PRIVACY POLICY

in accordance with Art. 13 GDPR (EU Regulation 2016/679)

1. General Information

The protection of personal data is taken seriously. Personal data is processed exclusively in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Italian data protection legislation.

This Privacy Policy provides information on the processing of personal data in connection with the use of this website and enquiries or bookings relating to Casa Costarella.

*****************

2. Data Controller

The data controller responsible for the processing of personal data on this website is:

Barbara Francardelli
Via Costarella 4
Italy - 53037 San Gimignano
www.casacostarella.com
casacostarella.sangi@gmail.com

The data controller is responsible for determining the purposes and means of the processing of personal data.

*****************

3. Visiting the Website

3.1 Processed Data

When accessing this website, technical data may be processed automatically, including:

  • IP address

  • date and time of access

  • visited pages

  • browser type and version

  • operating system

  • referring URL (if applicable)

The collection of this data is technically necessary to display the website and to ensure system stability and security.

3.2 Purpose of Processing

The processing of the above-mentioned data serves the following purposes:

  • ensuring proper website functionality

  • maintaining system security and stability

  • preventing misuse and unauthorised access

3.3 Legal Basis

The processing is based on legitimate interest pursuant to Art. 6(1)(f) GDPR.

3.4 Hosting

This website is hosted by Squarespace, which processes technical data as part of hosting, maintenance, and system security. Squarespace acts as a data processor on behalf of the data controller.

*****************

4. Contact Enquiries

4.1 Scope of Processing

When contacting us via contact form, email, or telephone, personal data such as name, email address, telephone number, and message content may be processed.

4.2 Purpose of Processing

The data is processed exclusively for the purpose of:

  • responding to enquiries

  • providing information on availability and bookings

  • communicating in connection with a stay

  • fulfilling contractual and legal obligations related to accommodation services

4.3 Legal Basis

The processing is based on Art. 6(1)(b) GDPR (pre-contractual measures and performance of a contract) and, where applicable, Art. 6(1)(c) GDPR (legal obligation).

4.4 Operational Support

Guest communication, booking coordination, and on-site support may be carried out on behalf of the property owner by a property management service acting under the owner’s instructions.

*****************

5. Booking and Availability Services (Guesty)

5.1 Use of Third-Party Services

This website integrates booking and availability services provided by Guesty Inc., 35 W 20th St, New York, NY, USA a property management and booking platform.

5.2 Processed Data

When using the booking engine, personal data may be processed, including:

  • identification and contact details

  • booking and stay information

  • payment-related data (processed directly by Guesty or its payment service providers)

5.3 Purpose and Legal Basis

The processing of this data is necessary for:

  • managing reservations and payments

  • guest communication

  • compliance with legal obligations related to accommodation services

The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

Guesty processes personal data in accordance with its own privacy policy and applicable data protection laws and acts as a data processor or independent controller, depending on the specific processing activity.

Where Guesty or its service providers process data outside the European Union, appropriate safeguards in accordance with Art. 44 et seq. GDPR are applied.

*****************

6. Payment Processing (Stripe)

Payments for bookings may be processed via Stripe, a payment service provider operated by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When making a payment, personal data such as name, payment details, transaction data, and billing information are processed directly by Stripe. The processing of this data is necessary to fulfil the payment transaction and is based on Art. 6(1)(b) GDPR.

Stripe acts as an independent data controller for payment processing and processes personal data in accordance with its own privacy policy and applicable data protection laws.

*****************

7. Cookies

This website uses cookies that are technically necessary for its operation and for the proper functioning of the booking engine.

Users can manage or withdraw their cookie preferences at any time via the cookie settings available on this website. Further information is provided in the Cookie Policy.

*****************

8. Data Retention

Personal data is stored only for as long as necessary to fulfil the respective purposes or to comply with statutory retention obligations. Once these purposes no longer apply, the data is deleted in accordance with legal requirements.

*****************

9. Protection of Minors

This website and its services are not directed at persons under the age of 14.
If personal data of a minor has been processed without the required consent, the data will be deleted without delay upon notification.

*****************

10. Rights of Data Subjects

In accordance with Articles 15–22 GDPR, data subjects have the right to:

  • access their personal data

  • rectification or erasure

  • restriction of processing

  • data portability

  • objection to processing

In addition, data subjects have the right to lodge a complaint with the competent supervisory authority, in particular the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

*****************

11. Contact

For any questions regarding the processing of personal data, please contact: casacostarella.sangi@gmail.com