INFORMATION PURSUANT TO ART. 13 OF EU REGULATION 679/2016

1. Introduction

At Cogea SRL, your privacy and the security of your personal data are of utmost importance. Therefore, we collect and process your data with the greatest care and attention, while adopting specific and appropriate technical and organizational measures to ensure full security of the processing.

In compliance with Article 13 of the European Regulation 2016/679 ("GDPR" or "Regulation") and the Privacy Code (“Privacy Code”), as amended by Legislative Decree 101/2018 (collectively, the “Legislation”), we inform you that your personal data is processed in a manner that ensures its security and confidentiality. This is carried out using paper, IT, and telematic media as detailed in this policy.

2.Data Controller

The processing of your personal data is carried out by Cogea SRL (hereinafter also referred to as “Cogea SRL” or the “Data Controller”), with its registered office at Via Porta Rossa, 5, 50123 Florence, in its capacity as the Data Controller under the Regulation.

For any questions or requests related to the processing of your personal data, you may contact the Company at any time by sending a request to the following contact details:

Data Controller

Business Name: Cogea SRL
Registered office address: Via Porta Rossa, 5, 50123 Florence
Phone contact: +39 055 286666
Email contact: cogea_srl@pec.it

3. Type of Data Processed, Purposes, and Legal Basis for Processing

The personal data processed by the Company is provided by you while browsing or using the online services offered by the Company through the website https://www.hoteldavanzati.it/.

The Company may collect data such as your name, surname, email, phone number, your requests, and browsing data.

No special categories of data under Article 9 GDPR or data relating to criminal convictions and offenses under Article 10 GDPR are processed.

Your personal data, once collected, is processed for the following purposes:

To analyze your experience using our websites and services, ensuring the correct functioning of our web pages and their content. Processing for these purposes is based on the legitimate interest of the Data Controller and does not require specific consent from the data subject.
To comply with legal obligations under laws, regulations, and European legislation. Processing for these purposes is necessary to fulfill legal obligations and to provide you with the requested service, and it does not require specific consent from the data subject.
Subscription to our Newsletter service. Processing for this purpose is carried out based on the specific and freely given consent provided by the user.
To carry out direct promotional activities, such as sending periodic newsletters and other promotional tools to the email address you voluntarily provided when registering on the site. Processing for this purpose is carried out based on the specific consent provided by the user, except for commercial communications related to products and/or services similar to those already purchased and/or subscribed by the user, for which processing is based on the legitimate interest of the Data Controller.
Your personal data is processed exclusively by the Company’s staff, specifically authorized and appointed under Article 4, paragraph 10 of the Regulation and Article 2-quaterdecies of the Privacy Code, who have been appropriately trained in relation to privacy requirements and who process data under specific instructions from the Data Controller.

4. Data Processors (Article 28) and Recipients of the Data

Your personal data may also be transferred to third parties with whom we work. These parties have been selected and offer adequate guarantees of compliance with personal data protection regulations, and if they process data on behalf of Cogea SRL, they have been appointed as Data Processors under Article 28 of the Regulation. They are required to carry out their activities according to the specific instructions provided by the Company and under its supervision.

These third parties may include the following categories: financial operators; internet providers; companies specializing in IT services, consultancy firms, cloud service providers. Additionally, your data may be shared with third-party companies operating in the publishing sector or other industries with which Cogea SRL might enter into digital marketing partnerships related to hotel activities. A specific and updated list of these entities is available at the Data Controller’s office, and can be consulted upon the data subject’s request.

For administrative purposes, we inform you that your data may be communicated by the Data Controller to other companies within the Group.

It is understood that your personal data will not be shared with third parties for their own promotional purposes and will not be disseminated in any way.

Your data may also be transmitted to public authorities for legal obligations, to law enforcement agencies, and to judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention and safeguarding against threats to public security, as well as to enable the Company to exercise or protect its own rights or those of third parties before the competent authorities, and for other reasons related to the protection of the rights and freedoms of others.

5. Mandatory or Voluntary Provision of Data
While the provision of personal data by the data subject is voluntary, we note that:

The provision of data for purposes A) and B) in paragraph 3 is mandatory. Failure to provide data will prevent the Company from establishing any relationship with you and allowing you to use the website.
The provision of data for purposes C) and D) in paragraph 3 is optional. Failure to provide data will prevent you from subscribing to the newsletter service and using the promotional services offered by the Company.



7. Transfer of Data Outside the EU

Some third parties to whom data is transferred may be located in non-EU countries, including through the use of cloud services implemented by the Company. This transfer is made to countries that offer an adequate level of data protection, as established by specific decisions of the European Commission.

The transfer of your personal data to third parties located in countries outside the European Union that do not ensure adequate protection levels will only be carried out with your consent or after the conclusion of specific agreements between the Company and these entities, containing appropriate safeguards and guarantees for the protection of your personal data, such as the so-called “standard contractual clauses,” also approved by the European Commission, or where the transfer is necessary for the conclusion and execution of a contract between you and the Company or to manage your requests.

7. Data Retention

We inform you that your data will be retained for a limited period of time, varying according to the type of processing activity and its specific purposes, as outlined below:

Data collected in the context of using services offered by the Company: this data will be retained for the duration of the service until its termination or until the user cancels the service or withdraws consent.
Data collected for sending newsletters or promotional activities (purposes C) and D) in paragraph 3): until the user requests to stop the activity and, in any case, within 2 years of the user's last interaction with the Company.
At the end of these periods, your data will be permanently deleted or irreversibly anonymized.

8. Your Rights

You have the right to exercise the following rights concerning your personal data as provided by the Regulation:

Right of access and rectification (Articles 15 and 16 of the Regulation): You have the right to access your personal data and request that it be corrected, modified, or updated.
Right to erasure (Article 17 of the Regulation): In cases provided for by applicable law, you may request the deletion of your personal data.
Right to restriction of processing (Article 18 of the Regulation): You have the right to request the limitation of the processing of your personal data in cases of unlawful processing or dispute of the accuracy of the data.
Right to data portability (Article 20 of the Regulation): You have the right to request that your personal data be transmitted to another Data Controller.
Right to object (Article 21 of the Regulation): You have the right to object to the processing of your personal data based on legitimate interest, explaining the reasons that justify your request.
Right to lodge a complaint (Article 77 of the Regulation): You have the right to lodge a complaint with the relevant Data Protection Authority if you believe your rights have been violated.
You may exercise your rights by sending an email to cogea_srl@pec.it or by regular mail to Cogea SRL, Via Porta Rossa, 5, 50123 Florence.

9. Security Measures

The Company implements adequate security measures to safeguard the confidentiality, integrity, completeness, and availability of the personal data of the data subject. Technical, logistical, and organizational measures are designed to prevent damage, accidental loss, alteration, misuse, and unauthorized access to the



10. Changes to this Privacy Policy

The ongoing evolution of our services may lead to changes in how your personal data is processed. This privacy policy may be amended over time, as required by new regulations or changes in our services.

We encourage you to periodically review this policy, and where possible, we will try to inform you of any significant changes and their consequences. The updated version of the privacy policy will always be published on the Company's page, with an indication of the date of the last update.

11. Last Update Date

Florence, 04/10/2021