Notice to the Data Subject:

pursuant to art. 13 of EU Regulation 679/2016 (hereinafter referred to as GDPR – General Data Protection Regulation) and legislation on the protection of personal data, Starhotels S.p.A. ("Starhotels") hereby provides information about the processing of your personal data. This will be carried out in compliance with the principles of lawfulness, fairness, transparency, purpose, minimisation, accuracy and limiting the data retention period, within the scope of thecustomer experience.

Data Controller
Pursuant to art. 4(7) of GDPR 2016/679, the Data Controller is Starhotels S.p.A., with administrative headquarters in Florence – 50144, Viale Belfiore no. 27. Tel. (+39) 055.36921 – fax (+39) 055.36924.

Data Protection Officer
Pursuant to art. 37 of GDPR 2016/679, Starhotels S.p.A. has appointed a Data Protection Officer (DPO) for the company, who can be contacted at the email address: dpo@starhotels.com – PEC (certified email address): starhotels_dpo@legalmail.it

Data Processors
As part of the processing activities carried out to evaluate the customer experience, the Data Controller collaborates with external suppliers and, in particular, TrustYou GmbH, of Steinerstraße 15, 81369 Munich, as the formally designated Data Processor under art. 28 of the GDPR. Data Subjects may, at any time, request an updated list of the parties classified above from the Data Controller.

Origin of the data and processing methods
Your personal data (email address) will be collected by the Data Controller as part of the service it offers at the Hotel (Wi-Fi connection service at the accommodation facilities, provided by Hoist Group s.r.l., with registered office in via Cernaia no. 2 – 20121 Milan, in its role as an independent Data Controller solely for the management of the connection).
The email address entered in the Wi-Fi access form will be processed, as indicated in detail below, by Starhotels for the purpose of sending a questionnaire to evaluate your experience.
Your personal data will be processed through computer or telematic tools using appropriate security measures to ensure their security and confidentiality.

Purpose and legal basis of processing
The processing of personal data will be carried out by Starhotels for the following purposes:
c. forwarding, via email to the address provided by the Data Subject in the access form, of a questionnaire evaluating the services used at our facility (accommodation, bar/restaurant, events, internet connection), to improve the quality of the service we offer. The legal basis is identified as the legitimate interest of the owner in its requirement to obtain confirmation about the level of service and improve its performance for the benefit of guests and customers (art. 6[1][f] of the Regulation).

Categories of data processed and nature of transfer
In order to pursue the purposes described, the following types of personal data may be processed:

– so-called "general" data in the form of the email address provided in the access form.

Data retention times
Your personal data will be processed and retained for the time strictly necessary to pursue the purposes mentioned above.

Recipients and circulation of personal data
The data collected will be processed solely for the purposes mentioned above.
In addition, your data may be communicated – always in compliance with appropriate security measures – to public authorities and private parties to fulfil specific legal obligations. Personal data will not be circulated.

Location of data processing and scope of transfer
The data are processed at the offices of the Data Controller and the Processors, who are specified in a dedicated list kept by the Controller.
Personal data will be processed within Italian territory or in any case within the European Union and will not be subject to transfer to non-EU countries or international organisations.
If, during the relationship, the transfer of data becomes necessary, the Data Controller guarantees compliance with the provisions of Chapter V of the GDPR.

Rights of the Data Subject
The Data Controller guarantees the exercise of the rights referred to in art. 15 ff. of the GDPR, in particular:

1. Right to access;

2. Right to rectification;

3. Right to erasure (to be forgotten);

4. Right to restrict processing;

5. Right to portability;

6. Right to object.

Requests regarding the exercise of your rights must be addressed to the Data Controller at: dpo@starhotels.com

Automated processing and profiling
The Data Controller does not carry out automated processing including profiling.

Right of complaint and protection of the Data Subject
Finally, we remind you that if you believe that your privacy rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority, based in Piazza Venezia 11, 00187 – Rome, tel. (+39) 06.696771, email: protocollo@gpdp.it, PEC: protocollo@pec.gpdp.it.