1. General information
This Privacy Policy sets out the rules for the processing of personal data of users of the website garda-moments.it, operated by the owner of the Garda Moments Apartment (hereinafter referred to as the “Controller”).
The Privacy Policy applies to all users of the website, regardless of their place of residence, citizenship, or the country from which they access the website, taking into account the regulations applicable within the territory of the European Union, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
2. Personal data controller
The personal data controller is the owner of the Garda Moments Apartment. Controller’s contact details:
- e-mail address: gdpr@garda-moments.it
- postal address: Czumy 20/18, 01-355, Warsaw, Poland
3. Scope of application of data protection regulations
3.1 Territorial scope of the GDPR
The rules resulting from the GDPR apply in particular to the processing of personal data of persons who are located within the territory of the European Union or the European Economic Area (EEA), regardless of their citizenship or place of residence, in accordance with Article 3 of the GDPR.
This Privacy Policy also describes the principles of personal data processing with respect to users outside the EU, applying uniform and high standards of data protection.
4. Purposes and legal bases for the processing of personal data
4.1 Reservations and stay fulfilment
Personal data provided via the reservation form (e.g. first and last name, e-mail address, contact details) are processed for the purpose of:
- concluding and performing the reservation agreement,
- ensuring the stay in the apartment,
- contacting the guest regarding matters related to the stay.
The legal basis for the processing is Article 6(1)(b) of the GDPR.
4.2 Payments
Payments for the stay are processed via an external payment service provider – Stripe.
The Controller:
- does not process payment card data,
- does not have access to full payment details of users.
Stripe acts as an independent personal data controller within the scope necessary to process payments.
4.3 Contact form
Data provided via the contact form (first and last name, e-mail address, message content) are processed solely for the purpose of:
- responding to inquiries,
- conducting correspondence.
The legal basis for the processing is Article 6(1)(f) of the GDPR, i.e. the Controller’s legitimate interest consisting in communication with website users.
5. Cookies and similar technologies
The website uses cookies and similar technologies in order to ensure its proper functioning.
In particular, the following are used:
- technical and functional cookies necessary for the operation of the website (including those related to the WordPress system),
- cookies storing user preferences, including the selected language version of the website,
- third-party cookies related to the embedded Google Map (Google Maps).
Cookies other than technical cookies are used solely after obtaining the user’s explicit consent, via a consent management mechanism (cookie banner), in accordance with the GDPR, the ePrivacy Directive, and the guidelines of the competent data protection authorities, including the Italian supervisory authority.
To manage your preferences use the buttons below or open the cookie banner.
Detailed information about cookies used is provided in a table below.
6. Recipients of personal data
Personal data may be transferred to:
- a natural person responsible for guest services and communication with users, based on a concluded data processing agreement,
- entities providing technical services necessary for the operation of the website (hosting, e-mail services),
- payment service providers – acting as independent data controllers.
7. Transfer of data outside the European Economic Area (EEA)
Where personal data are transferred to entities having their registered office or infrastructure outside the EEA, such transfers are carried out in accordance with the principles set out in Articles 44–49 of the GDPR, with appropriate safeguards applied to ensure an adequate level of protection of personal data.
8. Data retention period
Personal data are retained as follows:
- data related to reservations – for the duration of the contract and after its termination for the period required by applicable law,
- data from the contact form – for the duration of correspondence or until the purpose of processing ceases to exist.
9. Rights of data subjects
Data subjects are entitled to the rights arising from the GDPR, in particular:
- the right of access to their data,
- the right to rectification,
- the right to erasure,
- the right to restriction of processing,
- the right to object to processing,
- the right to data portability,
- the right to lodge a complaint with the competent data protection supervisory authority (in particular the authority of an EU Member State).
10. Changes to the Privacy Policy
The Controller reserves the right to update this Privacy Policy in the event of changes in legal regulations, the operation of the website, or the scope of data processing.