In this privacy statement, Visconti Cesi S.r.l. with registered office at Via Catania N. 9 - 00161, Rome, the provider of hotel and catering services for Palazzo Scanderbeg located at Piazza Scanderbeg 117, 00187 Roma, intends to describe the way it operates website: particularly as regards the purposes for which and the manner in which the personal data of the users who consult it are collected, recorded and used. 

This disclosure, which is also made pursuant to Article 13 of Legislative Decree 196/2003 - the Italian Data Protection Code, is based on Recommendation 2/2001, which the European data protection authorities, forming part of the Working Party group set up und er Article 29 of Directive 95/46/EC , adopted on 17 May 2001 in order to set out some minimum requirements for the collection of personal data online.
Specifically, these requirements concern the manner in which data controllers must provide information to users when they connect to web pages and the timing and contents of this information, regardless of the purpose of the connection, and prescribe the information regarding the use of cookies that must be givento persons browsing the site, in compliance with Directive 2009/136 /EC and the Italian Data Protection Authority’s General Order of 8 May 2014.

The information only refers to website and not also to other siti web websites that users may consult through links on the above web site.

Pursuant to Article 28 of Legislative Decree 196/2003, the Data Controller is VISCONTI CESI S.r.l. with registered office at Via Catania, 9 – 00161 Roma. 
Users may obtain an up-to-date list of Visconti Cesi S.r.l.’s internal and external Data Processors by contacting the company.


Pursuant to Article 29 of Legislative Decree 196/2003, the Data Processor is the General Manager of Palazzo Scanderbeg T (+39) 06 89529001 – Email: Pursuant to Article 29 of Legislative Decree 196/2003, the external Data Processor and System Administrator for the operation of the and the online booking platform, is integrated in the website is BLASTNESS S.r.l. with registered office at Galleria del Corso n.2, 20122 Milano, Tel. 0187 599737- Fax 0187 020349 – email:

The processing connected with the web services of this site takes place at the registered offices of the data controller and processors. The two companies do not transmit the data obtained through the web service to third parties unless transmission is strictly pertinent to the purpose for which the data are processed or imposed by laws or regulations.
The data supplied voluntarily to the site in order to make online bookings are stored in the database of BLASTNESS S.r.l. The owner of the hotel booking engine applied to website

BLASTNESS S.r.l. the provider of the booking service for the Palazzo Scanderbeg Roma, website, supplies the data gathered from its booking platform to the hotel, i.e. to Società Visconti Cesi S.r.l. the data controller.

The personal data provided voluntarily and optionally by the users who carry out online bookings, register for the newsletter or merely apply for job vacancies sending their CVs in digital form, are only used to provide the service or perform the task required and are not transmitted to third parties unless transmission is imposed by law or is strictly pertinent to and necessary for compliance with the requests concerned.
In detail, the personal data which the persons concerned provide voluntarily will be collected digitally and processed, also using electronic means, either directly and/or through authorised third parties (e-mail services companies, website hosting companies), for the following purposes:

  • to allow bookings to be made and confirmed on the security of the user’s credit card details;
  • to promote commercial activities by e-mail in accordance with Article 130, paragraph 4, of Legislative Decree 196/2003;
  • to allow users to register for the newsletter in order to receive periodic commercial or promotional messages;
  • to consider any CVs received in response to advertisements in the “Work with Us” section;
  • to prepare statistics in anonymous form (counting visits, etc.);
  • to fulfil current administrative, accounting and tax obligations and to comply with laws and regulations;
  • to establish responsibility in the event of any IT crimes being committed against the website.

The data we process may include sensitive data as defined in Article 4, paragraph (d), of Legislative Decree 196/2003, i.e. “personal data which may reveal racial or ethnic origin, religious, philosophic or other convictions, political opinions, the membership of parties, trade unions, religious, philosophic, political or trade union associations or organisations and which give information regarding state of health and sexual life” which you have provided voluntarily in the notes box in the booking form because it may be necessary in order for us to provide you with our services (food allergies, disabilities, information regarding state of health, etc.).
These data will be processed in accordance with the Italian Data Protection Authority’s general authorisation 5, issued to cover only the data and operations that are indispensable in order to fulfil the obligations, including the pre-contractual obligations, which the hotel undertakes in its sector of activity in delivering specific goods or services at the requests of the persons concerned.

