top of page
Copia di Untitled-1-01.jpg




Rooms and Suites


Do you need assistance?

Contact the Customer Service team at  +39 08118240462



Information on data processing pursuant to art. 13 of Regulation (EU) 2016/679 and of Legislative Decree 101/18 for the collection and processing of personal data.


Velo Srl, with registered office in Vico Figurari, 2 - 80138 Naples (NA), as Data Controller, informs users, pursuant to EU Regulation 679/2016 (hereinafter "GDPR") and the legislation, including national, in subject to the protection of personal data for the applicable time (hereinafter "Privacy Law"), that the personal data (hereinafter, "Data") relating to users of the Site (hereinafter, "Interested") will be processed in the manner and for the purposes indicated in this statement.

Velo Srl  is the owner of the processing of the Data collected through this Site;

Exclusively in relation to Facebook Business Tools, (by way of example, Cookies, plug-ins and Facebook Pixel) Velo Srl and Facebook Ireland Limited, with registered office in 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (of hereafter "Facebook") act as joint data controllers, on the basis of a specific Joint Controller Agreement, in order to measure the level of interaction between the websites visited based on the preferences of the interested parties and provide targeted advertising within the social network network. Further information on how Facebook Ireland processes Data, including the legal basis to which Facebook Ireland refers and on how to exercise the rights of the data subject vis-à-vis Facebook Ireland, can be found in the Facebook Ireland Data Policy at  Facebook


Pursuant to art. 37 GDPR, the Data Controller has designated the Data Protection Officer, better known as Data Protection Officer (hereinafter only "DPO"), who can be reached at the following address:



The following data are processed:

Navigation data:

such as the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: as a result, the data on web contacts could be kept in accordance with and limited to this purpose. Starting from the IP address and the domain name of the computers used, it will be possible, limited to the purpose of ascertaining responsibility reported, to trace additional user identification data (in particular, name, surname, e-mail address, telephone number, etc.);

Data provided voluntarily by the user:

such as identification data, such as name, surname, e-mail, telephone number, tax code, etc .; any other data provided eg. when registering on the Site in the appropriate section, as well as when filling in any data collection forms on the Site, or when requesting the supply / activation of an It's Room service, such as the Newsletter Service;



for information relating to cookies on the It's Room Site  please refer to the Cookie Policy.


Protecting the safety and privacy of minors is very important to us. By registering on the Site in the appropriate section, as well as when completing any data collection forms present on these Sites or when requesting supply / registration to the Newsletter service, the interested party confirms that he is 16 years of age. or in any case not to be under the age indicated by the legislation of the country of residence which provides for other age limits.


The data are processed in the following ways:

1.     The data are processed in a lawful, correct and transparent manner, through paper, electronic and / or automated collection, and through third parties (eg: OTAs, travel agencies, booking channels, etc.)

2.     they are collected for the aforementioned and legitimate purposes: no later than the time necessary to comply with the regulations required for accounting and tax audits; they are adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed (data minimization);

3.     they are accurate, and if necessary updated;

4.     are processed in such a way as to guarantee adequate security of personal data, including protection, by means of adequate technical and organizational measures, from unauthorized or unlawful processing and from loss of distribution or accidental damage;

The data will be processed in strict compliance with the provisions of the law, according to the principles of lawfulness and correctness and in compliance with the right to confidentiality. The treatment will take place on the basis of:

-     Consent manifestation for one or more specific purposes;

-     Pre-contractual and contractual obligations;

-     Legal obligations;

-     Legitimate interest of the Data Controller.

Velo Srl is able to prove what has been said through the treatment register


The processing of the data of the interested parties is carried out - electronically - by means of the operations of collection, registration, updating, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, cancellation and destruction of the Data. The Data will be processed by the Company and its appointees with computer systems (and manuals) according to the principles of correctness, loyalty and transparency provided for by the applicable legislation on the protection of personal data and protecting the privacy of the interested party and his rights by means of the adoption of suitable technical and organizational measures to guarantee a level of safety adequate to the risk. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.


The data will be kept for the time strictly necessary to carry out the activities related to the purposes referred to in this information. In this case, the storage times will be:

-     10 years (in accordance with the provisions of the civil obligations art. 2220 of the Civil Code).

