Corso Garibaldi, 32 - Mantova - Italia
+39 0376 288170
Book Now
Privacy Policy


Dear Customer,

the Data Controller will process your personal data according to the principles of fairness, lawfulness and transparency and protection of your privacy and rights; this privacy notice is available to all our customers, pursuant to articles 13 and 14 of GDPR 679/2016.

Please note:

1_The Data Controller is:


Corso Garibaldi, 32

46100, Mantova

Tel. 0376/288170

The person to contact in respect of Data Controlling is ELISA POLI.

2_Your data will be processed for the following purposes:

  • In relation to any duties deriving from a contract you are party to, or in order to fulfil your requests either before or after the contract performance;
  • In relation to the fulfilment of legal, administrative, accounting or fiscal requirements or other requirements arising from regulations or other norms;
  • For the fulfilment of any obligations arising from article 109 of Royal Decree 773/1931 (TULPS).

3_The personal data processed by the company will not be shared but will be communicated to specific subjects. In line with their role and professional title, internal and external staff will be authorised to process data according to their respective tasks and the instructions received by the Data Controller. Data could be communicated to subjects authorised to receive it by law, regulations or norms, including banks or building societies, law firms, insurers, IT companies, accountants, self-employed and contract workers or agents.

4_The Data Controller will not transfer personal data to third countries; it may, however, use services such as cloud storage. In this case, service providers will be chosen according to the guarantees they provide (pursuant to article 46 of GDPR 679/2016).

5_The Data Controller will retain and process personal data for the required time and for the stated purposes; alternatively, data will be retained for the time required by law or fiscal regulations.

6_ Pursuant to articles 15, 16, 17, 18, 20, 21, and 22 of GDPR 679/2016, data subjects can exercise their rights by contacting the Data Controller at the above address.

7_Pursuant to article 6 of GDPR 679/2016, data subjects can withdraw their consent at any time.

8_Data subjects may refer their complaint to the Controlling Authority in their country of residence.

9_The provision of data is compulsory in order to fulfil the required contractual obligations.

10_The Data Controller will not process personal data using automated decision making processes.

BELOW THE INFORMATION PRIVACY POLICY & COOKIE POLICY of the Users / Navigators of the website

Also find:


Information on the processing of personal data (art. 13 of EU Regulation 2016/679)

for the website owned by Hotel Casa Poli Srl

This is a statement made pursuant to art. 13 of EU Regulation 2016/679 for the Users of the Web portal services. The indications given below concern in particular the collection of personal data on the Internet, with the aim of identifying the minimum measures that must be implemented towards the persons concerned in order to ensure the transparency and lawfulness of such practices.


From Articles 4, 37-39 of Regulation (EU) 2016/679 (hereinafter also Regulation)

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Usage Data: information that are collected automatically by this Application (or by third party applications that this Application uses), including: IP addresses or domain names of the computers used by the User that connects with this application, addresses in URI (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details of the itinerary followed within the application, with particular reference to the sequence of the pages consulted, the parameters related to the operating system and the User’s IT environment.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

User: the individual who uses this application, which must coincide with the Data Subject or be authorized by him and whose personal data are subject to any processing.

Processing: any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data Controller (or Controller): the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

This Application or Platform: the hardware or software tool through which the personal data of Users are collected.

Data Protection Officer (DPO): mandatory figure in certain cases as per art. 37 of the Regulation. He advises, monitors, coordinates and manages relations with the Supervisory Authority regarding the processing of personal data


The “Data Controller” of his personal data possibly processed as a result of the use of this website, pursuant to art. 26 of Regulation (EU) 2016/679, is Hotel Casa Poli Srl, at Corso Garibaldi 32 – Mantova, Italy, no. tel. +39 0376 288170, Email


The personal data provided by the Users who access this site, and possibly use the following web services, will voluntarily provide the related information as listed below.

  • “CONTACT US”: this section is addressed to the Users interested in receiving information about the products/services offered by the Owner. The personal data required to access this service are exclusively the following: Name, Surname, E-Mail, Telephone.
  • “RESERVATIONS”: this section is intended for Users interested in buying the services offered by the Owner. The personal data required to access this service are exclusively the following: Name, Surname, E-Mail, Telephone, Payment Information.

