Information on the processing of personal data of consultants and other external professionals to whom we have given professional assignments and conceptual activities

Privacy regulations stipulate that before collecting their personal data people should be informed in a simple, accessible and transparent way. For our company, the protection of personal data and the protection of people\s rights are matters of paramount importance.

Should you need further information regarding the meaning of "personal data", what is meant by "processing of personal data," or regarding the terminology used in this policy, we have prepared a special in-depth page with the main definitions of privacy.

In connection with the assignment given by our company, we will collect (or have been provided to us by you) some of your data, such as your first and family name, contact details and possibly other references related to your business. Some of this information qualifies as personal data.

Therefore, in order to follow up on the activities contracted or conferred to you, we will process your common personal data to the minimum extent necessary for the proper performance of the contracted activities. At present we do not need to process your special (formerly “sensitive”) personal data.

We will process your personal data in a legitimate manner, relying on some of the legal bases provided by the data protection legislation:

1. in order to fulfill pre-contractual or contractual obligations, in the specific case to perform the activities which are related to your professional task or conferred activity;
2. in connection with legal obligations, in the event that such data must be processed in order to comply with regulations or respond to requests from state bodies or other competent authorities;
3. for our legitimate interest, such as in the event that we need to take legal action or protect our company against third parties, etc.

The provision of your personal data for the above listed purposes is obviously necessary; in their absence it will not be possible to carry on the conferred assignment or activity.

As specified in the preceding paragraph, the processing of personal data - of the types and for the purposes expressed in this notice - is not based on the legal basis of consent, so it is not necessary to obtain it.

We process your data in a transparent, lawful and fair manner, adopting proven processing procedures and appropriate security measures aimed at protecting the data received. The processing is carried out mainly with computerized tools, adopting appropriate organizational methods and with logics strictly related to the purposes indicated herein.

Your personal data may be made accessible:

• to our employees and/or collaborators, specially trained and entrusted with the processing;
• to other organizations that are part of our group, should this be necessary to fully implement agreements, contracts and obligations;
• to other qualified individuals who, after appointment as data processors, carry out specific outsourced processing activities necessary to pursue the purposes previously indicated;
• to PS agents and officials of Public Authorities, should requests to that effect be received.

Please note that your personal data might sometimes be present in our business documents, in case this is made necessary to fulfill the activities and the tasks carried on in our company. Your personal data may be processed by us only for the purposes indicated in this notice; it will never be disseminated or given to non-entitled third parties.

Your personal data will be processed by this Data Controller or by our specially appointed Data Processors mainly within the European Union; if for technical and/or operational issues, it becomes necessary to use entities located outside the European Union, we will take care to stipulate appropriate contractual clauses (or have them stipulated), in order to obtain a level of protection comparable to that guaranteed by EU Regulation 679/2016.

Your personal data will be processed by us for the minimum period necessary for the conclusion of the purposes previously expressed; thereafter they will be deleted, except if they must be kept for legal or regulatory obligations; in general, tax documents and their supporting documents must be kept for 10 years.

The RGPD grants -- to data subjects -- the rights set forth in Articles 15 et seq.; in particular:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to portability of personal data;
• the right to be forgotten.

Further information on these rights is also available at the specific in-depth study on the rights of data subjects available on the website of the Data Protection Authority.

The exercise of these rights can also be simply made by an e-mail communication to the appropriate address privacy@vrbookings.com. In any case, in accordance with Article 77 of the Regulations, you are granted the right to lodge a complaint with the National Data Protection Authority if you believe that the processing of your personal data is taking place in violation of the applicable legislation.

The Data Controller has designated a Data Protection Officer (abbreviated DPO or RPD), whom you may contact if you have any questions regarding the protection of your personal data; he can be reached directly at: dpo@vrbookings.com.

Data Controller

The Data Controller is Trading Estate Service s.r.l. with headquarters at Via Ettore Majorana n. 11/E int.2 - 52025 - Montevarchi (AR) - Phone 055/5351364 - info@vrbookings.com.