Privacy Policy del sito Web https://www. operasuitehotel.com 

Informativa Privacy

This Privacy Notice is issued pursuant to Articles 12, 13 and 14 of EU Regulation 2016/679 GDPR and is addressed to users of the website.

The following applies exclusively to the websites, Apps, social profiles and services whose domains or properties are registered to or attributable to the publisher ARENGEST s.r.l., in particular to the domain operasuitehotel.com and to all third-level domains connected to it.

The processing of your personal data will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimisation, accuracy, integrity and confidentiality.

1 WHO IS THIS DOCUMENT INTENDED FOR?

This Privacy Notice, hereinafter referred to as the “Policy”, provided pursuant to Articles 13 and 14 of Regulation (EU) No. 679 of 27 April 2016, the so-called “GDPR”, is intended to explain how ARENGEST s.r.l. , hereinafter also referred to as the “Company” or simply “ARENGEST”, processes the personal data collected when users use the applications and services offered through this website.

2 HOW CAN YOU CONTACT US?

ARENGEST s.r.l. , as Data Controller, is responsible towards users for any questions, doubts or complaints regarding this Policy or the processing of personal data. As a website user and “data subject”, should you need any clarification regarding the processing of your personal data, please contact us using the following details:

ARENGEST s.r.l.

Registered office: Strada di Montefeltro no. 51 – 61122 Pesaro (PU)
Operating office: Viale Trieste no. 351 – 61122 Pesaro (PU)
VAT no. 02631770415 – Tax Code: 02631770415 – REA Code: PS – 197268
Certified e-mail: arengest@legalmail.it
Phone +39 0165.864111
e-mail: info@operasuitehotel.it

3 WHY ARE WE ALLOWED TO PROCESS YOUR DATA?

The processing of your personal data is lawful only if there is a valid legal basis pursuant to the GDPR. For the processing activities covered by this Privacy Notice, the following legal bases are used:

  • Consent – Article 6.1 letter a) of the GDPR You have given your consent to the processing of your personal data for one or more specific purposes.
  • Contract – Article 6.1 letter b) of the GDPR The processing is necessary for the performance of a contract to which you are party or in order to take pre-contractual steps at your request.
  • Legal obligation – Article 6.1 letter c) of the GDPR The processing is necessary to comply with a legal obligation to which you or our company are subject.
  • Legitimate interest – Article 6.1 letter f) of the GDPR The processing is necessary for the pursuit of a legitimate interest of our company or of third parties, provided that your interests, rights or fundamental freedoms do not override it.

4 FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASES?

We process your personal data to offer the best possible experience when you access our website, use our services and interact with us. This includes the following purposes:

4.1 ALLOWING YOU TO BROWSE OUR WEBSITE

When you visit our website, we automatically collect certain information, including your IP address, access data, browser type and version, browser plug-ins, operating system and platform. To collect this data, we use various technologies, including cookies. More information about cookies is available in a specific section of this Policy. If you need further information regarding the processing of your personal data, we invite you to contact us using the information provided above.

  • Method of collection: The data is automatically provided by your browsing devices through Internet communication protocols, such as TCP/IP and UDP.
  • Legal basis: We process this data on the basis of our Legitimate Interest – Article 6.1 letter f) of the GDPR – to provide and improve browsing on our Website, offer efficient and secure web services and seek to ensure the continuous improvement of the browsing experience over time.
  • How long we store the data: We store personal data only for the time necessary to allow you to browse the Website. In particular, some data is stored for the duration of your stay on the Website itself and other data until you decide to delete it by removing technical and functional cookies, such as language settings. For more information on Cookie management, please see our Cookie Policy;

4.2 MANAGING COMMUNICATIONS

We collect your personal data when you communicate with us in person, through our website, by e-mail, by phone or through any other means using the contact information provided through this Website.

  • Method of collection: The data is partly provided automatically within the communication protocol used by the chosen tool and partly provided in the content of the communication.
  • Legal basis: We mainly process this data on the basis of our Legitimate Interest – Article 6.1 letter f) of the GDPR – to respond to requests and manage the necessary communications. However, in some cases we may be required to respond on the basis of specific contractual or legal obligations – Articles 6.1 letters b) and c) of the GDPR.
  • How long we store your data: In responding to contact or support requests that you decide to send us, your personal data is processed only for the time necessary to provide the information and/or assistance you need. The data is deleted 12 months after the last reply we send.

