Dear Applicant,
the protection of your personal data is important to us. According to Art. 13 of the EU General Data Protection Regulation (GDPR), we are obliged to inform you about the purpose for which we collect, store or forward your data. The information can also tell you what rights you have in terms of data protection.

The person responsible for data processing is:
Hotel Post - Kronplatz Touristik LLC
Graben 9 - 39031 Bruneck
T. +39 0474 834 001
info@hotelpost-bruneck.com

Pursuant to G.v.D. No. 196/2003, G.v.D. No. 101/2018, as well as Articles 13, 14 as well as 21 of the EU Regulation 2016/679 (General Data Protection Regulation), the following data, among others, may be subject to processing:

Personal data such as:
• Anagraphic data (e.g. name, address, contact details, educational and professional career - contained in your CV).
• Anagraphic data of family members (possibly included in your curriculum vitae)
• Photo (possibly included in your resume)

Processing Purpose:
The acquisition and processing of this data is aimed solely at processing your application internally. The provision of the data is voluntary, however, if you do not provide the data, we will not be able to consider you in the application process.

Recipients to whom the personal data may be disclosed
Your data will not be transferred to third parties and not to the EU country. Profiling and automated decisions are not used.

The legal basis for these data processing operations:
• Art. 6 b) DSGVO: processing is necessary for the performance of a contract to which the data subject is party or in order to take pre-contractual measures at the data subject's request.

The duration of storage:
Your application documents will be kept for a maximum of 2 years.

Your rights:
The data subject shall have the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she shall have the right to obtain access to such personal data and to the information specified in Article 15 of the GDPR.
The data subject shall have the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
The data subject has the right to request the controller to delete personal data concerning him or her without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes pursued ( right to erasure).
The data subject has the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to the processing, for the duration of the controller's review.
The data subject has the right to receive the personal data concerning him or her that he or she has provided to a controller in a structured, commonly used and machine-readable format, and he or she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, under certain circumstances. (Right to data portability Art. 20 DSGVO).
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her. The controller may then no longer use this personal data, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defense of legal claims (Article 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her residence, place of work or the place of the alleged infringement. In Italy, the competent supervisory authority is: “Garante per la protezione dei dati personali”

You can exercise your rights at the above addresses.