Last update: Monday, May 28, 2018
This Privacy Policy, which complies with Articles 13 and 14 of European Union Regulation 679/2016 (hereafter referred to as “Regulation”), describes the way we collect, use, treat, and communicate data that concerns you, including personal data, in relation to your access and use of our network of websites and any mobile applications related to them.
Personal data, such as name, email, and telephone numbers, are used only to facilitate the exchange of information between the traveller and operator of tourist facilities to allow online bookings. Under no circumstances is data sold to third parties.
When Bed-and-breakfast.it, the Bed-and-Breakfast.it platform, the platform, one of our Network* sites or “Network,” “our sites”, “network websites,” “we,” “us,” or “our” are mentioned in this document, Studio Scivoletto s.r.l. (VAT Number 01194800882) is being referred to as the company that is responsible for your data according to this Privacy Policy (the “Data Controller”).
The services offered by the Data Controller are intended for users over the age of 18. If the Data Controller discovers that the data of minors under the age of 18, without the valid consent or their parents or legal guardian(s) is being treated, it reserves the right to unilaterally interrupt the use of the services offered, as well as delete the acquired data.
The following categories of users, which is covered by the information in this document regarding the usage of the sites, are used to distinguish between:
The travellers may use the search and selection services of the tourist facilities anonymously. For other services such as the publication of an advertisement, reservation requests, the receipt of information and automatic updates, all users, including both travellers and operators, must register. If a traveller does not register in advance, he or she will automatically be prompted to do so the first time a reservation request is made.
All data in our possession that concerns you is included in the following sections of this document and can easily be viewed, modified, or deleted at any time using your account credentials to access it.
If you are a TRAVELLER who has made a request and/or reservation on any of the network sites, the data can be found through the link:
https://www.bed-and-breakfast.it/utenti/
Your user account is automatically created with a random password at the precise time that you first make your request for information and/or reservations at one of the tourist facilities featured on one of the network sites. You are simultaneously notified by email with the instructions necessary to manage it. This is to provide you with the opportunity to manage (modify/delete) all the data personally, at any time.
The username necessary to access your account is your email. If you do not remember your password, you can a request that a link be sent to your email that will allow you to reset it.
If you are an OPERATOR of a tourist facility registered with a regular contract at Bed-and-Breakfast.it and/or one of its network sites, you will be able to manage your data from the dedicated Reserved Area with the username and password chosen at the time of registration.
https://www.bed-and-breakfast.it/ar/
If you forget this data, you can request that instructions be sent to the email address you indicated when registering your tourist facility to retrieve your login information (username and password). The password you choose is encrypted and stored so that it cannot be viewed by others under any circumstances.
The Data Controller, pursuant to and for the purposes of enforcing the Regulations, declares that the law mentioned above provides for the protection of individuals regarding the treatment of personal data, and that this treatment will be based on the principles of correctness, lawfulness, transparency, and the protection of confidentiality and fundamental rights.
Bed-and-Breakfast.it collects three different types of information:
When you use the Bed-and-Breakfast.it platform, we ask for and collect the following types of personal data. This information is necessary to effectively execute the contract between our site and the user and allows us to act in accordance with our legal obligations. Without this data, we may not be able to provide the user with all the required services.
You can choose to provide us with additional personal data to improve your user experience on the Bed-and-Breakfast.it platform. This additional data will only be treated with your consent.
To comply with the applicable law (for example, anti-money regulations) and fulfil the contractual obligations adequately, the Data Controller needs to collect the following information, without which you cannot use the payment services:
When you use the Bed-and-Breakfast.it platform and payment services, information is automatically collected, including your personal data, regarding the services and methods used. This information is necessary for the proper execution of the contract between the site and the user and enables us to act in accordance with our legal obligations based on our legitimate interest, which is to improve and offer you the optimal functionality of the Bed-and-Breakfast.it platform and payment services.
Bed-and-Breakfast.it may collect data, including your personal data, which third parties provide about you when using the Bed-and-Breakfast.it platform and payment services, or obtain information from other sources and combine it with the information that we collect through the Bed-and-Breakfast.it platform and payment services. We do not control, supervise, or are responsible for the treatment of your personal data by such third parties, therefore any request for information regarding the disclosure of your personal information must be forwarded directly to the third parties.
Bed-and-Breakfast.it uses, stores, and processes your data, including personal data, to provide, understand, improve, and develop the Bed-and-Breakfast.it platform, creating and maintaining a reliable and secure environment and complying with its legal obligations.
We treat the data provided in accordance with our legitimate interests regarding the improvement of our Bed-and-Breakfast.it platform and the experiences of travellers and operators, and where necessary, to ensure the proper execution of the contract between the site and the user.
We treat the information provided based on our legitimate interest in protecting our Bed-and-Breakfast.it platform, evaluating the proper execution of the contract between the site and the user, as well as complying with applicable laws.
We will treat your personal data for the reasons listed in this section based on our legitimate interest in marketing products or services to you that you might potentially be interested in. You can choose not to receive marketing communications from us by following the instructions to unsubscribe described inside the communications, or by changing the notification settings on your Bed-and-Breakfast.it account.
The Data Controller of the payment processes treats the information collected in the legitimate interests regarding the improvement of the payment services and the experience of its users, as well as ensuring the proper execution of the contract with the user and complying with the applicable laws where necessary.
We may share your data, including your personal data, with your consent, for example when you authorize an application or a third-party website to access your Bed-and-Breakfast.it account, or when you participate in promotional activities sponsored by Bed-and-Breakfast.it partners or third parties.
To help facilitate bookings or other interaction between members, we may need to share specific information, including personal data, with other members, to the extent necessary to ensure the proper execution of the contract between the site and the user, such as those illustrated in the scenarios below:
We do not share your billing and payment information with other members.
The Bed-and-Breakfast.it platform allows you to publish information, including personal data, which is visible to the public. For example:
Based on our legitimate interests in promoting the Bed-and-Breakfast.it platform, we may make parts of it visible (for example, your advertisement page) on the websites of Bed-and-Breakfast.it partners, using technologies such as widgets or APIs. If your advertisements are shown on a partner’s site, it is possible that the data on the public page of your profile may also be visible.
The data that you publicly share on the Bed-and-Breakfast.it platform can be indexed by search engines not managed by Bed-and-Breakfast.it. In some cases, you can opt out of this feature through your account settings. If you change your settings or the content that is publicly accessible, these search engines cannot update their databases. We are not responsible for the practices of third-party search engines and these may use cache containing data that is not updated.
Operators may need to use third-party services available through the Bed-and-Breakfast.it platform to assist them in managing the accommodation or to provide additional services requested to you, such as, for example, cleaning or access to the facility. The operators may use the features available on the Bed-and-Breakfast.it platform to share information about the guest (for example, check-in and check-out dates, the name and telephone number of the guest) with such third-party service providers to organize the stay, manage the accommodation, or provide other relevant services.
Bed-and-Breakfast.it may communicate your data, including personal data, to courts, public authorities, government authorities, or third parties authorized in the event and to the extent that we are required or authorized to do so by law or if such communication is reasonably necessary: (i) to comply with our legal duties; (ii) to comply with legal procedures and respond to claims made against Bed-and-Breakfast.it; (iii) to find verified requests relating to a criminal investigation or an alleged or allegedly illegal activity or any other activity likely to expose Bed-and-Breakfast.it, yourself, or any of our other users to legal liabilities; (iv) to manage and enforce our Terms of Service, Terms of Payment, or other agreements with members; (v) to protect the rights, property, or personal security of Bed-and-Breakfast.it, its employees, its members, or the public in general.
Where appropriate, we may inform members about such legal claims, unless: (i) providing such information is prohibited by the applicable legal procedure, based on an order received by the court or according to the law, or (ii) we believe that the notice is useless or ineffective, creates a risk of injury or physical harm to an individual or group of individuals, or creates or increases the risk of fraud against the property of Bed-and-Breakfast.it, its members, and the Bed-and-Breakfast.it platform. In cases where Bed-and-Breakfast.it complies with the legal requests for the communication of data without providing notice to the user for the reasons mentioned above, Bed-and-Breakfast.it will try to inform the user concerned about the request as soon as it determines in good faith that this is no longer prohibited.
