• For information on personal data please see our Privacy
Book now

An intimate and private oasis

Privacy

Last updated: 9 April 2026

About us and about this Privacy Policy

The controller of your personal data is Luxury Hotel Development Group SRL, Via Mazzini n. 20, 55042 Forte dei Marmi (LU), Italy, VAT no. 02631950462, owner of the Remo Beach Club located in Via Arenile 46 55042 Forte dei Marmi (LU) (the “Beach Club”).This Privacy Policy applies to the website available at Remo Beach Club a Forte dei Marmi | Esperienza Balneare di Lusso in Versilia and its language versions, as well as to your contacts and interactions with us related to our beach club services.

This Privacy Policy explains in a clear and understandable way how we collect, use and protect your personal data when you visit our website, when you contact us via the booking system available on the website (powered by Spiagge.it), online forms, e-mail or telephone, and when you move through Beach Club areas that are monitored by video surveillance.

Please read this Privacy Policy carefully. If you do not agree with it, we suggest that you do not use this website and that you do not provide us with your personal data. This Privacy Policy does not require your acceptance; it is provided for transparency purposes only as its provision constitutes a legal obligation of the data controller pursuant to Article 13 of the GDPR.

All questions and requests related to personal data protection can be addressed directly to the Data Controller using the contact details in the “Contact” section of this document.

What personal data we collect

Data you provide to us

When you contact us through the contact form, booking system on the website, by e-mail or by telephone, you usually voluntarily provide data such as your first name and last name, e-mail address, telephone number and, where relevant, your postal address. In the context of an enquiry or booking request, you may also provide information on the desired dates of stay, number of days, number of guests, preferred area of the Beach Club [This personal data is processed on the basis of the performance of a contract to which you are a party, or on the basis of pre-contractual steps taken at your request prior to entering into a contract, pursuant to Article 6(1)(b) of the GDPR.

The personal data you provide might also include, by way for example, dietary preferences and allergies, information about mobility or accessibility needs, disabilities or other health-related details that you decide to share so that we can adapt our services. Because such information may reveal data about your health, we treat it as sensitive and process it only to the extent strictly necessary to fulfil your request. We do not ask you to send us medical documentation and we kindly ask you to share only the information that is necessary for us to take care of you safely and appropriately. The processing of health-related data is carried out on the basis of your explicit consent pursuant to Article 9(2)(a) of the GDPR.

If a reservation, contract or invoice is issued, we may ask for additional data necessary for contractual and accounting purposes, for example company name, billing address and tax/VAT number, credit card info. These data are necessary to prepare and execute the contract pursuant to Article 6(1)(b) of the GDPR and to meet our legal obligations in the field of payment accounting and taxation pursuant to Article 6(1)(c) of the GDPR.

In order to guarantee your reservation and, where applicable, to process advance payments, preauthorisations or deposits, we may also ask you to provide credit or debit card details (cardholder name, card number, expiry date and, where necessary, a security code). These details are used solely to secure and administer your reservation and to process payments in accordance with the conditions of your booking and applicable law. Card data is processed in a secure environment and, where possible, stored in tokenised form by our payment service providers; we do not store the card verification code (CVV/CVC) after the transaction is completed. The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR.

When you subscribe to our newsletter, we collect your e-mail address and, optionally, your name, so that we can send you news and special offers related to Grand Hotel Imperiale. We process this data based on your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time via the unsubscribe link in each message. Where you are already a guest of the hotel, we may also send you communications about similar services based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR (so-called "soft opt-in"), subject to your right to object at any time.

If you apply for a job via the “Work with us” section or otherwise send us your curriculum vitae, we process the information contained in your application, such as your contact details, education, work experience, language skills and any other information that you choose to include. This information is used exclusively to assess your application and to contact you if we see a potential opportunity for cooperation. The legal basis for this processing is to be found Article 6(1)(b) of the GDPR since it is necessary to take steps at your request to entering into a contract.

