Privacy

Notice on the Processing of Personal Data Collected Through This Website Last revised: October 13, 2025

1. Introduction and Regulatory References
This policy explains the processing of personal data collected through this website, including data acquired through cookies, tracking technologies, and—where applicable—contact forms, reserved areas, digital services, and financial transactions conducted electronically.
This policy is intended for anyone who accesses or uses this site, describing how we collect, use, and protect your personal data, as well as your rights under the law. These provisions do not apply to other sites, pages, or online services accessible through external links on the site; please consult their respective privacy policies.
This policy is provided in compliance with the main national and international regulations regarding personal data protection, including:

Regulation (EU) 2016/679 (GDPR)
UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (UK)
Swiss Federal Act on Data Protection (nFADP / LPD)
Brazilian Law on Personal Data Protection (LGPD)
Other applicable regulations.

2. Who manages your data and how can you contact us?
Your personal data is processed by:

Atlantic SRL
Via Nazionale, 10 - 50123 Florence (FI) - ITALY
info@hotelmachiavelli.it
VAT Number: 03438580486

For any information regarding the processing of personal data or to exercise their rights under the law, data subjects may contact the Data Controller.

3. On what legal bases do we process your data?
The processing of personal data collected through this website (including through cookies, similar technologies, contact forms, reserved areas, digital services, and transactions, where applicable) is based on one or more of the following legal bases:

Performance of a pre-contractual service or activity requested by the user via the contact forms provided;
Compliance with legal, regulatory, or regulatory obligations;
An additional legal basis, the Data Controller's legitimate interest, may be used for specific purposes (e.g., ensuring IT security, preventing fraud, protecting the Data Controller's rights in court).

Additional legal bases for Brazil (LGPD):
When processing falls under the jurisdiction of the LGPD, the following specific legal bases under Brazilian law apply:

Credit protection: Data may be processed for credit management and protection purposes, such as assessing solvency, preventing financial fraud, or granting financing.
Implementation of public policies: where applicable, the Public Administration may process personal data to implement initiatives established by laws, public programs, or agreements. Studies by research institutions: Data may be used by scientific or statistical research institutions, preferably in anonymous form, for study or analysis purposes.
Failure to accept or withdraw consent may reduce or limit certain personalized features or services.

4. What data do we collect when you visit the site?
While browsing this site, the following data may be collected, including through cookies and similar technologies such as pixel tags, web beacons, local storage, and equivalent technologies:

Browsing and technical data: information such as IP address, device identifiers, operating system and browser data, requested URLs, connection times, technical logs, technical preferences, and usage data collected through cookies and tracking technologies (pixel tags, web beacons, local storage, and equivalent tools).

Voluntarily provided identification data: information entered in digital forms on the site (e.g., name, surname, email, telephone number) and/or provided via email or other contact channels. This information is used to respond to requests, provide services, provide consultations, and—with prior consent—send information and marketing communications.

Data communicated via social media integrations and third-party platforms: data transmitted through social media features (login, plugins, sharing, etc.), processed according to the rules of the relevant platforms as well as this policy.

Data relating to purchases, payments, and financial transactions: collected only if the site offers paid services and managed according to specific security precautions.

5. How do we process your data, how do we protect it, and how long do we retain it?
The personal data collected through this site is processed primarily using electronic and digital tools according to the principles of lawfulness, fairness, data minimization, integrity, and confidentiality.

Appropriate technical and organizational measures are adopted to prevent unauthorized access, loss, alteration, or unauthorized disclosure of data, including:

Communication encryption (https): Communications between your browser and the site are protected by HTTPS encryption, which prevents the interception or manipulation of data exchanged during navigation;
The data is retained according to the following timeframes:

Cookie preferences and consent: retained for 180 days, as per the Cookie Policy on this site. Browsing and technical data: retained only for the time necessary to ensure the security, integrity, and functionality of the site and subsequently anonymized or aggregated.
Data collected for contractual and transactional purposes: retained for the time required by applicable laws (e.g., tax or accounting regulations).
Data processed for marketing purposes: retained until consent is revoked or deletion is requested.
Data entered via forms or specific requests: retained for the time necessary to respond or fulfill the relevant purpose.

6. Who can receive your data?
The following may access the personal data collected through this site, within the limits of their respective responsibilities and purposes:

Internal subjects authorized by the Data Controller, who have been regularly trained in privacy and security matters;
Suppliers and third-party entities appointed as Data Processors (for example, technical providers, IT companies, customer support companies, consultants, payment service providers, and logistics providers, where applicable);
Business partners, third-party entities, and affiliates, exclusively for promotional/marketing purposes if you have provided specific consent or opted out where applicable;
Subjects that provide plugins, social networks, and interaction services with external platforms, who may process personal data according to their own logic as independent data controllers (in this case, please also consult the individual privacy policies of these third parties);
Competent public authorities and supervisory bodies, within the limits imposed by law or to respond to requests from judicial authorities;
The updated list of external recipients can be made available upon request by writing to the Data Controller.

7. Where can your data be transferred?
The personal data collected through this site may be processed and transferred—for the purposes indicated—to the following countries:

Countries belonging to the European Economic Area (EEA), Switzerland, or other countries recognized by the competent authorities as "adequate" in terms of the level of protection required by law;
Updated list of "trusted" countries:

EU
Switzerland

8. What are your rights regarding the data collected?
Pursuant to applicable law, you have the right to:

Obtain confirmation as to whether or not personal data concerning you is being processed and, if so, obtain access to such data and related information (right of access).
Request the rectification, updating, or erasure of inaccurate or no longer necessary data (right to rectification and erasure).
Request the limitation of or object to data processing, including for promotional/profiling purposes, where applicable.
Request data portability in a structured and interoperable format (where technically feasible). Revoke consent given to the use of non-technical cookies and the processing of data collected through tracking tools.
Report any irregularities or abuses to the competent supervisory authorities.
To exercise these rights, simply send a request to the Data Controller, who will respond within the timeframes set by applicable local regulations.

9. How are minors' data processed?
The protection of minors is a fundamental priority.

The services and content of this site are not intended for individuals under the age of 18.

We do not knowingly collect personal data from minors without the verifiable consent of a parent or guardian.

If a parent or guardian believes that a minor has provided personal data without authorization, he or she may request its removal, updating, or restriction of processing by writing to the contact details indicated in this policy.

10. How can I report or complain to the authorities?
If you believe that the processing of your personal data through this site does not comply with applicable law, you can file a complaint free of charge with the competent supervisory authorities, including:

The Italian Data Protection Authority or the Data Protection Authority of your country of citizenship or residence;
Swiss Authority (IFPDT)
European Data Protection Supervisor
National Data Protection Authority (Brazil): https://www.gov.br/anpd/pt-br
How do we inform you about changes to this policy?
This policy is subject to periodic review to reflect regulatory changes or changes to the services offered through the website. Any significant changes will be communicated on this page.

Last revised: October 13, 2025