Pursuant to Article 26 of Legislative Decree 196/2003, we will process any sensitive data that you provide observing the utmost confidentiality and will not distribute them. 

Visconti Cesi S.r.l. reserves the right to examine the CVs we receive in connection with job vacancies advertised in the “Work with Us” section. 
We will not transmit your CV to third parties.
CVs which we consider of interest will be stored for one year and they will be processed in full compliance with the minimum security requirements set out in Articles 33, 34 and 35 of Legislative Decree 196/2003.

Candidates, however, are asked kindly to comply with the following rules in transmitting their CVs in digital format:

  • attach their CV to the recruitment form in the “Work with Us” section of the website;
  • use the European format in compiling their CV;
  • transmit their CV in pdf;
  • not put sensitive data which are not pertinent to the job opportunity in their CV (particularly regarding state of health or religious, philosophical or political convictions);
  • consent to the processing of sensitive data pertinent to entering into an employment contract (for example falling under a protected category under Italian Law 68/1999).

It will be the responsibility of the Company to give candidates the information required under Article 13 of Legislative Decree 196/2003 during any interviews it conducts with them.

The purposes of processing, related to the management of CVs, will involve activities that are closely connected with the assessment, recruitment or selection of personnel with a view to a collaboration contract, temporary or permanent employment or an internship or in order to give the chosen candidates the opportunity to prepare their thesis while working with us. 

Only formally appointed personnel who have been trained in personal data confidentiality and security may process personal data gathered from the www.palazzoscanderbeg.comwebsite at the Data Controller’s office.
The personal data of those concerned may be processed by the following persons in the various spheres of the activities for which they are responsible:

  • BLASTNESS S.r.l. which is responsible for the development of the website and provides the online booking service, manages the newsletter and updates the contents of the site (through CMS - Content Management System), with registered office at Galleria del Corso n.2, 20122 Milano, Tel. 0187 599737- Fax 0187 020349 – email:
  • Public bodiesor offices to fulfil legal and/or contractual obligations;
  • debt collection companies and banking institutions for the management of receipts and payments related to the stay in the hotel;
  • any external advisors and companies which we appoint to carry out tax consulting work on our behalf
  • collaborators or firms which provide services, when transmission is necessary in order for the person concerned to be able to enjoy the hotel’s facilities.

Browsing data

While they operate, the software applications which run this website acquire some personal data whose transmission is implicit in the normal IP communications protocol. This is information which is not collected in order to be directly associated with the users concerned, but which, by its very nature, could allow the users to be identified by means of subsequent processing and correlation with data held by third parties (providers).

This category of data includes IP addresses or domain names of the computers used by users who connect with the website, the date and hour of the request, the addresses in URI (Uniform Resource Identifier) of the resources requested, the size of the file obtained from the server in response, the number code giving the status of the server’s response (OK, error, etc.) and other parameters of the users’ operating system and IT environment. These data are only employed in order to obtain anonymous statistical information on the use of the website and to check that it is functioning correctly and are deleted immediately after they have been processed.

They could be used by judicial authorities to establish responsibility in the event of IT crimes against the web site; except as stated, data on website visits are not kept for longer than seven.

Data provided voluntarily by users
Sending optional, explicit and voluntary e-mail messages to the addresses given on this website entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, and of any other personal data included in the message.

Cookies are text files which are stored on your computer and read remotely by our servers or by the servers of third parties of whose services we avail ourselves. The use of persistent performance cookies or session cookies (i.e. cookies that are not stored persistently on the user’s computer and are deleted when the browser closes) is strictly confined to providing the service requested by the user and transmitting the session ID code (which consists of random numbers generated by the server). These cookies are necessary to allow the secure and efficient exploration of the site and its applications. The per formance cookies used on this website avoid using other IT techniques which could be of prejudice to the confidentiality of users’ browsing sessions.
Name of Cookie
Google Analytics
Google Analytics is a Google analysis tool that helps website and app owners understand how visitors interact with the contents of their website (pages visited, browsing time, etc.) by providing useful statistics designed to optimise and improve the browsing of the website without identifying the browser.
_utma 2 years
_utmt 10 minutes
_utmb 30 minutes
_utmc until session ends
_utmz 6 months
_utmv 2 years

Name of Cookie
Google Adwords
Google memorises a cookie on the user’s terminal which records the visit that has been made in order, in the future, to display advertisements for related products to the user (e.g. using banners) by means of the search engine and/or network of third-party publishers affiliated to Google Inc.
30 days

In accordance with Directive 2009/136/EC, you will be asked for your explicit consent to the use of these cookies.
Please consult the privacy statement in BLASTNESS S.r.l.’s booking platform for information about any cookies this company uses.

