Cancel/modify reservation
Minibar Included
Welcome drink
Vip surprise
Minibar Included
Welcome drink
Vip surprise
Privacy 2



Sede legale:

Via degli Strozzi, 4
50123 Firenze
T: +39.055.2302802
F: +39.055.215142
P.I. 05831870489



Updated as of 25 May 2018

In compliance with the obligations deriving from the Community legislation (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent amendments, this website respects and protects the privacy of visitors and users, placing appropriate measures in place to protect the rights of users.  

This document also takes into account the Recommendation n. 2/2001 that the European Data Protection Authorities have adopted to identify the minimum requirements for the collection of personal data online.

This privacy policy applies only to the online activities of this site and is valid for visitors / users of the site. The information is provided only for the site   and not for other websites that may be consulted by the user through links.

The purpose of the privacy statement is to provide maximum transparency regarding the information that the site collects and how it is used.


Data processed according to consent

With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.  

The provision of data and therefore the consent to the collection and processing of data is optional.

The User can deny consent and can revoke at any time a consent already provided by sending the request to the email However, denying consent may make it impossible to provide certain services and the browsing experience on the site may be compromised.  


Browsing the Site for consultation does not require any personal data; however, technologies are used that involve the storage of some data related to the tools used, somehow attributable to the user.

The personal data we receive from our customers helps us to personalize and continually improve our services and bookings on the site. We use this data in particular to manage orders, provide services, process payments, and communicate with you about reservations. We also use these data to improve our service, to prevent or expose fraud or abuse to the detriment of our website and to allow third parties to perform technical activities and other actions on our behalf.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation and only for the duration of the connection, some data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. To this category of data belong:

- Internet protocol (IP) address associated with the device used to connect;

- type of browser and device parameters used to connect to the site;

- name of the Internet service provider (ISP);

- date and time of visit;

- web page of origin of the visitor (referral) and exit;

- any number of clicks made within the site and any expressed preference

- other parameters relating to the operating system and the user's IT environment.

  This data can be used  to obtain anonymous statistical information on the use of the site and to check its correct functioning as well as:

- to comply with the provisions of national and community regulations;

- to ascertain responsibility in case of hypothetical IT crimes to the detriment of the site and for investigations in the event of any disputes.

Only the data collected for surveillance purposes persist on servers for more than 12 months.

Data provided voluntarily by the User

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this Website entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.


a) provide the requested services and manage customer relations. The provision of personal data necessary for these purposes is not mandatory, but the refusal to provide them implies the impossibility of carrying out what has been requested;

b) comply with the provisions of national and community regulations;

c) for security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in compliance with applicable laws, in order to block attempts at damage to the site itself or to damage other users, or in any case harmful activities or constituting a crime.

This information is treated according to the legitimate interests of the holder.


PALAZZO VECCHIETTI uses other companies and individuals to perform certain activities on our behalf.

In addition to the owner, in some cases, access to data may be gained by other categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, technical managers) or external subjects (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies).  

These providers only have access to the personal data that are necessary to perform their duties. We guarantee that they can not use the same data for other purposes and are also required to process personal data in accordance with this Privacy Policy, and in accordance with applicable regulations regarding the protection of personal data.

The Data Controller is not involved in these treatments nor can he be held responsible.

The interested party may, however, consult the privacy information made available on the following sites:

Apple Store : 

Google Play : 

Windows Phone Store :


Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

It is important that you take appropriate protection against unauthorized access to your password and your computer. Always make sure you are disconnected when using a computer shared with other users.


Personal data collected will not be disseminated, sold, exchanged or communicated with third parties other than the Data Controller, without the express consent of the data subject. Communication to third parties, other than the Data Controller, managers, internal, but also external to the company structure, and by the those in charge of processing identified and appointed pursuant to art. 13 c.1 letter e) of the EU Regulation is provided for the exclusive pursuit of the purposes referred to in points 1 and 2 of this information and in any case within the limits thereof, possibly to: third parties involved in technical assistance and delivery, and IT (and company management, etc.), affiliated companies or third parties that provide Palazzo Vecchietti with information processing or complementary activities compared to those proposed by Palazzo Vecchietti, to allow the execution of the contract, shippers, all committed in the correct and regular pursuit of the purposes described.

In any case, processing by third parties must be carried out according to accuracy and in compliance with the provisions of the law in force.  


The data collected by the site are processed by the Data Controller in accordance with the applicable laws, company DUEMILAOTTO  SRL with registered office in Via degli Strozzi 4, 50123 Florence - Italy, located in the European Economic Area and acting in accordance with European standards.


This site may share some of the data collected with services located outside the European Union area. In particular with Facebook and Istagram through social plugins and the Google Analytics service. The transfer is authorized based on specific   decisions of the European Union and the Guarantor for the protection of personal data , in particular Decision 1250/2016 ( Privacy Shield ), for which no further consent is required.  The companies mentioned above guarantee their adherence to the Privacy Shield.  

Further information on the transfer of personal data to "third-party" countries can be found on the following dedicated pages:  


Incompliant with European Regulation 679/2016 (GDPR) and national regulations, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:  

- request confirmation of the existence of personal data concerning him / her/ their (right of access);

- have information about the logic, methods and purposes of the processing;

- request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;

- in cases of treatment based on consent, receive only the cost of any support, its data provided to the holder and held by it, in a structured and readable form by a data processor and in a format commonly used by an electronic device;

- the right to lodge a complaint with the Supervisory Authority (Garante Privacy -   link to the page of the Guarantor );

- as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.

Requests should be addressed to the Data Controller.  

In the event that the data are processed on the basis of   legitimate interests   the rights of data subjects are never the less guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to object to the treatment that can be exercised by sending a request to the Data Controller.   It is possible to oppose the processing of personal data:

a) for legitimate reasons;

b) (without having to motivate the opposition) when the data are processed for commercial or marketing purposes.

For your convenience, articles 15 to 23 of the Rules can be consulted at this link:

All information regarding the right of access can be requested at the email address:


The data controller is the company DUEMILAOTTO SRL Via degli Strozzi 4, 50123 Florence - Italy, under the current laws the company can be contacted through the section  CONTACTS .


To find out the external Managers appointed by the Data Controller, please refer to the corporate privacy policy link.

Google is thw appointed data controller, processing data on behalf of the owner (Google Analytics).  


This privacy policy is updated on 22 May 2018