Information pursuant to Article 13 of Regulation (EU) No. 679/2016 ("GDPR", privacy law)

Abbazia SAS, in accordance with and for the purposes of Article 13 of the European Regulation 2016/679 on the protection of personal data ("GDPR") and national privacy legislation, safeguards the privacy of personal data and guarantees the necessary protection in relation to events that may pose a risk of violation.

Please note that this Privacy Policy refers exclusively to services directly provided and administered by Hotel dei Chiostri. It does not apply to any other services provided by third parties, such as the online availability and booking service accessible from the website hoteldeichiostri.com.

DATA CONTROLLER
The Data Controller, hereinafter referred to as the "Controller," is ABBAZIA SAS - Hotel dei Chiostri (registered office at Piazza IV Novembre, 20 - 31051 Follina (TV)), represented by its legal representative, who can be contacted at the address info@hoteldeichiostri.com.

LOCATION OF DATA PROCESSING
The collected data is stored in paper and electronic archives located in Italian territory, at the headquarters of the Data Controller. Data processing will be carried out using tools and procedures suitable to guarantee security and confidentiality and may be carried out manually (using paper supports) or using computer or electronic means. No data derived from the web service is communicated or disseminated. The personal data provided by users who submit requests are used solely for the purpose of performing the requested service or performance and are communicated to third parties only if necessary for that purpose.

TYPES OF DATA PROCESSED
Navigation data
During their normal operation, the computer systems and software procedures used to operate this website acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature, it could allow the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to ensure its proper functioning. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the website: except for this possibility, the data on web contacts are not stored for more than thirty days.

Data provided voluntarily by the user
Email: The optional, explicit, and voluntary sending of emails to the addresses indicated and present on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the communication. Contact and/or reservation forms: The forms on the site are used to collect data aimed at providing information and specific services.

MODE OF DATA PROCESSING
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access. No automated decision-making processes, including profiling, are carried out.

PURPOSE, LEGAL BASIS, AND NATURE OF DATA PROVISION
Personal data provided through the site will be processed for the following purposes:
1. Acquisition of data necessary to fulfill various information requests;
2. Acquisition of information necessary to finalize and execute reservations for accommodation or catering services or the provision of other requested services;
3. Acquisition of information necessary for the organizational management of any service supply, existing or under definition;
4. Compliance with legal obligations, including accounting, administrative, and tax obligations;
5. Protection of contractual rights;
6. Statistical analysis on anonymous aggregated data, aimed at measuring the functioning of the site, traffic, and evaluating its usability and interest in making it more functional and efficient;
7. Sending informative communications related to events organized by Hotel dei Chiostri and strictly related to the relationships established between the data subject and the Data Controller (based on the legitimate interest of the controller or with explicit consent).

Please note that, based on current regulations, Hotel dei Chiostri may use the email addresses provided in connection with a previous purchase of our service or product to offer similar services and products. However, if you do not wish to receive such communications, you can notify Hotel dei Chiostri at any time using the addresses provided in this privacy notice or by using the "unsubscribe" link in the received email communications.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
No personal data of the user is transferred outside the EU.

PERIOD OF RETENTION OF PERSONAL DATA
The collected data will be kept for a period not exceeding the time strictly necessary to achieve the indicated purposes. Data processed for administrative and accounting purposes will be kept, in compliance with legal obligations, for a period not exceeding ten years.

RIGHTS OF DATA SUBJECTS
According to articles 7 of Legislative Decree 196/2003 and 15 of the GDPR, the data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them (even if not yet recorded) and, if they exist, the right to request that they be communicated in an intelligible and complete form (purpose of the Processing, categories of Personal Data, recipients and/or categories of recipients to whom the data has been or will be communicated, storage period).

The data subject has the right, at any time, to obtain:
- the rectification of inaccurate personal data and/or the integration of incomplete personal data, possibly by providing a supplementary declaration;
- the portability of data, also by requesting direct transmission to another data controller;
- the erasure (oblivion), anonymization, or blocking of data processed or stored in violation of the law, including data that does not need to be kept for the purposes for which it was collected or subsequently processed;
- the restriction of processing in cases provided for by the current Privacy Regulations; The data subject also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of collection.

The exercise of these rights can be done by contacting the Data Controller at the email address info@hoteldeichiostri.com

In any case, the data subject has the right to lodge a complaint with the competent supervisory authority (Data Protection Authority), pursuant to Article 77 of the GDPR, if they believe that the processing of personal data is in violation of the applicable Privacy Regulations.