Privacy policy
PRIVACY POLICY Pursuant to Art. 13 of Regulation (EU) 2016/679 (“GDPR”)
1. Data Controller
The Data Controller of personal data is: IDEALDOMUS SRL with registered office in Via Francesco de Sanctis 15, Rome, 00192 VAT no. 17552511002 Email: [email protected] PEC: [email protected] (hereinafter, the “Controller”).
2. Type of data processed
The Controller processes the following categories of personal data:
- personal details (name, surname);
- contact data (email, telephone number);
- data relating to the booking (stay dates, number of guests, booked property);
- any data necessary for the fulfillment of legal obligations (e.g., tax data);
- browsing data and website usage data (via cookies, as indicated in the Cookie Policy).
The Controller does not process special categories of personal data pursuant to Art. 9 of the GDPR.
3. Purposes of processing
Personal data are processed for the following purposes:
a) management of requests for information and bookings;
b) execution of the stay contract or the requested hospitality services;
c) fulfillment of legal, tax, and accounting obligations;
d) sending operational and organizational communications related to the stay;
e) protection of the Controller's rights in court;
f) subject to consent, sending promotional and commercial communications;
g) statistical analysis and improvement of the website (in aggregate and anonymous form, where possible).
The Controller provides management and hospitality services for properties for which it directly handles operations and does not carry out digital intermediation activities between sellers and users.
4. Legal basis for processing
The processing of personal data is based on the following legal grounds:
- Art. 6, par. 1, lett. b) GDPR – execution of a contract or pre-contractual measures;
- Art. 6, par. 1, lett. c) GDPR – fulfillment of legal obligations;
- Art. 6, par. 1, lett. f) GDPR – legitimate interest of the Controller;
- Art. 6, par. 1, lett. a) GDPR – consent of the data subject (for marketing purposes and non-technical cookies).
5. Processing methods
Data processing is carried out using electronic and/or paper tools, in compliance with the principles of lawfulness, fairness, transparency, and data minimization, adopting technical and organizational security measures adequate to prevent unauthorized access, loss, or destruction of data.
6. Recipients of personal data
Personal data may be communicated to:
- IT and technology service providers;
- booking engines and management software (e.g., Kross Booking);
- payment service providers;
- tax, accounting, and legal consultants;
- public authorities, in cases provided for by law.
These subjects operate, where applicable, as Data Processors pursuant to Art. 28 of the GDPR or as independent data controllers.
7. Data transfer to non-EU countries
Should some providers use servers located outside the European Union, the transfer of data will take place in compliance with Articles 44 and following of the GDPR, through the adoption of adequate safeguards, such as Standard Contractual Clauses or adequacy decisions by the European Commission.
8. Data retention period
Personal data will be stored for the following periods:
- contractual and tax data: 10 years;
- data relating to bookings: for the time necessary for the execution of the contract and legal obligations;
- data processed for marketing purposes: until consent is withdrawn;
- browsing data: as indicated in the Cookie Policy.
9. Rights of the data subject
The data subject may exercise the rights provided for in Articles 15-22 of the GDPR at any time, including:
- right of access;
- rectification and updating;
- erasure (right to be forgotten);
- restriction of processing;
- opposition;
- data portability;
- withdrawal of consent (without affecting the lawfulness of the previous processing).
The data subject also has the right to lodge a complaint with the Authority for the protection of personal data (Garante).
10. Nature of data provision
The provision of data for contractual and legal purposes is necessary; failure to provide such data may result in the impossibility of providing the requested services. The provision of data for marketing purposes is optional.
11. Changes to this policy
The Controller reserves the right to update this Privacy Policy at any time. Changes will be published on the website and will take effect from the moment of publication.
1. Data Controller
The Data Controller of personal data is: IDEALDOMUS SRL with registered office in Via Francesco de Sanctis 15, Rome, 00192 VAT no. 17552511002 Email: [email protected] PEC: [email protected] (hereinafter, the “Controller”).
2. Type of data processed
The Controller processes the following categories of personal data:
- personal details (name, surname);
- contact data (email, telephone number);
- data relating to the booking (stay dates, number of guests, booked property);
- any data necessary for the fulfillment of legal obligations (e.g., tax data);
- browsing data and website usage data (via cookies, as indicated in the Cookie Policy).
The Controller does not process special categories of personal data pursuant to Art. 9 of the GDPR.
3. Purposes of processing
Personal data are processed for the following purposes:
a) management of requests for information and bookings;
b) execution of the stay contract or the requested hospitality services;
c) fulfillment of legal, tax, and accounting obligations;
d) sending operational and organizational communications related to the stay;
e) protection of the Controller's rights in court;
f) subject to consent, sending promotional and commercial communications;
g) statistical analysis and improvement of the website (in aggregate and anonymous form, where possible).
The Controller provides management and hospitality services for properties for which it directly handles operations and does not carry out digital intermediation activities between sellers and users.
4. Legal basis for processing
The processing of personal data is based on the following legal grounds:
- Art. 6, par. 1, lett. b) GDPR – execution of a contract or pre-contractual measures;
- Art. 6, par. 1, lett. c) GDPR – fulfillment of legal obligations;
- Art. 6, par. 1, lett. f) GDPR – legitimate interest of the Controller;
- Art. 6, par. 1, lett. a) GDPR – consent of the data subject (for marketing purposes and non-technical cookies).
5. Processing methods
Data processing is carried out using electronic and/or paper tools, in compliance with the principles of lawfulness, fairness, transparency, and data minimization, adopting technical and organizational security measures adequate to prevent unauthorized access, loss, or destruction of data.
6. Recipients of personal data
Personal data may be communicated to:
- IT and technology service providers;
- booking engines and management software (e.g., Kross Booking);
- payment service providers;
- tax, accounting, and legal consultants;
- public authorities, in cases provided for by law.
These subjects operate, where applicable, as Data Processors pursuant to Art. 28 of the GDPR or as independent data controllers.
7. Data transfer to non-EU countries
Should some providers use servers located outside the European Union, the transfer of data will take place in compliance with Articles 44 and following of the GDPR, through the adoption of adequate safeguards, such as Standard Contractual Clauses or adequacy decisions by the European Commission.
8. Data retention period
Personal data will be stored for the following periods:
- contractual and tax data: 10 years;
- data relating to bookings: for the time necessary for the execution of the contract and legal obligations;
- data processed for marketing purposes: until consent is withdrawn;
- browsing data: as indicated in the Cookie Policy.
9. Rights of the data subject
The data subject may exercise the rights provided for in Articles 15-22 of the GDPR at any time, including:
- right of access;
- rectification and updating;
- erasure (right to be forgotten);
- restriction of processing;
- opposition;
- data portability;
- withdrawal of consent (without affecting the lawfulness of the previous processing).
The data subject also has the right to lodge a complaint with the Authority for the protection of personal data (Garante).
10. Nature of data provision
The provision of data for contractual and legal purposes is necessary; failure to provide such data may result in the impossibility of providing the requested services. The provision of data for marketing purposes is optional.
11. Changes to this policy
The Controller reserves the right to update this Privacy Policy at any time. Changes will be published on the website and will take effect from the moment of publication.