INFORMATION pursuant to article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

Dear Customer,

In accordance with the Art. 13 of European Regulation 2016/679 “GDPR”, Rodan S.r.l. informs you that, the personal data collected, with reference to the contractual relationships established, will be processed in compliance with the law above mentioned; in relation to the aforementioned treatments, it provides the following informations:

Personal Data Collected
Personal data collected / communicated, behind your free and express permission, are exclusively related to:
- identification data (for example: name, surname, address, telephone, fax, e-mail, etc ...)
- tax/ invoice data (if required by law - for example, tax code, VAT number etc ...)
The processing of the above data may include prior authorization, even the data related to your health (eg physical disability, for which a particular type of room is requested during the booking).
In these cases, the processing will be limited to the data and operations necessary to fulfill the obligations, including pre-contractual ones, related to the provision of Hotel Services, within the limits of the services requested by you during the booking or during your stay at our hotel.

Data Controller (paragraph 1 letters a, b)
Independent data controllers of personal data processing are the following:
- Rodan S.r.l. addressed in Via Emanuele Filiberto 175 - 00185 Rome
- Best Western International Inc. as per separate official declaration

Data Controller has appointed a Data Protection Officer (DPO - Data Privacy Officer) that was assigned to Mr. Fabrizio Roscioli who can be contacted at the following address dpo@rhr.it

Purposes and methods of Data processing (paragraph 1 letter c)
The purposes of processing personal data are the following:
1. Acquire and confirm your booking of the accommodation services and extra services and to provide them;
2. Fulfill the obligation envisaged by the "Consolidated Law on Public Security Laws" (Article 109 of the Royal Decree 18.06.1931, No. 773);
3. Fulfill the administrative, accounting and fiscal obligations related to contracted services and their organizational management;
4. Exercise the rights of the owner, for example the right of defense in court.
5. For purposes of protection of individuals, properties and company assets through a video surveillance system of certain public areas of the structure, identified by appropriate signs.

Only with your specific and distinct permission, the Data Controller may process your data for the further purposes described below:
• perform the function of receiving messages and telephone calls addressed to him/her during the stay;
• preservation of the client's personal details in order to speed up the registration procedures in case of future stays
• sending proposals and commercial communications by e-mail or SMS or fax, by the Data Controller , inherent (i) to the Company and the hotel at which you decided to stay, and (ii) the “Best Western” world: hotels and services linked to this hotel.
• Implementing market and statistic survey, marketing and references on advertising communications (press, radio, TV, Internet etc.), product preferences, the communications can be forwarded directly to the property or to a property that is part of the consortium. In this case, your choice and purchasing habits will be analyzed to create services, promotions, initiatives and communications that are better suited to your behaviors, habits and needs.

Personal data are collected and may be used and will be processed on paper form and computerized, and included in the relevant databases that will be accessible only by the owner of the property and his representatives. In regards to the data processed via electronic form, it is emphasized that all appropriate security measures have been adopted to protect the rights and legitimate interests of the interested individual.

Possible Receivers of the Data (paragraph 1 letters e, f)
In relation to the purposes indicated in the previous paragraph, the data may be communicated to the following subjects or to the categories of subjects indicated below:
• Studies of recognized accountants related to the profession of assistance to companies when the communication is requested by law, or is in the interest of the subject (natural or legal person);
• Studies of recognized lawyers related to the profession of assistance to companies when the communication is requested by law, regularly in charge of this form of treatment in full compliance with the minimum measures in force, or when the communication is in the interest of the subject (natural or legal person) );
• Companies that are part of the group
• Police forces to fulfill public security obligations.

Furthermore, in the management of your data, the following categories of authorized and / or external persons identified with a written approval and to whom they received specific written instructions regarding the processing of data as per below:
- employees of the company in quality of "authorized person"
- system administrators;
- individuals manage the Company's IT system and telecommunications networks;
- consultants of the Company or other individuals that provide services connected to the Hotel Service;

The complete list of data processors is available upon request, which can be forwarded to the data controller.

Data Transmission
In regards to the management of the reservations, your data will be transferred to Best Western International whose servers may be allocated outside the EU. Best Western International has adopted measures to guarantee the conformity to GDPR.
All the other personal data our conserved on servers that are located in the EU.
In any case the owner, where necessary, has the authority to move the servers also outside EU. In this case, the owner reassures from now that the transfer of the data extra UE will occur in line with the applicable legal dispositions, upon the stipulation of the contractual clauses that are established by the European Commission.

Location of the treatment
The collected Data are processed in the headquarters of the owner of the treatment and in the other locations of the company group.

Data Retention Period (paragraph 2 letter a)
At the end of the service, the personal data will be stored exclusively for historical or statistical purposes, in compliance with the law, regulations, community legislation and codes of deontology and good conduct signed in accordance with Article 40 of the EU Reg. 2016/679, for a period as per current legislation (10 years), or, in case they are not subject to any law, for a period not exceeding five years. Beyond this period, the personal data will be stored anonymously or destroyed.
Regarding the processing for marketing purposes and for market research and profiling, Data is processed fort a period not exceeding 12 months after its collection. The data of those individuals who never used our services, even if they have had a previous contact with the company’s representatives, will be immediately cancelled or processed anonymously, where their conservation is not otherwise justified, unless the permission has been validly acquired and the interested parties informed regarding a subsequent commercial promotion or a market research activity.

Rights of the interested parties (paragraph 2 letter b)
In relation to the previously mentioned statements, the interested party has the right to request access to his / her personal data and to rectify or cancel them or limit their treatment or to oppose their treatment, as well as having the right to approve the data collection.

Right of Withdrawal of Consent (paragraph 2 letter c)
If the processing is based on consent, you have the right to withdrawal of consent will not affect the lawfulness of processing that was based on the consent before it was revoked.

Right to initiate a Complaint (paragraph 2 letter d)
Data Controller-informs the interested party that he has the right to initiate a complaint to a supervisory authority.

Mandatory or Optional Nature of the Provision of Data (paragraph 2 letter e)

The provision of data and the related processing are mandatory in relation to the above mentioned purposes in regards to the provision of Hotel Services and to fulfill the purposes of the public security; it follows that, any refusal to provide data for such purposes may determine the impossibility of providing the Hotel Services requested and, therefore, the impossibility of hosting you in our property.
The provision of data for other purposes which require specific approval that may be revoked at any time
and the relative treatment, is to be considered optional, any refusal will not have any consequence in the provision of the requested service.

Date

Rome, 28th May 2018