Privacy Policy

1. Data Controller

The Data Controller of personal data is:
Angelo Giuseppe Agutoli
Email: [email protected]

2. Data Processor

For booking management, we use the Lodgify platform, which acts as Data Processor pursuant to Art. 28 GDPR, under the Data Processing Agreement (DPA) included in their Terms of Service. Lodgify also relies on Stripe for payment processing, which handles payment data in compliance with PCI DSS standards.

• Lodgify Terms of Service: https://www.lodgify.com/it/terms/
• Lodgify Data Processing Agreement: https://www.lodgify.com/it/dpa/
• Lodgify Privacy Policy: https://www.lodgify.com/privacy/
• Stripe Privacy Policy: https://stripe.com/it/privacy

3. Data Collected

Through the website and booking platform we collect:

• Personal details: first name, last name, date and place of birth.
• Contact details: email address, phone number.
• Booking details: check-in/check-out dates, number of guests, special requests.
• Payment data: processed exclusively by Stripe.
• Browsing data: collected through analytics and tracking tools, in particular Google Analytics and Google Tag Manager.

4. Purpose of Processing

The collected data are processed in order to:

• manage bookings and communications with guests;
• provide vacation rental services;
• comply with legal obligations (e.g., guest registration);
• process payments through Stripe;
• improve the website and services (statistical analysis through Google Analytics and Google Tag Manager);
• ensure website security and performance through Cloudflare’s CDN and DDoS protection services.

5. Legal Basis

• Performance of a contract: to manage bookings and stays.
• Legal obligation: for guest registration.
• Legitimate interest: to handle communications and information requests.
• Consent: for the use of non-essential analytics and tracking tools (Google Analytics, Tag Manager).

6. Processing Methods and Security

Personal data are processed electronically, with appropriate security measures in place to prevent unauthorized access, disclosure, or alterations.

7. Data Retention

Personal data are retained only for the time strictly necessary to:

• manage the booking and stay;
• comply with legal and fiscal obligations;
• ensure the legal protection of the Data Controller.

Payment data are processed and stored by Stripe in accordance with its own policies.

8. Data Recipients

Data may be shared with:

• Lodgify, as Data Processor for booking management;
• Stripe, for payment processing;
• Google LLC (Google Analytics and Google Tag Manager), for traffic analysis and website optimization;
• Cloudflare Inc., for website protection, content delivery (CDN), and DDoS mitigation;
• technical service providers (e.g., hosting, email) strictly necessary for the functioning of the site;
• competent authorities, if required by law.

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

9. Data Transfers Outside the EU

Personal data may be transferred outside the European Union by Lodgify, Stripe, Google, and Cloudflare. All providers adopt GDPR-compliant security measures and adequate safeguards (e.g., Standard Contractual Clauses).

10. User Rights (GDPR)

At any time, you may exercise the following rights:

• access your personal data;
• request rectification or erasure;
• request restriction of processing;
• object to processing;
• request data portability;
• withdraw previously given consent.

To exercise your rights, you can contact: [email protected]

11. Changes to this Policy

This Privacy Policy may be updated in the future. The latest version will always be available on this website with the relevant update date.