicate your data to third parties to enable the performance of marketing activities referred to above. To this end, the Controller will indicate the third party to whom data will be transferred, and ask for your consent before communicating them to the latter. They will process your data in their capacity as autonomous controller of processing. At any rate, we want to reassure you that your data will not be diffused.


  1. Data Transfer

Your data can be transferred outside the European Union to individuals specified in par. 6 and 7. To safeguard your data during these transfers, the Controller adopts adequate measures, among them the consent of those concerned, an adequacy decision and the standard contractual clauses approved by the European Commission.


  1. Rights of Data Subjects

In compliance with the provisions of articles 15 to 21 of the GDPR, you, as an interested party, can exercise the rights indicated therein and in particular:

– Right of access (Article 15, GDPR). Obtain confirmation as to whether or not personal data concerning him or her are being processed and, in this case, receive information relating, in particular, to: purposes of the processing, categories of personal data processed and retention period, recipients to whom these may be communicated.

– Right of rectification (Article 16, GDPR). Obtain, without unjustified delay, the rectification of inaccurate personal data and the integration of incomplete personal data.

– Right to erasure (Article 17, GDPR). Obtain, without unjustified delay, the deletion of personal data, in the cases provided for by the GDPR.

– Right of limitation (Article 18, GDPR). Obtain from the Data Controller the limitation of processing, in the cases provided for by the GDPR.

– Right to portability (Article 20, GDPR). Receive the personal data provided to the Data Controller in a structured format, commonly used and readable by an automatic device, as well as obtaining that they are transmitted to another data controller without impediments, in the cases provided for by the GDPR.

– Right to object (Article 21, GDPR). Object to the processing of personal data concerning you, unless there are legitimate reasons for the owner to continue processing.


  1. Method of exercising rights

You can at any time modify and revoke the consent given and exercise your rights by contacting the Data Controller at the following addresses: – S.A.G.I.M. S.r.l, Via Vivaio, 8 – 20122 MILAN – Tel. 02929781 e-mail:

For the processing referred to in this information, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data (

Update 05.12.2023