Dear Client/Firm,
For initiating and managing commercial relations with you, our company shall use your personal data in full respect of the basic principles dictated by the European Parliament’s directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data; by directive 97/66/EC on the protection of privacy in telecommunications; by directive 97/07/EC and Legislative Decree 185/99 on the protection of consumers with distance contracts; by the electronic commerce directive 00/31/EC;  by Legislative Decree 196 of 30 June 2003  - Personal Data Protection Code; and by Legislative Decree 70/2003 regarding electronic commerce.

These regulations specify that those processing personal data must inform the person whose data is being treated and must also fully respect its correctness, lawfulness and transparency with the greatest protection of confidentiality and privacy.
In compliance with these regulations, the following information is provided:

Scope of Privacy Statement
This privacy statement applies to all the data processing the owner carries out in the management of its economic activity and to the information collected during these activities.

Type of Data Treated
Relais Pierret S.r.l.  handles your personal and tax data and any economic data strictly necessary for present or future commercial relations with your firm/you, as well as your e-mail address when it has to be requested and/or provided during the commercial operation.

We are not in possession of any of your judicial data (art. 4 para. e) Legislative Decree 196/03).

Cases in Which the Consent of the Person Concerned is Required
According to the purposes for which the data will be used, the law can specify that the prior consent of the person concerned is needed when collecting and processing data. If it should be necessary, our company will send you a form so that you can give your consent for the use of all or some of your personal data.

a) Cases in which no Consent is Required
Personal data is processed on the basis of contractual requirements and to comply with legal and tax obligations, as well as for managing commercial and contractual relations and for purposes strictly linked to our company’s legal obligations.  The data shall be processed for the duration of the contractual relation and afterwards for the completion of legal obligations or for administrative, commercial, book-keeping, tax and public- security purposes.

Briefly, the purposes for which your data will be used include:

• processing of data for activities relating to our company’s services and products;
• processing of data for complying with tax or book-keeping obligations;
• processing of data for services strictly linked to client registrations and reservations;
• management of clientele/suppliers (administration of clients, administration of contracts, orders, arrivals, mailings and invoices, checking reliability and credit worthiness, selections with regards to  the firm’s requirements);
• management of public-security obligations;
• processing of data for commercial purposes as well as for sending promotional material and information linked to our specific hotel activity with traditional systems (post, catalogues, brochures);
• management of  legal actions (breaches of contract, injunctions, transactions, debt collection, litigations);
• internal controls (on security, productivity, quality, services, capital);
• use of e-mail address provided for promoting similar services.

How Data is Processed
The data subject to processing is collected:

• in hard-copy data banks;
• by electronic tools;
• by ICT methods.

1. This data shall also be:

• processed lawfully and fairly;
• collected and recorded for specific, explicit and legitimate purposes and used in further processing operations in a way that is not inconsistent with said purposes;
• accurate and, when necessary, kept up to date;
• relevant, complete and not excessive in relation to the purposes for which it is collected or subsequently processed;
• kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data was collected or subsequently processed.

The processing may include -  in compliance with the limitations and conditions imposed by  art. 11 of the Civil Code -  one or more of the operations concerning the collection, recording, organization, keeping, processing, modification, selection, retrieval, comparison, utilization, interconnection, blocking, erasure, destruction  and communication of data. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorized access.

Security of Personal Data
Personal data is protected from unauthorized access, use or disclosure. Only our personnel can access it after specific authentication and all the security procedures are in place for protecting data from privacy breaches by non-authorized personnel, both locally and in the network. All personal data supplied is kept in a secure and controlled environment and there are physical electronic and managerial safeguards to protect it.

Obligation or Faculty to Provide Information
Data must be provided when it is needed to comply with obligations imposed by law (e.g. personal data for invoicing),  regulations or Community legislation, or when imposed by the legally entitled Authority and by supervisory and control bodies. Refusal to supply data may result in the impossibility to initiate or continue the relationship, to the extent in which the data is necessary for its implementation.
The supply of any other type of data is optional.  We shall assess refusals individually and decide how to act according to how important the data requested and not provided is for our organization.  For the correct processing of data, those concerned must communicate any variations in their data.

Sharing of Information – Disclosure of Information
The data referred to in this Privacy Statement shall not be disclosed to third parties, that is no data processing and management operations shall be outsourced.  Should the need for this occur,  the consent of the person concerned shall be requested. Personal data can be communicated and/or disclosed as specified in the paragraph entitled “Communication and Disclosure “ below.
Communication and Disclosure

We shall not disclose the data of the person concerned, meaning by this enabling third parties to obtain it, either by making it available or through consultation.

The data of the person concerned may be communicated:

• to individuals who can access the data by law, regulations or Community legislation, within the limitations specified by law, including public-security authorities;
• to those servicing our information system and/or the software used by us, in the event of breakdowns or problems with data security for the time strictly necessary to restore functionality;
• to those who need to access the data of the person concerned for purposes supplementary to the relationship between this person and us, to the extent strictly necessary for performing supplementary tasks (for example, couriers, etc.);
• to our consultants, to the extent necessary for performing their work in our business, after a letter of appointment imposing the duty of confidentiality and security;
• to external companies hired to perform these processing operations as set down in the point: “Outsourcing of Some Processing Operations to Third Parties”;
• to our personnel responsible for processing and for security, whose names are given in the section: “Owner of Data Processing and Person Responsible for it” in this Privacy Statement;
• to categories of people to whom the personal data may be communicated, as responsible for it or assigned to its processing.

Rights to the Protection of Personal Data - Art. 7 Legislative Decree 196/03

1. The person concerned has the right to obtain confirmation of the existence or otherwise of personal data regarding him or her, even if it has not yet been recorded, and to have it communicated in an intelligible form.

2. The person concerned has the right to obtain information about:

• the origin of the personal data;
• the purposes and methods of the handling;
• the logic applied;
• the identification details of the owner and people responsible;
• the people or categories of people to whom the data may be communicated.

3. The person concerned is entitled to obtain:

• updates or corrections or additions to the data;
• cancellation, conversion into an anonymous form or blocking of data processed in breach of the law, including data which does not need to be kept for the purposes for which the data has been collected or subsequently processed;
• a declaration that the operations referred to under the previous points have been brought to the notice, also as regards their content, to those to whom the data has been communicated or broadcast, except in the case where compliance with this is found to be impossible or involves the use of means that are manifestly out of proportion to the right being protected.

4. The person concerned is entitled to object, entirely or in part, and freely:

• for legitimate reasons, to the processing of personal data regarding him or her, even though it may be pertinent to the aim of the data collection;
• to the processing of personal data regarding him or her for the purposes of sending publicity.

Requests for exercising the rights referred to in art. 7 of Legislative Decree n.196/03 in favour of the person concerned can be addressed to the owner of the data processing or the person responsible for it as indicated below.

Owner of Data Processing and Person Responsible for it
The owner of the data processing is Relais Pierret S.r.l. with offices in Roma 00187, P.zza di Spagna, 20 (Fax 06.69784592).
Read, by signing this I authorize in particular commercial and promotional communications and information on your company to be sent to me by any instrument.