Privacy policy
PRIVACY POLICY – CÀ SELVETTA
Information pursuant to Regulation (EU) 2016/679 (GDPR)
This privacy notice is provided in relation to personal data collected through the online booking system (booking engine).
1. Data Controller
Maranta Srl
Via Enrico Mattei 134 - 23018 Talamona (SO), Italy
Email: [email protected]
Phone: +39 3470106277
VAT / Tax Code: IT00896690146
2. Data Protection Officer (DPO)
The Data Controller is not required to appoint a Data Protection Officer (DPO) pursuant to Article 37 of Regulation (EU) 2016/679, as its core activities do not consist of processing operations which require regular and systematic monitoring of data subjects on a large scale, nor of large-scale processing of special categories of data or data relating to criminal convictions and offences.
3. Types of Data Processed
Personal data processed may include:
identification data (name, surname);
contact data (phone number, email);
tax data;
stay-related data (dates, number of guests, preferences);
payment data (processed through external providers such as Stripe and PayPal, without storage of full card details by the Data Controller);
browsing data (IP address, technical logs) automatically collected for technical purposes and anonymous statistical analysis;
data relating to minors: processed exclusively for compliance with public security obligations (Alloggiati Web reporting) and statistical purposes (ISTAT). Such processing is carried out on the basis of consent or authorization provided by the person exercising parental responsibility who makes the booking or check-in;
communications via email and WhatsApp.
Browsing data are automatically collected by IT systems and are used exclusively for technical purposes related to the operation of the website and, where applicable, for anonymous statistical purposes. For further details on analytics tools and cookies, please refer to the dedicated Cookie Policy.
4. Purpose of Processing
Personal data are processed for:
management of bookings and stays;
payment processing;
communication with guests;
compliance with legal obligations (Alloggiati Web, ISTAT, tax obligations);
ensuring the security of the property and preventing fraud or misuse.
5. Legal Basis for Processing
Processing of personal data is based on:
performance of a contract (Art. 6.1.b GDPR);
compliance with legal obligations (Art. 6.1.c GDPR);
legitimate interest of the Data Controller (Art. 6.1.f GDPR), in particular to:
ensure the security of the property;
prevent fraud and misuse of services;
protect its rights in legal proceedings.
Such processing is carried out in compliance with the rights and freedoms of data subjects, based on a balancing of interests between the Data Controller and the users.
6. Processing Methods
Data are processed using both electronic and paper-based tools, in compliance with the principles of lawfulness, fairness and transparency, adopting appropriate technical and organizational measures (access control, credential protection, backup and system security).
7. Data Retention
Tax and accounting data are retained for 10 years pursuant to Article 2220 of the Italian Civil Code;
Data processed for legal protection purposes are retained for up to 10 years pursuant to Article 2946 of the Italian Civil Code;
Data related to public security obligations (Alloggiati Web) are processed for the time necessary for transmission and retained only as proof of compliance, in accordance with applicable regulations (TULPS);
Browsing data and technical logs are retained for up to 12 months.
8. Data Disclosure
Personal data may be disclosed to:
booking platforms (e.g. Booking.com, Airbnb);
service providers (e.g. Krossbooking, Stripe, PayPal);
tax, administrative and legal consultants;
public bodies and competent authorities.
Such entities act as independent data controllers or data processors.
9. Data Processors
Service providers processing personal data on behalf of the Data Controller are appointed as Data Processors pursuant to Article 28 GDPR, where applicable.
10. Data Transfers Outside the EU
Some data may be transferred to countries outside the European Union (e.g. United States) through providers such as Stripe, PayPal and Meta Platforms Inc. (WhatsApp).
Such transfers are carried out in compliance with the GDPR through adequacy decisions or Standard Contractual Clauses (SCC).
11. Data Subject Rights
Data subjects may exercise the rights provided by Articles 15–22 GDPR, including:
access;
rectification;
erasure;
restriction of processing;
objection;
data portability;
withdrawal of consent.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
12. Exercise of Rights
Requests can be sent to: [email protected]
13. Profiling
No automated decision-making processes or profiling activities are carried out.
14. Mandatory Nature of Data Provision
Providing personal data is necessary for the conclusion and performance of the accommodation contract.
Failure to provide such data will make it impossible to complete the booking or access the services.
15. Website and Cookies
Data collected through the website and booking engine are used for booking management and proper functioning of the services.
The website uses technical cookies necessary for its operation. Any profiling or third-party cookies are used only with the user’s consent, expressed via a compliant cookie banner.
For detailed information on cookie types, consent management and analytics tools, please refer to the dedicated Cookie Policy, available on the website.
16. Communications via WhatsApp
Communication with guests may take place, at their choice, via WhatsApp for contractual and organizational purposes related to the stay.
Use of this service implies acceptance of WhatsApp’s terms of service and privacy policy (Meta Platforms Inc.), including possible transfers of personal data outside the EU regulated by Standard Contractual Clauses.
Guests may at any time choose alternative communication channels, such as email or phone, without any limitation in accessing the services.
17. Applicable Legislation
Regulation (EU) 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, public security regulations (TULPS – Alloggiati Web), and applicable tax and civil law provisions.