4.3 MANAGING COMMUNICATIONS THROUGH THE WEBSITE

Description of the processing: As a user, you may provide us with your personal data, including data that allows your identification, when you fill in specific forms, so-called “Forms”. These forms are designed to facilitate requests and ensure quick and accurate replies.

  • Method of collection: the data is voluntarily provided when filling in our request or registration Forms. Failure to provide it makes it impossible for us to provide the requested service.
  • Legal basis: The processing is necessary in order to take pre-contractual steps at your request – Article 6.1 letter b) of the GDPR.
  • How long we store YOUR data: We store your personal data on the website only for the time necessary to handle the request.

4.4 PROCESSING OF PERSONAL DATA COLLECTED THROUGH OUR SOCIAL PROFILES

When you follow our social channels, such as Facebook, Instagram, etc., or interact in any way with our social profiles, for example by commenting, sharing, following us or liking our content, we will use your data to interact and communicate with you through our social profile in order to offer products and services and develop our “Brand” through the social channel with which you have interacted. We inform you that the information you voluntarily provide on social profiles, as well as any expressions of interest, will be used exclusively for the analysis and communication purposes declared in this Privacy Notice. Also in order to protect our interests or those of third parties, we reserve the right to request the deletion of comments that are offensive or in breach of any applicable law and, where the conditions are met, to use such comments or posts in order to protect or assert our rights and/or interests in court.

Method of collection: The data is voluntarily provided by you through one of our social profiles.

Legal basis: We process this data on the basis of our Legitimate Interest in promoting our brand through social channels and responding to any requests for information – Article 6.1 letter f) of the GDPR.

How long we store your data: Personal data is processed for as long as the content remains visible on our social profiles or until it is removed by the user, or according to the visibility settings provided by the social network used. Please remember that, for privacy purposes, the social network is an independent data controller of your personal data and, as such, does not operate under our responsibility. The collection and use of the information obtained are governed by the privacy notices of the social network, which we invite you to consult.

4.5 NEWSLETTER AND OTHER DIRECT MARKETING COMMUNICATIONS

We may use the data you provide to send you newsletters or other communications that we believe may be of interest to you. Where required by law, commercial communications will be sent only after obtaining your consent. In any case, we offer you the possibility to unsubscribe from every communication sent.

Description of the service: If you wish to stay updated on our offers and give your consent to receive commercial communications, you must provide certain data such as your name, your e-mail address or other specific data declared from time to time in the registration Form. If you subscribe to our newsletter service, you give us your consent to send automated commercial communications, such as information notes, promotions, etc., to your e-mail address. These communications will never be invasive and will be carried out exclusively for the commercial promotion of our Brand and our products and/or services. You may withdraw your consent to processing for these purposes at any time, free of charge and easily, through the dedicated link found in each of our e-mails or 4

by using the contact information indicated in this Privacy Notice. The effectiveness of the communications sent through the newsletter service is periodically monitored in order to understand your interest in the communications sent. In particular, we monitor correct delivery to your mail server, your interaction with the landing page such as, for example, whether or not you open our newsletters, and the number of openings over time. Monitoring is carried out to understand your interest in our communications and to disable automatic sending if messages are not regularly received or if there is no interaction from you for long periods of time.

Method of collection: The data required to activate the communication service, such as your name and your e-mail address, is voluntarily provided by you in the specific registration Form. Information relating to the delivery of our communication to your mail server is provided automatically by the communication protocol. Data relating to your interaction with the communication service is obtained through specific markers inserted by the newsletter service we use within the landing page.

Legal basis: We process the data automatically provided within the communication protocol and the data obtained from the newsletter management system on the basis of our Legitimate Interest – Article 6.1 letter f) of the GDPR – to send communications tailored to your interests. However, pursuant to Article 130 of Legislative Decree 196/2003, commercial communications carried out automatically or systematically, without the intervention of an operator, may only be sent if the recipient has given consent. We consider this consent equivalent to that provided for by Article 6.1 letter a) of the GDPR and it is managed in the manner established by Article 7 of the GDPR.

How long we store your data: the data will be processed and stored until you decide to withdraw your consent or request its deletion.

