About Us

Privacy Policy

Last update: 25 June 2025

NOTO Hotel, a company in the Félix Giorgetti S.à.r.l. group ("we", "us", "our") is a hotel that is part of the GRIDX complex. We operate the websitehttps://www.notohotel.com(“Site”, “Service”).

This Privacy Policy sets out our rules of conduct regarding respect for privacy when you use this Site, when you purchase our products and services, when you are in contact with us as part of a contract, when you communicate with us or deal with us in any other way.

If necessary, we will inform you of any data processing activities not covered by these rules by means of notices, forms, general conditions or additional data protection statements.

We may amend these rules by publishing an updated version on our Site. These changes are binding on the User ("you", "your") as soon as they are published online.

I. Definitions

The expressions Personal Data, Sensitive Data, Data Subject, Data Controller, Joint Controller, Data Processor and Personal Data Processing are used herein with the meaning given in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data, known as the GDPR - General Data Protection Regulation.

Reservation Data means all information pertaining to a reservation made at NOTO hotel. Examples of Reservation Data include your contact details, reservation details (reservation number, dates of stay, rate, meal plan), personal preferences or billing/financial information.

Customer data means all information pertaining to you as a customer, as a guest who stayed or is staying with us. Customer data may include your contact details, reservation history, personal preferences, claims and complaints you have made or marketing communication preferences.

User means individual or Data Subject who use our product or service.

II. Our engagement

Protecting Personal Data is a paramount concern for NOTO Hotel Protecting Personal Data is a paramount concern for NOTO Hotel which, acting as Data Controller, takes the necessary steps to ensure that your Personal Data is processed securely in accordance with the GDPR.

We will always use your Personal Data in a fair and trustworthy manner and will take all reasonable measures to protect your information from misuse and to keep it safe.

We will always be transparent with you about the data we collect and how we use it.

We comply with current regulations concerning the protection of Personal Data and cooperate with the authorities, including the CNPD - National Commission for Data Protection, the Luxembourgish supervisory authority for data protection

III. Processing of Personal Data

During our activities and to respond to your request, to provide, to manage, to maintain or improve our products and services, we may collect various types of Personal Data based on the categories of Data Subjects.

Employees (permanent staff, temporary staff, interns)

  • Identification data.

  • Sensitive data.

  • Data relating to personal life.

  • Data relating to professional life.

  • Recruitment data.

  • Economic and financial information.

  • Login data.
  • Data from video surveillance devices.

Third parties (prospects, customers, government agencies, suppliers, service providers and their staff)

  • Reservation data.

  • Customer data.

  • Identification data.

  • Data relating to professional life.

  • Economic and financial information.

  • Data from forms and newsletter subscriptions.

  • Data from video surveillance devices.
  • In more limited circumstances, we also may collect:

    - Data about allergies, accessibility requirements and medical conditions to meet any special requirements.

    - Data about family members and companions, such as names and ages of children.

    - “Personal Preferences”, such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit.

Users of the Site

  • Identification data.

  • Recruitment data.

  • Data relating to professional life.

  • Login data.

  • Data relating to Internet activity.

  • Data from forms and newsletter subscriptions.
  • Important dates, such as birthdays, anniversaries and special occasions.
  • Travel itinerary, tour group or activity data.
  • Interactions including prior guest visits, goods and services purchased, and special service and amenity requests.

The Processing Of Children's Data

Our hotel services are not directed to individuals under the age of sixteen (16).

A Parent of Legal Guardian must provide any Personal Data or Sensitive Personal Data to us, if they wish for us to deliver tailored services to their Child; for example, remembering a birthday or catering for allergies.

How do we collect your Personal Data?

We may collect this information from different sources, namely:

Data provided: Information you give us directly via the Site, our social networks, our customer service department or when your stay.

Incoming data: Information from government organisations, social networks or online platforms, for example when you engage with our content or provide feedback on our services.

Data collected: Information that we collect via automatic collection systems, information that we may collect via our partners, suppliers, subsidiaries, group companies and others, information that we collect from operators, social networks or when you visit us and use our services.

Where the Data Subject is not a natural person, we collect the Personal Data described above from their employees, contact people or designated representatives.

