Privacy and cookie policy

Welcome to our website Please read our Privacy Policy carefully, which applies whenever you access the website and decide to browse it and use its services.

1.            Foreword

This Privacy Policy, pursuant to Article 13 of the EU Regulation 2016/679 (GDPR) as well as pursuant to Legislative Decree 196/2003 within the limits of the provisions still in force, is intended to inform the customer of the manner, timing, form and purpose of the processing of personal data collected, specifying – also – the rights that the person concerned may exercise in relation to and as a function of the processing. The term ‘data processing’ refers to any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or combination, restriction, erasure or destruction. The term ‘data subject’ refers to the person who has provided his or her personal data.

2.            Data controller and contact details

The subject in charge of personal data processing (which independently decides on the purposes and methods of processing, as well as on the security procedures to be applied in order to ensure the confidentiality, integrity and availability of data) is turital Srl, in the person of its legal representative Massimo Testa, with registered office in Via Cuma2, email address, certified email address: turital

3.            Data processor

The data controller is Massimo Testa

4.            Legal basis of the processing and purpose of the processing

The processing of personal data provided by the data subject in connection with the contract is necessary in order for the data controller to fulfil its contractual obligations.

The processing is also aimed at the fulfilment of legal obligations connected with the contract, with particular regard to accounting, tax, social security, health and safety obligations, as well as for the purposes of carrying out all the necessary and obligatory administrative procedures useful for the proper management of the existing contractual relationship.

5.            Optional or compulsory nature of providing data

The provision to the data controller of the personal data that are requested on the various occasions of collection may be necessary for the pursuit of the purposes identified in the information notice, or optional.

The compulsory or optional nature of the provision of data is specified from time to time – with reference to the individual information requested – at the time of the individual data collection, by appending an appropriate character (*) to the compulsory information.

Any refusal to communicate to Turital Srl some of your data marked as compulsory will make it impossible to pursue the main purpose of the specific data collection: such a refusal may, for example, make it impossible for the data controller to receive your reservation, execute your contract or carry out the services offered . On the other hand, providing Turital srl with further data, other than those marked as compulsory, is optional and does not entail any consequence with regard to the pursuit of the main purpose of the collection (e.g. the use of the website and its services, as the case may be).

6.            Data processing by third parties

Personal data, if provided in order to make a reservation or for the purpose of entering into a contract for a stay, may be communicated

– to employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;

– to third party companies or other entities (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors

7.            Rights of  data subject

The data subject is acknowledged

1. the right to access, at any time, their personal data and, consequently, to receive confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and their communication in intelligible form within 1 month of the request

2. the right to know the purposes of the processing, the categories of personal data, the recipients to whom the data are or will be communicated and, where possible, the period of storage of the data or the criteria used to determine that period

3. the right (even after withdrawal of consent) to erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed

4. the right to have the data updated, corrected or, where interested, supplemented

5. the right to restriction of processing when it has been carried out in breach of the lawfulness of processing (as an alternative to the deletion of the data)

6. the right to data portability with exclusive regard to automated processing, i.e. the right to receive, in a commonly used and machine-readable format, the personal data provided to the data controller for transmission to another controller

7. the right to object to the processing of personal data and to lodge a complaint with the Data Protection Authority (Garante dati personali) for legitimate reasons or for processing operations that differ from those relevant to the purpose of collection

8. the right to object to the processing of personal data for the purpose of sending advertising or direct marketing material or for carrying out market research or commercial communication; the provision of this data is optional and subject to the expression of consent as specified below.

8.          Procedures for the exercise of rights by the interested party

The interested party may exercise its rights by addressing its requests to the Data Controller, Tutital Srl in the person of its legal representative Massimo Testa with registered office in via Cuma 2 Rome also by sending communications to the following e-mail address

9.            Method of processing the data of those who navigate on the website

The processing of personal data is mainly carried out electronically and telematically by the data controller and by other parties who, suitably selected for their reliability and competence, carry out operations instrumental to the pursuit of purposes strictly connected to the use of the website, its services and the management/collection of bookings as well as the management of payment systems through the portal.

