1. Data Controller
The data controller responsible for the processing of personal data is::
DIMORA GENTILE DI VALENTINA ASTORINA
Via Giovanni Gentile 6, Catania, Italy
P.IVA 06073270875
CIR: 19087015B458687
CIN: IT087015B4S7JXDOOH
Email: dimoragentilecatania@gmail.com
Tel +39 340 854 4024
2. Types of Data Collected
The data collected (voluntarily provided by the user or required for booking) may include:
- Identification and contact data: name, surname, email address, telephone number, postal address.
- Booking-related data: arrival and departure dates, type of room, additional services requested, and any specific requests or preferences (e.g., dietary needs).
- Legally required identification data: identity document details necessary for guest registration and communication to public security authorities through the Alloggiati Web system of the Italian State Police.
- Optional sensitive data: information regarding allergies, intolerances, or particular conditions voluntarily communicated by the guest. The provision of such data implies the free and explicit consent of the user pursuant to Article 9 of the GDPR.
- Technical navigation and session data: strictly technical or session cookies necessary for the proper functioning of the website.
3. Purpose of Processing, Legal Basis and Data Retention
The processing of personal data takes place in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). The legal basis for processing is identified in Article 6(1)(b) of the GDPR (performance of pre-contractual and contractual measures requested by the data subject), as well as legal obligations applicable to accommodation facilities.
| Purpose | Data Processed | Legal Basis | Retention Period |
|---|---|---|---|
| Booking management and availability confirmation | Identification, contact and booking data | Contractual obligation | Until the end of the stay + 1 year for possible administrative needs |
| Tax and accounting obligations | Name, surname, address, booking data | Legal obligation | 10 years according to tax regulations |
| Communication of guest data to public security authorities | Identification data and identity document | Legal obligation | According to current legal requirements |
| Communications related to the stay | Name, surname, contact details, special requests | Contractual execution | Until the end of the stay |
| Management of information requests | Data voluntarily provided through contact forms | Consent of the data subject | Until the request is answered or consent is withdrawn |
| Website security and management | Technical navigation data, session cookies | Legitimate interest | Until the end of the browsing session |
4. Processing Methods and Security
Personal data are processed using both electronic and manual tools, in compliance with the principles of lawfulness, fairness, transparency and confidentiality established by the GDPR.
Data are processed by the data controller and any authorized personnel, adopting appropriate technical and organizational measures to ensure the security and protection of personal data.
Main security measures:
- Updated firewall and antivirus systems;
- Periodic data backups;
- Protection of access to IT systems;
- Access limited to authorized personnel only;
- Security procedures to prevent unauthorized access or data loss.
5. Cookies and Tracking
The website uses only technical and session cookies, which are necessary for the proper functioning of web pages.
- They allow navigation between pages;
- They maintain an active session during browsing;
- They ensure the proper functioning of contact forms.
No profiling cookies or commercial tracking systems are used.
Users can manage or disable cookies directly through their browser settings.
6. Data Breach Management
In the event of a personal data breach, the data controller will:
- Assess the severity of the incident;
- Take the necessary measures to contain the breach;
- Restore the security of the affected systems;
- Notify the Italian Data Protection Authority within 72 hours where required by law;
- Inform the affected individuals if the breach poses a high risk to their rights and freedoms.
7. Data Subject Rights
Users may exercise at any time the rights provided for in Articles 15–22 of the GDPR:
- Access their personal data and obtain information about its origin, purposes and processing methods;
- Request correction of inaccurate data;
- Request deletion of personal data (“right to be forgotten”);
- Restrict or object to data processing;
- Request data portability;
- Withdraw previously given consent at any time;
- Object to any automated decision-making.
To exercise these rights: send a request to dimoragentilecatania@gmail.com.
The data subject also has the right to lodge a complaint with the Italian Data Protection Authority.
The controller will respond within 30 days, unless an extension is justified.
8. Disclosure of Data to Third Parties
Personal data may be disclosed exclusively in the following cases:
- To public security authorities for mandatory guest registration;
- To tax or accounting consultants for administrative obligations;
- To technical service providers strictly necessary for the operation of the website or booking management;
- When required by competent authorities.
Such parties will process the data either as data processors or independent controllers in accordance with applicable legislation.
9. Data Retention
- Booking and contact data: up to 1 year after the stay;
- Tax and accounting data: 10 years as required by tax regulations;
- Data communicated to public security authorities: according to applicable legal provisions;
- Technical data and session cookies: until the end of the browsing session.
10. Automated Decision-Making and Data Transfers
The website does not use profiling systems or automated decision-making processes.
Personal data are not transferred outside the European Union. If such transfers occur, they will be carried out in compliance with the safeguards provided by the GDPR.
