**Data Controller**

Narì – Gaeta (LT), Italy.

Email address of the Data Controller: info@palazzonari.com

For any clarification, information, or to exercise the rights listed in this notice, contact the Data Controller at the following email: info@palazzonari.com

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data. In compliance with the provisions of Article 13 of Regulation (EU) 2016/679 and Legislative Decree No. 196/2003, concerning the protection of personal data of natural persons, the Data Controller informs about the purposes and methods of processing the personal data collected, their scope of communication and dissemination, retention period, nature of their provision, and the rights of the data subject, as detailed below.

1. **Purposes**

The collected data, subject to processing (name, surname, address, tax code, phone, email), are processed and used directly to fulfill purposes instrumental to the completion of the processing activity, such as collection, management, storage, processing, transformation, communications to designated bodies such as Public Authorities.

Your data are processed for:
A) The first purpose is for the execution of the contract and related services and to comply with legal obligations to which the Data Controller is subject (communication of guest data to the Public Security Authority, in full compliance with the principle of confidentiality, correctness, and based on legal provisions without your express consent).

B) Additionally, the Data Controller may use your personal data, with your necessary and explicit consent, for purposes related to advertising messages regarding services and/or products related to the facility and/or communications about promotions on stays or satisfaction questionnaires to measure the satisfaction level of stays and services to be implemented, through phone contact, email, SMS, WhatsApp, etc.

2. **Methods and Data Collected**

Data processing is carried out through IT procedures or, in any case, electronic means and/or paper supports by internal and/or external personnel specifically appointed. The data are stored in paper, IT, and electronic archives, and appropriate security measures are ensured to guarantee their protection as required by the legislator. The collected data are only of an identifying nature (such as name, surname, tax code, VAT number, address, email, phone, etc.) and no data falls under the classification of sensitive data as per Article 9 of Regulation (EU) 2016/679.

3. **Communication and Dissemination**

All data will not be communicated, sold, or exchanged with third parties, except for possible communications to third parties for activities functional to the facility, such as public entities, administrative, accounting, and tax tasks, unless necessary for the execution of obligations assumed by the parties. In this case, third-party use will be in full compliance with the principles of correctness and legality. Under no circumstances will the data be disseminated.

4. **Rights of the Data Subject**

The data subject may assert their rights as expressed in Articles 15 to 22 of Regulation (EU) 2016/679 by contacting the Data Controller. Specifically, the data subject has the right to: obtain confirmation from the Data Controller whether personal data concerning them is being processed and, if so, to access their personal data; the right to rectification, i.e., to correct inaccurate personal data concerning them; the right to erasure, i.e., to delete personal data concerning them without undue delay; the right to restrict processing; the right to notification obligation regarding rectification or erasure of personal data or restriction of processing; the right to data portability, i.e., to receive the personal data concerning them in a commonly used and readable format; the right to object, i.e., to object at any time to the processing of personal data concerning them; the right to lodge a complaint with a supervisory authority (Privacy Guarantor); Narì – email: info@palazzonari.com. The data subject can exercise their rights at any time by contacting the Data Controller or the Data Processor using the contact details below.

5. **Data Processors**

The Data Processor, following formal authorization/appointment, is: Ms., in the capacity of Hotel Director for managing customer data staying at the facility.

6. **Retention Period**

The data will be retained for the time necessary to fulfill the above purposes as required by law and, in any case, not exceeding five years.

7. **Nature of Provision and Consequences of Refusal**

Pursuant to Article 7 of Regulation (EU) 2016/679, consent for personal data processing is not required when such data is collected to comply with a legal obligation or for the execution of obligations arising from contractual agreements. Refusal to provide data will necessarily result in the termination of any relationship, not allowing the processing of such data. Consequently, by entrusting us with the task, you authorize the processing and handling of data for payroll processing and administrative personnel management purposes.