The data of Users collected through the sections listed above are used for the sole purpose of performing the service or provision requested and will not be disseminated to third parties. The Data Controller has determined the purposes of the processing identified in the performance of its activities. The User data are collected to allow the Owner to provide its services, as well as for the following purposes: statistics, advertising, hosting and backend infrastructure, interaction with social networks, external platforms and display of content from external platforms. In particular, the navigation data are exclusively processed:

for the operational management of navigation;

for the processing of statistical data on access and consultation;

for the management of personal data security.

As for personal data voluntarily provided by the User, they are processed for the following purposes, in addition to those indicated below:

processing of anonymous and aggregated usage statistics;

protection or defence of rights in court;

compliance with obligations under laws and regulations in force, including accounting and tax matters;

fulfillment of the specific purposes for which such data were provided by the User (e.g. provision of a service, response to specific questions submitted through contact forms, assistance requests, etc.);

management of the User’s registration and/or access to any reserved areas available on the site.

In order to pursue the purposes of processing described above, this site uses the following services, listed for processing purposes.

Hosting and backend infrastructure. This type of service has the function of hosting data and files that allow the site to function, allow its distribution and provide a ready-to-use infrastructure to deliver specific functionalities of this application. Some of these services operate through servers which are geographically located in different places, making it difficult to determine where your Personal Data are stored exactly. The site is activated through a hosting service provided by Netsons Srl and is managed in collaboration with MT Creazioni Web of Truzzi Mattia.

Interaction with external social networks and platforms. This type of service allows the interaction with social networks, or other external platforms, directly from the pages of and it is possible that, even if users do not use the service, the same collects traffic data related to the pages where it is installed. Interactions and information acquired are in any case subject to the privacy settings of the User relating to each social network.

Google+ button and social widget (Google Inc.). The widgets are services of interaction with Google+ social network, provided by Google Inc. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy:

Widget from Facebook (Facebook Inc.). The Facebook social widgets are services of interaction with the Facebook social network, provided by Facebook Inc. and Facebook Ireland Ltd. Personal Data collected: Cookies and Usage Data. Place of processing: USA and Ireland – Privacy Policy:

Twitter social widget (Twitter Inc.). The Twitter social widgets are social networking services provided by Twitter Inc. Personal Data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy:

TripAdvisor Widget (TripAdvisor). TripAdvisor is a search engine managed by TripAdvisor LLC and TripAdvisor Limited that allows the website to integrate such content into its pages. Personal Data collected: Cookies and Usage Data
place of processing: USA and England – Privacy Policy:

Widget HotelsCombined (HotelsCombined). HotelsCombined is a search engine managed by HotelsCombined Pty Ltd that allows the website to integrate such content within its pages. Data collected: Cookies and Usage Data
place of processing:
Australia – Privacy Policy:

Google Maps widget (Google Inc.). Google Maps is a map viewing service operated by Google Inc. that allows the site to integrate such content into its pages. Personal Data collected: Cookies and Usage Data. Place of treatment: USA – Privacy Policy:

Social networking sharing capabilities. Social networking sharing functionality is available on this site. This feature allows Users to send invitations, news or other type of communications and/or to share contents present or actions taken by the User himself (e.g. sharing comments etc.) on the site in use, through the use of social networks external to (e.g. Facebook, LinkedIn, Twitter, Google+, etc.). In such cases, the User must be aware that any Personal Data provided may be processed even by third parties who are owners of such social networks according to their privacy policy and without any possibility for the Data Controller to exercise any type of control or influence over such subsequent processing methods. The User is invited to read and accept the privacy policies of such third parties available for consultation at the links in the section dedicated to each of these services.

Displaying content from external platforms. This type of service allows you to view content hosted on external platforms directly from the pages of the website and to interact with them. Therefore, it is possible that, even if Users do not use the service, the same will collect traffic data related to the pages where it is installed.


By using the services listed in point 2), the interested party expresses his consent to the processing of his personal data for the purposes described above in Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679.


At the same time, the Data Controller, for Direct Marketing purposes, pursues its own legitimate interests pursuant to art. 6, paragraph 1, letter f) of Regulation (EU) 2016/679.


The communication will be made only and exclusively to employees and direct collaborators of the Data Controller for the sole purpose of performing the service requested by the User, unless the communication is required by law.

The optional, explicit and voluntary sending of email to the addresses indicated on the site implies, by its very nature, the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

We invite our Users, in requests for services or questions, not to send names or other personal data of third parties that are not strictly necessary or data defined as “sensitive and / or special” under Articles 9 and 10 of Regulation (EU) 2016/679 within the limits and for the purposes specified in this statement.


Personal data are processed by automated means, for the time necessary to achieve the purposes for which they were collected.