If you provide us with Personal Data about other people, we assume that you are authorised to do so, that the data concerned is accurate and that you authorise us to use this data to respond to your request for services. Please ensure that these persons have been informed of these rules of conduct.

Other data are that generally do not reveal your specific identity or relate to an individual. Other data include:

  • browser and device data,

  • data collected through cookies and other technologies,

  • demographic data and other data provided by you,

  • aggregated data.

Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function proper.

Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.

How do we use your Personal Data?

We use your Personal Data as part of the overall management of our business, namely:

  • To develop, improve and provide you with offers of products and services.

  • Process service contracts we have entered with you.

  • Manage the delivery, invoicing and payment of our services.

  • Process your invoices as part of our accounting.

  • Establish a customer database.

  • Produce and analyse statistics.

  • Analyse your behaviour and preferences to make assumptions about your interests.

  • Organise the day-to-day activities without any individual profiling.

  • Fulfil legal obligations in professional, social, accounting and tax matters

  • Fulfil the contractual obligations inherent in the employment contract.

We use your Personal Data confidentially and do not share it to Third Parties, except where required by law.

Any Data Processor receives only the data required for the task entrusted to it and is bound by strict confidentiality requirements.

If, however, we receive personal information via this Site that requires a personal response, the corresponding data is processed within the specific framework of your request and is not reused or transmitted for other purposes.

How long do we keep your Personal Data?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless we need to retain it for legitimate legal or contractual reasons.

To protect this data against accidental or malicious destruction, when we delete it from our services, we may not immediately delete the residual copies from our servers or back-up systems.

Purposes and legal bases of processing

1. Contract management

NOTO Hotel processes Personal Data for the establishment, management and monitoring of contracts established with:

  • Employees: employment contract, internship agreement.

  • Third parties: commercial contracts, service contracts.

The legal basis for this processing is the performance of a contract or pre-contractual measures, insofar as such processing is necessary for responding to requests received, or for the establishment or performance of the contract concerned.

2. Compliance with legal obligations

NOTO Hotel processes Personal Data as part of its activities and provision of hotel services.

The legal basis for this processing is the response of the following legal obligations:

  • Social, accounting and tax obligations.
  •  Obligations of the hotel and restaurant sectors.

3. The pursuit of legitimate interests

NOTO Hotel processes Personal Data to organise and optimise its services. These treatments concern:

  • Management of personnel, training, remuneration.

  • Sales, accounting, IT, quality assurance.

  • Debt collection.

  • Marketing, communication, digital development.

  • Customer satisfaction surveys.

  • Premises management and surveillance.

  • Protection of property and individuals.

  • Case compilation in case of disputes, pre-litigation or litigation.

We also process Sensitive Data such as accessibility requirements and/or disabilities to allow appropriate provision of care and services; and allergy information that the hotel should be made be aware of.

The legal basis for this processing is the pursuit of legitimate interests or the safeguarding of vital interests of the Data Subject or of another natural person.

4. Management of Requests

NOTO Hotel processes your Personal Data in the context of:

  • Requests from Users of its services.

  • Processing of requests via forms, subscription to newsletters, cookie management.

  • Marketing, communication or profiling operations.

  • The legal basis for this processing is your consent, which you can withdraw at any time.

Implementation of your consent

When collecting Personal Data that does not result from a legal or contractual obligation, we inform you that their transmission is optional and therefore implies, as soon as it is transmitted, consent for their subsequent computer processing by NOTO Hotel in compliance with these conditions.

If you agree, we may send you information, advertising and offers of products and services from us and from Third Parties, in the form of printed documents, by electronic means, by post or by telephone.

Where we seek your consent for certain processing activities (e.g. marketing or advertising activities), we will inform you separately of the purposes of the processing concerned.

You may withdraw your consent at any time with effect for the future via the Site's Contact Form or via the unsubscribe link in each newsletter.

Upon receipt of notification of withdrawal of consent, we will no longer process your information for the purpose(s) to which you consented, unless we have another legal basis to do so. However, withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.

