MGallery by Sofitel Florence
Rooms
1 Room, 1 Adult, 0 Children
Rooms
-
1
+
Adults
/Room
-
1
+
Children
/Room (Age 0-11)
-
0
+
Adults
Children

Save 5% here only Free WiFi

Privacy Policy

Home » Privacy Policy

Privacy Policy

Date: May 2018

We welcome you to our website and thank you for your interest in our business. Our dealings with customers and potential customers are based on trust. The trust placed in us has great priority, and thus entails the obligation to treat your data with care and to protect them from misuse. To make you feel secure and comfortable during your visit to our website, we take the protection of your personal data and their confidentiality very seriously. For this reason, we act in accordance with the applicable statutory regulations regarding the protection of the privacy of personal data and regarding data security. In this Privacy Policy, we would like to give you information on when we store your data and how we use them. Our company’s data privacy protection is based on the currently applicable statutory regulations – in particular, the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG recast) and the German Telemedia Act (Telemediengesetz, TMG) – as well as the relevant case law. We use personal data exclusively for the notified or agreed purpose. Therefore, we process or use personal data, such as your name, your address, your account number, ID number or telephone number, your email address or IP address only when you provide these to us voluntarily and if this is also permitted under statutory law or when you have consented to the use of the data. We usually process the above-mentioned personal data when you reserve a room or enquire about a reservation online. If you use services, only those data that we need to provide the services are collected, as a rule. Where we ask you for additional data, this information is voluntary. Personal data are processed only for the purpose of performing the requested service and to protect our own legitimate business interests.

1. Names and contact details of the controller and the company’s data protection officer

The controller for the processing of your data on the website https://www.mgallery-by-sofitel-florence.com (“website”) is

FC Operations Hotel SRL
Via de’ Cerretani, 10
50123 Florence
Italy
T: +39 055 064 3811
F: +39 055 238 1312
H1539@accor.com

For more information on the controller, please refer to the legal notice. You can contact our data protection officer at the following address:

Crusader Investments B.V.
Data Protection Officer
Konrad-Adenauer-Ufer 5-7
50668 Cologne
Germany
or by sending an email to: datenschutz@eventhotels.com.

2. Data processed when our website is visited

When our website is used for information purposes only, thus when you do not register or otherwise provide us with information, we process only the personal data that your browser transmits to our server. When you visit our website, we collect the following data that are technically necessary to display our website to you and to ensure the site’s stability and security (the legal basis is Article 6 (1) f) GDPR):

  • IP address
  • Date and time of visit
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific site)
  • Access status/HTTP status code
  • The amount of data transferred in each case
  • Website from which the request is made
  • Browser
  • Operating system and its interface
  • Language and version of browser software

We store this information, but without your IP address, in log files and erase it after 338 days for security reasons. The data in the log files are stored separately from your other data. The data are stored for a longer period only in individual cases (e.g. in the event of a suspicion of misuse or fraud). In such cases, the respective log files are stored until the matter has been investigated and any subsequent necessary measures have been completed.

3. Use of cookies

We use cookies on our website on the basis of Article 6 (1) f) GDPR. The background for the use of cookies is our interest in optimising the website, which is to be considered legitimate in terms of Article 6 (1) f) GDPR. Cookies are small text files that are linked and stored on your hard drive to the browser you use and by means of which the organisation that sets the cookie receives certain information. Almost all of the websites on the Internet use cookies. Cookies cannot execute any programs or transfer viruses to your computer. One of their purposes is to make our website generally more user-friendly for you. We use session cookies, for example, to recognise that you have already visited individual pages of our website. Such cookies are deleted automatically after you have left our website. We also use temporary cookies to increase user-friendliness; these cookies are stored for a specific time period on your end device, for example, for our voucher shop and the Facebook pixel. If you revisit our site to use our services, it is automatically recognised that you have already visited our website and what entries you have made and settings you have chosen so you do not have to enter everything again.

We also use cookies to statistically record and analyse the use of our website in order to optimise our services for you and to display information specifically tailored to you. These cookies enable us to recognise, when you visit our website again, that you were here previously. These cookies are automatically deleted after a defined period of time. You can adjust the settings of your browser so that no cookies are stored on your end device or a notice appears every time before a new cookie is set. Completely deactivating cookies may, however, result in the situation that you will not be able to use all the functions of our website.

