B&B SA DOMU DI TEDDE GIOVANNA, headquartered at Via Liguria 6, 09032 Assemini (CA), Italy, Fiscal Code TDDGNN67D67F205I and VAT N° 03766150928, in the person of the owner and collaborators, is committed to the care and confidentiality of your personal data. In order to provide its services in the best possible way and at the same time comply with civil and tax obligations, it is necessary to collect certain data, which are gathered from the data subject either directly or through requests made via the website, social media, email, phone, and WhatsApp.

All your data is processed in accordance with European Regulation 679/2016 (“GDPR”) and Legislative Decree 101/2018 concerning the protection of personal data.

TYPES OF DATA PROCESSED (What data is processed)

B&B SA DOMU DI TEDDE GIOVANNA is the data controller of its customers’ and collaborators’ personal data, which may include:

• Business Name/Surname and First Name

• Date of Birth

• Tax Code and other identification numbers

• Bank Details

• Address

• Email Address

• Phone Number

• Personal Identification Document

SOURCE OF DATA (Where the processed data comes from)

The data is collected directly from the data subject or from third parties, meaning from entities to whom explicit consent has been given for the processing and communication of data.

PURPOSE OF PROCESSING (Why the data is processed)

The processing of data is carried out by the Data Controller in the performance of its economic and commercial activities for related purposes such as:

• Customer management

• Service provision

• Fulfillment of tax and accounting obligations

The legal basis for processing is:

1. Processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject.

2. The data subject has given consent to the processing of their personal data for a specific purpose.

3. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

NECESSITY OF DATA PROVISION (What happens if data is not provided)

Providing data is mandatory only for data whose processing is required by law. However, the provision of the data subject’s information may be necessary, and without it, it may not be possible to perform the requested services and fulfill the obligations arising from such services.

DATA PROCESSING METHODS (How data is processed)

Data will be processed by the Data Controller using electronic and manual systems in accordance with the principles of fairness, lawfulness, and transparency provided by applicable personal data protection regulations. The confidentiality of the data subject will be safeguarded through technical and organizational security measures to ensure an adequate level of security.

DATA RETENTION (How long data is stored)

Data will be stored in compliance with applicable personal data protection regulations for the period necessary to fulfill the purposes outlined above. In the case of a contractual relationship, only the personal data required to meet civil and tax obligations will be retained for the duration of the contract and in accordance with these obligations (e.g., civil law requires invoices and business documents to be kept for at least 10 years). Personal data collected for legitimate interest purposes will be retained until such interest is satisfied (e.g., legal protection).

DATA DISCLOSURE, DISSEMINATION, AND TRANSFER (Who the data is shared with)

Data will be processed, within the necessary limits, by authorized personnel who have been properly trained, as well as by third-party personnel providing services to the Data Controller and processing data on its behalf and instruction as data processors. In general, in the course of its business activities, data may be disclosed to entities performing control, audit, and certification activities, consultants, and freelancers providing tax and legal assistance, and in case of corporate transactions requiring the evaluation of business assets. Data may also be disclosed to public authorities and entities authorized by law to receive such information, as well as to Italian and foreign judicial authorities for compliance with legal obligations or for the fulfillment of contractual obligations, including legal defense needs. Contact data may be occasionally disclosed to clients and/or suppliers of the Data Controller when collaboration with such parties is required for service provision.

PROFILING AND/OR AUTOMATED PROCESSING

Data processing does not involve any profiling or automated processing activities.

DATA SUBJECT RIGHTS (What rights can be exercised)

The data subject may exercise the rights provided under GDPR (Articles 15-21), including:

• Receiving confirmation of the existence of data and accessing its content (right of access);

• Updating, modifying, and/or correcting data (right of rectification);

• Requesting deletion or restriction of data processing that violates the law, including data no longer necessary for the purposes for which it was collected or otherwise processed (right to erasure and right to restriction);

• Objecting to processing (right to object);

• Filing a complaint with the Data Protection Authority (www.garanteprivacy.it) in case of a violation of data protection regulations;

• Receiving a copy in electronic format of data concerning them, when such data has been provided in the context of a contract, and requesting that such data be transmitted to another data controller (right to data portability).

To exercise these rights, the data subject may contact the Data Controller by sending a communication to: B&B SA DOMU DI TEDDE GIOVANNA, Via Liguria 6, 09032 Assemini (CA), Italy, or via email at info@sadomu.it. When contacting us, the data subject must ensure to include their name, email/postal address, and/or phone number to ensure proper handling of their request.CF