PRIVACY POLICY & GDPR COMPLIANCE

 

INTRODUCTION

Villa Splendida (“Owner”) is committed to protecting your privacy and ensuring transparent data processing. As we are based in the UK and offer property rentals in Italy, we comply with both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), alongside relevant Italian Data Protection Laws.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and your rights regarding your data.

Effective Date: 1/12/2025

1. WHO WE ARE & CONTACT INFORMATION

Data Controller:

Name: Villa Splendida (A.T. Baynton, Sole Proprietor)
Property: Villa Splendida
Address: C.DA Ronzavalle, 90015 Cefalu, Sicily, Italy
Email: info@villasplendidasicily.com
CIN (Property Code): IT082027C2U8DPBUCD

For all privacy-related questions or requests, please contact the above email or phone number.

2. LEGAL BASIS FOR DATA PROCESSING

We process your personal data under the following legal bases:

  1. Performance of a Contract: Processing your booking, managing your stay, and handling payments
  2. Legal Obligation: Compliance with Italian law (guest registration with Italian State Police, tourist tax reporting)
  3. Legitimate Interest: Managing our business, preventing fraud, maintaining property security
  4. Your Consent: Where applicable (marketing communications, photography)

3. WHAT PERSONAL DATA WE COLLECT

During Booking

  • Full Name(s) of all guests
  • Date of Birth (for tourist tax calculation and age verification)
  • Nationality
  • Address (home address)
  • Email Address
  • Phone Number
  • Payment Information (credit/debit card details for deposits and balance payments)
  • Booking Preferences (e.g., late arrival, extra services)

At Check-In

  • Passport/ID Copies (for Italian State Police registration as required by Italian law)
  • Passport/ID Numbers
  • Dates of Arrival & Departure
  • Number of Guests (including children and their ages)

During Your Stay

  • Property Usage Data (electricity meter readings, waste disposal, any incidents)
  • Photographs (check-in condition photos; only with your consent for other purposes)
  • Communication Records (emails, messages regarding your stay)

At Checkout

  • Property Condition Assessment (damage documentation if applicable)
  • Electricity Meter Readings
  • Departure Information

4. WHY WE COLLECT THIS DATA

Your personal data is collected and used for the following purposes:

Essential Purposes (Required for Your Booking)

PurposeData UsedLegal Basis
Booking Confirmation & ManagementName, email, phone, datesContract performance
Payment ProcessingName, payment card details, emailContract performance
Security Deposit HoldPayment card detailsContract performance
Check-In CoordinationName, phone, email, booking referenceContract performance
Guest Registration with Italian State PoliceFull name, dates of birth, nationality, passport number, arrival/departure datesItalian Legal Obligation (48-hour registration requirement)
Tourist Tax Calculation & CollectionFull name, date of birth, nationality, number of nightsItalian Legal Obligation & Contract performance
Utility BillingElectricity meter readingsContract performance
Property Maintenance & SafetyDamage reports, incident recordsLegitimate interest

Non-Essential Purposes (You Can Decline)

PurposeData UsedYour Consent
Marketing CommunicationsEmail, phone✓ Opt-in required
Guest Testimonials/ReviewsName, stay dates (anonymized)✓ Opt-in required
Photography for MarketingPhotos/images from your stay✓ Explicit consent required

5. WHO WE SHARE YOUR DATA WITH

Mandatory Sharing (Legal Requirements)

Your personal data must be shared with the following parties for legal compliance:

  1. Italian State Police (Questura):
    • Your full name, passport number, date of birth, nationality, arrival/departure dates
    • Purpose: Guest registration (Italian law requirement within 24 hours of arrival)
    • Frequency: Once per stay
    • Retention: Handled by Italian authorities
  2. Municipality of Cefalu:
    • Your name, number of nights stayed, age/date of birth
    • Purpose: Tourist tax collection and reporting
    • Frequency: Based on number of guests and nights
    • Retention: Handled by municipality
  3. Payment Processors (Stripe/SEPA):
    • Payment card details (for card payments) or bank details (for transfers)
    • Purpose: Secure payment processing
    • Frequency: During deposit and balance payments
    • Retention: Per payment processor policies (typically 3–7 years for fraud prevention)

Optional Sharing (Based on Services Requested)

  • Property Manager: Contact details, booking information, check-in/check-out procedures (if applicable)
  • Cleaners/Maintenance Staff: Basic information necessary for property access only (with confidentiality agreements in place)

Third-Party Services

We use the following third-party service providers who access limited personal data:

  • OwnerRez (Booking Management Platform): Booking details, guest information, payment data
  • Stripe (Payment Processing): Payment information (encrypted)
  • Email Services: Email address for communications

All third-party services are contractually obligated to protect your data and use it only for specified purposes.

6. INTERNATIONAL DATA TRANSFERS

Important for EU/EEA Guests:

Your personal data is processed and stored within Italy/EU and is not transferred outside the European Economic Area (EEA) except where necessary for:

  • Payment processing (Stripe operates globally with GDPR compliance)
  • Third-party platforms (with appropriate data protection agreements in place)

7. HOW LONG WE KEEP YOUR DATA

Data TypeRetention PeriodReason
Booking & Payment Data3–7 yearsFraud prevention, dispute resolution, tax compliance
Passport Copies30 days post-checkoutGuest identification verification only; deleted after Italian police registration
Payment Card DetailsOnly during transactionNever stored permanently; deleted immediately after payment processing
Damage Reports/Incident Records1 yearDispute resolution, liability assessment
Electricity Meter Readings1 yearBilling accuracy, dispute resolution
Communication Records1 yearRecord of booking modifications, complaints, resolutions
Marketing/TestimonialsUntil you withdraw consentRetained for reputation/marketing purposes only with your explicit consent

After retention periods expire: Data is securely deleted or anonymized (made non-identifiable).

8. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

1. Right of Access

You have the right to request a copy of all personal data we hold about you.

  • How: Email info@villasplendidasicily.com with subject “GDPR Data Access Request”
  • Response Time: 30 days

2. Right of Rectification

You have the right to correct inaccurate or incomplete personal data.

  • How: Email info@villasplendidasicily.com with subject “GDPR Data Correction Request” and details of what needs correction

3. Right of Erasure (“Right to be Forgotten”)

You can request deletion of your personal data, with some exceptions.

  • Limitations: We may retain data if required by law (e.g., tax/fraud prevention for 7 years)
  • How: Email info@villasplendidasicily.com with subject “GDPR Data Deletion Request”

4. Right to Data Portability

You can request your personal data in a structured, commonly-used, machine-readable format and have it transferred to another provider.

  • How: Email info@villasplendidasicily.com with subject “GDPR Data Portability Request”
  • Response Time: 30 days

5. Right to Restrict Processing

You can ask us to limit how we use your data (while retaining it).

  • How: Email info@villasplendidasicily.com with subject “GDPR Processing Restriction Request”

6. Right to Object

You can object to processing of your data for direct marketing, profiling, or other purposes.

  • How: Email info@villasplendidasicily.com with subject “GDPR Data Processing Objection”

7. Right to Withdraw Consent

If we are processing your data based on your consent (e.g., marketing), you can withdraw that consent at any time.

  • How: Email info@villasplendidasicily.com with “Withdraw Marketing Consent” or unsubscribe link in communications

9. SECURITY & DATA PROTECTION

We take data security seriously and implement appropriate technical and organizational measures:

  • Encryption: Payment data is encrypted during transmission (SSL/TLS protocols)
  • Limited Access: Only authorized staff with legitimate need access personal data
  • Confidentiality Agreements: All staff sign confidentiality agreements
  • Secure Storage: Personal data is stored securely with password protection
  • Regular Updates: Systems are regularly updated for security patches

However: No data transmission over the internet is 100% secure. While we use industry-standard protections, we cannot guarantee absolute security. You use our systems at your own risk.

10. COOKIES & WEBSITE TRACKING

Our website uses cookies to:

  • Remember booking preferences
  • Analyze website traffic (Google Analytics)
  • Provide essential website functionality

Cookie Preferences:

  • Essential cookies (required for website function): Cannot be disabled
  • Analytics cookies: Can be disabled in your browser settings
  • Marketing cookies: Not used without your explicit consent

For more information about cookie management, visit www.allaboutcookies.org or your browser’s cookie settings.

11. CHILDREN’S DATA

We do not knowingly collect personal data from children under 16 years old without parental consent.

If you are booking on behalf of children:

  • You (parent/guardian) are responsible for providing accurate information about children’s names and dates of birth
  • This data is used solely for tourist tax calculation purposes
  • We do not use children’s data for marketing or other purposes without explicit parental consent

12. DATA BREACH NOTIFICATION

In the unlikely event of a data breach affecting your personal information:

  • We will notify you without undue delay (within 72 hours where possible)
  • We will inform Italian data protection authorities if required by law
  • We will provide information about the breach and recommended protective measures

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect legal changes, business updates, or other reasons.

  • Updated versions will be published on our website with a new “Effective Date”
  • Significant changes will be communicated to you via email or booking platform notification
  • Your continued use of our booking and services indicates acceptance of updates

14. CONTACT US & YOUR RIGHTS

Data Protection Officer / Privacy Questions

Email: info@villasplendidasicily.com
Address: Villa Splendida, C.DA Ronzavalle, 90015 Cefalu, Sicily, Italy

Response Time: We aim to respond to all data protection requests within 30 days.

Complaints to the UK Data Protection Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues.

Website: www.ico.org.uk
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Contact: 0303 123 1113

15. SPECIFIC DATA PROCESSING ACTIVITIES

Guest Registration with Italian State Police

What Happens:

  • Within 24 hours of your arrival, we register all guests with Italian State Police (Questura)
  • This is a legal requirement under Italian law for all accommodation providers

Data Shared:

  • Full names, passport numbers, dates of birth, nationality, arrival/departure dates

Your Rights:

  • You cannot opt out of this (it’s mandatory by Italian law)
  • Your data is retained by Italian authorities per their policies
  • You can request your registration details from Italian police directly

Tourist Tax Processing

What Happens:

  • We calculate and collect tourist tax based on your booking dates and ages
  • We report this to the Municipality of Cefalu

Data Shared:

  • Names, number of nights, ages/dates of birth of eligible guests

Your Rights:

  • You cannot opt out (it’s mandatory by Italian law)
  • Tax is calculated fairly per €2/night formula with age exemptions
  • See Rental Agreement Section 7 for detailed calculation examples

Your Booking Constitutes Your Acceptance of this Privacy Policy and all data processing activities described herein.

BOOK
BOOK
Scroll to Top