Information pursuant to Article13 of Italian Legislative Decree 196/2003

Procedures for managing the site in relation to the processing of the personal data of the users who consult it. This notice is served under Article 13 of Italian Legislative Decree no. No 196/2003 – Data Protection Act- to those who interact with the web services of the Guarantor for the protection of personal data, accessible via internet at the link: http://www.garanteprivacy.it which corresponds to the home page of the Authority’s official site. The notice only applies to the website of the Guarantor and not to other Web sites that may be accessed by the user via links. The information is based on Recommendation 2 / 2001 that the European authorities for the protection of personal data, united in the Group established as per Article 29 of EC Directive 95/46, adopted on 17 May 2001 to establish the minimum requirements for collecting personal data on-line and, in particular, the procedures, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the link.

DATA CONTROLLER

Following consultation of this site data relative to identified or identifiable persons may be processed. The Data Controller is the company AUTENTICO HOSPITALITY SRL – Via de’ Bardi, 39 -50125 FIRENZE – P.IVA 06879000484

PLACE OF DATA PROCESSING

Data processing in relation to the web services of this web site is carried out at the above-mentioned office of the Guarantor and is only performed by staff from the appointed Office, or others appointed to perform occasional maintenance operations. None of the data generated by the web service will be communicated or disseminated. The personal data provided by users who send requests for information (bookings, CD-ROMs, newsletters, trade information, feedback, etc..) will only be used to perform or provide the service or assistance requested and will be communicated to third parties only when this is necessary for that purpose (sending publications, newsletters, etc.).

TYPES OF DATA PROCESSED

Navigation data. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data that is implicitly transmitted when using the communication protocols of the Internet. This information is not collected for the purposes of associating it with identified users, but by way of its very nature could enable users to be identified, when processed and associated with data held by third parties. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment. These data are only used to obtain anonymous statistics on site usage and to check that it is working properly, and they are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical IT computer crimes against the site. With the exception of this possibility, the data about web contacts do not persist for more than 180 days. Data provided voluntarily by the user. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender’s email address, which is required for the purpose of responding to the requests, and other personal data contained in the message. Specific summary information will be progressively reported or displayed in the pages of the site designated for special services on request.

OPTIONAL NATURE OF AUTHORIZATION TO PROCESS DATA

Without prejudice to the terms specified for navigation data, the user is free to provide the personal data contained in the application forms to the Guarantor, or the data that is in any case indicated in contacts with the office to request information or for other communications. Failure to authorize the processing of said data can make it impossible to fulfil the request. It must be remembered that in some cases (not within the ordinary management of this site) the Authority may request information under Article 157 of Italian Legislative Decree n. 196/2003, in order to control the processing of personal data. In these cases a reply must be provided, under penalty of a fine.

PROCESSING METHODS

Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were acquired. Specific security measures are taken to prevent the loss, illicit or incorrect use and unauthorized access to the same.

USERS’ RIGHTS

Data subjects have the right to obtain confirmation of the existence of any data concerning them, to know their content and origin, verify their accuracy or request the integration, updating, or correction of the same at any time (Article 7 of Italian Legislative Decree no. 196/2003). Under that article, users are also entitled to request the cancellation, transformation into anonymous form or blocking of data in violation of the law, and to object to their processing in any case, for legitimate reasons. All requests should be addressed to the Guarantor.