Art. 13 of EU Regulation 679/2016 – General Data Protection Regulation – GDPR

Data Controller
The data controller is Code Blue Italy Srl, with its registered office in Italy, Via Stresa 6, 20125 Milan (MI), with tax code and VAT number 13836020969, registered with the Milan Companies Register, R.E.A. No. 2746377 (hereinafter also referred to as "Controller" or "Codeblue").

Data Protection Officer (DPO)
The Data Protection Officer of the Property can be contacted at the email address [dpo@codeblueitaly.it](mailto:dpo@codeblueitaly.it).

1. Purpose of processing
The purpose of the processing is to respond to information requests made through the page (LINK DATA PROTECTION).

2. Legal basis of processing
The legal basis that legitimizes the processing of personal data indicated and described in section 4 of this information notice is the execution of the contract to which you are a party.

3. Period of personal data retention
Personal data will be processed by Codeblue exclusively for the time strictly necessary to fulfill your requests and/or questions. Once the request has been fulfilled, Codeblue does not save personal data anywhere (online or offline).

4. Categories of personal data processed
The content of the requests that you can make through the page (LINK DATA PROTECTION) must be limited exclusively to commercial and/or business requests. Therefore, the content of the requests should never contain categories of "special data" but only "common data" such as contact phone numbers (if necessary), which you have voluntarily provided to Codeblue. We also inform you that personal data is collected directly from the data subject, therefore directly provided by you.

5. Obligation to provide data
We inform you from the outset that providing the personal data indicated in the previous point is optional, but refusal to provide them will make it impossible to receive information from Codeblue.

6. Data recipients
Data may be processed by external parties acting as independent controllers such as, for example, authorities and supervisory and control bodies and, in general, public or private entities entitled to request data. Data may also be processed, on behalf of Codeblue, by external parties designated as processors, pursuant to art. 28 of the GDPR, to whom appropriate operational instructions are given.

7. Authorized data processors
Data may be processed by employees of Codeblue's corporate functions and appointed processors, responsible for pursuing the above-mentioned purposes, who have been expressly authorized to process and have received appropriate operational instructions.

8. Your rights as a data subject - complaint to the supervisory authority
By contacting Codeblue at the address [privacy@codeblueitaly.it](mailto:privacy@codeblueitaly.it), you can request access to your data, their deletion, correction, and integration of inaccurate or incomplete data, restriction of processing in the cases provided for by art. 18 of the GDPR, objection to processing in cases of legitimate interest of Codeblue, if the processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and, if technically feasible, to transmit them to another controller without hindrance. In the cases provided for by art. 22 of the GDPR, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. You also have the right to lodge a complaint with the competent supervisory authority in the Member State where you usually reside or work or in the State where the alleged violation occurred.

9. Transfer to non-EU countries
Personal data will be processed within the European Union. If, in order to pursue the purposes of the processing, personal data is transferred to non-European countries, Codeblue will adopt appropriate safeguards for the transfer as provided by law.