POLITIQUE DE CONFIDENTIALITÉ

Pursuant to Art. 4(7) of GDPR 2016/679, the Data Controller is the Company S.P.L.I.A. S.p.A. con Registered Office in Castello 4171, 30122 Venezia and administrative offices in Castello 3713, 30122 Venezia.The company’s place of business is at Hotel Londra Palace in Riva degli Schiavoni, Castello 4171, 30122 Venezia.

Pursuant toArt. 28 of the GDPR 2016/679, the Company officially appointed to manage bookings is Relais &Chateaux Enterprise based in Paris (France) 58-60 Rue de Prony

Pursuant to Art. 37 of GDPR 2016/679, SPLIA SPA has officially appointed a Data Protection Officer (DPO),contact e-mail is :privacy@londrapalace.comDPO is at disposal for any information regarding the processing of personal data and exercise of the rights as specified in this notice.

Processing associated with this website’s web services takes place at the offices of the Data Controller and of the Data Processor and is performed only by technical staff appointed to carry out processing.The servers and databases for bookings are located at the offices of the external Data Processor.Using third-party cookies, processing may also take place outside the European community by Google and companies that install third-party profiling cookies. In this regard, please refer to the relevant Cookie Policy. The personal data provided by users who request dispatch of informative material are used for the sole purpose of performing the service or provision requested while some data acquisition forms provide for the possibility of communicating the personal data of the interested party to service providers to comply with to the contract and provide the services requested.

Browsing dataThe computer systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the Internet communication protocols.This information is not collected to be associated with identified data subjects, but by its very nature could,through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URIs (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the user's operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on website use and to check its correct functioning and are deleted immediately after processing. Data could be used as a certain responsibility in the event of hypothetical computer crimes against the website: except for this possibility, at present the data on web contacts do not persist for more than thirty days. Data provided voluntarily by the user

The optional, explicit and voluntary sending of email to the addresses indicated on this website involves the subsequent acquisition of the sender’s email address, which is necessary in order to respond to requests, as well as any other personal data included in the message. Specific summary policies are reported or displayed on the webpages for particular on-demand services.

Personal data are processed using automated tools for the time needed in order to achieve the purposes for which they were collected. Specific security measures are observed to prevent any loss of data, unlawful or improper use and unauthorised access.

The Personal Data you provide through the website will be processed by S.P.L.I.A. S.p.A. for the following purposes:

a)purposes associated with the execution of a contract to which you are a party or the execution of pre-contractual measures adopted as per your request (e.g. request for information via the “Contact Us”section, bookings, participation in special offers, etc.). Consent not necessary;

b)purposes associated with the sending of promotional and marketing materials via email where you are registered as our customer and you have explicitly given your consent to this or on the basis of contacts, registration for the website newsletter, exercise of soft spam. Requires the explicit consent of the data subject or the exercise of a legitimate interest by the Controller (soft spam);

c)purposes of research and strategic analysis of anonymous aggregate data aimed at measuring the website's operation, measuring traffic and assessing its usability and interest in order to make it more functional and better performing; Consent not necessary because it does not constitute processing of personal data;

d)purposes related to compliance with laws and regulations; Consent not required;

e)purposes that are necessary in order to ascertain, exercise or defend a right before the courts or when the courts act in their judicial capacity. Consent not required

Some of your personal data may be transferred to Recipients who may be located outside the European Union. In this case SPLIA SPA ensures that the electronic or paper processing of your personal data by therecipiens is carried out in compliance with the applicable Regulation, who's scope extends theEU. Otherwise transfers are alternatively based on a decision regarding the adequacy or on the Standard Model Clauses approved by the European Commission as well as on observance of the Privacy by Shield principles in the case of transfers to the USA. Further information could be provided by Hotel DPO, e-mail address:privacy@londrapalace.com.

Hotel Londra Palace will process your Personal Data for the time strictly necessary to achieve the purposes indicated in this policy. By way of illustration only, Hotel Londra Palace will process Personal Data for the newsletter service until you decide to cancel the service simply by clicking on a link in the email received. Without prejudice to the above, Hotel Londra Palace will process your Personal Data for the time permitted by Italian law in order to protect its own interests (Art. 2947(1)(3) of the Civil Code). Further information on the period for storing Personal Data and the criteria used to determine this period can be obtained by writing to the Data Controller.

