GDPR Compliance

Last updated: February 1, 2026

The Badia Renaissance is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data of individuals in the European Economic Area (EEA).

Data Controller

The Badia Renaissance is the data controller responsible for your personal data. Our contact details are:

The Badia Renaissance
Badia De Campalone, Tuscany, Italy

Email: privacy@badiarenaissance.com
Data Protection Officer: dpo@badiarenaissance.com

Legal Bases for Processing

We process your personal data under the following legal bases:

  • Contractual necessity: Processing necessary to perform our contract with you (e.g., processing applications, managing event participation)
  • Legitimate interests: Processing necessary for our legitimate business interests, provided they are not overridden by your rights (e.g., improving our services, fraud prevention)
  • Consent: Where you have given explicit consent (e.g., marketing communications, video recording during interviews)
  • Legal obligations: Processing necessary to comply with legal requirements

Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data along with supplementary information.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances.

Right to Restriction (Article 18)

You can request that we restrict processing of your personal data in certain situations.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you, with certain exceptions.

AI Processing Disclosure

Our application process uses AI-assisted evaluation. Here's how it works:

  • AI conducts and transcribes your video interview
  • AI generates preliminary scores based on your responses
  • All final decisions are made by human reviewers
  • You may request human review of any AI-generated assessment

The AI processing is not fully automated decision-making as defined under Article 22, as human oversight is integral to our process.

International Data Transfers

We may transfer your data outside the EEA. When we do, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding Corporate Rules where applicable

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms, including our AI-assisted interview evaluation system.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk, we will also notify you directly.

Exercising Your Rights

To exercise any of your rights, please contact us:

Email: privacy@badiarenaissance.com
Subject Line: GDPR Request - [Your Request Type]

We will respond to your request within 30 days. If we need more time (up to 60 additional days), we will inform you of the reason for the delay.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Italy, this is the Garante per la protezione dei dati personali (Italian Data Protection Authority).

Garante per la protezione dei dati personali
Piazza Venezia 11
00187 Roma, Italy
Website: www.garanteprivacy.it

Cookies and Tracking

We use cookies in compliance with GDPR requirements. Essential cookies are used without consent. For non-essential cookies (analytics, marketing), we obtain your consent before placing them. You can manage your cookie preferences at any time.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this notice periodically.