Information pursuant to Regulation (EU) 2016/679 (GDPR)
This privacy notice is provided in relation to personal data collected through the online booking system (booking engine).
1. Data Controller
Maranta Srl
Via Enrico Mattei 134 - 23018 Talamona (SO), Italy
Email: [email protected]
Phone: +39 3470106277
VAT / Tax Code: IT00896690146
2. Data Protection Officer (DPO)
The Data Controller is not required to appoint a Data Protection Officer (DPO) pursuant to Article 37 of Regulation (EU) 2016/679, as its core activities do not consist of processing operations which require regular and systematic monitoring of data subjects on a large scale, nor of large-scale processing of special categories of data or data relating to criminal convictions and offences.
3. Types of Data Processed
Personal data processed may include:
identification data (name, surname);
contact data (phone number, email);
tax data;
stay-related data (dates, number of guests, preferences);
payment data (processed through external providers such as Stripe and PayPal, without storage of full card details by the Data Controller);
browsing data (IP address, technical logs) automatically collected for technical purposes and anonymous statistical analysis;
data relating to minors: processed exclusively for compliance with public security obligations (Alloggiati Web reporting) and statistical purposes (ISTAT). Such processing is carried out on the basis of consent or authorization provided by the person exercising parental responsibility who makes the booking or check-in;
communications via email and WhatsApp.
Browsing data are automatically collected by IT systems and are used exclusively for technical purposes related to the operation of the website and, where applicable, for anonymous statistical purposes. For further details on analytics tools and cookies, please refer to the dedicated Cookie Policy.
4. Purpose of Processing
Personal data are processed for:
management of bookings and stays;
payment processing;
communication with guests;
compliance with legal obligations (Alloggiati Web, ISTAT, tax obligations);
ensuring the security of the property and preventing fraud or misuse.
5. Legal Basis for Processing
Processing of personal data is based on:
performance of a contract (Art. 6.1.b GDPR);
compliance with legal obligations (Art. 6.1.c GDPR);
legitimate interest of the Data Controller (Art. 6.1.f GDPR), in particular to:
ensure the security of the property;
prevent fraud and misuse of services;
protect its rights in legal proceedings.
Such processing is carried out in compliance with the rights and freedoms of data subjects, based on a balancing of interests between the Data Controller and the users.
6. Processing Methods
Data are processed using both electronic and paper-based tools, in compliance with the principles of lawfulness, fairness and transparency, adopting appropriate technical and organizational measures (access control, credential protection, backup and system security).
7. Data Retention
Tax and accounting data are retained for 10 years pursuant to Article 2220 of the Italian Civil Code;
Data processed for legal protection purposes are retained for up to 10 years pursuant to Article 2946 of the Italian Civil Code;
Data related to public security obligations (Alloggiati Web) are processed for the time necessary for transmission and retained only as proof of compliance, in accordance with applicable regulations (TULPS);
Browsing data and technical logs are retained for up to 12 months.
8. Data Disclosure
Personal data may be disclosed to:
booking platforms (e.g. Booking.com, Airbnb);
service providers (e.g. Krossbooking, Stripe, PayPal);
tax, administrative and legal consultants;
public bodies and competent authorities.
Such entities act as independent data controllers or data processors.
9. Data Processors
Service providers processing personal data on behalf of the Data Controller are appointed as Data Processors pursuant to Article 28 GDPR, where applicable.
10. Data Transfers Outside the EU
Some data may be transferred to countries outside the European Union (e.g. United States) through providers such as Stripe, PayPal and Meta Platforms Inc. (WhatsApp).
Such transfers are carried out in compliance with the GDPR through adequacy decisions or Standard Contractual Clauses (SCC).
11. Data Subject Rights
Data subjects may exercise the rights provided by Articles 15–22 GDPR, including:
access;
rectification;
erasure;
restriction of processing;
objection;
data portability;
withdrawal of consent.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
12. Exercise of Rights
Requests can be sent to: [email protected]
13. Profiling
No automated decision-making processes or profiling activities are carried out.
14. Mandatory Nature of Data Provision
Providing personal data is necessary for the conclusion and performance of the accommodation contract.
Failure to provide such data will make it impossible to complete the booking or access the services.
15. Website and Cookies
Data collected through the website and booking engine are used for booking management and proper functioning of the services.
The website uses technical cookies necessary for its operation. Any profiling or third-party cookies are used only with the user’s consent, expressed via a compliant cookie banner.
For detailed information on cookie types, consent management and analytics tools, please refer to the dedicated Cookie Policy, available on the website.
16. Communications via WhatsApp
Communication with guests may take place, at their choice, via WhatsApp for contractual and organizational purposes related to the stay.
Use of this service implies acceptance of WhatsApp’s terms of service and privacy policy (Meta Platforms Inc.), including possible transfers of personal data outside the EU regulated by Standard Contractual Clauses.
Guests may at any time choose alternative communication channels, such as email or phone, without any limitation in accessing the services.
17. Applicable Legislation
Regulation (EU) 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, public security regulations (TULPS – Alloggiati Web), and applicable tax and civil law provisions.