Data collected automatically via the website

During your visit to our website, certain technical information about your device and the way you use the site is collected automatically. This includes, for example, the type and version of your browser, operating system and device type, the language set in your browser, the approximate location based on anonymized IP address, the date and time of the visit, the pages you viewed and the links you clicked. In addition, we may use Microsoft Clarity, a user experience analytics tool that records anonymised usage patterns such as mouse movements, clicks, scrolling and interaction with individual page elements, and generates aggregated heatmaps and session replays to help us understand how visitors use the website and improve its design.

The automatically collected data are primarily used for web analytics and to measure the effectiveness of advertising campaigns and are activated for analytics and marketing purposes only when you have given your consent via the cookie banner, as explained later in the section on cookies. The collection of technical data strictly necessary for the functioning of the website is based on our legitimate interest in ensuring the security and proper operation of our online services, pursuant to Article 6(1)(f) of the GDPR. The use of analytical and marketing cookies and similar technologies is based exclusively on your consent pursuant to Article 6(1)(a) of the GDPR, expressed through the cookie banner.

Data from newsletters and marketing campaigns

If you subscribe to our newsletter or consent to receive marketing communications, we process your e-mail address and, where applicable, your name. In addition, we may collect information on whether you opened our messages, which links you clicked, which offers interested you and whether you made a reservation after receiving a particular communication. This information helps us to better understand which content is relevant to you and to adapt our offers accordingly.

In some cases, we may use hashed identifiers derived from your data, such as hashed e-mail address or telephone number, for advanced advertising functions like conversion tracking and the creation of anonymous audiences.

In such cases the original data are transformed into a non-reversible hash before being transmitted to the provider.

The above-described processing is carried out on the basis of your consent pursuant to Article 6(1)(a) of the GDPR, expressed through the cookie banner when you accept marketing cookies. You may withdraw your consent at any time by changing your cookie preferences.

Data from video surveillance

Certain areas of the hotel, entrances, access routes, parking areas and other sensitive zones may be covered by a video surveillance system (CCTV). Cameras are installed exclusively for the protection of guests, staff and property and to increase the level of safety in and around the hotel. At the entrances to monitored areas, appropriate notices are displayed to inform you that the premises are under video surveillance, in accordance with applicable law.

Video recordings may contain images of you and persons accompanying you, prot. n.17386 as well as information about your movement within the monitored area.

The legal basis for this processing is the legitimate interest of the data controller pursuant to Article 6(1)(f) of the GDPR, namely the interest in protecting the safety of persons, property and premises.

For full details on the processing of personal data through the video surveillance system, please refer to the dedicated privacy notice available at the entrance of the Beach Club.

Data from contractual relationships

If you conclude a reservation or another contract with us, we process the data necessary for the conclusion and performance of that contract. This usually includes identification data, contact details, information about the reservation or stay (such as dates, category of booked area,) and data about payments made. These data are also kept in our accounting and tax records for the periods required by applicable regulations.

The legal basis for this processing is the performance of a contract to which you are a party, or the taking of steps at your request prior to entering into a contract, pursuant to Article 6(1)(b) of the GDPR. Where processing is required in order to comply with a legal obligation (such as accounting, tax or reporting obligations, communicating your personal data and those of your guests to the competent authorities), the legal basis is Article 6(1)(c) of the GDPR.

Booking system

Our online booking engine is operated using Spiagge.it, integrated via application programming interface (API) so that you remain on our website and domain throughout the booking process. In this context Spiagge.it acts as a service provider, and therefore as a data processor as per Article 28 of the GDPR, and processes booking data only on our behalf and in accordance with our instructions, under appropriate contractual safeguards.

Tracking technologies and advertising

For more information about the tracking technologies and advertising used by our website, please refer to our cookie policy.

With whom we share personal data

We do not sell your personal data to third parties. Anonymised or pseudonymised data are shared only when necessary to provide services or when required by law.

Depending on the situation, we may share data with providers of IT and hosting services, companies maintaining our information systems, booking and channel management systems such as Spiagge.it which also processes the payments, providers of payment services and banks that process card transactions on our behalf in accordance with strict security standards, providers of e-mail and newsletter services, accounting and tax advisors, legal advisors, and competent authorities when this is required by law or an official procedure.

