Privacy Policy

(Information on the Processing of Personal Data pursuant to Article 13 of the GDPR)

Data Controller

The Data Controller is the person or entity that determines the purposes and means of processing personal data.

Controller: Casa di Lucy by Preziosa Alessandra

Address: Via Porta Sant’Angelo 3, Spello (PG) 06038, Italy

Email Contact: info.casadilucy@gmail.com

Types of Data Processed and Purposes of Processing

1. Data Collected through the Contact Form

Type of Data: Name, Surname, Email Address, Telephone Number (if provided by the user), and Message Content.

Purpose of Processing: To respond to information or booking requests voluntarily submitted by the user through the contact form on the website.

Legal Basis: Processing is necessary to take pre-contractual steps at the request of the data subject (Art. 6(1)(b) GDPR).

Specific consent is not required, as the processing is necessary to respond to your request.

Nature of Data Provision: Mandatory in order to receive a response. Failure to provide such data will prevent the Controller from fulfilling the request.

2. Data Processed for Sending Discounts and Promotional Offers (Marketing)

Type of Data: Email Address, Telephone Number.

Purpose of Processing: To send, via email or telephone contact (SMS, WhatsApp), promotional communications, discounts, special offers, and updates on services and availability of Casa di Lucy properties.

Legal Basis: Consent of the data subject (Art. 6(1)(a) GDPR).

Nature of Data Provision: Optional. Refusal to provide consent does not affect access to other services (e.g., responses to contact or booking requests).

3. Browsing Data (Technical Cookies)

Type of Data: Data related to the website’s technical operation (e.g., session management, language preferences).

Purpose of Processing: To ensure the correct technical functioning and accessibility of the website.

Legal Basis: Legitimate interest of the Controller.

Note: Only technical cookies are used on this website; therefore, no prior consent from the user is required, only this information notice.

Methods and Duration of Data Processing

Processing Methods: Data are processed using electronic and paper-based tools, with appropriate security measures to prevent loss, unlawful use, or unauthorized access.

Data Retention Period:

• Data provided through the contact form (Section 1) are retained for the time strictly necessary to respond to the request and subsequently for a maximum period of 12 months for administrative purposes or to manage potential disputes. If the request results in a booking, the data will be retained for the duration of the contractual relationship and for the subsequent period required by law (for tax, administrative, or accounting purposes).

• Data processed for marketing purposes (Section 2) are retained until the withdrawal of consent by the user or for a maximum period of 24 months from the last contact or interaction.

Data Communication and Disclosure

Your data will not be disclosed (i.e., made available to an indefinite number of people).

They may be communicated, only when strictly necessary, to:

• Entities acting as Data Processors on behalf of the Controller (e.g., the hosting service provider – Hostinger).

• Public or private entities to comply with legal obligations (e.g., public security authorities for guest registration, accountants for tax obligations).

Data Subject Rights

Under the GDPR, users have the right to:

• Access: Request confirmation as to whether their personal data are being processed and obtain a copy.

• Rectification: Request correction of inaccurate or incomplete data.

• Erasure (Right to be Forgotten): Request deletion of data when legally justified.

• Restriction: Request restriction of processing in certain circumstances.

• Objection: Object to the processing of their data, where no overriding legitimate grounds exist.

• Withdrawal of Consent: If processing is based on consent (e.g., for marketing), users have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

• Complaint: Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).

To exercise any of these rights, users may submit a request to the Controller at the following email address:

📧 info.casadilucy@gmail.com