4. Use of web analytics services/tracking

When you visit our website, we collect and process data automatically in order to understand the behaviour of visitors to our website so that we are able to optimise our website and tailor it to the visitors’ interests. The legal basis for the processing of your data is Article 6 (1) f) GDPR. We have a legitimate interest in carrying out web analyses on a pseudonymous basis in order to better understand our users, to optimise our website and to determine whether our internet advertising achieves the desired results.

A detailed description of the services we use and on how your personal data are processed can be found in the following relevant descriptions of the services. You can object to the use of these services by way of an opt-out. Please note, however, that you may then not be able to use all of the functions of our website.

We use the following web analysis services on our website:

Google Analytics

On our website, we use the web analysis service Google Analytics (with anonymization function) provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google Analytics component is to analyse the visitors’ use of our website. As our processor pursuant to Article 28 GDPR, Google provides us with reports by way of which we can display and analyse the activities on our website. In doing this, a Google Analytics cookie is stored on the device via which you visit our website. When individual pages of this website are called up, the Google Analytics component automatically causes the internet browser on your device to transfer data to Google for the purpose of online analysis. During this technical process, Google receives information about your personal data, in particular, the information about the browser type/version, the operating system used, the page you visited previously, the host name of the accessing device, the IP address and the time of the request, which enables Google to track the origin of visitors and clicks, among other things. These data are not merged with other data about you, however. We also use the function by which the IP address of your internet connection is automatically abbreviated by Google and thus anonymised if our website is accessed from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area. If, in an exceptional case, data are processed outside the EEA where the level of data protection does not correspond to the European level of data protection, the processing is based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA. Your consent is obtained in order to allow Google Analytics to collect and process your data in such way. You may withdraw your consent given in this way at any time with effect for the future. Please note, however, that if you refuse or withdraw your consent you may not be able to use all of the functions of our website. You can also object to the use of cookies either by configuring your internet browser so that cookies are generally not stored or by clicking here . Alternatively, you can also use the browser add-on that you can download and install here: https://tools.google.com/dlpage/gaoptout. By installing the browser add-on, you can object to the use of cookies. If your device is deleted, formatted or reinstalled at a later time, you must reinstall the browser add-on. You can obtain more information and Google’s applicable data privacy policy at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail here: https://www.google.com/intl/de_de/analytics/.

5. Use of marketing services/targeting

We collect and process data on our website so that we can display suitable advertising on this website and other websites (re-marketing/re-targeting) to you and measure the success of our advertising activities. In doing this, we cooperate with other providers that help us, in particular, to track whether the users find their way to us via certain advertising measures (conversion tracking). In this context, pseudonymous user profiles are also produced. Your consent is obtained in order to allow us to collect and process your data in such way. You may withdraw your consent given in this way at any time with effect for the future. Please note, however, that if you refuse or withdraw your consent you may not be able to use all of the functions of our website. You can object to the use of these services by way of an opt-out. Please note, however, that you may then not be able to use all of the functions of our website.

Google DoubleClick

On our website, we use the services of Google DoubleClick (Google Ltd., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This means that cookies and cookie-like technologies such as pixel tags (i.e. small transparent graphics, also called web beacons) are used and your personal data are processed, particularly the information regarding browser type/version, the operating system used, the page you visited previously, the host name of the accessing device, IP address and the time of the request, as well as offers, search terms and contents that you were interested in. User profiles are produced on a pseudonymous basis. For example, the cookies collect data indicating which of our products are of interest for you. On the basis of this information, we can also display offers on third-party websites to you that are designed to match your interests as indicated by your previous user behaviour. The collection and evaluation of your user behaviour are carried out anonymously and do not make it possible for us to identify you. In particular, the information is not merged with your personal data. The cookie is deleted automatically after 30 days. If data are processed outside the EEA where the level of data protection does not correspond to the European level of data protection, the processing is based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA. In addition, you can change your settings regarding the display of interest-related advertising via the Google ad settings manager. Information on this can be found here: https://www.google.com/settings/ads/onweb. You can find more information and the data privacy policy relating to advertising and Google in the Google data privacy policy and Google’s terms of use: http://www.google.com/policies/technologies/ads/.

