PRIVACY POLICY

B&B Ca’ Letizia

This policy describes how B&B Ca’ Letizia processes the personal data of users who visit the website, request information, make a reservation or stay at the property.

The processing of personal data is carried out in compliance with EU Regulation 2016/679, known as the GDPR, the applicable Italian legislation and, with regard to tracking tools and cookies, the measures and guidelines issued by the Italian Data Protection Authority.

1. Data Controller

The Data Controller is:

B&B Ca’ Letizia
Via Suor Letizia 18
17026 Noli, Savona
Email: info@caletizia.com
Phone: +39 348 988 4964

For any request concerning the processing of personal data, the data subject may contact the Data Controller using the contact details indicated above.

2. Types of data processed

During website browsing, in the context of an information request, a reservation or a stay, the Data Controller may process the following categories of personal data.

Identification and personal details
First name, surname, date of birth, nationality, identity document details and any data necessary for guest registration in accordance with applicable legislation.

Contact details
Telephone number, email address, residential or domicile address and any contact details required for operational communications.

Data relating to the reservation and stay
Arrival and departure dates, number of guests, special requests, preferences communicated by the user, extra services requested, organisational notes, booking history, amounts paid or payable.

Payment data
Data necessary to manage deposits, pre-authorisations, payments or refunds. The website or the property may not directly store full payment card details if payment is handled by specialised external providers.

Browsing data
IP address, date and time of visit, pages viewed, browser used, operating system, technical device identifiers, access logs and other technical data normally transmitted when using Internet protocols.

Data collected through forms or voluntary communications
Information sent by the user through contact forms, email, telephone, messaging services or availability requests.

Data possibly connected to special requests
Only if communicated by the user and strictly necessary for the management of the stay, additional data may be processed, for example data relating to food allergies, specific needs or other organisational requirements. Such data is processed within the limits of what is actually indispensable.

3. Purposes of processing

Personal data is processed for the following purposes:

a. to allow browsing of the website and ensure its proper technical operation;
b. to respond to requests for information, quotations or availability;
c. to manage the reservation, confirmation, any changes, cancellations and the stay;
d. to comply with administrative, accounting, tax and legal obligations;
e. to comply with identification and reporting obligations concerning guests to the competent authorities;
f. to manage any payments, deposits, security deposits, refunds or disputes;
g. to improve the operation of the website and the services offered;
h. to protect the rights of the Data Controller, including in out-of-court or judicial proceedings;
i. to send service communications relating to the reservation or stay;
j. to send promotional communications or newsletters only if the user has given specific consent, where required.

Accommodation facilities in Italy are required to identify guests and communicate the relevant data to public security authorities through the Alloggiati Web system, in accordance with the applicable rules.

4. Legal basis for processing

Processing is based, depending on the case, on the following legal bases provided for by the GDPR.

Performance of pre-contractual measures or a contract
To manage availability requests, bookings, stays, pre- and post-stay assistance, services requested by the user and related obligations.

Compliance with legal obligations
For tax, accounting and administrative obligations, as well as for the obligations to identify and report guests to the competent authorities.

Legitimate interest of the Data Controller
For website security, prevention of abuse, complaint management, defence of the Data Controller’s rights and improvement of services, within the limits permitted by law.

Consent of the data subject
Where required, for example for marketing activities, newsletters, non-technical cookies or other tracking tools that are not strictly necessary.

5. Methods of processing

Processing is carried out using paper, electronic and telematic tools, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, integrity and confidentiality.

The Data Controller adopts appropriate technical and organisational measures to protect data against unauthorised access, loss, destruction, improper disclosure or unlawful use.

6. Nature of data provision

The provision of data for contact or reservation requests is partly necessary.

Failure to provide data marked as mandatory may make it impossible to:

respond to the user’s request;
confirm a reservation;
provide the stay;
comply with legal obligations.

The provision of data for promotional or marketing purposes, where present, is optional.

7. Recipients of personal data

Personal data may be communicated, within the limits relevant to the purposes indicated above, to:

a. administrative, tax, legal or IT consultants;
b. providers of technical services, hosting, website maintenance, email, backup and IT security;
c. electronic payment providers;
d. channel managers, booking engines or booking platforms;
e. public authorities, bodies, offices and competent agencies, where required by law;
f. parties providing services strictly connected to the management of the stay.

These parties may act, depending on the case, as independent data controllers or as processors appointed by the Data Controller pursuant to Article 28 GDPR.

The data will not be publicly disclosed.

8. Transfer of data to non-EU countries

If certain technical providers or digital tools used by the website involve a transfer of data to countries outside the European Economic Area, such transfer will take place in compliance with the conditions laid down by the GDPR, for example on the basis of adequacy decisions, standard contractual clauses or other appropriate safeguards.