Where we do not seek consent for processing, the processing of your Personal Data is based on the necessity of the processing to initiate or perform a contract with you (or the entity you represent) or on our legitimate interest or that of a Third Party in the processing in question, in particular in pursuing the purposes and objectives set out herein, and in implementing measures relating to those purposes and objectives.

Who do we share your Personal Data with?

We process your Personal Data within the EU.

To process your request, provide services and manage staff, we share your data with carefully selected and controlled Data Processors or partners.

We may share your Personal Data if we believe in good faith that this is necessary to:

  • Comply with a legal obligation.

  • Protect and defend our rights or property.

  • Prevent or investigate possible wrongdoing.

  • Ensure the personal safety of the public, of Users of the Site and of other users.

Do we transfer your Personal Data to other countries?

We operate in Luxembourg. Your Personal Data will not be transferred to any organisation or country unless adequate controls are in place regarding the security of your Personal Data.

In certain circumstances, courts, law enforcement agencies, regulatory or security authorities will have the right to access your Personal Data. Where we are required to transfer your Personal Data to other countries or jurisdictions, we will protect such data in accordance with applicable law. If required by applicable law, we will enter binding contractual obligations with the data recipient to safeguard your data protection rights.

How do we protect your Personal Data?

We take all reasonable precautions to keep your Personal Data secure, and we require any third party who handles or processes your Personal Data for us to do so. However, we cannot guarantee them absolute security.

Access to your Personal Data is restricted to prevent unauthorised access, alteration, or misuse, and is only allowed for our employees and agents who need it as part of their mission.

Our staff in charge of processing your Personal Data are regularly trained and made aware of the need to protect Personal Data.

Where appropriate, the Data Protection Officer is consulted prior to any project likely to have an impact on the processing of your Personal Data.

IV. Specific use of your Personal Data

Cookies

We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalise your experience while using the Online Services and to recognise your computer to assist your use of the Online Services.

Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails. We also use cookies to track responses to online advertisements and marketing emails. If you do not want data collected with cookies, you can learn more about controlling cookies at: All About Cookies

You can choose whether to accept cookies by changing the settings on your browser. If, however, you do not accept cookies, you will experience inconvenience in your use of the Online Services. We will not be able to recognise your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs.

Pixel Tags and other similar technologies. We collect data from pixel tags (also known as web beacons and clear GIFs), which are used with some Online Services to, among other things, track the actions of users of the Online Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Online Services.

Google AdWords: We may use Google AdWords, a web analytics and search engine advertising campaign management service. Google AdWords uses cookies, web beacons, and other means to help us analyse how users use the site. You may find Google's Privacy Policy at: https://www.google.com/intl/en/privacypolicy.html.

Analytics. We collect data through Google Analytics, which use cookies and technologies to collect and analyse data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google's practices by going to www.google.com/policies/privacy and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Use of your data for information and advertising purposes

In addition to providing our services, we also use your Personal Data to communicate with you about our marketing offers or promotions and to recommend other services that may interest you.

Specifically, we may use your Personal Data to send you a newsletter if you have explicitly chosen to receive it on our website, in one of our information emails by clicking on a link indicating that you wish to receive our newsletter or by written consent.

If you no longer wish to receive information or newsletters from us by email, you can object at any time by contacting us by email or by using the link found in each of our emails or newsletters.

Service providers, Links to other websites

We may use third party Service Providers to facilitate the provision of our services, to provide these services on our behalf, to provide services related to our services or to help us analyse how our services are used.

These Third Parties only have access to your Personal Data to conduct these tasks on our behalf and are prohibited from disclosing or using it for any other purpose.

Please note that links to other websites, with different protection rules, are possible. We recommend that you examine the privacy policy on each site you visit. We have no control over the content, policies or confidentiality practices of third-party sites or services and accept no responsibility for them.

What are your rights and how to exercise them?

You have the right to:

  • Ask us for a copy of the Personal Data we hold about you.

  • Ask us to correct, update, or delete your Personal Data in our records.

  • To report any misuse of your Personal Data to us.

  • Contact the CNPD (www.cnpd.lu or databreach@cnpd.lu) and file a complaint with it, if you believe that your Personal Data has not been processed in accordance with the law.

If you have any questions, comments or concerns about the way we process your Personal Data, you can send us an e-mail or a letter to the following address: