Privacy Policy

Who are we

Hatfield International Limited, with company number 163484, its registered office at First Floor, Penrose 1, Penrose Dock, Cork, Ireland, and with a permanent establishment in Italy (“us” and “we”) is the controller responsible for your personal data. This privacy policy sets out how we collect and process your personal data when you use this website, make any purchases, make a reservation, register for any events, promotions or newsletters or otherwise correspond with us. The privacy policy also covers the CCTV privacy policy that we follow when you visit our premises. If you do not agree to any part of this privacy policy, please discontinue use of the website immediately. If you have any questions about this privacy policy or our privacy practices, please contact info@torredicivita.com.

The data we collect about you

Personal data means any information about an individual from which that person can be identified. We may collect, use and store different kinds of personal data about you including:

Identity and Contact Data such as your full name, gender, date of birth, country of residence, physical address, contact information (e.g., email address and phone number), passport and visa information, service preferences and any other personal data, including special category data (such as allergies and medical assistance), which you may provide us when you make a reservation, apply to any of our job vacancies or contact us.
Marketing and Communications Data such as your preferences in receiving marketing from us and your communication preferences.
Technical and Usage Data such as system log information about your use of the website, including the type of browser you use, browser plug-ins, access times, pages viewed, IP address, time zone setting and the page you visited before navigating to our website.
Device information including the hardware model, operating system and version, unique device identifiers (such as, IP address, IMEI number, the address of the device's wireless network interface, or mobile phone number used by the device) and mobile network information.
Cookies Data – you can find more information on this under the section entitled ‘Cookies’.
Financial Data such as your credit card, mobile payment and other payment details when you make a reservation or purchase goods and services from us.
Information collected from the use of closed-circuit television (“CCTV”) systems and other security systems.

We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ usage data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our product and service offering. You can find more information on this under the section entitled ‘Cookies’.

How is your personal data collected

We use different methods to collect data from and about you including through:

Your interactions with us: you may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

purchase our products or services;
create an account on our website;
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey; or
give us feedback or contact us.

Automated technologies or interactions: as you interact with our website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third party tools such as Klaviyo. Your data will only be collected by these tools with your express consent which can be provided by clicking the opt-in or consent button before you submit your information.
Technical Data is collected from the following parties:

analytics providers such as Google Analytics and reCAPTCHA based outside the UK. Your ability to opt-out of Google Analytics and refuse to opt-in to reCAPTCHA are described in more detail under the section entitled ‘Cookies’.

How we use your personal data

We only use your personal data when the law allows us to. We rely on one or more of the following legal bases for collecting and using your personal data:

Performance of a contract with you, in order to:

process, confirm, provide and charge for accommodation arrangements, restaurant reservations and orders of our goods and services, and administer in person check in and check out;
fulfil contractual obligations to you, anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers and your employer) and vendors (e.g. credit card companies, airline operators);
provide you with access to the content on our website, and respond to your enquiries and requests for information and services; and
administer events conducted by us or on our behalf.

Legitimate interests: we may use your personal data where it is necessary to conduct our business, pursue our legitimate interests and to provide you with a high-quality tailored customer experience. For example, in order to:
- understand how our products and services impact you; provide you with a better, more personalised level of service; and further develop our products and services, including linking or combining with information we get from others to do so;
- monitor your use of our website and your reservations, and conduct analysis of the use of our website in order to operate, evaluate and improve our website and our services, understand your preferences, display customised content to you on our website which may be of interest to you and troubleshoot any problems;
- conduct market analysis, market research, customer satisfaction and quality assurance surveys to improve our hotels, resorts and services;
- administer debt recovery and debt management;
- manage and provide for the safety and security of guests, premises and services (including but not limited to handling any incidents, accidents or claims made by guests or customers, conducting investigations and/or audits, carrying out CCTV surveillance and conducting security clearances).
We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted to by law).
Legal obligation: we may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: we rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose:

to facilitate direct marketing, promotional and customer management purposes, including sending you promotional communications or special offers if you have consented to receive the same.
to use special categories of data (e.g. health data like allergies) only if we have received your consent thereto;
to protect our website from spam software and misuse; and
for any other purposes for which we have obtained your consent, in accordance with the requirements of applicable law.

You have the right to withdraw consent at any time by contacting us at info@torredicivita.com.

Purposes for which we use your personal data

We have set out below, in a table format, a non-exhaustive list of the ways we plan to use the various categories of your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose / Use	Type of Data	Legal basis
To register you as a new customer.	Identity and Contact Marketing and Communications Data,	Performance of a contract Consent
To review your job application.	Identity and Contact	Legitimate Interests
To process and deliver your reservation or order including to manage payments, fees and charges.	Identity and Contact Financial	Performance of a contract with you Consent (when you make reservations or submit personal data on third-party tools embedded in our website)
To manage our relationship with you, including to notify you about changes to our terms or privacy policy, and dealing with your requests, complaints and queries.	Identity and Contact Marketing and Communications	Performance of a contract with you Legitimate Interests (to keep our records updated and manage our relationship with you) Legal Obligation
To enable you to participate in an event or to complete a survey.	Identity and Contact Marketing and Communications	Legitimate Interests (to enable you to participate, to study how clients use our products and services, to develop and grow our business) Consent
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, spam prevention).	Technical and Usage Cookies	Legitimate Interests (for running our business, provision of administration and IT services, network security) Consent (for use of reCAPTCHA)
To manage payments, fees and charges and to collect and recover money owed to us.	Identity and Contact Financial Marketing and Communications	Performance of a contract with you Legitimate Interests (to recover debts due to us)
To use data analytics to improve our website, products and services, customer relationships and experiences and to measure the effectiveness of our communications and marketing.	Technical and Usage Cookies	Legitimate Interests (to define types of customers for our products and services, to identify where market interest lies, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To send you relevant marketing communications (including newsletters, updates, invitations to events) via email or post, send you company merchandise and to make personalised recommendations to you about products or services.	Identity and Contact Technical Cookies Marketing and Communications	Legitimate Interests (to carry out direct marketing, develop our products and services and grow our business) Consent (having obtained your prior consent to receiving direct marketing communications)

