Back to home

Privacy policy

Introduction

This notice describes how personal data are processed through this website and related contact channels (including WhatsApp messaging) for the short‑term rental “Note tra le Mura” in Lucca’s historic centre. It is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and Articles 13–14 of Italian Legislative Decree 196/2003 as amended (“Privacy Code”).

Data controller

The controller is the person or organisation operating the accommodation. Name, address, tax code or VAT number and operational contacts are those shown in the website footer (where provided) and in any case communicated when you book or at check‑in, if different.

Categories of personal data

Identification and contact data (name, surname, email, telephone number, message contents); data required to manage your stay and meet legal obligations (including documentation required for police lodging notifications, where applicable); technical browsing data (IP address, access time, browser type, pages visited, error codes) collected by hosting systems and security logs.

Purposes, legal basis and retention

Data are processed to: respond to enquiries and manage bookings and stays (legal basis: performance of pre‑contractual and contractual measures, Art. 6(1)(b) GDPR); comply with accounting, tax and legal obligations, including hospitality rules (Art. 6(1)(c)); protect rights in or out of court (Art. 6(1)(f), balanced against your rights); ensure website security and prevent abuse (Art. 6(1)(f)). Retention periods are proportionate to the purposes and to statutory duties (e.g. tax and record‑keeping).

Processing methods, recipients and transfers

Processing is carried out using electronic and, where necessary, paper tools, in compliance with lawfulness, fairness, transparency, data minimisation and storage limitation. Data may be accessed by authorised staff, collaborators and strictly necessary service providers (e.g. hosting, email, booking software), appointed as processors where required by law. Any transfers outside the EU depend on the tools actually used (e.g. cloud providers): where required, appropriate safeguards (e.g. EU Commission Standard Contractual Clauses) will be adopted.

Data subject rights

Under Articles 15–22 GDPR, you may request access, rectification, erasure, restriction of processing, data portability (where applicable) and object to processing based on legitimate interests, and withdraw consent where given, without affecting the lawfulness of processing carried out beforehand. Requests should be sent to the controller at the contacts indicated above. You may lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Changes

The controller may update this notice for legal or organisational reasons. Please review it periodically.