Privacy Policy

1. Data Controller

The Data Controller for the processing of your personal data is:

2. Types of Data Collected

Hotel Santa Lucia collects and processes the following categories of personal data:

2.1 Data Provided Voluntarily by Users

• Identity Data: First name, last name, date of birth, nationality, ID document details (as required by Italian law for hotel registration)
• Contact Data: Email address, phone number, postal address
• Booking Data: Check-in and check-out dates, room preferences, number of guests, special requests
• Payment Data: Credit card information (processed securely through our payment provider)
• Communication Data: Any information you provide when contacting us via email, phone, or contact forms

2.2 Data Collected Automatically

• Technical Data: IP address (anonymized), browser type and version, operating system, device type
• Usage Data: Pages visited, time spent on pages, referring website, navigation patterns
• Cookie Data: Information collected through cookies and similar technologies (see Cookie Policy below)

3. Purposes and Legal Basis for Processing

4. Data Sharing and Third Parties

Your personal data may be shared with the following categories of recipients:

• Booking Platform Provider: Beddy.io – for managing online reservations
• Payment Processors: For secure payment transactions
• Italian Authorities: Police (Questura) for mandatory guest registration (Schedina Alloggiati)
• Analytics Providers: Google Analytics (with IP anonymization enabled)
• Website Hosting: Our hosting provider for website operation
• Professional Advisors: Accountants, legal advisors when necessary

We do not sell your personal data to third parties.

5. International Data Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

6. Data Retention

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Request correction of inaccurate data
• Right to Erasure (Art. 17): Request deletion of your data (“right to be forgotten”)
• Right to Restriction (Art. 18): Request limitation of processing
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at info@hotelsantalucia.it.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data transmission
• Secure payment processing through certified providers
• Access controls and authentication measures
• Regular security assessments
• Staff training on data protection

9. Children’s Privacy

Our website is not directed at children under 16 years of age. We do not knowingly collect personal data from children without parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. The “Last Updated” date at the top indicates when the policy was last revised. We encourage you to review this policy regularly.

Contact Us