Privacy and Personal Data Policy – applicable to Users of this Hospitality  Business when making a reservation 

Data Controller (we): The Hospitality Business which will provide to you,  the user, the requested service. Our identification and contact details are  available on the website you used to make your reservation / to pose your  questions to us. They will also appear on our invoice which we’ll send to  you. 

Data Compliance Officer: Not applicable to Data Controllers’ activities. 

User: You, who filled-in the reservation form or any other documentation  related to it. 

Purpose: The purpose of processing the data provided through this form  is to manage the reservations made by you, user and/or to answer to the  questions / requests you posed. 

Legal basis: 

– Either the need to perform our contract with you, user / the need to take  steps at your request prior to entering into a contract. 

– Or the consent of you, the user, by ticking in the box of acceptance of  the Terms and Conditions of which this Privacy and Personal Data Policy is  an integral part. 

Duration: We will store the data provided by you, the user, during the time  necessary for the management of the reservation you made, as well as of  the accommodation services you requested. Once the management is  finished, your data will be kept for six (6) months. If you consent to  receive marketing and/or commercial information, your data will be stored  until you revoke your consent. 

Processor: We engage our partner CloudBeds (www.cloudbeds.com ) for  carrying out the reservations engine of our business. Cloudbeds acts  under our authority and we have signed a contract with Cloudbeds for the  provision of their services. 

Data subjects different from the users: Where you, user, provide us with  personal data pertaining to a different data subject from yourself, you are  responsible for such acts as well as for obtaining the respective consent  of such data subjects for the provisioning of their data.

Transfer of Data: We shall not transfer personal data to a third country  outside the EEA (European Economic Area). 

Data Subject Rights: Data Subjects can exercise their rights of access,  rectification, cancellation and opposition by sending an email or through  the postal service to the contact details on our reservation website and on  our invoices. 

Supervisory Authority: If a data subject considers their rights affected,  they can also appeal to the competent supervisory authority of the  Member State concerned. More info at: https://ec.europa.eu/info/law/law topic/data-protection/data-protection-eu_en