Authorization for the processing of personal data pursuant to EU regulation no. 679/2016 (General Data Protection Regulation)

1. Data Controller:

The data controller is APPARTHOTEL DIANA SNC di Wiedenhofer Herta & Co, with offices in 39030 Terenten, Via Ast n. 6, tax code: 02282210216; telephone: +39 0472/546126; e-mail:


2. Motive, Purpose and Legal Grounds for the Processing:

The processing of the data is performed on the basis of the consent of the client and with the purpose of fulfilling our contractual obligations. The purpose of such processing is to ensure the correct and complete fulfilment of the professional services requested.

Processing of the data is also performed in order to comply with legal requirements.


3. Processing of special categories of personal data:

For the duration of the contractual period, the data controller receives, registers and manages the client's special personal data as set forth in art. 9 of EU Regulation no. 679/2016, which include racial origin or ethnicity, political opinions, religious or philosophical convictions and membership of a trade union, as well as genetic data and biometric data that can be used to identify a natural person, data concerning their health, sexual activities or sexual orientation.

The processing of such special personal data is necessary in order that the Data Controller may fulfil their contractual obligations in a correct and complete manner.

The client, pursuant to  art. 9, section 2 a) of EU Regulation no. 279/16, expressly consents to the processing of the above-mentioned special personal data.


4. Recipients of the personal data:

In order to achieve the stated purpose, the personal data may be forwarded to and received by internal and external collaborators, suppliers and data processors.


5. Period of conservation of the data:

The data will be conserved for the period of the contractual agreement and, in addition, for a period of 10 years.


6. Rights of the client:

Art. 13, section. 2 of EU Regulation no. 279/16 provides the  Data Subject with a number of rights, including:

  1. The right of the Data Subject to request the Data Controller, or the Data Protection Officer, to provide access to their Personal Data and, if appropriate, to obtain their rectification and/or erasure, or the restriction of the processing of their personal data or to object to such processing, as well as the right to the portability of the data.
  2. Pursuant to Art. 13, section. 2  c) of EU Regulation no. 279/16, the right to revoke their consent to the processing of their personal data given in accordance with Art. 6, section 1 a), or the right to revoke their consent to the processing of their special personal data given in accordance with Art. 9, section 2 a) of EU Regulation no. 279/16, without prejudice to the lawfulness of the processing based on the consent given prior to such revocation.
  3. The right to address complaints to a supervisory authority.
  4. The right to receive from the Data Controller, or the Data Protection Officer, confirmation concerning:
    - whether or not their personal data are being processed and, if so, to obtain access to such personal data and information concerning the purpose of such processing;
    - the categories of personal data in question;
    - the recipients or categories of recipients to which the personal data have been or will be communicated, especially if the recipients are in third countries or are international organizations;
    - where possible, the period for which it is expected that the personal data will be conserved or, if this is not possible, the criteria adopted in order to determine such period;
    - the existence of the right of the  data subject to request the data controller to rectify or delete the personal data, or to restrict the processing of their personal data or to object to their processing;
    - the right to file a complaint with a supervisory authority;
    - in the event that the data are not collected from the data subject, all possible information concerning their origin;
    - the possible existence of automated decision-making, including profiling, and, at least in such case, to obtain significant information concerning the logic used, as well as the importance and the probable consequences of such processing for the data subject.

7. Conferral of the data:

The conferral of the personal data is necessary to the correct fulfilment of the mandate comprising the professional agreement between the Client and the Data Controller, as well as for compliance with the respective legal requirements. The client is required by the terms of the contract to provide their personal data. If the personal data are not provided, or are only partially provided, it will not be possible to fulfil the terms of the contract correctly and completely.