How can I disable cookies?
Most browsers accept cookies automatically, but you can also choose not to accept them or limit their use. 
Disabling cookies may cause problems in browsing the website or limit your possibility of using all its services (e.g. booking, access to restricted area, etc.). 
You can change the security settings of your browser (Internet Explorer, Google Chrome, Safari etc.), however, if you do not want your computer to receive and store cookies. If you do want to change the settings of your cookies by entering the settingsof the various browsers, brief instructions on how to carry out this operation in the four most popular browsers follow.
Microsoft Internet Explorer
Click on “Tools” in the top right-hand corner and select “Internet options”. Select the “Privacy” section in the pop-up window and change your cookie settings.
Google Chrome
Click the spanner in the top right-hand corner and select “Settings”. Now select “Show advanced settings” (“Under the hood”) and change your cookie settings.
Select “Options” in the pull-down menu in the top left-hand corner. Then select “Privacy” from the pop-up window and change your cookie settings.
Select “Preferences” in the pull-down settings menu in the top right-hand corner. Then select “Safety” and change your cookie settings. Nevertheless, if the users block or delete a cookie, the users might not be able to restore the preferences or personalised settings previously selected and their capacity to personalise their browsing experience (for example choice of language) will then be limited.

Personal data are processed in hard copy and/or using automated tools for the time strictly necessary to achieve the purposes for which they have been collected. Special security measures are observed to prevent the loss, unlawful and incorrect use of data and unauthorised access.

The persons to whom the personal data relate have the right, at any time, to obtain confirmation as to whether or not these data exist and to know their contents and origin, to check that they are accurate or to ask for them to be supplemented, updated or rectified (Article 7 of Legislative Decree 196/2003).
In accordance with the same Article, they have the right to ask for them to be deleted, transformed into an anonymous form, to have data that are processed in breach of the law blocked and in any case to object on legitimate grounds to their being processed.
Requests should be sent to the General Manager of Palazzo Scanderbeg T (+39) 06 89529001 – Email:
To claim rights in connection with the data supplied to the booking platform, notices may be sent to the external Data Processor, BLASTNESS S.r.l. with registered office at Galleria del Corso n.2, 20122 Milano, Tel. 0187 599737- Fax 0187 020349 – email: Data subjects’ rights are reproduced in full below.

Article 7. Right of access to personal data and other rights

1. The data subjects have the right to obtain confirmation as to whether or not personal data relating to them exist, even if they are not yet recorded, and to have them communicated in intelligible form.

2. The data subjects have the right to be informed of:

  • a) the source of the personal data;
  • b) the purposes and the methods of processing;
  • c) the logic involved, if their data are processed electronically;
  • d) the identity of the controller, of the processors and of the representative designated pursuant to Article 5, paragraph 2;
  • e) the recipients or categories of recipient to whom the personal data can be transmitted, or who may come to know them in their capacities as representatives designated within the territory of the State, processors or persons in charge of the processing.

3. The data subjects have the right:

  • a) to have the data updated, rectified or, if it is in the data subject’s interest, added to;
  • b) to have data that have been processed in breach of the law deleted, transformed into an anonymous form or blocked, including data that do not need to be stored in the light of the purposes for which they have been collected or subsequently processed;
  • c) to receivea certificate stating that the requirements set out in items (a) and (b), including their content, have been brought to the attention of those to whom the data have been transmitted or disclosed, unless this measure proves to be impossible or involves a clearly disproportionate use of resources in relation to the right that is protected.

4. The data subjects have the right to object, either totally or partially:

  • a) on legitimate grounds to the processing of their personal data, even if these grounds relate to their collection;
  • b) to the processing of their personal data for the purposes of sending advertising material, direct selling, carrying out market research or sending marketing messages.