5. ONLINE BOOKING CHANNEL THROUGH THE SIMPLE BOOKING PLATFORM.

For the management of online bookings, the Website uses the Simple Booking booking engine platform, accessible through an integrated link on the pages of the Website.

During the booking process, the user is redirected to or interacts with the technological infrastructure of Simple Booking, through which the personal data necessary to manage the booking request and perform the contractual relationship is collected and processed, including, by way of example, personal details, contact details, information about the stay and stated preferences.

The processing of personal data takes place on the basis of the performance of pre-contractual and contractual measures requested by the user pursuant to Article 6, paragraph 1, letter b) of the GDPR. Simple Booking acts as a technology service provider and processes personal data on behalf of the Data Controller, as Data Processor pursuant to Article 28 of the GDPR, on the basis of specific contractual agreements.

For further information on how personal data is processed by the Simple Booking platform, users are invited to consult the relevant privacy notice available on the provider’s website.

6. WEBSITE ADMINISTRATION AND SECURITY

We process your data to administer and keep our Website secure, also in order to ensure its proper functioning, including troubleshooting and understanding any errors encountered during use by you or other users. In addition, we process the data collected on our website to properly maintain, manage and administer the IT systems and services necessary for its operation. We also collect this data through our security systems, such as Antivirus and Firewalls, while you browse our web pages or if you use our services or web applications.

  • Method of collection: The data is partly voluntarily provided through registration for our services and partly acquired automatically through communication protocols and your activity on the pages of the Website.
  • Legal basis: We process this data on the basis of our legitimate interest in administering the Website and ICT systems and ensuring their availability, integrity and confidentiality. – Article 6.1 letter f) of the GDPR.
  • How long we store YOUR data: We store your personal data only for the time necessary to achieve the purposes described above.

7. LEGAL COMMUNICATION OBLIGATIONS

We may process your data in order to make the necessary communications in response to requests that we are legally required to satisfy, to law enforcement agencies or judicial authorities, or in defence of a right.

  • Method of collection: The data is already in our possession as it was collected for other purposes.
  • Legal basis: The processing is necessary to comply with a legal obligation – Article 6.1 letter c) of the GDPR to which our company is subject.
  • How long we store YOUR data: We store your personal data for the time necessary to fulfil our obligations.

At the end of the storage periods indicated above, we may anonymise your personal data and store it in this form indefinitely.

8. WHO MAY PROCESS YOUR PERSONAL DATA

In order to achieve the purposes indicated above, the following parties may have access to your personal data:

a. Our employees and collaborators are adequately trained in the measures for protecting your rights and the security of your data. They act as authorised and competent persons in this field.

b. We collaborate with companies, professional firms and consultants specialised in assistance and/or consultancy. We also involve third parties to ensure the proper functioning of our website and its services. For example, we rely on service providers, cybersecurity experts and other third parties to improve, extend and protect our website and our IT systems. Each external party is carefully assessed in terms of competence and reliability and is contractually bound to ensure a high level of protection of your personal data. These parties act as Data Processors pursuant to Article 28 of the GDPR.

c. We may disclose your data to administrative, institutional or judicial authorities or to other parties for whom disclosure is mandatory by law or necessary for the purposes described in this Privacy Notice. These parties will process the data as independent Data Controllers.

9. COOKIES AND OTHER TECHNOLOGIES

When you browse the pages of our website, we automatically collect data through the use of “cookies”. A cookie is a text file containing small amounts of data that a website can send to the browser, which can then be stored on your computer as a tag that distinguishes your computer but does not identify you. Some of the pages of our Website use cookies to provide you with a better service during 6

subsequent uses of the Website. You can set your browser to receive a notification before receiving a cookie, so that you have the option to decide whether to accept it or not.

Instructions for disabling cookies can be found on the following web pages: Mozilla Firefox Microsoft Edge Google Chrome Opera Apple Safari

For information on the specific cookies used on this Website, we invite you to consult the Website’s Cookie Policy through the dedicated link found at the bottom of all pages of the Website, in the footer.

The installation of technical and functional cookies, necessary for the proper functioning of the Website, takes place on the basis of the legitimate interest of the Data Controller pursuant to Article 6, paragraph 1, letter f) of the GDPR. Any use of non-anonymised analytical cookies or profiling cookies takes place only with the prior consent of the user, expressed through the cookie banner, pursuant to Article 6, paragraph 1, letter a) of the GDPR.

