The Data Controller is PRINCIPE HOTEL MANAGEMENT srl, with registered office in V.le Ammiraglio Morin 67 - 55042 Forte dei Marmi (LU), Tax code and VAT no. 06611040962 (hereinafter referred to as "Data Controller"). The Data Controller reserves the right to appoint a web agency or consultant as Data Processor for the purposes of technical assistance, maintenance, technical management and the like of this Website, whose contact details may be communicated upon request to the addresses indicated above. The Data Controller and the Data Processor also process Users' data through their own in-house Data Processors, who are specifically appointed and authorised to do so.

The Data Protection Officer (DPO) can be contacted at the following numbers: telephone +39 348 3165267, e-mail: nicola.ghinello@dpo-rpd.com 

• Browsing data (the computer systems and software procedures used to operate this website acquire some personal data during their normal operation whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites accessed or exited, information on the pages visited by users within the website, access time, the length of time spent on the individual page, internal path analysis and other parameters relating to the user's operating system and computer environment. This technical/informational data is collected and used exclusively in an aggregate and anonymous manner. These data are processed for the purpose of enabling and monitoring the correct use of this website as well as to obtain anonymous statistical information on the use of the same, and are deleted immediately after processing.)

• Cookies (see our Cookie Policy)

• Data voluntarily provided by the user, including:
  - Common data (identification, personal, billing and similar data)
  - Special data (only in exceptional circumstances) (Art. 9 GDPR) 
  - Criminal data (only in exceptional circumstances) (Art. 10 GDPR)

• Sources: browsing, other websites, cookies and the like; user; public sources.

We shall primarily process browsing data, as well as cookies.

We shall also process data provided voluntarily by the user, e.g. through the contact form or by sending an e-mail communication, including common personal data (identification, personal data, billing data and the like), and in exceptional circumstances, special data within the meaning of Art. 9 GDPR or criminal data within the meaning of Art. 10 GDPR, strictly to the extent deemed necessary by the information request received and subject to the consent of the Data Subject.

The data could come from automated or voluntary sources, as well as from public sources. For example, it could come from the user's browsing activity, which could contain information about previous visits to other websites, including cookies and other similar technologies. Data may also be provided voluntarily by the user or related parties. Other data may come from public sources, such as data processed in the context of searches and from official records, public databases and the like.

The personal data of the Website's Users, as described above, shall be processed in the manner and in the form prescribed by the GDPR for the performance of the Website's own functions, in particular (but not exclusively) for page browsing and for the procedures described therein for data collection, contact forms, potential registration/access to the reserved area, newsletter subscription and the like. In particular, personal data provided to the Data Controller will be processed for the following purposes:

• to follow up specific requests made to the Controller by the User through the Website and its communication tools (contact forms, information request forms and the like);

• for information relating to the services of the Data Controller themselves, following an email request or by filling in the contact form or other communication tools;

• for registration for events organised by the Data Controller and other related activities (e.g. verification of participation, notices of any updates or changes to the event, etc.);

• for other purposes, incidental or related to those indicated above, and in any case falling within the scope of the Website's activities;

The data provided in a generic manner (including via automatic collection while browsing) will be processed for the sole purpose of ascertaining and controlling access to the Website. This also applies to technical cookies, i.e. session, functionality or analytics cookies that meet the requirements specified by the Italian Data Protection Authority. In particular the latter are considered as technical cookies where these are created and used directly by the Website. In any case, for said analytics cookies, the Website, in compliance with the clarifications of the Italian Data Protection Authority, has provided for the anonymisation of IP addresses and the amendment to data processing; the collection and use of the aforesaid browsing data (without prejudice to the anonymisation of IP addresses) enable the monitoring of the Website's performance and improvement of the service, offering the User a better browsing experience. Please refer to the relevant Cookie Policy for further information.

The processing of personal data is based on contractual or pre-contractual obligations inherent in the request made by the User (e.g. requests for information on the services provided by the Data Controller, requests for estimates, etc.), and, where necessary, consent obtained through the free and informed

completion of the appropriate information fields in the data provision and collection form, and the ticking of the appropriate checkbox where provided.

Filling in the relevant fields in the information request form is part of the request itself and therefore it fulfils a pre-contractual or contractual obligation, depending on the context. Consent may be required at a later date for the processing of further data.

A specific privacy notice will be present wherever necessary (different from this one).

In any case, processing is also based on legitimate interest, including the right to information (see following paragraph).

The processing of personal data is also based on the legitimate interest of the Data Controller, such as the exercise of their rights in the context of the information society, the performance of contractual services, and the carrying out of direct marketing operations (in the manner, by the means and within the timeframe provided for by law).

The provision of browsing data by Users, for the above-mentioned purposes, depends on the degree of privacy that the User has enabled or disabled through their browser. In some cases, disabling it may affect the browsing of this Website. For certain modules of this Website, the provision of browsing data and/or the use of technical cookies is mandatory for the proper functioning of the Website.

The provision of some of your own data is in any case necessary for the very structure of the Website and its procedures. Any request for further optional data will instead be preceded by an approval tick. The provision of all other data is optional, in accordance with the type of information that the User wishes to provide to the Website.

Without prejudice to the foregoing, the provision of the e-mail address is needed to reply to the request made via the contact form, as is the provision of the other compulsory data indicated by an asterisk. The other data are optional.

Failure to provide the data necessary for the request (e.g. the e-mail account via the contact form to request information) will preclude the Controller from processing it.

