Privacy Policy
Pursuant to Art. 13 of Regulation (EU) 2016/679 (GDPR)
This Privacy Policy describes how personal data is managed and processed for users who use the booking services or interact with the website https://casabandello.it
1. Data Controller
The Data Controller is:
- Name/Company Name: Szilvia Strébl
- Registered Office: Via Antonio Fogazzaro 15, Noto 96017 SR
- VAT / Fiscal Code: STRSLV80R63Z134D
- Contact Email: [email protected]
2. Types of Data Collected
The Data Controller processes personal data provided directly and voluntarily by the user through the booking form:
- Identification data: First and last name.
- Contact data: Email address, phone number.
- Residential data: Full address (necessary for invoicing and legal compliance).
- Anti-spam data: Browsing behavior, mouse movements, and device information — collected by Google reCAPTCHA to distinguish human users from bots.
3. Purposes and Legal Bases for Processing
| Purpose of Processing | Legal Basis |
|---|---|
| Booking Management: Processing the rental request, confirming the booking, and logistical communications. | Art. 6.1, point b) GDPR: Performance of a contract or pre-contractual measures. |
| Public Security Obligations: Mandatory communication of guest data to the State Police (“Alloggiati Web”). | Art. 6.1, point c) GDPR: Compliance with a legal obligation (Art. 109 TULPS). |
| Fiscal Compliance: Issuing invoices, bookkeeping, and managing tax requirements. | Art. 6.1, point c) GDPR: Compliance with a legal obligation. |
| Marketing and Newsletter: Sending commercial communications and special offers. | Art. 6.1, point a) GDPR: Specific and optional consent of the data subject. |
4. Processing Methods and Security
Data processing is carried out mainly using electronic and IT tools. Technical measures are adopted to ensure data security and confidentiality, preventing loss, illicit use, or unauthorized access.
5. Recipients of Data
- Public Security Authorities: (Questura/Police) in compliance with legal obligations.
- Tax Consultants: Professionals for bookkeeping and invoicing management.
- IT Service Providers: Hosting or website management services (Data Processors).
- Google Ireland Limited: Provider of Google reCAPTCHA (spam protection), acting as Data Processor.
6. Place of Processing and Data Transfer
Personal data is stored on servers within the European Union. Data is processed at the Controller's office.
Data collected via Google reCAPTCHA may be transferred to the United States. Google adheres to the EU–US Data Privacy Framework, ensuring an adequate level of data protection. For details, see the Google Privacy Policy.
7. Data Retention Period
- Booking data: Kept for the duration of the stay and the period necessary to handle any complaints.
- Fiscal data: Kept for 10 years (Art. 2220 of the Italian Civil Code).
- Public Security data: Kept by the Controller only for the time required for communication to authorities.
- Marketing data: Kept until the withdrawal of consent (unsubscribing).
8. Rights of the Data Subject
At any time, the user may exercise their rights (Artt. 15-22 GDPR):
- Right of access: To know what data is being processed.
- Right to rectification: To correct inaccurate data.
- Right to erasure: To request data removal (except for legal fiscal obligations).
- Right to restriction: To limit data use in specific cases.
To exercise these rights, email: [email protected]. You also have the right to lodge a complaint with the Data Protection Authority.
9. Cookies and Third-Party Services
This website uses the following categories of cookies:
- Technical cookies (session, CSRF protection) — essential for the proper functioning of the website. No consent required.
- reCAPTCHA cookies (
_GRECAPTCHA) — placed by Google reCAPTCHA on the booking form to protect against spam and abuse. reCAPTCHA may also analyze browsing behavior and device data. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
For more information on how Google processes data, see the Google Privacy Policy.