Third party marketing

We will always get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask to stop sending you marketing communications at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time at info@torredicivita.com.

Links to third party websites

Our website may provide links to third party websites, including social networking websites. If you click on a third party link, you will be directed to that third party’s website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policy of any third party websites or services. Our website may contain third party tools such as:

Google reCAPTCHA in order to protect our website from spam software and misuse by non-human visitors. reCAPTCHA is engaged when you submit your information on any forms on the website.

What data is collected by the cookies?

The data we collect from you may include your browser type, language, operating system, device ID, geolocation data, the state or country from which you accessed the website’s services, the webpages you visited, the date and the time of a visit. Please note that this information is aggregated and therefore the data is anonymous and will not be traced back to you. reCAPTCHA collects the referred URL (the address of the page you came from), your IP-address, information on the operating system, mouse and keyboard behaviour, date and language settings, all Javascript objects and screen resolution.

Children and Minors

Except where required by local laws, we do not knowingly collect personal data relating to minors, unless such personal data was submitted by the minors’ parent or guardian. If you are a minor, you may only use our website and services with the permission of your parent or guardian.

Cookies

By continuing to use the website, you are agreeing to our use of cookies in the manner set forth in this policy.

What is a cookie?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Our use of cookies aims to provide you with an optimum user experience when you browse our website, allows us to monitor the performance of the website on an ongoing basis and protect our website from spam or misuse.

What type of cookies do we use?

This website uses third party cookies by:

Google Analytics to help us understand how visitors use the website. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.
Google reCAPTCHA in order to protect our website from spam software and misuse by non-human visitors. reCAPTCHA is engaged when you submit your information on any forms on the website.

What data is collected by the cookies?

How to manage cookies?

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. You can opt-out of having your activity made available to Google Analytics across all websites by installing the Google Analytics opt-out browser add on, which you can access here Google Analytics Opt-out Browser Add-on Download Page. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Disclosures of your personal data

As an essential part of being able to provide our services to you, we do share your data with the following categories of third parties:

Group Companies which are members of the Hatfield International Limited group. A group company means any direct or indirect subsidiary or any direct or indirect holding company or any such subsidiary of any such holding company or any such holding company of such subsidiary, “subsidiary” and “holding company” having the meanings defined in section 1159 of the Companies Act 2006. We will only share your personal data with group companies that are based in the UK and EU.
Agencies that assist us with marketing management and newsletter distribution such as Klaviyo, provided we have received your express opt-in consent.
Service Providers that help us to run our business such as SEO agencies like CEEK Group Ltd, website hosting providers, website developers, providers of Wi-Fi access at our venues, and companies that provide us with legal, administrative, financial and other professional services.
Professional Advisers, including lawyers, bankers, auditors, and insurers who provide advice to us when we require it;
Law Enforcement Agencies in connection with any investigation to help prevent unlawful activity; and
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

Unless otherwise stated in the policy, we do not disclose your personal data outside of the UK, EEA and Switzerland. We use third-party providers such as Klaviyo which may store your personal data in servers located in the U.S. Such transfers of data occur only with your express consent which you provide via an opt-n button.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We require all third parties to respect the security of your personal data and to treat it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. Please be aware that where information is transmitted via the internet, such transmission is not completely secure. Although we take appropriate and proportionate steps to manage the risk posed, we cannot guarantee the security of your information transmitted to our online services.

Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for longer in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. In any event, we do not retain your personal data for longer than six (6) years, subject to local laws and regulations. The retention periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account the amount, nature and sensitivity of the personal data, and legal and regulatory requirements to retain the information for a minimum period. By law we have to keep basic information about our customers (including Contact and Identity, Financial Data) for five years after they cease being customers for tax purposes. If you would like to know more about the retention periods, please contact info@torredicivita.com.

Your legal rights

You have rights in relation to your personal data including a right to access your personal data, have your data corrected, request erasure of your personal data in certain circumstances, object to or restrict our processing activities of your personal data, request the transfer of your personal data to a third party, and withdraw your consent to our processing of your personal data. If you wish to exercise any of the rights above, please email info@torredicivita.com.

Updates to this privacy policy

We reserve the right to update and change this privacy policy from time to time in order to reflect regulatory changes or changes to the way we process your personal data. In case we make such changes, we will post the amended privacy policy on our website. The changes will come into effect upon publication. Last Updated 19/03/2025.