In compliance with Section 13 of Legislative Decree no. 196 of 30 June 2003 (Italian Personal Data Protection Code)

PURPOSES AND MODALITIES OF DATA PROCESSING

Data transmitted will be stored and treated with the guarantees of security and secrecy as determined in the Legislative Decree no. 196 of 30 June 2003 and will be used by HOTELTURIST SPA for the following purposes:

· To send catalogs and pricelists;

· Marketing and advertising;

· To send informative and promotional material;

· Communication of your data to other operators controlled by, connected to or affiliated to the Tivigest Hotels & Resorts trademark in the tourist/hotel field that will use them for the same purposes.

· To allow the gathering of data on tastes and habits in order to define client profiles related to consumer preferences and choices, for a better personalization of hotel services.

The Data Subject however is invited not to provide sensitive data as per Section 4, letter D) of Legislative Decree no. 196/03, either theirs or of others, without having beforehand given their consent to their treatment according to the law.

The processing of personal data can be performed manually and with electronic and computer systems, and stored both on digital media and paper, and on any other suitable media, in compliance with the relevant regulations in force and respecting the minimum security measures.

The data will, however, in no way and for no reason be transferred or yielded to third parties, without the data subject's prior and express approval. The data will be stored for the period strictly necessary to pursue the above purposes, and however no longer than 5 years.

NATURE OF DATA PROVISION

Data provision is voluntary, but that data is however necessary to make the supply of the above service possible. With the declared reading the Data Subject agrees to the processing of the data contained therein according to the modalities explained in the preceding paragraph.

RIGHTS OF THE DATA SUBJECT

A data subject can at any time exercise the rights as per Section 7 of Legislative Decree no. 196 of 30 June 2003, among which are the updating, rectification, integration, confirmation or cancellation of the data stored, by the following means:

- sending an e-mail to space@tivigest.com;

- sending a fax to +39.049.8033785.

DATA CONTROLLER AND DATA STORAGE LOCATION

The data controller is Winterreise sagl - Viale Verbano, 7 - 6602 Muralto (Switzerland)

All the data that make up this website, that are communicated electronically and the browsing data are stored on servers of the company Linkness of Chirignago (VE, Italy).

Section 13 of Legislative Decree no. 196 of 30 June 2003 (Information to Data Subjects)

1. The data subject as well as any entity from whom or which personal data are collected shall be preliminarily informed, either orally or in writing, as to:

a) the purposes and modalities of the processing for which the data are intended;

b) the obligatory or voluntary nature of providing the requested data;

c) the consequences if (s)he fails to reply;

d) the entities or categories of entity to whom or which the data may be communicated, or who/which may get to know the data in their capacity as data processors or persons in charge of the processing, and the scope of dissemination of said data;

e) the rights as per Section 7;

f) the identification data concerning the data controller and, where designated, the data controller’s representative in the State’s territory pursuant to Section 5 and the data processor. If several data processors have been designated by the data controller, at least one among them shall be referred to and either the site on the communications network or the mechanisms for easily accessing the updated list of data processors shall be specified. If a data processor has been designated to provide responses to data subjects in case the rights as per Section 7 are exercised, such data processor shall be referred to.

2. The information as per paragraph 1 shall also contain the items referred to in specific provisions of this Code and may fail to include certain items if the latter are already known to the entity providing the data or their knowledge may concretely impair supervisory or control activities carried out by public bodies for purposes related to defense or State security, or else for the prevention, suppression or detection of offences.

3. The Garante may issue a provision to set out simplified information arrangements as regards, in particular, telephone services providing assistance and information to the public.

4. Whenever the personal data are not collected from the data subject, the information as per paragraph 1, also including the categories of processed data, shall be provided to the data subject at the time of recording such data or, if their communication is envisaged, no later than when the data are first communicated.

5. Paragraph 4 shall not apply

a) if the data are processed in compliance with an obligation imposed by a law, regulations or Community legislation;

b) if the data are processed either for carrying out the investigations by defense counsel as per Act no. 397 of 07.12.2000 or to establish or defend a legal claim, provided that the data are processed exclusively for said purposes and for no longer than is necessary therefore;

c) if the provision of information to the data subject involves an effort that is declared by the Garante to be manifestly disproportionate compared with the right to be protected, in which case the Garante shall lay down suitable measures, if any, or if it proves impossible in the opinion of the Garante.

Section 7 of Legislative Decree no. 196 of 30 June 2003 (Right to access personal data and other rights)

1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.

2. A data subject shall have the right to be informed

a) of the source of the personal data;

b) of the purposes and methods of the processing;

c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;

d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);

e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.

3. A data subject shall have the right to obtain

a) updating, rectification or, where interested therein, integration of the data;

b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;

c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

4. A data subject shall have the right to object, in whole or in part,

a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;

b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.