-     1 year maximum for access data and use of ICT resources.

-     3 years maximum from the last registration / check-out in the structure for personal and particular data relating to the stay, personal preferences, identification documents, handwritten signature, purchase history, and to send promotional messages and updates on rates and on offers made and other direct marketing activities, unless otherwise indicated by the interested party.

-     24 hours maximum for video surveillance images, except holidays or other cases of closure of the business, and in any case no later than one week.

-     1 year maximum for the conservation of CVs, whether in paper or digital format.

-     3 years maximum for keeping the interview cards of suitable candidates.

The data may be disclosed to third parties in the event that it is necessary, for example, to adhere to a specific investigative request from the judicial authority or judicial police. Except in any case, longer storage periods if provided for by specific sector regulations.

The data for sending communications and information of the structure are kept until cancellation, caused by the revocation of the consent of the interested party.


The Company may transfer the Data outside the European Union. To this end, pursuant to the privacy legislation, the Company evaluates the impact of data transfers and adopts, if applicable, the most appropriate guarantees (for example, adequacy decisions or standard contractual clauses). For information on the transfer of personal data collected through third-party cookies, please refer to the privacy policies of each third party, available on the websites of the same and linked in the tables above, "Third-party analytical cookies" and "Cookies of Third Party Profiling ".


Interested parties can authorize the use of Cookies by clicking on the "Accept" button directly from the Banner, or by authorizing each Cookie via the appropriate "Manage" link inside the Banner. Interested parties can refuse the use of Cookies by clicking on "Reject" directly from the Banner, or by managing their preferences for each Cookie through the appropriate "Manage" link in the Banner. Interested parties may not authorize the use of cookies or in any case disable them at any time at the link below: "Manage Cookies" or by manually changing the configuration of your browser and following the instructions contained in the cookie managers' policies.

How to disable cookies manually:

  • Chrome:

  • Firefox:

  • Internet Explorer:

  • Microsoft Edge:

  • Safari:

If you use a web browser not listed above, please refer to the documentation or online help of your browser for further information. The Owner acts as a mere technical intermediary for the links shown in this document and cannot assume any responsibility in the event of any changes. Furthermore, for more information, interested parties can contact us at the e-mail address


With a specific written communication sent by certified email to or registered letter with return receipt to the address of Velo Srl, you have the right to:

1.     Access to data (Article 15, GDPR)

Obtain from the data controller confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to personal data and to determine information specifically indicated in art. 15 of the Regulation.

2.     Correction (Article 16, GDPR)

Obtain from the data controller the correction of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, it also has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

3.     Cancellation (Article 17, GDPR)

Obtain from the data controller the cancellation of personal data concerning you without undue delay and the data controller is obliged to cancel your personal data without undue delay, unless there are reasons preventing the exercise of the aforementioned right.

4.     Limitation of processing (Article 18, GDPR)

Obtain, where possible, the limitation of the processing of your personal data or revoke the consent previously given. The withdrawal of consent will not affect the lawfulness of the treatments carried out previously.

5.     Obligation to notify in case of rectification (Article 19, GDPR)

The data controller communicates, to each of the recipients to whom the personal data have been transmitted, any corrections, cancellations or limitations of the processing carried out.

6.     Data portability (Article 20, GDPR)

If the processing is based on consent or on a contract and is carried out by automated means, you have the right to receive the personal data that you have provided to the data controller in a structured format, commonly used and readable by an automatic device and you have the right to transmit them to another data controller or have them transferred directly by the owner, if technically feasible.

7.     Opposition (Article 21, GDPR)

Oppose at any time, for reasons connected to your particular situation, to the processing of personal data based on the legitimate interest of the owner or on your consent, including profiling, unless the Data Controller demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over your rights.

8.     Automated decision-making process including profiling (Article 22, GDPR)

Be subjected to a decision based solely on automated processing that produces legal effects that affect you or that significantly affect your person in a similar way, unless it involves the conclusion or execution of a contract between the interested party and the owner with explicit consent of the first.

9.     Complaint (art.77, GDPR)

Without prejudice to any other administrative or judicial appeal, if you believe that the processing that concerns you violates this regulation, you can lodge a complaint with the Privacy Guarantor ( ).

bottom of page