European Regulation EU/2016/679 (hereinafter referred to as the « Regulation ») lays down rules on the protection of individuals with regard to the processing of personal data, as well as rules on the free movement of such data.

In compliance with the principle of transparency provided for by art. 5 of the Regulation, ROME ART HOTEL, CAPO LE CASE, 60 00187 ROMA, in its capacity as Data Controller, provides you with the information required by articles 13 and 14 of the Regulation.

1. Purpose of processing and legal basis

The processing of your personal data will be based on principles of propriety, lawfulness and transparency, and in a manner protecting your privacy and rights, in accordance with the company’s privacy policy. The company also commits to process your data in accordance with the principle of « minimisation », i.e. acquiring and processing the data only to the extent necessary for the following purposes:

1. Compliance with the obligation laid down in Article 109 of Royal Decree No. 773 of 18 June 1931, which requires the registration and communication to the police headquarters of the details of accommodated guests.
2. Compliance with current administrative, accounting and tax obligations.
3. Management your booking (check-in, check-out) and your stay (hotel services provided). For this purpose, we also ask you for health data such as food allergies and intolerances so that we can provide you with a service that is appropriate to any possible health needs.
4. Video-surveillance in the common areas, for security and protection issues.
5. To out the function of receiving messages and telephone calls intended for you.
6. To send our promotional messages and updates on rates and offers.

Legal basis	Purpose	Consent
Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject	Fulfilment of the obligation laid down in Article 109 of Royal Decree No. 773 of 18 June 1931, which requires the registration and communication to the police headquarters of the names of accommodated guests Fulfilment of current administrative, accounting and tax obligations To manage your reservation (check-in, check-out) and your stay (hotel services provided) To perform the function of receiving messages and phone calls intended for you	For these purposes the processing may be carried out without your consent
The processing is carried out on the basis of the consent of the data subject	To perform the function of receiving messages and phone calls intended for you To send our promotional messages and updates on rates and offers	For these purposes, the processing can be carried out only with your consent

We inform you that for the above purposes data classified by art. 9.1 of the Regulation as « special categories of data » will also be collected and processed, such as:

• Data suitable to reveal the accommodated guests’ state of health (food allergies and intolerances)

The provision of your personal data is required for the following purpose:

1. Fulfilment the obligation laid down in Article 109 of Royal Decree No. 773 of 18 June 1931, which requires the registration and communication to the police headquarters of the names of accommodated guests.
2. Fulfilment of current administrative, accounting and tax obligations.
3. Management your reservation (check-in, check-out) and your stay (hotel services provided).
4. To perform the function of receiving messages and phone calls intended for you.

Your refusal to consent to the processing of such data may result in the impossibility of providing the services requested.

The provision of your personal data is optional for the following purposes:

1. Carrying out the function of receiving messages and telephone calls intended for you.
2. Sending our promotional messages and updates on rates and offers.

Your refusal will not have any effect on the provision of the services requested.

2. Methods of processing

The processing of your personal data will be carried out using paper documentation and computers in compliance with the provisions on the protection of personal data and, in particular, the appropriate technical and organisational measures referred to in art. 32.1 of the Regulation, and with the observance of all precautionary measures that ensure integrity, confidentiality and availability.

3. Source of the data

DATA COLLECTED FROM THE DATA SUBJECT	DATA COLLECTED FROM THIRD PARTIES
	TYPE OF DATA	SOURCES
Customers

4. Categories of recipients

Strictly for the purposes indicated above, your personal data may be disclosed to the following parties or categories of parties:

1. Police headquarters.
2. Consultants and contractors for the fulfilment of tax obligations.
3. Banks and credit institutions.
4. Travel agencies and booking agencies.

We also inform you that:

• The disclosure of your data to the categories of parties referred to in letters a) and b) constitutes a legal obligation with which the Data Controller must comply.
• The disclosure of your data to the categories of parties referred to in letters c) and d) is necessary to execute the contract to which you are party.

In relation to these categories of recipients, the Data Controller undertakes to rely exclusively on persons who provide adequate guarantees regarding data protection, and will appoint them as Data Processors pursuant to art. 28 of the Regulation. The list of the Data Processors is available in the company and can be viewed upon request to the Data Controller.

Your data will also be processed, exclusively for the purposes mentioned above, by company employees and/or other employees specially authorised and instructed by the Owner pursuant to art. 29 of the Regulation.

Your personal data will not be disclosed, unless required by a law or regulation or by Community legislation.

5. Transfer of personal data

Your personal data will not be transferred to non-European countries or international organisations.

6. Retention period

CATEGORIES OF DATA	SHELF LIFE	REFERENCES OF STANDARDS
Personal data (name, surname, gender, place and date of birth, residence, domicile) and contact details	The data are kept for the entire duration of the relationship of providing services to the customer. Once the relationship is no longer in place, they are still kept for another 10 years for the purpose of managing any legal disputes. The data are kept for advertising purposes are kept for 24 months.	Art. 2946 Italian Civil Code (ordinary prescription) Measure of the Privacy Authority 24 February 2005 – Data storage for marketing purposes
Payment details	The data are kept for the entire duration of the relationship of providing services to the customer. Once the relationship is no longer in place, they are still kept for another 10 years for the purpose of managing any legal disputes.	Art. 2946 Italian Civil Code (ordinary prescription)
Data communicated to the Police Headquarters	The public security (PS) file communicated to the police is kept for 5 years.	Royal Decree No. 773 of 18 June 1931 (TULPS)

7. Automated decision making

No automated decision-making processes are used for the processing.

8. Rights granted to the data subject

At any time, you may exercise your rights under Articles 15-22 of the Regulation with respect to the Data Controller.

In particular, at any time, you have the right to request:

• Access to your personal data.
• Rectification of the data if they are incorrect.
• Deletion of the data.
• Restrictions on processing the data.

You will also have:

• The right to object to the data being processed even if this is in pursuit of a legitimate interest of the Data Controller, if you consider that your fundamental rights and freedoms have been infringed.
• The right to withdraw your consent at any time in relation to the purposes for which this is necessary.
• The right to the portability of your data, i.e. the right to request and receive your personal data in a structured format that is commonly used and readable by an automatic device.

9. Identity and contact details of the Data Controller

ROME ART HOTEL , CAPO LE CASE, 60 00187 ROME, tel.:(+39) 06 79844142, email:info@romearthotel.com

Contact details of the Data Protection Officer (DPO):

• ROME ART HOTEL does not consider itself subject to the obligation to appoint a Data Protection Officer (DPO) as it does not fall within the cases provided for by art. 37 of EU Regulation 2016/679.