Logo

Information on the Processing of Personal Data (Privacy Policy)

Tedimo.it by Justyna Koselak
CIN: IT088009C24RJEDN84 - CIR: 19088009C227555
CIN: IT088009C22CD9ED8R- CIR: 19088009C235658
with registered office in Via Balcone n. 5, 97100 Ragusa (RG), Italy
email: [email protected]
mobile: +39 388 322 95 93
Data Controller, pursuant to and for the purposes of Art. 13 of EU Regulation 679/2016, informs data subjects about the purposes and methods of personal data processing.

For what purposes and on what legal basis is the data processed?

Personal data is processed for the following purposes, in compliance with Art. 6 of the GDPR.
- Contractual and pre-contractual obligations (Management of bookings and stay)
- Legal obligations (Public Security, tax, ISTAT)
- Website security and technical analysis.

    For what purpose is the data processed?
    Personal data collected through the website and/or during the booking and check-in phase are processed for the following purposes, with the respective legal bases:

    • Contractual and pre-contractual obligations (Management of bookings and stay):
      The objective is to manage the quote request, confirm the booking, manage payments, and provide the accommodation and ancillary services requested (e.g., check-in/out, on-site assistance). The legal basis is the
      Data Processed: Personal identification data (name, surname), Contacts (email, telephone, address), Payment data (bank or credit card details), Stay data (dates, number of guests).
      Mandatory Nature: Provision is Mandatory; failure to provide the data prevents the booking and the provision of the accommodation service.
    • Legal obligations (Public Security, Tax, ISTAT): This refers to the Communication of the identity details of accommodated guests to the Public Security Authority (Police Headquarters – Alloggiati Web), tax compliance (receipts, invoices), and statistical surveys (ISTAT). The legal basis is Legal obligation (Art. 6, par. 1, letter c).
      Data Processed: Personal identification data (including date and place of birth, nationality), Identity document/passport details.
      Mandatory Nature: Provision is Mandatory; failure to provide the data makes registration and hospitality impossible, as the Data Controller is subject to criminal and administrative penalties.
    • Website improvement and Navigation security: This includes the detection of malfunctions, statistical analysis on website usage (e.g., pages visited), and the prevention of fraud and cyber attacks. The legal basis is the Legitimate interest of the Controller (Art. 6, par. 1, letter f).
      Data Processed: Navigation data (IP addresses, system logs), Technical and analytical cookies (see section 5).
      Mandatory Nature: Mandatory for technical cookies; Optional for others, managed via the Cookie Policy.

    How do we process the data?

    Data processing is carried out through electronic procedures or manually and with paper supports by subjects, internal or external, specifically authorized for this purpose and committed to confidentiality. The data is processed and stored with suitable tools to guarantee its security, integrity, and confidentiality through the adoption of adequate security measures as required by law.

    The identity documents acquired for the purposes of Public Security obligations (Purpose B) are treated with measures of maximum confidentiality. Unless otherwise provided by law, these documents are not stored, neither in paper nor unprotected digital format, beyond the time strictly necessary for their transmission via the Alloggiati Web portal.

    Communication, dissemination, and recipients

    The data may be communicated to public authorities, service providers appointed as Data Processors (Aruba, Lodgify, Stripe, tax/legal consultants), and authorized personnel.

    How and for how long do we store the data?

    The data is stored for a period not exceeding that necessary to achieve the administrative, accounting, and fiscal purposes relating to the contractual relationship existing between the Controller and the client, in particular:

    • Contract: For the entire duration of the contractual relationship and for a further period necessary for administrative and legal purposes (10 years from the termination of the relationship).
    • Legal Obligations: For the time imposed by law (e.g., 5-10 years for tax regulations, time necessary for sending to the Police Headquarters).

    What are the data subject's rights and how to exercise them?

    As a data subject, the guest and the user have the right to:

    • Obtain confirmation as to whether or not personal data concerning them exists (right of access, Art. 15).
    • Obtain the rectification of inaccurate data or the integration of incomplete data (Art. 16).
    • Obtain the erasure of data (right to be forgotten, Art. 17), if the legal conditions are met (excluding legal obligations).
    • Obtain the restriction of processing (Art. 18).
    • Receive their data in a structured and readable format (right to data portability, Art. 20).
    • Object to processing at any time (Art. 21), particularly to processing for marketing purposes.
    • Withdraw consent at any time (if processing is based on consent), without affecting the lawfulness of processing based on consent before its withdrawal.
    • Lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), if they believe the processing violates the GDPR.

    To exercise these rights, the user can send a written request to the Data Controller email: [email protected]

    +39 388 322 95 93

    Balcone n. 5, Ragusa, (RG), Italy 97100.
    [email protected]
    ©2025 Logo All rights reserved - Powered byLodgify