PROVISIONS APPLICABLE TO ALL DATA PROCESSING OPERATIONS

In any case, even where the Data Subject has given consent to the Data Controller to pursue all the purposes mentioned above, they shall remain free at any time to revoke it.

We expressly and specifically inform you, as required by Art. 21 of the Regulation, that as the Data Subject you have the right to object at any time to the processing of your personal data for the purposes mentioned above and that, should you do so, your personal data may no longer be processed for those purposes.

The data may be communicated to companies connected with, associated with or managed by the Data Controller, consultants, or third parties who perform services connected with the purposes indicated in this information notice in the name and on behalf of the Controller, both within the EU and outside the EU (in the latter case, only subjects that comply with the regulations in force will be involved).

Browsing and similar data (see above), as well as profiling cookies, including those of third parties (see the Cookie Policy of this Website), will be communicated to the respective third parties where they do not directly handle them as Data Controllers.

In any case, the data may be communicated to Data Processors, as well as to persons authorised to process and duly instructed to do so, always within the scope of the processing.

For the sake of brevity, a detailed list of such persons is available at our offices.

Data provided voluntarily by the Data Subject will be stored until they expressly withdraw their consent, including by means of an action on their browser, cleaning of cookies, express request, or other method. Browsing data will be stored in a form that identifies the Data Subject for a period of time not exceeding that required for the purposes for which they were collected or subsequently processed, in accordance with the principle of proportionality.

Cases where the data needs to be stored for a longer period of time in order to defend or enforce a right, or to comply with any legal obligations or orders of the Authorities, are excluded from the above terms.

Pursuant to Articles 15 to 22 of the GDPR, all Data Subjects have rights of access, rectification, erasure (being forgotten), restriction, receipt of notification in case of rectification, erasure or restriction, portability, objection and to not be subject to automated individual decision-making, including profiling. These rights may be exercised in the forms and within the terms set out in Article 12 GDPR, by written notice sent to the Data Controller (see point 10).

The Data Controller will provide a response as soon as possible, and in any case within 1 month of receipt of the request.

Where applicable, you may withdraw your consent at any time and/or exercise your rights by sending:

- a registered letter with return receipt to the undersigned with an express request (see address on the letterhead);

- an e-mail to vascellari@principefortedeimarmi.com 

All Data Subjects have the right to lodge a complaint pursuant to Article 77 et seq. of the GDPR with a supervisory authority, which for the Italian State is the Italian Data Protection Authority. The forms, methods and time limits for raising complaints are provided for and governed by the national legislation in force. The complaint is without prejudice to administrative and jurisdictional actions, which for the Italian State may be brought alternatively before the Italian Data Protection Authority itself or before the competent Court.

The personal data provided through navigation on this website and the filling out of forms published therein may be subject to profiling by third-party providers through third-party cookies.

Profiling allows third-party providers other than the Data Controller of this website (who are independent Controllers of their respective personal data processing) to assess certain personal aspects of the Data Subject for profiling purposes, e.g. their preferences, interests, tastes with reference to the pages consulted and the activities carried out, to allow these other independent Controllers to offer the Data Subject a more specific service aimed at their needs.

For further information, see the Cookie Policy.

The below information is brought to your attention not only to comply with legal obligations, but also because transparency and fairness towards the interested parties is a key aspect of our activity.

Data Controller. The Data Controller of your personal data is PRINCIPE HOTEL MANAGEMENT srl, which is responsible to you for the legitimate and correct use of your personal data and which you can contact for any information or request at the following numbers: telephone +39 0584 783636, e-mail: vascellari@principefortedeimarmi.com 

D.P.O. (Data Protection Officer) – R.P.D. (Responsabile della Protezione dei Dati). You may also contact the Data Protection Officer to obtain information and make requests regarding your data or to report any inefficiencies or problems that you may encounter.

The Data Controller has appointed Nicola Ghinello as Data Protection Officer, who can be contacted at the following address: e-mail: nicola.ghinello@dpo-rpd.com.

Data Processors and Authorised persons. An updated list of the Data Processors/Authorised Persons is kept at the Data Controller's head office.

Data Processors.

For the sake of brevity, a detailed list of such persons is available at our offices.

This website may contain plug-ins from certain social media (e.g. Facebook). Social plug-ins are special tools that make it possible to incorporate social network functionalities directly into the website (e.g. the Facebook "like" function) and are marked with the logo of the respective social platform.

When you visit a page on this website and interact with the plug-in (e.g. by clicking the "like" button) or leave a comment, the corresponding information is transmitted from your browser directly to the social networking platform (in this case Facebook) and stored there.

For information on the purpose, type and manner of collection, processing, use and storage of personal data by the social network platform, as well as on how you can exercise your rights, please see the social network's privacy policy.

From this website it is possible to connect via links to other third party websites. The Data Controller declines any responsibility for the management of personal data by third party websites and for the management of authentication credentials provided by third parties.

Cookies are packets of information sent by a web server (e.g. the website) to the user's Internet browser, automatically stored by the latter on the computer, and automatically sent back to the server each time the website is accessed. For any information on the characteristics, types, methods of use and the possibility of removing, deleting or disabling cookies on the website, please refer to the relevant Cookie Policy. The Data Controller

PRINCIPE HOTEL MANAGEMENT srl welcomes comments on this privacy policy.

Please contact us at the following address: vascellari@principefortedeimarmi.com 

PRINCIPE HOTEL MANAGEMENT srl