Privacy Policy

In accordance with Regulation (EU) 2016/679 (“GDPR”), this Privacy Policy describes how we process personal data collected through our website, in full respect of your privacy.

1. Data Controller

The data controller is Ellemme S.r.l., located at Lecco (LC), Italy. You can contact us at casaleccoviaroma@gmail.com.

2. Personal Data Collected

We collect the following data through our contact and booking form:

  • First and last name
  • Email address
  • Phone number
  • Check-in and check-out dates
  • Any messages or special requests you provide

3. Purposes and Legal Basis of Processing

Your data is processed exclusively for the following purposes:

  • Responding to your requests: Handling inquiries and booking requests sent through the contact form (legal basis: performance of pre-contractual measures).
  • Legal obligations: Fulfilling fiscal or accounting obligations in case of confirmed bookings.

Providing your data is optional, but necessary to process your request.

4. Processing Methods and Data Retention

Data sent via the form is received by email and is not stored in an external database. We retain the data only as long as necessary to process your request and delete it within 90 days, unless a booking is finalized or legal obligations require longer retention.

5. Communication via WhatsApp

We may contact you via WhatsApp to handle or confirm your booking or provide information about our services. The communication takes place on the Meta Platforms, Inc. platform and is subject to WhatsApp’s terms of service and Privacy Policy. The data exchanged through this channel will be used exclusively for direct communication and will not be shared or used for promotional purposes.

6. Data Subject Rights

As a data subject, you have the right to access, rectify, delete, or restrict the processing of your data, or to object to its processing. You can exercise these rights at any time by writing to casaleccoviaroma@gmail.com.

7. Right to Lodge a Complaint

If you believe your data has been processed unlawfully or in violation of the GDPR, you have the right to file a complaint with the competent supervisory authority: the Italian Data Protection Authority.

8. Data Processors

Personal data may also be processed by external parties providing technical or operational services necessary for the functioning of the website or communication, designated as “Data Processors” pursuant to Article 28 of the GDPR:

  • Cloudflare, Inc. – Hosting and security service provider
  • Formspree, Inc. – Contact form submission service
  • Google LLC – Gmail email service

These providers process data only on behalf of the Data Controller and in compliance with specific contractual obligations under the GDPR.

9. Data Transfer Outside the EU

Some providers (such as Cloudflare, Formspree, and Google) may transfer data outside the European Economic Area (EEA). Such transfers are carried out in accordance with Articles 44–49 of the GDPR, based on Standard Contractual Clauses or other appropriate safeguards.

10. Updates to This Privacy Policy

This Privacy Policy may be updated from time to time. We encourage you to review this page periodically to stay informed about any changes.

Back to Home