Facebook Custom Audience

Our website uses Facebook’s visitor action pixel (also referred to as “Facebook Custom Audience”) (Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”)) for conversion tracking. This function presents interest-related ads (“Facebook ads”) to visitors to this website during visits to the social network Facebook. This makes it possible for us to optimise the effectiveness of the Facebook ads for future advertising and to analyse it for the purpose of market research (legitimate interest). For this purpose, Facebook’s visitor action pixel has been implemented on this website. A direct connection to the Facebook servers is established via this pixel when you visit this website. In this context, the information that you have visited this website is transferred to the Facebook server, and Facebook links this information to your personal Facebook user account. The collected data are anonymous for us, as the operator of this website; we cannot make any inferences as to the identity of the users. You can find more information regarding the collection and use of data by Facebook and regarding your rights in this respect and options for protecting your privacy in Facebook’s data privacy policy at https://www.facebook.com/about/privacy/. You can also deactivate the function “Custom Audiences” at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in on Facebook to do this. If you do not have a Facebook account, you can deactivate Facebook’s use-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/. You can object to the use of the Facebook pixel by following this link.

6. Information on the use of social plug-ins

We use “social plug-ins” from different social networks (“plug-in providers”) on our website. A social network is a social meeting place on the Internet that enables users to communicate with one another and to interact in cyberspace. The legal basis for the processing of your data is Article 6 (1) f) GDPR. We have an interest in making it possible to provide you with the most convenient and best optimised offer on our website by way of the incorporation of social plug-ins and the possible analyses that these make possible and to operate this website commercially. The social plug-ins on our website are usually deactivated on our website to the extent this is technically possible. The social plug-ins therefore do not transmit any data to the respective social plug-in provider without any action on your part. You cannot use the social plug-ins until you activate them by clicking on the buttons. After they are activated, a direct connection is established via your internet browser to the system of the respective social plug-in. The content of the social plug-in is then transmitted directly to your browser and incorporated directly in our website. At the same time, the social plug-in transfers to the respective social plug-in provider the information that you have called up the relevant page of our website. This applies regardless of whether you have a profile with the social plug-in provider or have logged in or subsequently use a social plug-in actively (e.g. by clicking on the “Like” button or by posting a comment). When a social plug-in is used actively, the relevant information is transmitted from your internet browser directly to the respective social plug-in provider and stored there. If you are at the same time logged in at one of the social plug-in providers, that provider can link your visit to our website to your account there. In exceptional cases, a direct connection is established to the systems of the social plug-in provider when you call up a page of our website that contains such a social plug-in. The content of the social plug-in is then transmitted by the respective social plug-in provider directly to your internet browser and integrated directly into our website. At the same time, the social plug-ins transfer to the respective social plug-in provider the information that you have called up the relevant page of our website. This applies regardless of whether you have a profile with the social plug-in provider or have logged in at the social plug-in provider or have used a social plug-in actively (e.g. by clicking on the “Like” button or by posting a comment). When a social plug-in is used actively, the relevant information is transmitted from your internet browser directly to the respective social plug-in provider and stored there. If you are at the same time logged in at one of the social plug-in providers, this provider can link your visit to our website to your account there. We have no influence on the type and scope of the collected and transmitted data. You can find details regarding the scope and purpose of the collection, processing and use of data in the data privacy notices provided by the social plug-in providers. Your rights and settings options regarding the protection of you privacy are also detailed there.

If you do not want the social plug-in providers to link the data collected about your visit to our website to your account, please log out from the social plug-in provider before visiting our website.

We have no influence on the type and scope of the collected and transmitted data. You can find details regarding the scope and purpose of the collection, processing and use of data in the data privacy notices provided by the social plug-in providers. Your rights and settings options regarding the protection of you privacy are also detailed there. If you do not want a social plug-in provider to link the data collected about your visit to our website to your account, please log out from the respective social plug-in provider before activating the social plug-in. If you do not want the social plug-in provider to receive, store and use any data at all, please do not use or click on the respective social plug-in.

We use the following social plug-ins:

Facebook

The social plug-ins of the social network Facebook are operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (www.facebook.com), and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (www.facebook.de) (“Facebook”). You can find an overview of Facebook’s plug-ins here: http://developers.facebook.com/docs/plugins; you can find information on data protection at Facebook here: https://www.facebook.com/policy.php. If data are processed outside the EEA where the level of data protection does not correspond to the European level of data protection, the processing is based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC. If you wish to object to data collection by Facebook in the future, you can do so here: https://www.facebook.com/settings?tab=ads.

