Request at our booking centre
price and info


Information on the Processing of Personal Data pursuant to Article 13 General Data Protection Regulation - Reg. EU REG. 2016/679 ("Privacy Policy")
Dear User, below we provide some information about the processing of your personal data through the site (the "Site"). This information does not concern other sites, even if they can be consulted through any links on the Site.

1. Data Controllers
The purposes and methods of the processing of personal data described in this privacy policy are defined jointly by the following parties, who therefore act as joint controllers of the processing pursuant to Article 26 of the Regulation:
BLASTNESS S.R.L. a socio unico, Piazza Castello, 26 20121 Milano, P. IVA: 01195440118;
Apogia Gestioni S.r.l. with registered office in Bibione - Via Orsa Maggiore, 34, VAT number 04207160278 Any questions about this privacy policy or requests to exercise your rights as described below may be submitted to: tel. +39 0431 1910044 - email

The joint Data Controllers are both responsible for the processing outlined in this privacy policy and the internal breakdown of obligations reflects the organisational breakdown in the provision of services. Specifically, VE.GA. Booking S.r.l. manages the administration tools of the website and the related back-end (it is therefore also responsible for informing the data subjects about the processing and its characteristics), while Apogia Gestioni S.r.l. is the owner of the domain on which the Site is published and collaborates with BLASTNESS S.R.L. in managing it.
Pursuant to Article 26 of the Regulations, and notwithstanding the above provision, any data subject may: a) exercise their rights set out in the Regulations and described in Article 9 of this privacy policy towards and against each Data Controller;
b) request information regarding the obligations and roles of each Controller in the processing described by this privacy policy, and the agreement between them, in compliance with the principle of transparency set out in the Regulation.

2. Contact details of the Data Protection Officer
Pursuant to Article 37, paragraph 2 of the Regulation, the Data Controllers - as they are part of the same corporate group - have appointed a single person responsible for the protection of personal data (the so-called DPO – Data Protection Officer) who can be contacted on +39 3938764353, or at the email address

3. Types of personal data processed
Personal and identification data
Personal data means any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information. In particular, this personal data may be collected through the Site: name, surname, physical address, email address.

Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified users, but, due to their nature, they may allow their identification when processed or associated with third-party data.
This category of data includes, by way of example, IP addresses or domain names of the computers used by users connecting to the Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the data subject/user.

Data provided spontaneously by the user
Sending emails (always optional and at your discretion) to the email addresses indicated on the Site and/or through other interactions with the Site itself involves the subsequent acquisition of your address, necessary to respond to requests, as well as any other personal data included in the communication. Specific information may be presented on the pages of the Site in relation to particular services provided by one or both Data Controllers.

4. Purpose and legal basis of the processing
The information you provide will be used for the following purposes:
a) to allow you to browse the Site;
b) to handle any contact requests (e.g. sent by email directly to the address of one of the hotels on the Site); c) to respond to any requests from public authorities;
d) to handle any legal disputes.

The legal basis for the processing carried out for the purposes referred to in points a) and b) is the adoption of pre-contractual and contractual measures at the request of the data subject (Article 6, paragraph 1, letter b GDPR).
The legal basis for the processing carried out for the purposes referred to in point c) is the need to fulfil a legal obligation to which the Data Controllers are subject (Article 6, paragraph 1, letter c, GDPR). The legal basis for the processing carried out for the purposes referred to in point d) is the legitimate interest of one or both Data Controllers in establishing, exercising and defending their rights (Article 6, paragraph 1, letter f, GDPR).

5. Data recipients
Your personal data may be communicated to third parties, for needs strictly related to the purposes stated above and in particular to the following categories of subjects:
a) other companies in the Data Controllers’ business group;
b) professionals and third party companies with which one or both the Data Controllers collaborate, if necessary for the operation of the Site, or for the management of the request sent through the Site, or for the management of any disputes relating to the use of the Site and the request submitted by the user;
c) persons authorised to process data and who are committed to confidentiality or have a legal obligation of confidentiality (e.g. employees and collaborators).

6. Processing Methods
Personal data is processed using paper and IT tools in compliance with the provisions on the protection of personal data and, in particular, with the appropriate technical and organisational measures referred to in Article 32.1 of the Regulation, observing all precautionary measures that guarantee its integrity, confidentiality and availability.

7. Plug-ins for Social Networks
Some pages of the Site may contain social network plug-ins (e.g. Google Maps, Facebook, Google+ and others). By clicking on these plug-ins - which are recognisable by the same symbol as the social network of reference - the browser connects directly to the social network servers and opens an additional page or tab of the browser, which is linked to the social network. If the user, when clicking on the plug-in, is logged in to his social account (this connection may remain active even if the social network page is closed, typically when returning to the social network address the user is already logged in with his account), some personal data may be associated with the social account. Further information about the collection and use of data by social networks in general, as well as the rights and ways available to protect your privacy in this context, can be found directly on social network pages. If you do not wish to associate your visit to our Site with your social account, you must log out of the social network before visiting.

8. Transfers abroad

The Data Controllers do not transfer personal data outside the European Union.

9. Data retention period
Personal data are kept in the Data Controllers' archives for a period of 10 (ten) years from the date of the last interaction with the user, in consideration of the statute of limitations for any claims and/or disputes arising from the selection procedure.

10. Data subject's rights and complaints
You can contact us to exercise the following rights:
a) access (Article 15 GDPR): you can find out if your personal data are being processed and obtain the information set out in the above-mentioned regulation;
b) correction (Article 16 GDPR): you can ask for any inaccurate personal data to be corrected, or integrate any incomplete data;
c) deletion/cancellation (Article 17 GDPR): you can have your personal data deleted, in the cases provided for; d) restriction of processing (Article 18 GDPR): you can make sure that your personal data are only subject to storage, excluding any other processing, in the cases provided for; e) portability (Article 20 GDPR): you can obtain your personal data in a structured format, in common use and readable by automatic device and also have it directly transmitted to another data controller, in the cases provided for;
f) opposition (Article 21 GDPR): you may stop subsequent processing of your personal data for reasons related to your particular situation, unless our legitimate interests prevail, in the cases provided for;
g) revocation of consent (Article 7.3 GDPR): you may revoke your consent at any time in cases where the processing is based on it.

We also inform you of your right to lodge a complaint with the competent Data Protection Authority. We remind you that the complaint, pursuant to Article 77.1 GDPR, may be filed by the data subject with the Authority in the place where the data subject habitually resides, where they work or where the alleged violation has occurred.

11. Mandatory/optional nature of the data submission, consent and opposition
The data collected are essential for browsing the Site. Failure to transmit them may make it impossible to browse the Site and/or to respond to any requests made through the Site.

Latest update: 13 May 2019