THE PERSONAL DATA PROCESSING  European Regulation n. 679/2016  Articles 13-14 General Data Protection Regulation (GDPR) – Legislative Decree n. 101   10/08/2018

Dear user/customer,

In compliance with the European Regulation n.679/2016 (in acronym GDPR), we would like to inform you that the personal data, from you provided or from us acquired during our activities, that we need to execute the services we offer you, will be treated in the respect of the current privacy policy regulations and principles of  correctness,  lawfulness, transparency , protection of your privacy and rights.

The data controller is SPERLONGA TURISMO SOCIETA' COOPERATIVA CONSORTILE A R.L. – VAT no.02207400595.  On behalf of LA ROCCA LEONE ARMANDO , Legal representative, who is the responsible for the legitimate and correct use of your personal data and that you may contact for any information or request to the following contact details:
Address: Piazza Fontana, 1 - 04029 SPERLONGA (LT)
CEM (certified email):

Data Processing Purposes 

We collect and treat your personal data for the following processing purposes described hereby, together with the law references:




To carry out activities with the customer on the basis of pre-contractual agreements or  agreements;
For administrative, fiscal, accounting purposes and  to fulfil legal obligations


By way of example and not exhaustive: names, fiscal code,
Vat number, e-mail address, phone or mobile numbers and other personal identification data .

European General Data Protection Regulation, (in force since 24th  May 2016) GDPR  2016/679 Art. 6 letters b – c.

To send you promotional emails, letters or phone messages about our products and services


By way of example and not exhaustive: names, fiscal code,
Vat number, e-mail address, phone or mobile numbers and other personal identification data .

European General Data Protection Regulation, (in force since 24th  May 2016) GDPR  2016/679 Art. 7




Concerning the processing of your personal data, as informed herewith, in any moment You’re entitled to express:

  • Right of Access (EU Regulation n. 2016 /679 – Art. 15)
  • Right of Rectification (EU Regulation n. 2016 /679 – Art. 16)
  • Right to Erasure (EU Regulation n. 2016 /679 – Art. 17)
  • Right to restrict processing (EU Regulation n. 2016 /679 – Art. 17)
  • Right to data portability , as the right to request a copy of their personal data from the data controller. This data should be provided in a format that allows them to transfer it to another data controller, without impediment.(EU Regulation n. 2016 /679 – Art. 20)
  • Right to object (EU Regulation n. 2016 /679 – Art. 21)
  • Right of Withdrawing your consent to the treatment: if you withdraw your consent, our use of your personal data prior to your withdrawal remains lawful. (EU Regulation n. 2016 /679 – Art. 7 par. 3)
  • Right of complaint to the following Control Body: Personal Data Protection Guarantor


On the other hand, you have a legal obligation to provide your  personal data as required by the law, otherwise you shall be subject to penalties, in accordance with the current legislation regarding data processing.

Data processing procedures

We are committed to ensuring that Your data will be treated according to the principles of correctness, lawfulness, transparency and data minimization (privacy by design). The data processing will be performed also through computerized systems designed to store, manage and transmit the data. We will use instruments  that guarantee, moreover, security and confidentiality, the integrity of systems and services, avoiding the risk to loose accidently, destroy or misuse data and  reasonable measures must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are  promptly erased or rectified, according to the art. 32 GDPR 2016/679.

Communication of data to third parties and other categories of recipients art.13,  1st par. GDPR

Personal data are communicated by the data controller mainly to third parties and/or subjects  who are involved in the activities or services concerning the established relationship to meet such legal obligations such as :
-  All the people authorised by the personal data controller, carrying out necessary activities closely related to the provision of services;
- To third party companies or other private or public parties, collaborators like employees, professionals, services providers from bodies or associations, firms for the protection of contractual rights and credit recovery;
- Credit institutions or digital payment, Banks (for the management of receipts and payments, reimbursements for contractual services);
-  E –mail service providers ( servers for email – sending)
- Subjects, bodies or competent authorities to whom we are obliged to communicate personal data to fulfil legal obligations, to prevent violations or frauds;
- Security and Legal authorities, Tax authorities, (on specific request) and other bodies for legal purposes;
- IT services companies
- Non-economic Public bodies  (Interchange system) 
Moreover, Your data may be made accessible to employees and/or external partners of the Data Controller as persons in charge of and/or responsible for internal processing for the performance of the purposes above.

The management and storage of your personal data will take place on servers located within the European Union and/ or  non-EU countries of the data controller and / or its appointed third party companies.  
In such cases, the Holder hereby ensures that the transfer of non-EU data will be carried out in accordance with the applicable legal provisions by stipulating, if necessary, the agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the GDPR ( in particular contractual clauses which provide an adequate level of data protection approved by the EU Commission) or besides the hypothesis above mentioned, by referring to the derogations provided in the GDPR ( in particular, according to the customer/user’s express consent or according to the execution of the agreement concluded by the customer/user). Third party companies are duly appointed as Responsible for Data Processing. 

The data controller will process your personal data for the time necessary to fulfil the above purposes and  , in any case, for no longer than the terms defined by current law regulation. The data collected for fiscal purposes will be stored until the verifications on the correspondent tax years won’t be defined, that means for at least 10 years and more, if the tax year is not still required for fiscal purposes. At the moment of the expiring date, your data will be erased or anonymised  , except for the fulfilment of other purposes (eg. Guarantee supply obligations, tax obligations) art. 5 GDPR.

SPERLONGA, 30/09/2023