Google+

Plug-ins of the social network Google+ are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can find an overview of Google+ plug-ins here: https://developers.google.com/+/plugins; you can find information on data protection at Google+ here: https://www.google.com/intl/de/+/policy/+1button.html. If data are processed outside the EEA where the level of data protection does not correspond to the European level of data protection, the processing is based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA. If you wish to object to data collection by Google in the future, you can do so here: http://www.google.com/ads/preferences.

Twitter

The social plug-ins of Twitter are operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can find an overview of Twitter’s plug-ins here: https://twitter.com/about/resources/buttons; you can find information on data protection at Twitter here: https://twitter.com/privacy. If data are processed outside the EEA where the level of data protection does not correspond to the European level of data protection, the processing is based on the EU-US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO. If you wish to object to data collection by Twitter in the future, you can set an “opt-out cookie” here: https://twitter.com/personalization.

7. Integration of third-party content

Third-party content is integrated into some parts of our website. This includes, for example, videos, map services, images or font types. In connection with integrating such content, it is technically necessary for us to disclose your IP address to the third-party providers so that they can display the content for you. We do not store your IP address for the purpose of integrating third-party content. Based on your IP address, the use of cookies and other technologies (e.g. pixel tags, meaning invisible images), the third-party providers may track your surfing habits and in this way process other technical information in addition to your IP address (including browser type/version, operating system used, website previously visited, the host name of the device accessing the page, the time and other information regarding the use of our website). Your consent is obtained in order to allow for the use of cookies and other technologies and disclosure of your IP address by us to the third-party providers in such way. You may withdraw your consent given in this way at any time with effect for the future. Please note, however, that if you refuse or withdraw your consent you may not be able to use all of the functions of our website. A detailed description of the parties whose content we integrate on our website and on how your data are processed can be found in the following relevant descriptions regarding the integrated content.

YouTube

YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Privacy policy: https://policies.google.com/privacy. It is possible to opt out at: https://adssettings.google.com/authenticated.

Google Maps

Google Maps (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Privacy policy: https://policies.google.com/privacy It is possible to opt out at: https://adssettings.google.com/authenticated.

8. Google reCAPTCHA

We use Google’s reCAPTCHA service, which protects our website against spam and misuse. The service prevents automatic software (also known as bots) from carrying out abusive activities on our website, meaning that it checks whether the input provided is in fact typed in by a human being. In doing this, Google collects the following data:

  • Referrer (the address of the page on which the captcha is used)
  • The user’s IP address
  • Google account (if the user is logged in to his Google account, this is recognised and linked)
  • The user’s input behaviour (e.g. speed with which the user fills in the boxes of the form, order in which the user selects the text boxes) is used to improve Google’s recognition of patterns.
  • Browser, browser size and resolution, browser plug-ins, date, language settings
  • The website’s document presentation instructions (CSS) and scripts (Java script)
  • Mouse and touch events on the website

The legal basis for the processing of your data is Article 6 (1) f) GDPR. We have a legitimate interest in effectively avoiding spam, because sorting out spam manually can involve very great effort and costs. Should you not agree to this, you will unfortunately not be able to use the comment function. Google also reads the cookies of other Google service providers such as Gmail, Search and Analytics. All the aforementioned data are sent to Google in encrypted form. Personal data from the input boxes of the relevant form are not retrieved or stored. You can find more information on Google’s data privacy policy at http://www.google.com/policies/privacy/.

9. Email and contact form

The personal data relating to general enquires sent to us by email or via the contact form are stored only for the purpose of the relevant correspondence. The data we receive are stored only for the period of time required for the relevant correspondence. The legal basis for the processing of your data in connection with general enquiries is Article 6 (1) f) GDPR. We have a legitimate interest in processing your data in order to ensure that you can contact us quickly and that your enquiry is processed in accordance with your interests. If you send us specific enquires regarding your booking or our offers by email or via the contact form, the relevant personal data are processed only for the purpose of initiating the contract or implementing your booking. The legal basis for this processing is Article 6 (1) b) GDPR.

