Privacy Policy



1. Data Controller

The data controller responsible for the processing of personal data is::
DIMORA GENTILE DI VALENTINA ASTORINA
Via Giovanni Gentile 6, Catania, Italy
P.IVA 06073270875
CIR: 19087015B458687
CIN: IT087015B4S7JXDOOH
Email: dimoragentilecatania@gmail.com
Tel +39 340 854 4024


2. Types of Data Collected

The data collected (voluntarily provided by the user or required for booking) may include:

  • Identification and contact data: name, surname, email address, telephone number, postal address.
  • Booking-related data: arrival and departure dates, type of room, additional services requested, and any specific requests or preferences (e.g., dietary needs).
  • Legally required identification data: identity document details necessary for guest registration and communication to public security authorities through the Alloggiati Web system of the Italian State Police.
  • Optional sensitive data: information regarding allergies, intolerances, or particular conditions voluntarily communicated by the guest. The provision of such data implies the free and explicit consent of the user pursuant to Article 9 of the GDPR.
  • Technical navigation and session data: strictly technical or session cookies necessary for the proper functioning of the website.

3. Purpose of Processing, Legal Basis and Data Retention

The processing of personal data takes place in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). The legal basis for processing is identified in Article 6(1)(b) of the GDPR (performance of pre-contractual and contractual measures requested by the data subject), as well as legal obligations applicable to accommodation facilities.

PurposeData ProcessedLegal BasisRetention Period
Booking management and availability confirmationIdentification, contact and booking dataContractual obligationUntil the end of the stay + 1 year for possible administrative needs
Tax and accounting obligationsName, surname, address, booking dataLegal obligation10 years according to tax regulations
Communication of guest data to public security authoritiesIdentification data and identity documentLegal obligationAccording to current legal requirements
Communications related to the stayName, surname, contact details, special requestsContractual executionUntil the end of the stay
Management of information requestsData voluntarily provided through contact formsConsent of the data subjectUntil the request is answered or consent is withdrawn
Website security and managementTechnical navigation data, session cookiesLegitimate interestUntil the end of the browsing session

4. Processing Methods and Security

Personal data are processed using both electronic and manual tools, in compliance with the principles of lawfulness, fairness, transparency and confidentiality established by the GDPR.

Data are processed by the data controller and any authorized personnel, adopting appropriate technical and organizational measures to ensure the security and protection of personal data.

Main security measures:

  • Updated firewall and antivirus systems;
  • Periodic data backups;
  • Protection of access to IT systems;
  • Access limited to authorized personnel only;
  • Security procedures to prevent unauthorized access or data loss.

5. Cookies and Tracking

The website uses only technical and session cookies, which are necessary for the proper functioning of web pages.

  • They allow navigation between pages;
  • They maintain an active session during browsing;
  • They ensure the proper functioning of contact forms.

No profiling cookies or commercial tracking systems are used.

Users can manage or disable cookies directly through their browser settings.


6. Data Breach Management

In the event of a personal data breach, the data controller will:

  • Assess the severity of the incident;
  • Take the necessary measures to contain the breach;
  • Restore the security of the affected systems;
  • Notify the Italian Data Protection Authority within 72 hours where required by law;
  • Inform the affected individuals if the breach poses a high risk to their rights and freedoms.

7. Data Subject Rights

Users may exercise at any time the rights provided for in Articles 15–22 of the GDPR:

  • Access their personal data and obtain information about its origin, purposes and processing methods;
  • Request correction of inaccurate data;
  • Request deletion of personal data (“right to be forgotten”);
  • Restrict or object to data processing;
  • Request data portability;
  • Withdraw previously given consent at any time;
  • Object to any automated decision-making.

To exercise these rights: send a request to dimoragentilecatania@gmail.com.

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority.

The controller will respond within 30 days, unless an extension is justified.


8. Disclosure of Data to Third Parties

Personal data may be disclosed exclusively in the following cases:

  • To public security authorities for mandatory guest registration;
  • To tax or accounting consultants for administrative obligations;
  • To technical service providers strictly necessary for the operation of the website or booking management;
  • When required by competent authorities.

Such parties will process the data either as data processors or independent controllers in accordance with applicable legislation.


9. Data Retention

  • Booking and contact data: up to 1 year after the stay;
  • Tax and accounting data: 10 years as required by tax regulations;
  • Data communicated to public security authorities: according to applicable legal provisions;
  • Technical data and session cookies: until the end of the browsing session.

10. Automated Decision-Making and Data Transfers

The website does not use profiling systems or automated decision-making processes.

Personal data are not transferred outside the European Union. If such transfers occur, they will be carried out in compliance with the safeguards provided by the GDPR.

Scroll to Top