We respect your privacy in line with Regulation (EU) 2016/679 (also referred to as GDPR). Our aim is to protect and safeguard your personal data when you use our website to book your holiday with us. If you do not agree with this policy, we would kindly ask you not to continue using this website. Our booking online service is not intended for use by children (those under the age of 18).
2. WHAT INFORMATION WE COLLECT, USE AND SHARE
We do NOT collect personal information about you when you browse our website anonymously. For users who make a reservation, we collect the following information when you complete our online form as part of the booking process:
- e-mail address
- mobile phone number
- information disclosed voluntarily under guest NOTE, which could contain sensitive data relating to your health such as a disability, dietary preferences etc.
- credit card details if you choose that method of payment
If you send a request for information via our contact form, we collect the following information in order to respond to your query:
- e-mail address
- information disclosed voluntarily under guest NOTES, which could contain sensitive data relating to your health such as a disability, dietary preferences etc.
We receive bookings from third parties: OTAs, travel agencies, social media sources and otherwise. In such cases, we are supplied with a minimal set of personal data such as guest’s name and surname and, in certain cases, telephone number and/or email address in line with your settings on those third party services.
We share a Data Processing Agreement with our EU-based PMS cloud vendor (PMS QUOVAI) to process our reservations and manage our property. The vendor is compliant with the Regulation (EU) 2016/679 (GDPR-compliant).
The personal data supplied to us from our website or by phone, fax, email, chat, in person, via the OTAs, travel agencies or otherwise are processed by the PMS in order to: deliver a quote; complete the booking process; complete the documentation foreseen by the Italian law on Public Security (sending of notifications to the Public Security Authority – article 109 del T.U.L.P.S., which includes personal information on date of birth, nationality, city of residency and passport/ID card with a photo; notifications to ISTAT (National Institute of Statistics – Regulation (EU) 692/2011); calculate the tourist tax; prepare invoices or receipts for fiscal purposes; retain statistics to measure our performance and respect COVID-19 regulations.
Your credit card details (name, card number and expiry date) are stored on STRIPE.
3. LEGAL BASIS FOR PROCESSING
Our lawful basis for processing is based on:
- Performance of the contract (short-term paid holiday). The legal basis is Article 6 1b) of Regulation (UE) 2016/679.
- Consent (e.g., we will only send you (adult of the guest party) marketing information where you have opted in to receive these communications. You can opt out of receiving marketing material at any time using the unsubscribe link that can be found at the end of each email that we send). The legal basis is Article 6 1a) of Regulation (UE) 2016/679.
- Legal obligation (in relation to public security and other accounting and fiscal requirements). The legal basis is Article 6 1c) of Regulation (UE) 2016/679.
4. DISCLOSURE TO THIRD PARTIES
We do NOT share, trade or sell your personal information to any company or third parties. We may disclose personal information if required to do so by law, Court order or for the purposes of prevention of fraud or other crime or to protect our rights. If we are acquired by a third party, in which case personal data held by us about its guests/contractors will be one of the transferred assets.
5. PLACE OF DATA PROCESSING
Data processing takes place at the headquarters of the property and at the HETZNER data centers, which are located in Germany. No data transfer is made outside of the European Union.
6. SAFEGUARDING OF YOUR PERSONAL DATA
To prevent unauthorised access to your personal information and maintain data accuracy, we are guaranteed by our PMS service provider that the appropriate physical and electronic measures have been taken to safeguard and secure the information that we collect online.
8. RETENTION OF YOUR PERSONAL DATA
We will hold your personal information for as long as is necessary for the activity in question. Your tokenised credit card data and Public Security data are deleted 5 days after your check-out. We do not collect any special categories of personal data. Nevertheless, if you enter this information into any free text section of our site, such as the request form or during the booking process, this information (if identified as such) will be deleted 5 days after your check-out.
Your e-mail address is kept for marketing purposes only (subject to your explicit consent).
Based on our business activities, we have decided to conduct regular audits and to check through our records to make sure that we are not holding onto personal data for too long or deleting it prematurely.
9. LINKS TO OTHER SITES
10. YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
- Your right of access
- Your right to rectification
- Your right to erasure
- Your right to restriction of processing
- Your right to data portability
- Your right to make a complaint
You also have recourse to the Data Protection Authority:
- Garante per la Protezione dei Dati Personali: Piazza di Monte Citorio n. 121, Rome, 00186, Italy
- Tel: + 39 06 69677-3785
- Web site: www.garanteprivacy.it/
11. CONTACT US
- If you have a query relating to the processing of your personal data, please email us at firstname.lastname@example.org.
- If you are unable to make a query in writing, please ring us at + 39 02 87198048.
This policy was last updated on 02/01/2023.