The undersigned Company wishes to inform you that for the establishment and management of the current contractual relationship with you, it needs to process certain information about you that is considered as personal data under Article 13 and Article 14 of EU Regulation 679/2016.

DATA CONTROLLER

The owner of the processing of personal data i.e. the company that will decide the purpose and means of processing your personal data is the company “Argesta di Vigolo Antonio & C. Sas” based in Via Pietro Mascagni 1 – Jesolo (VE) Tel. 0421971969 Mail. info@hotelcavalieripalace.com

PURPOSE OF PROCESSING

The personal data we have to process are necessary:

• The personal data we have to process are necessary:for the fulfillment of all legal (administrative, accounting and tax) and contractual obligations.
• In addition, the Company would like to make use of your personal data to send you advertising, promotional and informational material pertaining to the products and services that our Company is able to provide as well as any further commercial initiatives, promoted by it.

LEGAL BASIS FOR PROCESSING
The legal bases for processing are:

• Legal obligation with reference to regulations e.g. tax;
• The contract with reference to the processing of personal data related to the obligations based on the contract;
• A legitimate interest with reference to direct marketing activities, i.e., sending newsletters or sending promotional flyers.

CONSEQUENCES OF NON-DISCLOSURE OF PERSONAL DATA
With regard to personal data related to the performance of the contract to which you are a party or related to the fulfillment of a regulatory obligation (e.g., fulfillments related to the keeping of accounting and tax records), failure to disclose personal data prevents the completion of the contractual relationship itself.

CATEGORIES OF PERSONAL DATA PROCESSED
In particular, we would like to inform you that we may process the following categories of personal data:

• Master and contact information
• Tax data and bank codes
• Data on the types of products bought and sold
• Data on any contractual defaults

SUBJECTS WITH WHOM WE WOULD LIKE TO SHARE YOUR PERSONAL DATA
Your personal data will be treated as strictly confidential; in particular, your data may be accessed by the following parties:

• Public agencies (e.g., tax offices);
• Tax document processing agencies;
• Credit institutions;
• Group companies to which our company belongs;

For the same purposes, personnel working in the accounting, administrative, sales and marketing areas within the aforementioned organizations may have access to the data. The data controller will ask for your consent to transfer your data to companies under the same ownership as the hotel where you are a guest. This is to facilitate future business relations with her. To always give you the best hospitality experience.

PLACE OF PROCESSING

All processing will be carried out in the European Economic Area. More specifically, the processing will take place mainly at and by the data controller. Without prejudice to communications performed in fulfillment of legal and contractual obligations, personal data collected may be transferred to countries extra-EU. In this case, the Data Controller will ascertain the adequacy, where possible, of the regulations in force in the destination countries. Failing this, the Holder may transfer your personal data only where it is Strictly necessary for the performance of the existing contract, as stipulated in Art. 49 comm. 1(b).

CONTROLLERS

To the extent relevant, external data controllers are appointed individuals (expressed non-exhaustively) such as, professionals or service companies for business administration and management who work on behalf of of our company. If you wish, you may have the list and account information of the external managers by contacting the Data controller, identified above.

MODE OF TREATMENT

Data are processed through automated and non-automated means in accordance with the stated purposes and in compliance with confidentiality requirements and the most appropriate security measures. We also assure you that, as stipulated in Art. 5 of GDPR 679/2016, the personal data referring to you will be

treated:

• lawfully, fairly and transparently;
• collected for explicit and legitimate determinate purposes
• subsequently processed in a manner consistent with those purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; accurate and, if necessary, up-to-date;
• Stored in a form that allows the identification of the data subjects;
• processed in a manner that ensures adequate security of personal data, including protection, through appropriate technical and organizational measures, from unauthorized or unlawful processing and accidental loss, destruction or damage.

DURATION OF DATA RETENTION

All data will be kept for as long as is strictly necessary with respect to the purposes for which they are processed and for the additional period required by current tax regulations. Except as provided above, processing for direct marketing purposes will be carried out until the Customer exercises revocation of consent to this type of processing.

RIGHTS OF THE DATA SUBJECT

Data subjects are granted the rights set forth in Articles 15, 16, 17, 18, 20 21 of the aforementioned EU Regulation and in particular:

• The right of access i.e. to know what personal data our company processes;
• The right to request corrections of any errors and/or omissions;
• The right to have the data deleted;
• The right to restrict data processing;
• The right of portability i.e., the right to receive all personal data processed by our company in a structured, machine-readable format;
• The right to object to the inclusion of all information.