Privacy Policy | Le Finestre Sul Mare

Privacy Policy (Information pursuant to Article 13 GDPR)

Last updated: [23/01/2026]

1. Data Controller

The Data Controller is Cristian Ferrari, with registered office at via Fiascherino nr. 142, Fiascherino, Lerici. Italia, email cristian.ferrari.71@gmail.com, phone +39 392 564 7189.

2. What data we process

We process the personal data you provide when you contact us or request information, in particular:

Identification and contact data: first name, last name, email address, phone number
Request/booking-related data: requested dates, number of guests, preferences and any information you choose to share in your message or by phone
Browsing data: such as IP address, browser and device information, technical logs and data collected via cookies (see the Cookies section)

Please do not send special categories of data (for example health data). If such data is provided voluntarily, it will be processed only to the extent strictly necessary to manage your request.

3. Why we process data and the legal basis

We process data for the following purposes:

To respond to requests for information and availability
Legal basis: pre-contractual measures requested by the data subject
To manage bookings and operational communications related to the stay
Legal basis: performance of a contract or pre-contractual measures
To comply with legal obligations (for example tax/accounting obligations and other applicable obligations)
Legal basis: legal obligation
To protect the Data Controller (handling disputes, preventing abuse, establishing, exercising or defending a legal claim)
Legal basis: legitimate interest

The website does not process online payments.

4. How we process data

Data is processed using electronic and/or paper-based tools, adopting appropriate security measures to prevent unauthorised access, loss or unlawful use of data.

5. Who data may be disclosed to

Data may be processed by external parties that provide services necessary to manage the website and communications, for example:

website/hosting provider and technical service providers (e.g., web platform and related suppliers)
email provider and communication services
administrative/accounting consultants where required to comply with legal obligations

Data is not disclosed to the public.

6. Transfers of data outside the European Economic Area

Some technical service providers may process data outside the European Economic Area. In such cases, transfers are carried out in compliance with the GDPR through appropriate safeguards (for example adequacy decisions or Standard Contractual Clauses).

7. Data retention

Contact requests and information enquiries: up to 24 months
Data related to bookings and legal obligations: for the period required by applicable law (generally up to 10 years for accounting/tax documentation, where relevant)
Technical and security logs: for limited periods, based on technical and security needs

8. Your rights

You may exercise your rights under the GDPR at any time: access, rectification, erasure, restriction, objection, data portability (where applicable), and withdrawal of consent (where applicable).
To exercise your rights, please write to: cristian.ferrari.71@gmail.com.

9. Complaint to the Data Protection Authority

If you believe that the processing of your data violates applicable law, you may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

10. Cookies

The website uses technical cookies necessary for its operation and, if enabled, statistical or marketing cookies only with prior consent via a banner. For more details, please consult the website’s Cookie Policy and your preferences in the banner.

11. Changes to this notice

This notice may be updated. The most up-to-date version is always published on this page together with the date of the last update.