This policy is provided pursuant to Art. 13 of GDPR 2016/679 and can also be used by the company S.P.L.I.A.S.p.A. for job advertisements placed for personnel recruitment on websites or portals not managed by the company directly. The Company will process CVs arriving via email or through third party personnel recruitment companies (job ads placed on portals, etc.) to assess potential candidates in the company or future candidates. Processing is carried out using electronic means except for CVs received by post. Any CVs considered “interesting” will be kept at the company’s offices for 18 months and will be processed in full compliance with the security measures laid down by Article 32 of the GDPR 2016/679. Any CVs that are not relevant and CVs that have been kept for more than 18 months will be deleted/thrown away.

CVs will be kept at the company’s HR office and may be assessed by officially appointed heads of service and will not be communicated to unauthorised third parties. They may be assessed by the Hotel’s department heads who have been appointed to carry out processing (pursuant to Art. 29 and32(4) of the GDPR 2016/679). When preparing your CV, we ask that candidates follow these rules:

•prepare your CV using the European template;

•send your CV in pdf format;

•do not include special categories of personal data in your CV as defined in Art.9 of the GDPR2016/679 (related, in particular, to health, religious beliefs or philosophical or political opinions) that are not relevant to the job opportunity;

•consent to the processing of special categories of personal data concerning health as defined in Art.9 of the GDPR that are relevant to the establishment of an employment relationship (e.g. belonging to a protected group). The company reserves the right to delete/throw away CVs that do not comply with the above requirements. The purpose of processing associated with managing CVs covers activities that are strictly related to the assessment, recruitment or selection of personnel, with the goal of collaboration, temporary or permanent employment, internship or in order for the chosen candidate to prepare their degree thesis at our offices.

Company managing bookings is certified as complying with the Payment Card Industry Data Security Standard (PCI DSS). All information sent to this website, under an SSL session, are encrypted and protected against disclosure to third parties.

The Hotel specifically requires that minors do not use this website and do not send or post information onit. It should be made clear that, if the Hotel inadvertently acquires personal information or any other data belonging to a minor, any disclosure of such information or data to third parties will depend solely on the fact that the minor has used the website and provided personal information without having requested or received the Hotel’s permission.

The company does not carry out any processing based on automated decision-making, including profiling, which produces legal effects or could significantly affect you.

People to whom the personal data refer have the right at any moment to obtain confirmation as to whether or not personal data concerning them are being processed, to know their content and origin, check their accuracy or request their completion, update or rectification (Chapter III, GDPR 2016/679). Pursuant to the same article, you have the right to request the erasure, anonymisation or block of data processed in breach of the law as well as the right to object, on legitimate grounds, to such processing. In compliance with Chapter III of GDPR 2016/679, you have the right, at any time, to request access to yourPersonal Data, their rectification or erasure, to object to such processing, to restrict processing and to obtain data concerning you in a structured, commonly used and machine-readable format and you also have the right to object to profiling and to lodge a complaint with the Supervisory Authority. You also have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. For a full and comprehensive list of the rights you can exercise as data subject, reference is made to Articles 15-23 of the GDPR 2016/679.All requests should be sent by email to: privacy@londrapalace.com or you can contact the Data Processorusing the following contact details: Hotel Londra Palace in Riva Degli Schiavoni 4171, 30122 Venezia, Tel: +39 041 520 0533, Fax: +39 0415225032, certified email: splia@open.legalmail.it

Technical cookies

These cookies are technical in nature and enable the website to function properly. This category includes cookies that are essential for the proper functioning of the website and functional cookies that enable the user to improve their browsing experience through the choices they make (e.g. the choice of language, etc.)

We also use technical cookies to track, in compliance with the legislation in force, the consents provided by users to receive profiling cookies and third party analytics. The use of permanent technical cookies or session cookies (ones that are not stored permanently on the user's computer and are deleted when the browser is closed) is strictly limited to the technical provision of the service requested by the user and to the transmission of session IDs (random numbers generated by the server) that are necessary for secure and efficient navigation of the website and its applications. The technical cookies used by this website do not use other IT technologies that could potentially jeopardise users’ browsing privacy.

Analytical cookies

These cookies help us to understand, through data collected in anonymous and aggregate form, how users interact with our website by providing us with information on the pages visited, the time spent on the website, the type of platform used, the number of clicks on a particular page, any malfunctions, etc.

