PRIVACY NOTICE PURSUANT TO ARTICLES 13–14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679 AND NATIONAL LEGISLATION

In accordance with the above-mentioned legislation, the processing relating to this service will be based on the principles of fairness, lawfulness, transparency, and protection of your confidentiality and rights.

Pursuant to Article 13 of GDPR 2016/679, we hereby provide you with the following information:

1. Categories of Personal Data Collected

The personal data collected and processed in connection with the activation of this service include:

• Identification data: first name and surname, residence, domicile, telephone number, email address

• Connection data: IP address

Sensitive Data Processing

Processing of special categories of data (sensitive data) may occur in the following case:

• Health data: where the applicant requests a hotel quotation and voluntarily provides information concerning specific health conditions of one or more guests in order to verify compatibility with the services offered.

---

2. Legal Basis for Processing

The collected data will be processed because:

• The data subject has given consent to the processing of their personal data for the purpose of receiving information and financial proposals related to hotel stays.

---

3. Processing Activities

The personal data provided may be subject to:

• Storage

• Retrieval

• Consultation

• Use

• Communication by transmission

• Erasure or destruction

Automated Decision-Making

The processing includes the activation of an automated decision-making process, including profiling, consisting of a computerized (email) or telephone response to requests for information or hotel stay quotations.

---

4. Mandatory Nature of Data Provision

Considering the purposes described above, the provision of data is mandatory. Failure to provide data, or providing incomplete or inaccurate data, may result in the inability to perform the requested activity.

If the data subject is under the age of 16, such processing is lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility. In such cases, identification data and a copy of the identification document of the parent/guardian will be collected.

---

5. Methods of Processing and Security Measures

Processing will be carried out using both manual and/or electronic and telematic tools, with organizational and processing logics strictly related to the stated purposes, and in any case in such a way as to ensure the security, integrity, and confidentiality of the data, in compliance with the organizational, physical, and logical measures required by current legislation.

In particular, the following security measures have been adopted:

• Specific measures to address risks of destruction, loss, alteration, unauthorized access, or disclosure, whose effectiveness is regularly evaluated

• Authentication systems

• Authorization systems

• Protection systems (antivirus, firewall, intrusion detection systems, etc.)

• Physical/logistical security measures

---

6. Data Retention

Personal data are stored:

• For a period of 1 year, as it may be necessary to reconstruct communications relating to a hotel contract.

---

7. Rights of the Data Subject

You may exercise the following rights at any time:

• To request further information regarding this Privacy Notice

• To access your personal data

• To obtain rectification or erasure of data, or restriction of processing (where provided by law)

• To object to processing (where provided by law)

• To data portability (where provided by law)

• To withdraw consent, where applicable (withdrawal does not affect the lawfulness of processing based on consent given before withdrawal)

• To lodge a complaint with the supervisory authority (Data Protection Authority)

• To mandate a non-profit body, organization, or association to exercise your rights

• To seek compensation for damages resulting from a violation of the Regulation (Art. 82 GDPR)

If the Data Controller intends to further process personal data for a purpose other than that for which they were collected, prior to such further processing you will be provided with information regarding that different purpose and any additional relevant information.

---

8. Contact Details of the Data Controller and Data Processor

You may exercise your rights by contacting:

Data Controller:
Angelo Euticchio
Tel: +39 349 1895648
Email: info@hibiscusunotropea.com

Data Processor:
Angelo Euticchio
Tel: +39 349 1895648
Email: info@hibiscusunotropea.com

Address:
Via Carmine snc
89861 Tropea (VV), Italy

---

9. Additional Information

Further information on data processing and the exercise of your rights can be found at:

• Regulation (EU) 2016/679 (GDPR)
  https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ITA

• European Data Protection Supervisor (EDPS)
  https://europa.eu/european-union/about-eu/institutions-bodies/european-data-protection-supervisor_it

• Italian Data Protection Authority
  http://www.garanteprivacy.it/web/guest/home