This section must be adapted to the tools actually used on the website.

9. Data retention period

Personal data is retained for a period no longer than necessary to achieve the purposes for which it was collected, in compliance with the principles of the GDPR.

In particular:

data sent for information requests is retained for the time necessary to manage the request and, where appropriate, for a reasonable subsequent period;
data relating to reservations and stays is retained for the time necessary to manage the relationship and related obligations;
administrative, accounting and tax data is retained for the periods required by law;
data necessary for public security obligations is processed and retained in accordance with applicable legislation;
data processed for marketing purposes, where permitted, is retained until consent is withdrawn or an objection request is made, unless different justified and documented terms apply;
data collected through cookies or similar tools follows the retention periods indicated in the Cookie Policy and in the configuration of the tools actually adopted.

10. Rights of the data subject

The data subject may exercise, in the cases provided for by the GDPR, the following rights:

right of access to their personal data;
right to rectify inaccurate or incomplete data;
right to erasure of data, where the conditions are met;
right to restriction of processing;
right to object to processing, in the cases provided for;
right to data portability, where applicable;
right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal;
right to lodge a complaint with the Italian Data Protection Authority.

Requests may be sent to the Data Controller using the contact details indicated in this policy.

11. Data relating to minors

The website and booking services are not intended for the voluntary collection of data from minors without the involvement of a parent or person exercising parental responsibility.

If data relating to minors is processed in the context of a reservation or stay, this will take place only to the extent necessary to provide the service and comply with legal obligations.

12. Changes to this policy

The Data Controller reserves the right to update this Privacy Policy at any time, including as a result of regulatory, organisational or technical changes.

The updated version will be published on the website.

COOKIE POLICY

B&B Ca’ Letizia

This Cookie Policy explains what cookies are, which tracking tools may be used on the B&B Ca’ Letizia website, for what purposes they are used and how users can manage them.

The use of cookies and other tracking tools is governed, in addition to the GDPR, by the applicable Italian legislation and by the guidelines of the Italian Data Protection Authority. These guidelines distinguish in particular between technical tools and tools requiring the user’s consent.

1. What cookies are

Cookies are small text files that websites visited by the user send to the device used, where they are stored and then retransmitted to the same websites on subsequent visits.

In addition to cookies, other tracking tools with similar functions may be used. The applicable rules concern not only traditional cookies, but also other identifiers or equivalent technologies.

2. Types of cookies that may be used on the website

a. Technical or strictly necessary cookies

These cookies are necessary for the functioning of the website or indispensable to provide a service requested by the user.

They may be used, for example, to:

manage browsing;
maintain an active session;
store technical preferences;
manage cookie consent;
enable essential functions of the booking engine or contact form.

For these tools, prior user consent is normally not required, without prejudice to the obligation to provide appropriate information.

b. Analytics cookies

The website may use analytics cookies to collect aggregated statistical or analytical information on visits and use of the website.

Some analytics tools may be treated as technical cookies only under specific conditions. Otherwise, they require the user’s consent. This point must be verified according to the actual configuration of the tool used.

c. Profiling or marketing cookies

These cookies are used to track user behaviour, analyse preferences and habits, create profiles or display personalised advertising content.

These tools require the user’s prior, free and specific consent. Simply continuing to browse does not constitute valid consent.

d. Third-party cookies

The website may integrate external services provided by third parties, for example:

interactive maps;
booking engines;
booking widgets;
statistical tools;
embedded content;
payment systems;
videos or social plugins.

These third parties may install cookies or similar tools according to their own privacy notices. This policy must be adapted to the services actually present on the website.

3. Legal basis for the use of cookies

Technical and strictly necessary cookies are used on the basis of the technical necessity to provide the service requested by the user.

Non-anonymised analytics cookies, profiling cookies and other non-necessary tracking tools may be used only with the user’s prior consent.

The user must be able to refuse consent through simple methods consistent with those provided for acceptance.

4. Cookie banner and collection of consent

When the website uses non-technical cookies or tools, the user must see a banner or consent management platform that allows at least the following:

accept all optional cookies;
reject optional cookies;
select individual categories in a granular way;
access the extended information notice.

The banner must not lead the user toward forced or non-free choices, and consent must be documentable.

5. List of cookies actually used

This section must be completed according to the actual tools installed on the website.

Recommended structure:

Cookie / tool name
Provider
Purpose
Duration
Type
Legal basis

Examples to be replaced with actual data:

Technical session cookie
First party
Website operation
Session duration
Technical
Technical necessity

Google Analytics / GA4
Google
Statistics
Duration to be verified
Analytics
Consent or equivalent technical configuration, if compliant

Booking engine
Provider to be indicated
Reservation management
Duration to be verified
Technical / third party
Technical necessity / consent, if required

Interactive map
Provider to be indicated
Location display
Duration to be verified
Third party
Consent, if required

This table must not remain generic in the final publication. It must be completed precisely based on the tools actually present on the website.

