1.Privacy Policy (art. 13 GDPR 2016/679)

1. Data Controller

The Data Controller of the personal data is Lu Rusciu Te Lu Mare.

For any request regarding privacy matters, the Data Controller can be contacted using the details provided on the website.

2. Types of Data Processed

The personal data collected include:

- personal details (first name, last name);

- contact details (email address, phone number);

- data necessary for booking and stay management;

- payment data, if required.

No sensitive data pursuant to Article 9 of the GDPR are requested or processed.

3. Purpose of Data Processing

Personal data are processed for the following purposes:

- management of bookings and stays;

- fulfillment of contractual and administrative obligations;

- compliance with legal obligations (e.g. communications to public authorities);

- any informational communications related to the stay.

4. Legal Basis for Processing

The processing is lawful as it is:

- necessary for the performance of a contract to which the data subject is a party;

- necessary to comply with legal obligations;

- based on the data subject’s consent, where required.

5. Processing Methods

Personal data are processed using electronic and/or paper-based tools, adopting appropriate security measures to ensure confidentiality and data integrity.

6. Data Retention

Personal data will be retained for the time strictly necessary to fulfill the purposes for which they were collected and in compliance with legal obligations.

7. Data Communication and Disclosure

Personal data will not be disclosed. They may be communicated to third parties only where necessary to comply with legal obligations or to provide the requested services (e.g. tax consultants, technical service providers).

8. Data Subject Rights

The data subject has the right to:

- access their personal data;

- request rectification or erasure of data;

- restrict or object to processing;

- request data portability;

- withdraw consent at any time;

- lodge a complaint with the competent Data Protection Authority.

Requests may be submitted using the contact details provided on the website.

9. Updates

This Privacy Policy may be subject to updates. Users are encouraged to review it periodically.