Specific security measures are observed to prevent loss of data, illicit or incorrect use and unauthorised access in compliance with the obligations to adapt to adequate security measures. In fact, all data will be acquired and stored in accordance with Articles 32, 33 and following of EU Regulation 2016/679.

The Data Controller is not responsible for errors, content, cookies, publication of illegal immoral content, advertising, banners or files that do not comply with current legislation by sites not managed by the same.


No transfer of data to a third country is foreseen.


There is no automated decision-making process.


The personal data acquired, also through the “CONTACTS” service, will be kept for the duration necessary to carry out the activities requested by the User and in any case for a period not exceeding 5 years from the date of insertion.

The storage time may be extended and involve the acquisition of further data subsequently, in the event that the User requests further services; in this case the duration of the processing, for administrative, accounting, tax and contractual purposes may be extended up to 10 years from the termination of the relationship, as required by current regulations (art. 2220 of the Civil Code, art. 22 of the Decree of the President of the Republic of 29 September 1973 no. 600 and art. 2200 Civil Code).

The technical navigation cookies (described below), will be stored for the sole purpose of allowing the correct technical functioning of the site itself and will expire automatically when the browser is closed.


The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the communication protocols of the Internet.

This information is not collected to be associated with identified interested parties, but that by its very nature could, through processing and association with data held by third parties, allow the users to be identified.

This category of data includes IP addresses or domain names of computers used by Users who connect to the site, URL (Uniform Resource Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and the user’s IT environment.

These data are only used to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.

The data in question could be used to ascertain liability in case of any computer crimes against our site.

Purchase data

If the Users book through the ‘reservations’ section of, the purchase data are collected, and may, depending on the type of sale and treatment status, include the following information:

  • serial number;
  • details of the service purchased (definition, type of room, etc.);
  • data on the means of payment;
  • communications and messages in connection with the booking (e.g. withdrawal statements, complaints and communications to customer service);
  • booking and payment status.

The company offers the common means of payment in online commerce, in particular, prepay by credit or debit card. For the execution of the payment, the payment data communicated are managed through Paypal’s Braintree and kept until the transaction is concluded.


The subjects to whom the personal data refer, pursuant to art. 13 of EU Regulation 2016/679, have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request to integrate, update or correct them. The subjects whose personal data also have the right to request cancellation, transmission of data to other owners, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. Data subjects also have the right to lodge a complaint with the supervisory authority (Garante Privacy).

Requests related to art. 13 of EU Regulation 2016/679 must be addressed to the Data Controller at the telephone number +39 0376 288170 or at the email address

Rights of the data subject

European Regulation 2016/679

art. 13 “Information to be provided where personal data are collected from the data subject”

Information to be provided where personal data are collected from the data subject

1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:

(a) the identity and the contact details of the controller and, where applicable, of the controller’s representative;

(b) the contact details of the Data Protection Officer, where applicable;

(c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;

(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;

(e) the recipients or categories of recipients of the personal data, if any;

(f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.

2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:

(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

(d) the right to lodge a complaint with a supervisory authority;

(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;

(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.

4. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.



A cookie is a text file that is stored on the user’s computer or mobile device (smartphone or tablet) by the server of a website to which a user accesses and that can be read or retrieved from the server that installed it during subsequent visits to the site. The cookie contains certain information (e.g. the server from which it comes, a numeric identifier, the expiry date of the cookie, etc.) and allows the website that installed it to remember, for example, the preferences expressed by the User when browsing or purchasing, perform authentication to access restricted areas or to monitor sessions.

While browsing, the User can also receive on his terminal cookies sent by different websites or web servers (so-called third parties), on which may exist some elements (eg. images, maps, sounds, specific links to pages of other domains) on the site that the User is visiting.

More generally, some cookies (defined as session cookies) are assigned to the User’s device only for the duration of access to the site and expire automatically when the browser is closed. Other cookies (defined as persistent) remain in the device for an extended period of time.


Cookies are text files that are placed on the computers of Web users to allow safe and efficient exploration of the site and monitor its use. This website uses two types of technical cookies: session cookies for authentication (online services) and statistical monitoring/profiling cookies (Google Analytics).

As defined in the previous paragraph, cookies are text files that are stored on the computers of Web Users to allow safe and efficient exploration of the site and monitor its use.

This site does NOT use profiling cookies to create User profiles, which are then used to send advertising messages in line with the preferences expressed by the User when surfing the web.

This site uses third-party cookies.

