top of page

Privacy Policy

Last updated: April 12, 2026

 

This Privacy Policy describes how personal data of users (“User”) who use the accommodation booking website (“Site”) is collected, used, and protected, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable legislation.

1. Data Controllers

The Data Controllers are:

Anna Polesello (PLSNNA63L54E098Y)
and Luca Ottolini (TTLLCU63B18G224D)

Registered office:

Località Villecchia 10
54012 Tresana (MS) – Italy
Email: iltempodelborgo@gmail.com

2. Types of Data Collected

The Site collects the following categories of personal data:

a) Data provided by the user

  • First and last name

  • Email address and phone number

  • Billing data (address, tax code / VAT number)

  • Information related to the stay (dates, number of guests, requests)

b) Guest data (legal obligations)

  • Identification data required for communication to authorities (e.g., identity document)

c) Payment data

  • Information necessary for the transaction (e.g., credit card, IBAN)

Note: Full card details are not stored by the Data Controller but are handled by external payment providers.
d) Browsing data

  • IP address

  • Website usage data

  • Cookies and similar technologies

 

3. Purpose of Processing

Personal data is processed for:

  • Management of bookings and tourist stays

  • Communication with users before, during, and after the stay

  • Compliance with legal obligations (e.g., reporting guest data to public security authorities and tax obligations)

  • Management of online payments and fraud prevention

  • Sending informational communications and customer support

  • Marketing activities (only with explicit consent)

  • Improvement of the website and services offered

 

4. Legal Basis for Processing

Processing is based on:

  • Performance of a contract (booking a stay)

  • Legal obligations (tourism, tax, and public security regulations)

  • Consent of the data subject (marketing, non-essential cookies)

  • Legitimate interest of the controller (security, fraud prevention, service improvement)

 

5. Online Payment Management

For online payment management, the Site uses third-party providers, including:

  • Stripe

  • PayPal

Payment data is transmitted directly to these providers via secure connections (SSL) and is not stored on the Data Controller’s servers.

Payment providers act as independent data controllers and process data according to their own privacy policies.

Payment data processing is intended for:

  • Transaction processing

  • Fraud prevention

  • Management of refunds and disputes

 

6. Methods of Processing

Data processing is carried out using electronic and telematic tools, in compliance with the security measures required by Regulation (EU) 2016/679 (GDPR), in order to ensure data confidentiality and integrity.

7. Data Retention

Personal data is retained for:

  • The duration of the contractual relationship

  • Tax and legal obligations (up to 10 years)

  • Marketing purposes until consent is withdrawn

  • Technical data according to the time limits established by applicable regulations

 

8. Data Disclosure

Data may be disclosed to:

  • Service providers (hosting, website management, booking software)

  • Payment providers (e.g., Stripe, PayPal)

  • Tax, legal, or administrative consultants

  • Public authorities (e.g., Police Headquarters for guest reporting, Revenue Agency)

Data will not be publicly disclosed.

9. Transfer of Data Outside the EU

Some providers (e.g., Stripe, PayPal) may transfer data outside the European Economic Area.

Such transfers take place in compliance with the safeguards provided by the GDPR (e.g., standard contractual clauses).

10. Rights of the Data Subject

The user may exercise the following rights:

  • Access to personal data

  • Rectification or updating

  • Erasure (“right to be forgotten”)

  • Restriction of processing

  • Objection to processing

  • Data portability

  • Withdrawal of consent

Users also have the right to lodge a complaint with the Data Protection Authority.

11. Data Security

The Site adopts appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or disclosure.

12. Minors

The Site is not intended for individuals under 18 years of age. The Data Controller does not knowingly collect personal data from minors.

13. Cookie

The Site uses:

  • Technical cookies (necessary for operation)

  • Analytics cookies

  • Profiling cookies (only with prior consent)

For more details, please refer to the dedicated Cookie Policy.

14. Changes to the Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy.

Changes will be published on this page with an updated date.

 

15. Contacts

To exercise your rights or receive information:
Email: iltempodelborgo@gmail.com​​

bottom of page