Information related to your health, such as allergies, disabilities or other medical needs, is not used for marketing purposes and is not shared with advertising partners; it is used only internally and, where necessary, with staff or service providers directly involved in providing the relevant service to you (for example, kitchen staff), under strict confidentiality.

With all partners who process personal data on our behalf we conclude appropriate data-processing agreements, ensuring that your data are used exclusively for the purpose of providing the specific service and with an adequate level of protection.

Transfers of data outside the EU/EEA

Certain service providers, such as Google, Meta and Microsoft, may process data in countries outside the European Union or the European Economic Area, where the level of personal data protection may differ from that in the EU. In such cases we rely on mechanisms foreseen by the GDPR, such as adequacy decisions of the European Commission, standard contractual clauses or other appropriate safeguards, in order to ensure an adequate level of protection of your data.

When you allow analytical and marketing cookies, some data about your use of our website may be transmitted to these service providers. We do not have full control over how third parties use their own cookies and the data collected through them; for detailed information we refer you to the privacy and cookie policies of the respective providers.

How long we keep data

We keep personal data only as long as necessary to fulfil the purposes for which they were collected or as long as required by applicable regulations. More specifically:

Data from your enquiries and communication with us: typically kept for up to one year after the end of the communication, unless a longer period is needed to protect our legal interests.

• Data from reservations, contracts and accounting documentation: stored for the duration of the contractual relationship and for at least the periods prescribed by tax and accounting regulations, which in many cases is up to ten years from the relevant financial year.

• Video recordings from surveillance cameras: kept only for a short time, generally not more than one days, except in case of an incident or procedure before competent authorities, when certain recordings may be kept longer until the conclusion of the procedure.

• Data relating to card payments: kept only for as long as necessary to complete the transaction, handle any potential chargebacks or disputes and comply with legal and accounting obligations, after which they are deleted, anonymised or stored only in shortened or tokenised form.

• Health related data: kept only for the duration of your stay and for a short period afterwards if necessary to document the provision of services or handle any complaints, after which they are deleted or anonymised unless you expressly ask us to keep them for future stays.

Once the necessary periods have expired, we delete or anonymise the data, unless a different retention period is prescribed by law.

How we protect your data

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or misuse. These measures include, among others, limiting access to data only to authorised persons, using secure servers and passwords, regular maintenance and updating of systems, security backups and, where appropriate, encryption and other additional forms of protection. Our employees are regularly informed about the importance of privacy protection and are bound by confidentiality obligations.

Your rights

Under the GDPR you have the right to request information on whether we process your personal data and access to those data, the right to request rectification of inaccurate or incomplete data, the right to request erasure of data when there is a legal basis for this, the right to request restriction of processing and the right to data portability in certain cases. You also have the right to object to processing based on our legitimate interests, including profiling for direct marketing purposes. You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where we process your data on the basis of your consent or for the performance of a contract using automated tools, you may request human intervention, express your own point of view and contest the decision.

If processing is based on your consent, you have the right to withdraw that consent at any time, without negative consequences for contracts already concluded or services you use. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You can exercise your rights by sending a request to our contact e-mail address or by post to the address of the company’s registered office, with an indication that the request refers to “Data protection”. We will respond to your request within a reasonable time, usually within thirty days, bearing in mind that manifestly unfounded or repetitive requests may be subject to an administrative fee.

Right to lodge a complaint

If you believe that the processing of your personal data is contrary to applicable regulations, you have the right to lodge a complaint with the competent supervisory authority, which in Italy is the Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, Italy, www.garanteprivacy.it.

You may also have the right to lodge a complaint with the supervisory authority in the EU member state where you live or work.

Children

Our website and services are not directed at persons under 14 years of age, in accordance with Article 2- quinquies of the Italian Privacy Code (D.Lgs. 196/2003, as amended by D.Lgs. 101/2018). . We do not knowingly collect personal data of children without the consent of a parent or legal guardian. If you believe that a child has provided us with his or her own data without your consent, please contact us so that we can delete such data.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example due to changes in our services, legal requirements or the introduction of new technologies. The updated version will always be published on this page with the date of entry into force. We recommend that you occasionally review this Policy so that you remain informed about how we protect your data.