Technical Session Cookies (essential for the use of online services). This site uses session http cookies to manage authentication to online services. The use of session cookies (which are not permanently stored on the User’s computer and are deleted when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient exploration of the site. Disabling these cookies does not allow the use of online services.

Technical Cookies for monitoring/statistical profiling (Google Analytics). The monitoring cookies can be disabled without any effect on the navigation of the portal: to disable them see the next section.

The Owner uses the Google Analytics service of the company Google, Inc. (hereinafter Google) for the generation of statistics on the use of the web portal.

Google Analytics uses cookies (not from third parties) that do not store personal information. The information obtainable from the cookies about Users use of the website (including IP address) will be transmitted by the User’s browser to Google, based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored on the servers of the company itself.

According to the current terms of service, Google will use this information, as an independent data controller, for the purpose of tracing and evaluating the use of the website, compiling reports on website activity for website operators and providing other services relating to website activity, connection methods (mobile, PC, browser used, etc.) and search methods and access to portal pages. Google may also transfer this information to third parties where required by law, or where such third parties process the information on Google’s behalf. Google will not associate IP addresses with any other data held by Google.

To consult Google’s privacy policy regarding the Google Analytics service, please visit the following website

To find out more about Google’s privacy policy, please visit the website

By using the Data Controller’s website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

How to disable cookies (opt-out). You can deny your consent to the use of cookies by selecting the appropriate settings on your browser: navigation not authenticated on the Owner’s portal will still be available in all its functions. Below are the links that explain how to disable cookies for the most popular browsers (for other browsers that may be used, we suggest looking for this option in the help of the software normally available through the F1 key):

  • Internet Explorer

  • Google Chrome:

  • Mozilla Firefox:

  • Apple Safari:

Alternatively, you can only disable Google Analytics cookies by using the opt-out provided by Google for your primary browsers. In this way it will be possible also to use the online services of the Owner.



Run Chrome Browser.

Click on the menu in the browser toolbar next to the url entry window for navigation.

Select Settings.

Click Show Advanced Settings.

In the “Privacy” section click on the “Content settings” button.

  1. In the “Cookies” section, you can change the following cookie settings:
  2. Allow data to be saved locally;
  3. Change the local data only until the browser is closed;
  4. Prevent sites from setting cookies;
  5. Block third-party cookies and site data;
  6. Manage exceptions for some websites;
  7. Delete one or all cookies.

Mozilla Firefox

Run Mozilla Firefox Browser.

Click on the menu in the browser toolbar next to the url entry window for navigation.

Select Options.

Select the Privacy panel.

Click Show Advanced Settings.

In the “Privacy” section click on the “Content settings” button.

In the “Tracking” section, you can change the following cookie settings:

  1. Ask sites not to do any tracking;
  2. Inform the sites of its willingness to be tracked;
  3. Do not communicate any personal data tracking preferences.

From the “History” section you can:

  1. By enabling “Use custom settings”, select to accept third party cookies (always, from the most visited sites or ever) and to store them for a certain period (until their expiration, closure of Firefox or ask each time);
  2. Remove individual stored cookies.

Internet Explorer

Run Internet Explorer Browser.

Click the Tools button and choose Internet Options.

Click the Privacy tab and in the Settings section, change the slider to the action you want for cookies:

  1. Block all cookies;
  2. Allow all cookies;
  3. Selection of the sites from which to obtain Cookies: move the cursor to an intermediate location in order not to block or allow all cookies, then click on Sites, enter a website in the Website Address box and then click Block or Allow.


Run Safari Browser

Click Safari, select Preferences, and press Privacy.

In the Block Cookies section, specify how Safari should accept cookies from the websites.

To view which sites have stored the cookies, click on Details.

Safari iOS (mobile devices)

Run iOS Safari Browser.

Tap on Settings, and then on Safari.

Tap on Block Cookies and choose between “Never”, “Third Party and Advertiser” or “Always”.

To delete all cookies stored by Safari, tap on Settings, then on Safari, then on Delete Cookies and Data.


Run Opera Browser.

Click on Preferences then on Advanced and then on Cookies.

Select one of the following options:

  1. Accept all cookies;
  2. Accept cookies only from the site you visit: third party cookies that are sent by a domain other than the one you are visiting will be rejected;
  3. Never accept cookies: all cookies will never be saved.


The Privacy Policy of this site is subject to updating; Users are therefore invited to periodically check its content.

« Retour à l'accueil Réservez en ligne