In general, data are processed for the provision of the following services available by accessing our site:

1. registration to the site, in order to use the relevant services;

2. subscription to specific and additional services, such as our newsletter and other similar services;

3. collection of bookings and related activities

4. payment management; in this case, the data provided during the purchase process (name, surname, address, payment card number, delivery address if different from the billing address) will be sent directly to the banking circuit which will use the data to process your payment request;

5. anti-fraud control; in accordance with Chapter IV, art. 25, c. 6 “Transfer of personal data to Third Countries” of Directive 95/46/EC, the data may be transferred to countries outside the EU or the European Economic Area which guarantee, in any case, an adequate level of protection of personal data. In any case, the processing will be carried out in accordance with the procedures set out in this policy and the provisions of law;

6. management of technical, commercial requests.

10.          Duration of processing

Personal data collected will be processed and stored for a period of 5 months, after which it will be deleted or made anonymous.

Data collected for marketing and profiling purposes will be kept for a period not exceeding 3 years, after which it will be deleted.

11.          Cross-border data processing

At the time of publication of this notice, the data controller does not envisage or assume the cross-border processing of personal data.

12.          Identification of subjects during navigation

When processing data that may directly or indirectly identify a person, the data controller observes a principle of strict necessity.

For this reason, the website has been configured in such a way that the use of personal data is kept to a minimum: therefore, data processing is excluded when the purposes pursued in individual cases can be achieved through the use of anonymous data (such as, for example, in market research aimed at improving services) or through other means that allow the identification of the person concerned only in case of necessity or at the request of the authorities and police (such as, for example, for data relating to traffic and permanence on the website or your IP address).

In some cases, as expressly indicated below in the notice, the data will be subjected – subject to express consent – to processing aimed at creating profiles based on preferences or to send promotional information

13.          Cookies

This website uses cookies to improve your experience when browsing the site. There are various types of cookies that are classified as necessary and are stored on your browser as they are essential for the basic functionality of the website to work, we use third party cookies to help us analyse and understand how you use this website. These cookies are only stored on your browser with your consent. You also have the possibility to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

The site uses:

– TECHNICAL COOKIES to save your session and to perform other activities strictly necessary for the operation of this Website, for example in relation to traffic distribution.

– PREFERENCE AND STATISTICAL COOKIES to save navigation preferences and optimise the User’s browsing experience. These Cookies include, for example, those for setting the language or for the management of statistics by the Site Owner.

– THIRD-PARTY COOKIES that may collect information about your movements on the Internet and, in particular, within our websites. In addition, some pages on our website are characterised by the presence of so-called “social plug-ins”, which allow you to share our content on social media networks such as Facebook, Twitter, Youtube. Third-party cookies are not under our control and, therefore, for further information on how the third party uses cookies, we recommend that you visit the website of the third party whose web addresses are listed below, where the different policies and methods of management of third-party cookies are present

– The acceptance of automatic data collection procedures and the use of cookies are necessary for the use of the site and its services.

– This policy is drawn up on the basis of multiple legislative orders, including Articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this policy relates exclusively to this Website.

14.          Security measures

The data controller takes appropriate security measures in order to minimise the risks of destruction or loss – even accidental – of data, unauthorised access or processing that is not permitted or does not comply with the purposes of collection as indicated in the Privacy Policy

The owner cannot guarantee to its users that the measures taken for the security of the site and the transmission of data and information on the site limit or exclude any risk of unauthorised access or dispersion of data by devices belonging to the user: the user is therefore advised to equip himself with appropriate software for the protection of network data transmission, both incoming and outgoing (such as up-to-date antivirus systems) and to check that the Internet service provider has taken appropriate measures for the security of network data transmission (such as firewalls and spam filters).