The data controller is PRINCIPE HOTEL MANAGEMENT srl, with registered office in V.le Ammiraglio Morin 67 – 55042 Forte dei Marmi (LU), Tax Code and VAT number 06611040962 (hereinafter "Owner").

This information is provided to those who, following a personnel search or a spontaneous application or in response to one of our job advertisements or during a job interview, send their curriculum vitae to the Data Controller via the website. For any other information on

Data voluntarily provided by the user, including:

• Common personal data (such as personal data; contact data; data relating to training and professional experience; other data typically contained in curriculum vitae)
• Only exceptionally particular data (art. 9 GDPR)
• Only exceptionally criminal data (art. 10 GDPR)

The data collected by the Data Controller through the sending of curriculum vitae, professional profile evaluation interviews or notification by third parties such as name, surname, place and date of birth, tax code, telephone number, postal address, educational qualification and other personal identification elements, sent in relation to any open positions or for spontaneous applications, fall into the category of "personal data" pursuant to article 4, paragraph 1 and paragraph 15 of the GDPR and will be processed exclusively for the purpose of carrying out an assessment of the aptitudes and professional skills of the candidates themselves, according to the open position and for which a selection procedure is underway or for future needs to expand the company workforce.

With the exception of job positions reserved for protected categories, it will not be necessary to include particular data in the curriculum vitae (i.e. data revealing racial and ethnic nature, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations of a religious, philosophical, political or trade union nature, as well as data suitable for revealing the state of health and sex life).

The personal data of those who spontaneously or following a job search send their curriculum vitae are processed, in the ways and forms prescribed by the GDPR:

• for personnel recruitment and selection purposes or to propose other job offers consistent with the candidate's professional profile (legal basis: pre-contractual obligations);
• for the fulfillment of specific obligations or to perform specific tasks required by laws, regulations or community legislation (legal basis: legal obligation).

The collection and processing of data are carried out in order to allow the Data Controller to carry out personnel research, selection and evaluation activities. The treatment put in place for this purpose does not require the consent of the interested party, since it is necessary for the execution of pre-contractual measures adopted at the request of the interested party (Article 6, paragraph 1, letter B of the GDPR), with the exception of the processing of particular categories of personal data which, where provided, may be processed by the Data Controller only with explicit consent. The Data will be processed by authorized personnel pursuant to article 29 of the GDPR. The processing of data for these purposes will take place using computerized and manual methods, based on logical criteria that are compatible and functional to the purposes for which the data were collected, in compliance with the rules of confidentiality and security established by law and internal company regulations.

The provision of personal data for the purposes indicated is optional and voluntary.

The same is necessary to perfect the specific functionality on the site to correctly send your application in order to participate in any personnel selection processes. To correctly send their application, the candidate must give their consent to the processing, failing which the candidate will not be able to send their data for personnel selection purposes.

In any case, even where the interested party has given consent to authorize the Data Controller to pursue all the purposes mentioned in the points above, he will still be free to revoke it at any time.

We inform you specifically and separately, as required by art. 21 of the Regulation, that the data subject has the right to object at any time to the processing of personal data concerning him/her carried out for the aforementioned purposes and that, if the data subject objects to the processing, the personal data can no longer be processed for these purposes.

The personal data processed will not be disseminated but communicated to well-defined subjects, such as the personnel of the Data Controller specifically authorized to process the data. On the basis of the roles and job duties performed, the staff is entitled to process the data within the limits of their competences and in compliance with the instructions given by the Data Controller. The same data may be communicated to subjects entitled to access it on the basis of provisions of the law, regulations and standards.

Specifically, the data can be used by third parties and/or companies that carry out instrumental activities on behalf of the Data Controller such as:

• external consultants for the recruitment, selection and evaluation of personnel;
• subjects for whom access to data is expressly recognized by law, by regulations or by provisions issued by the competent authorities;

The aforementioned recipients, depending on the case, will process the data as owners, managers or persons in charge/authorized for the processing. Apart from the cases indicated above, the data will not be disclosed in any way.

Data processing takes place using manual, electronic and IT tools with methods strictly related to the purposes for which the data are processed and in any case in compliance with the provisions of art. 32 GDPR regarding security measures.

Personal data are kept for the period necessary to achieve the specific purposes for which they are processed and in any case for a period not exceeding 6 months from receipt of the curriculum vitae, after which they will be automatically canceled and no copies will be kept.

The cases in which it is necessary to keep the data for a further period of time to defend or assert a right or to fulfill any legal obligations or orders from the Authorities remain excluded from the terms provided for above.

The Data Controller does not transfer personal data to third countries or international organizations.

Each interested party has the right of access, rectification, cancellation (oblivion), limitation, receipt of notification in the event of rectification, cancellation or limitation, portability, opposition and not to be the subject of an automated individual decision, including profiling, pursuant to articles from 15 to 22 of the GDPR. These rights can be exercised in the forms and terms set forth in art. 12 GDPR, by written communication sent to the Data Controller (see point 10).

The Data Controller will provide an adequate response as soon as possible after receiving the request.

It is possible to revoke the consent, where provided, at any time and/or exercise one's rights by sending:

- a registered letter with return receipt to the writer with express request;
- an email to vascellari@principefortedeimarmi.com 

Each interested party has the right to lodge a complaint pursuant to art. 77 and following of the GDPR to a supervisory authority, which for the Italian State is identified in the Guarantor for the protection of personal data. The forms, methods and terms for proposing complaints are provided for and governed by the national legislation in force. The complaint is without prejudice to the administrative and judicial actions, which for the Italian State can alternatively be proposed to the same Guarantor or to the competent Court.

Below we provide you with some information that you need to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards interested parties is a fundamental part of our business.

Data controller. The Data Controller of your personal data is PRINCIPE HOTEL MANAGEMENT srl, responsible towards you for the legitimate and correct use of your personal data and which you can contact for any information or request at the following addresses: telephone +39 0584 783636, e-mail: vascellari@principefortedeimarmi.com 

D.P.O. (Data Protection Officer). You may also contact the Data Protection Officer for information and to forward requests regarding your data or to report disservices or any problems encountered.

The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer who can be contacted at the following address: e-mail: nicola.ghinello@dpo-rpd.com 

Appointees/Authorised. The updated list of persons in charge/Authorised for processing is kept at the headquarters of the Data Controller.

Responsible for the treatment. For the sake of brevity, the detailed list of these figures is available at our office.