6. Managing cookies from the browser

Users can also manage cookie preferences through the settings of the browser used.

In this way it is possible, for example, to:

delete cookies already installed;
block all or some cookies;
receive notifications when a cookie is stored.

Disabling technical cookies may compromise the correct functioning of the website or some of its features.

7. Changing preferences

Users can change their preferences at any time through:

the cookie banner or the related preference management link;
browser settings;
any tools made available by the website.

The re-display of the banner and the management of consent memory must follow the criteria provided for by the applicable legislation.

8. Data Controller

For information on the use of cookies and the processing of personal data, users may contact:

B&B Ca’ Letizia
Via Suor Letizia 18
17026 Noli, Savona
Email: info@caletizia.com
Phone: +39 348 988 4964

9. Changes to the Cookie Policy

This Cookie Policy may be amended in the event of regulatory updates, technical changes to the website or the introduction of new tools.

The updated version will be published on the website.

ONLINE BOOKING INFORMATION NOTICE

B&B Ca’ Letizia

This notice governs the methods of collecting and processing personal data in the context of availability requests, online bookings and management of the stay at B&B Ca’ Letizia.

1. Purpose of this notice

This notice applies to data collected when the user:

fills in an availability request form;
sends a request by email or telephone;
books through the official website;
books through a booking engine or channel manager;
books through external platforms;
communicates data necessary for the organisation of the stay.

2. Data required for booking

For the management of the booking, the following data may be requested:

first name and surname;
email address;
telephone number;
arrival and departure dates;
number of guests;
special requests;
details necessary for payment or guarantee;
any data necessary for invoicing or receipt;
identification data required by the applicable legislation.

At check-in, the property requests a valid identity document for each guest, in compliance with the public security obligations provided for accommodation facilities.

The communication of guest data must be carried out through Alloggiati Web within the time limits provided by the applicable legislation.

3. Booking and confirmation

The booking request is not considered automatically accepted.

The booking is considered confirmed only after:

verification of availability;
any receipt of the requested deposit, prepayment or guarantee;
sending of written confirmation by the property or booking system.

The economic conditions, cancellation policies, payment terms and any included services are communicated to the user during the booking process or in the confirmation received.

4. Payment methods

Payment may be requested:

at the time of booking;
before arrival;
at check-in;
at check-out;
by credit card, bank transfer, payment link or other systems indicated by the property.

If payment is handled by specialised external providers, the user’s financial data is processed according to their respective privacy notices and contractual terms.

5. Purposes of processing booking data

The data collected during booking is processed to:

manage the availability request;
conclude and administer the booking;
send organisational communications before arrival, during the stay and after departure, if necessary;
comply with administrative, tax and accounting obligations;
comply with guest registration and reporting obligations;
manage any cancellations, changes, refunds, damages or disputes;
protect the rights of the property.

6. Legal basis

The legal basis for processing consists of:

the performance of pre-contractual measures at the request of the data subject;
the performance of the accommodation contract;
compliance with legal obligations;
the legitimate interest of the Data Controller in the organisational and legal protection of the property;
consent, only in cases where it is required for purposes additional to the booking.

7. Communication of data

Data may be communicated, within the necessary limits, to:

administrative, tax or legal consultants;
providers of technical services necessary for booking;
booking systems, channel managers, PMS or payment providers;
competent authorities and public bodies where required by law.

The data will not be disclosed.

8. Data retention

Booking data is retained for the period necessary to manage the relationship and subsequent administrative, tax, civil and legal obligations, according to the applicable terms.

Data processed for public security obligations follows the terms and rules provided by the relevant sector legislation.

9. Bookings through external portals

If the booking is made through external platforms, data processing also takes place according to the privacy notices and terms of the platform used, which acts as an independent data controller for the processing within its own competence.

The property will process the data received from the portal solely for the management of the booking, the stay and the related obligations.

10. Data security

Data is processed with appropriate measures to ensure its confidentiality, integrity and availability, in accordance with the principles of the GDPR.

11. Rights of the data subject

The data subject may exercise the rights provided for by Articles 15 et seq. of the GDPR, including:

Requests may be sent to the Data Controller using the contact details indicated in the Privacy Policy.

12. Data Controller

The Data Controller is:

B&B Ca’ Letizia
Via Suor Letizia 18
17026 Noli, Savona
Email: info@caletizia.com
Phone: +39 348 988 4964