(pursuant to EU Regulation 2016/679 – GDPR)

1. Data Controller
The Data Controller is:
GRETA S.R.L.
Registered office: Via Bissolati 10 – Italy
Operational headquarters: Via Gabriele Rossetti 12, 47921 Rimini (RN)
VAT number: 02068501200
Email: info@riminibayresidence.com
The Data Controller has not appointed a Data Protection Officer (DPO).

2. Type of data processed
Through the website www.riminibayresidence.com,
the following personal data may be processed:
Name and surname
Email address
Phone number
Data relating to booking requests (date of stay, number of guests, room type)
Data entered voluntarily in the contact form
Browsing data (IP address, logs, anonymous technical and statistical data)

3. Purpose of processing
Personal data is processed for the following purposes:
Management of information requests
Management of reservations and requested services
Management of the contractual relationship with the customer
Fulfillment of legal and tax obligations
Sending of informational and promotional communications (with prior consent)
Marketing and remarketing activities through advertising platforms
Aggregate and anonymous statistical analysis of website traffic

4. Legal basis for processing
Data processing is based on the following legal bases:
Performance of a contract or pre-contractual measures
Fulfillment of contractual obligations Law
Express consent of the data subject, where required
Legitimate interest of the Data Controller (site security, anonymous statistics)

5. Processing Methods
Data is processed using computerized and electronic means, in compliance with the principles of fairness, lawfulness, transparency, and data minimization, adopting appropriate security measures to protect data confidentiality.

6. Data Provision
Providing data is optional; however, failure to provide it may make it impossible to provide the requested services or respond to user requests.

7. Data Retention
Personal data is retained for the time necessary to achieve the purposes for which it was collected and, in any case, in compliance with the terms established by applicable legislation.

8. Data Recipients
Personal data may be disclosed to:
Technical and IT service providers
Booking management software and booking systems (e.g., Quovai)
Marketing and advertising service providers (Google, Meta)
Hosting provider (Register.it)

All parties process the data as Data Processors or independent Data Controllers, in compliance with applicable legislation.

9. Data Transfer to Countries Outside the EU
Some data may be transferred to countries outside the European Union (particularly to the United States) through services provided by Google and Meta.
Such transfers are carried out in compliance with the guarantees provided by the GDPR, including the Standard Contractual Clauses approved by the European Commission.

10. Rights of the Data Subject
The user may exercise the rights provided for in Articles 15–22 of the GDPR at any time, including:
Access to personal data
Rectification or erasure of data
Restriction of processing
Objection to processing
Data portability
Requests can be sent to the Data Controller via email.

11. Updates
This Privacy Policy may be subject to updates. The user is encouraged to consult it periodically.