Information on the processing of personal data of employees-representatives-collaborators of other organizations with whom we interact in the course of our business activities

What is the purpose of this document?

Privacy regulations stipulate that before collecting their personal data people should be informed in a simple, accessible and transparent way. For our company, the protection of personal data and the protection of people's rights are matters of paramount importance.

Should you need further information regarding the meaning of "personal data", what is meant by "processing of personal data," or regarding the terminology used in this policy, we have prepared a special in-depth page with the main definitions of privacy.

Personal data processed

In interactions between our organisations, e.g. for telephone calls, video conferences, sending e-mails or providing your references in offers and company documents, we will collect (or have been provided to us by you) your contact details and possibly other references relating to your position or role with your business. Some of this information qualifies as personal data.

Therefore, in order to follow up the activities contracted with your organisation, we will process some of your common personal data (e.g. first name, surname, e-mail, company role, unless other), to the minimum extent necessary for the proper performance of activities.

Purposes of processing and their legal bases

We will process your personal data in a legitimate manner, relying on some of the legal bases provided by the data protection legislation:

1. to fulfil pre-contractual or contractual obligations, in this case to interact - through you - with your company or in connection with your corporate role;
2. in connection with legal obligations, in the event that such data must be processed in order to comply with regulations or respond to requests from state bodies or other competent authorities;
3. for our legitimate interest, such as in the event that we need to take legal action or protect our company against third parties, etc.

Provision of data and causes for refusal

The provision of your personal data, for the purposes expressed above, is of course necessary; without them we could not interact with your company - through you - or relate to your company function.

As specified in the preceding paragraph, the processing of personal data - of the types and for the purposes expressed in this notice - is not based on the legal basis of consent, so it is not necessary to obtain it.

Processing methods and security measures

We process your data in a transparent, lawful and fair manner, adopting proven processing procedures and appropriate security measures aimed at protecting the data received. The processing is carried out mainly with computerized tools, adopting appropriate organizational methods and with logics strictly related to the purposes indicated herein.

Access to your personal data and communication to third parties

Your personal data may be made accessible:

• to our employees and/or collaborators, specially trained and entrusted with the processing;
• to other organizations that are part of our group, should this be necessary to fully implement agreements, contracts and obligations;
• to other qualified individuals who, after appointment as data processors, carry out specific outsourced processing activities necessary to pursue the purposes previously indicated;

Please note that sometimes your personal data may be present in company documents, such as - for instance - in the case of offers or contracts for which you act as company contact person. Your personal data may be processed by us only for the purposes indicated in this notice; it will never be disseminated or given to non-entitled third parties.

Place of processing

Your personal data will be processed by this Data Controller or by our specially appointed Data Processors mainly within the European Union; if for technical and/or operational issues, it becomes necessary to use entities located outside the European Union, we will take care to stipulate appropriate contractual clauses (or have them stipulated), in order to obtain a level of protection comparable to that guaranteed by EU Regulation 679/2016.

Retention times

Your personal data will be processed by us for the minimum period necessary for the conclusion of the purposes previously expressed; thereafter they will be deleted, except if they must be kept for legal or regulatory obligations; in general, tax documents and their supporting documents must be kept for 10 years.

Your rights

The RGPD grants -- to data subjects -- the rights set forth in Articles 15 et seq.; in particular:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to portability of personal data;
• the right to be forgotten.

Further information on these rights is also available at the specific in-depth study on the rights of data subjects available on the website of the Data Protection Authority.

The exercise of these rights can also be simply made by an e-mail communication to the appropriate address privacy@vrbookings.com. In any case, in accordance with Article 77 of the Regulations, you are granted the right to lodge a complaint with the National Data Protection Authority, if you believe that the processing of your personal data is taking place in violation of the applicable legislation.

Data Protection Officer

The Data Controller has designated a Data Protection Officer (abbreviated DPO or RPD), whom you may contact if you have any questions regarding the protection of your personal data; he can be reached directly at: dpo@vrbookings.com.

Data Controller

The Data Controller is Trading Estate Service s.r.l. with headquarters at Via Ettore Majorana n. 11/E int.2 - 52025 - Montevarchi (AR) - Phone +39 055/5351364 - info@vrbookings.com.