Statistical cookies

These cookies help the website’s owners to understand how visitors interact with the site by collecting and sending information in anonymous form. We use Google Analytics to collect and analyse information in anonymous form on website use behaviour for statistical purposes without acquiring personal information that identifies the user. How we use these cookies is similar, for all intents and purposes, to technical cookies and therefore your explicit consent is not required.

Profiling cookies

Profiling cookies generate reports on the user’s actions on the website in order to measure the effectiveness of an advert and display advertising targeted towards the user. The intent is to display adverts that are relevant and interesting for the individual user in line with previous browsing experience in a way that “follows” the user even after they leave the website. We reserve to do remarketing in order to post ads to promote our services addressed only to persons who visited our website before. The intent is to display adverts that are relevant and interesting for the individual user in line with previous browsing experience in a way that “follows” the user even after they leave the booking platform integrated in our website.

3. List of cookies used on this website

First party technical cookies are instrumental and essential for the proper functioning of the website. In line with European legislation on cookies, we use a technical cookie to track the user’s consent to the use of third party and profiling cookies.

Expiration : At the end of the browsing session-Google Analytics

Google Analytics helps website owners to understand how visitors interact with their website content(pages visited, browsing time, etc.) by providing useful statistics in order to optimise and improve website browsing without identifying the person browsing. These cookies are used in order to collect information in anonymous and aggregate form about the number of users and how they browse the website.We use these cookies in anonymous form, anonymising the user’s IP address, and such data are not cross-referenced with third parties.

Expiration_utma-2 years_utmt-10 minutes_utmb-30 minutes_utmc-until the session is ended_utmz-6 months_utmv-2 years

Google Analytics’ Privacy Policy

http://www.google.com/intl/it_ALL/analytics/learn/privacy.html

Google stores a cookie on the user's terminal that records the visit made to show the user advertisements for related products through the search engine and the network of third-party publishers affiliated with Google xpiration : ads/ga : at the end of the session collect : at the end of the sessionLink : https://www.google.it7adwords/

https://www.google.com/policies/technologies/types

cookie used by Microsoft to track user behaviour and preferences while browsing

Expiration : 365 days

Link :https://ads.microsoft.com

Google Tag Manager

Tags are small parts of website code which enable us to analyse visitor traffic and behaviour, check the effectiveness of online advertising and social channels, use remarketing and targeting to the public and to test or optimise the website.

Doubleclick is an advertising platform that connects advertisers, media centres, creative agencies with publishers around the world to create, manage and develop digital advertising campaigns. Used by Google, DoubleClick to record and produce reports on user actions on the site in order to measure the effectiveness of an advertisement and allow us to do remarketing by presenting targeted advertising to the user.

https: //www.google.com/policises/technologies/types

How Google uses cookies

https://support.google.vom/dfp_premium/answer/2839090?hl=en4

How can I disable cookies?

For more information about cookies and to manage your preferences with regard to third party profiling cookies, please visit http://www.youronlinechoices.com

The cookies we use enable us to improve our website and provide a more personalised service to our users.If you do not want to enable cookies, you can change your browser’s settings. Your browser’s Help feature will explain how to do this. You can also visit www.aboutcookies.org, which contains all the information you need on how to manage cookies across a wide range of browsers. Most browsers accept cookies automatically but you can also choose not to accept or to limit their use. Disabling cookies can cause problems when browsing the website or could limit your use of all the website services (e.g. bookings, etc.). To remove cookies, you can follow the instructions on the specific pages of the various browsers:

•If you use FirefoxIn the browser’s “Tools” menu, click on “Options”, then select the “Privacy”tab. De-select “Accept cookies”and click on OK.

•If you use SafariIn the Safari browser, select the “Edit” menu and choose “Preferences”. Click on “Privacy”. Select the“Always block” out of the “Cookies and website data” options and click on OK.

•If You use Google ChromeClick on the Chrome menu in the browser’s toolbar. Select “Settings''. Click on “Show Advanced Settings”.In the “Privacy” section, click on the “Content Settings” button. In the “Cookies” section, select “Do not allow sites to memorise data” and “Block third-party cookies and site data” and then click on OK.

•If you use any other browser, look for the cookie management procedure in Settings.

The Privacy & Cookie Policy was updated on10.9.2019 (previous revision on 24-5-2018 & 15-6-2019) and may be revised again in the future.