10. WHAT ARE YOUR RIGHTS?

In accordance with applicable law and in the circumstances determined by the legal bases on which your personal data is processed, you may exercise the following rights.

  1. Right of access to personal data. You have the right to obtain confirmation as to whether or not we are processing personal data concerning you and, where that is the case, to obtain access to the personal data processed. You have the right to obtain a copy of the data undergoing processing. This right applies only if it does not adversely affect the rights and freedoms of others. In this regard, please note that in the case of repeated requests, we may charge you a fee based on our administrative costs.

If you have an account, such as access to a reserved catalogue area, you can access your user profile in order to obtain a copy of it and correct, modify or delete inaccurate data. You also have the option to close your Account at any time by writing to info@operasuitehotel.it

  1. Right to rectify, erase or restrict the processing of personal data. If you wish to rectify, erase or restrict the processing of your personal data, we invite you to contact us using the information provided in the relevant section. It is your responsibility to ensure that you provide truthful, accurate and complete data and keep it up to date, for example in your account.
  2. Right to withdraw consent. If you have provided us with your consent to process your data, you may withdraw it at any time.
  3. Right to data portability. If the processing is based on your consent or on a contract and is carried out by electronic means, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another data controller without hindrance from us. Please note that this right does not apply to processing carried out through our website.
  4. Right to object. As a user, you have the right to object to the processing of your data in certain circumstances. For example, you may benefit from this right if the processing is based on our legitimate interests or those of third parties. You may challenge the validity of our legitimate interests; however, we may have the right to continue processing such personal data on the basis of our legitimate interests or where this is relevant in relation to legal action, or where the data is necessary for the establishment, exercise or defence of legal claims. You also have the right to object to the processing of your personal data for direct marketing purposes.
  5. Right not to be subject to automated decision-making.
  6. Right to lodge a complaint with the supervisory authority. Without prejudice to the possibility of contacting our Company to exercise the rights connected to the processing activities we carry out, you may lodge a complaint with the competent independent administrative authority in the Member State of the European Union where you habitually reside, where you work, or where an alleged infringement of the law on the protection of your personal data occurred.
  7. In Italy, you may lodge a complaint with the following supervisory authority:

Italian Data Protection Authority
Switchboard: +39 06.696771
E-mail address: garante@gpdp.it
Certified e-mail address: protocollo@pec.gpdp.it
Website: https://www.garanteprivacy.it

Forms for exercising YOUR rights

To exercise YOUR rights towards the Data Controller, you may use the following form: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924
Please remember that, in order to allow you to exercise YOUR rights, we need to identify you.

11. DATA SECURITY

We have adopted a series of physical, technical and organisational measures to ensure adequate levels of security for the personal data processed under our control, in order to prevent all reasonably foreseeable risks, with particular but not exclusive reference to their destruction, loss, alteration, unauthorised disclosure or accidental or unlawful access.

The data provided is stored and archived on secure servers within the European Economic Area.

12. INTERNATIONAL TRANSFERS

Our personal data processing operations generally take place within the European Economic Area, the “EEA”. However, should your personal data be transferred to countries located outside the European Economic Area, in the absence of adequacy decisions by the European Commission, we will ensure that appropriate safeguards are in place to protect personal data in those countries. Some of the safeguards that may be adopted, where appropriate, include the use of the “Standard Contractual Clauses” (SCCs) established by the European Commission pursuant to Article 46, paragraph 1 of the GDPR, pseudonymisation and, where possible, encryption of the data itself.

The transfer of personal data abroad is often linked to the use of cloud technologies, digital communication systems, security software and IT service protection tools. In these cases, our Company undertakes to use services chosen among operators that guarantee higher standards of security and attention to the protection of personal data. In this regard, we inform you that we use certain ICT services provided by US companies, such as Microsoft 365 and Google, which have joined the EU-US Data Privacy Framework (DPF) (https://www.dataprivacyframework.gov/s/).

13. CHANGES TO THE POLICY

This Privacy Notice may be subject to changes and additions, also as a result of updates to the applicable legislation concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data.

This Privacy Notice is valid as of 05/02/2026 and fully replaces all previous versions.