top of page
PRIVACY POLICY

pursuant to Regulation (EU) 2016/679 (GDPR)

This notice describes how personal data of users who visit the Sardinian Seaside Retreats website and use the online booking services are processed.

1. Data Controller

The Data Controller is:

Ana Paula De Oliveira Silva
VAT No. 03043670904
Registered office: Località Li Junchi snc – 07030 Badesi (SS), Italy
Email: sardinianretreats@gmail.com
Certified email (PEC): anadeoliveira@pec.it

2. Types of Data Processed

The following categories of personal data may be processed:

  1. Identification and contact data (name, surname, email address, telephone number);

  2. Data relating to bookings and stays;

  3. Identification data required by public security regulations;

  4. Fiscal and administrative data;

  5. Payment-related data;

  6. Browsing data (IP address, browser type, device used, pages visited, access time).

 
3. Purpose of Processing

Personal data are processed for:

  1. Management of information requests;

  2. Management of bookings and stays;

  3. Execution of the tourist rental agreement;

  4. Compliance with legal obligations (Public Security reporting, regional communications, tax obligations);

  5. Administrative and accounting management;

  6. Protection of the Data Controller’s rights in the event of disputes;

  7. Statistical analysis of website usage, subject to consent where required.

  8. Management of communications submitted through any instant messaging tools available on the website.

 
4. Legal Basis for Processing

Processing is based on:

  1. Performance of a contract or pre-contractual measures;

  2. Compliance with legal obligations;

  3. Legitimate interest of the Data Controller in the management and security of the website;

  4. Consent of the data subject for non-essential cookies or analytical tools.

 
5. Processing Methods

Personal data are processed using electronic and IT tools, with logic strictly related to the purposes indicated and in compliance with the security measures required by applicable legislation.

 
6. Data Processors

The Data Controller relies on external service providers appointed as Data Processors pursuant to Article 28 GDPR.

In particular:

  1. Solutions Plus s.r.l. (commercial brand “Kross Booking”) for the booking engine, property management system and guest portal;

  2. Wix.com Ltd. for website hosting and infrastructure;

  3. Certified payment service providers for transaction management;

  4. Providers of statistical analysis services (e.g. Google Analytics), where activated.

  5. Any messaging tools integrated within the Wix platform for handling user inquiries.

Such entities process data exclusively on behalf of the Data Controller and according to documented instructions.

 
7. Processing of Payment Data

Payment card data are processed through systems compliant with PCI security standards.

Within the booking engine system, credit card data are automatically deleted from the systems by the third day following the guest’s check-out or in accordance with the service provider’s policies.

 
8. Data Retention

Personal data are retained:

  1. For the period necessary to perform the contract;

  2. For the period required by fiscal and administrative obligations;

  3. For the period required by public security regulations;

  4. For the protection of the Data Controller’s rights within the statutory limitation periods provided by law.

 
9. Disclosure of Data

Personal data may be disclosed to:

  1. Competent authorities for legal obligations;

  2. Tax and legal advisors;

  3. Technical service providers necessary for the provision of services.

Personal data are not subject to public dissemination.

 
10. Transfer of Data Outside the EU

Some technology providers (such as Wix or Google) may process data on servers located outside the European Union. In such cases, transfers take place in compliance with the safeguards provided by the GDPR, including adequacy decisions or standard contractual clauses.

 
11. Cookies and Tracking Technologies

The website uses cookies and similar technologies to ensure proper functionality and to improve the browsing experience.

Cookies may include:

  1. Technical and essential cookies necessary for the operation of the website and booking services;

  2. Statistical cookies used to analyse traffic and improve services (e.g. Google Analytics), activated only with the user’s prior consent;

  3. Third-party cookies integrated through external services.

Consent for the installation of non-essential cookies is collected through the banner displayed upon first access to the website.

Users may modify or withdraw their cookie preferences at any time via the “Cookie Settings” button available on the website.

 
12. Data Subject Rights

Data subjects may exercise the rights provided under Articles 15–22 GDPR, including:

  1. Access to personal data;

  2. Rectification;

  3. Erasure;

  4. Restriction of processing;

  5. Objection;

  6. Data portability.

Requests may be sent to: sardinianretreats@gmail.com

 
13. Changes to this Privacy Policy

The Data Controller reserves the right to update this Privacy Policy at any time. Any changes will be published on this page.

 
 

Contact Us 

If you have any questions about this Privacy Policy, You can contact us via email at sardinianretreats@gmail.com 

bottom of page