Room Reservation

If you book a room through us, we will collect the following personal data:

  • selected hotel
  • period booked
  • number of rooms
  • number of persons (adults and children)
  • selected additional package
  • selected rate / selected special offer
  • first and last names
  • email address
  • telephone number
  • credit card details

Optional information

  • arrival information
  • room and bed type and/or other preferences

We will use this data to process your booking and to conclude and fulfill the contract with you. This includes confirming your identity, receiving a payment guarantee and/or payment information and sending marketing messages or notices concerning your stay.
We take the protection of your personal data very seriously and therefore reduced the number of required fields to a minimum.

We will save this personal data for 10 years in accordance with legal storage obligations. If you make a booking through our website, you will automatically be forwarded to our reservation service provider during the booking process. This is where your personal data will be processed for contract performance purposes. The legal basis for processing your reservation data is Art. 6(1) Letters b & f of the General Data Protection Regulation. We have a legitimate interest in binding our customers and in improving customer satisfaction.

10. Data processing for advertising purposes

Sending out newsletters

We use your email address for advertising and marketing purposes in the context of our newsletter if you have consented to this. Your consent is obtained in accordance with statutory provisions exclusively via the double opt-in procedure. Therefore, you will not receive our newsletter before clicking on the confirmation link that is sent to you by email at your request. You may withdraw your consent given in this way at any time with effect for the future. Clicking on the unsubscribe link is sufficient for this.

Product recommendations

We will send you emails including product recommendations. You will receive these product recommendations regardless of whether you have subscribed to a newsletter if you consent to receiving product recommendations by ticking the relevant check box during the booking process. You may withdraw your consent given in this way at any time with effect for the future. Clicking on the unsubscribe link is sufficient for this.

11. Data transfer to third parties and across international borders

We are a part of EVENT Hotels. As a worldwide operating group of companies, EVENT Hotels intends to provide services in Sweden, for example, that are as excellent as the services provided in Paris. In order to achieve this goal, we have established a global network of branches, data processing centres, trustworthy marketing partners, service providers, customer service centres and highly qualified employees across the world. Your data, including your personal data, are therefore forwarded in compliance with statutory requirements to other group companies, branches, sites, data processing centres or service providers that may not be based in your home country. For this purpose, either we conclude corresponding agreements regarding the processing of data on behalf of the controller pursuant to Article 28 GDPR or the data are processed for the purpose of performing or initiating the contract (the legal basis for this is Article 6 (1) b) GDPR).

Even if the data protection provisions and other laws in these various countries may not be as strict and as extensive as in your home country, we nevertheless implement the measures set out in Articles 45 and 46 GDPR (such as privacy shield or standard contractual clauses provided by the European Commission) in order to ensure that your personal data are protected in accordance with the information provided in this data privacy policy. We are happy to provide a copy of the measures implemented in each case. Please contact our data protection officer at the address provided above for this.

12. Security

As a member of EVENT Hotels, our company is committed to the high standards of EVENT Hotels. In particular, we implement the technical and organisational measures required pursuant to Article 32 GDPR in order to protect your personal data administered by us against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security measures are continually improved in accordance with technological developments. Only few authorised persons and persons subject to special data protection obligations who generally deal with data in technical or editorial terms have administrative access to the data. Otherwise, data protection for employees in our company is strictly separated according to the respective functional areas.

13. Your rights

Withdrawal of consent

You may withdraw your consent to the processing of your data at any time with effect for the future. This does not affect the legitimacy of the processing of your personal data prior to the date of withdrawal.

Right to object

Under the conditions set out in Article 21 (1) GDPR, data subjects may object to the processing of data on grounds relating to their particular situation. The abovementioned general right of object applies to all processing purposes described in this privacy policy, which are processed on the basis of Article 6(1)(f) GDPR, or for the purpose of direct advertising. We are required to implement such a general right to object only if you are able to present reasons of overriding importance (e.g. a possible risk to life or health).

Your other rights

You have the following rights with respect to your personal data:

  • Right of access (Articles 15 (1) and 15 (2) GDPR)
  • Right to rectification (Article 16 (1) GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to object to the processing (Article 21 GDPR)
  • Right to data portability (Article 20 GDPR)

To assert your rights, please contact our data protection officer at the address provided above.

14. Right to lodge a complaint with the supervisory authority

You also have the right to lodge a complaint with the supervisory authority regarding our processing of your personal data.