Bed-and-Breakfast.it uses or may use in the future a variety of third party service providers to provide services related to the Bed-and-Breakfast.it platform and the payment services. The providers of these services may be located inside or outside the European Economic Area (“EEA”).
For example, service providers can help us to: (i) verify your identity or identity documents; (ii) verify information against public databases; (iii) conduct criminal background checks, fraud prevention, and risk assessments; (iv) provide technical assistance, maintenance, and product development services; (v) assist in the supply of Bed-and-Breakfast.it services; (v) assist in the supply of Bed-and-Breakfast.it services through third-party platforms and software (for example through the integration of our APIs), or (vi) provide customer, advertising, or payment support services. Such providers have limited access to the execution of the transactions on our behalf and are contractually bound to protect and use such data in accordance with the purposes for which they have received them and this Privacy Policy.
Bed-and-Breakfast.it will have to communicate your data, including your personal data, to guarantee the proper execution of the contract stipulated with you.
We may use some of your personal information when permitted by applicable law, such as your email address, sharing it with social media platforms such as Facebook or Google, to generate leads and redirect traffic to our websites and promote products and services on the Bed-and-Breakfast.it platform. These treatment processes are based on our legitimate interests with respect to marketing and advertising products or services that may be of potential interest to you. Bed-and-Breakfast.it does not control or supervise social media platforms with which your personal data may be shared. For this reason, any questions regarding the way your personal information is treated by the social media provider must be addressed to the provider in question.
Remember that you may ask Bed-and-Breakfast.it to stop treating your data for marketing purposes at any time by sending an email to privacy@bed-and-breakfast.it.
In countries where Bed-and-Breakfast.it facilitates or requires registration, notification, permission, or licensing of a tourist facility operator with a local government authority through the Bed-and-Breakfast.it platform in compliance with local law, we may share information about the participating operators. This can include sharing information such as name, surname, contact details, address of the accommodation, tax identification codes, advertisement details, and number of nights booked with the relevant authority, both during this procedure, and if applicable, at various time intervals.
Should Bed-and-Breakfast.it undertake or be involved in any merger, acquisition, reorganization, transfer of business, bankruptcy, or insolvency proceedings, it may sell, transfer, or share some or all its assets, including your data, in reports or as a result of the transaction (for example, in the due diligence phase). In such cases, you will be informed before your personal data is transferred and becomes subject to a different privacy policy.
We also may share aggregated data (information about our users that we combine so that it does not identify or refer to single users) and other anonymous information for reasons of regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other commercial purposes.
We many review, scan, or analyse your communications on the Bed-and-Breakfast.it platform for the purposes of: preventing spam, fraud, engaging in risk assessment, complying with current legislation, investigating, researching, and engaging in product development, and providing customer support. For example, as part of our fraud prevention activities, we will proceed to scan and analyse messages to hide contact information and references to other sites. In some cases, we may also scan, review, or analyse messages for debugging purposes, as well as improve and expand the product offering. We will use automated methods when reasonably possible. However, we may occasionally need to manually check certain communications, including, for example, spam control, anti-fraud investigations, and customer support, or to evaluate and improve the functionality of these automated tools. We will not review, scan, or analyse your communications to send you marketing messages and will not sell reviews or analysis of such communications.
These activities are carried out based on the legitimate interest of Bed-and-Breakfast.it to ensure full compliance with applicable laws and our Terms, intercept spam, prevent fraud, promote security, and improve and ensure the proper performance of our services.
You can choose to link your Bed-and-Breakfast.it account to another of your third-party social networking sites. Your contact details on these third-party services are referred to as “Friends.” When you create this link:
We collect your information from linked accounts to third-party sites only to the extent necessary that ensures the proper execution of the contract between the site and user, and the compliance with applicable laws, or with your consent.
The Data Controller ensures that the personal data is treated in full compliance with the regulations, in paper and/or electronic format, as well as with automated procedures. The treatment can also be performed through automated tools for storing, managing, and transmitting data.
The data collected and processed will be protected using physical and logistic methods that minimize the risks of unauthorized access, dissemination, loss, and destruction of the data, pursuant to Articles 25 and 32 of the Regulations.
The processing of the data will last no longer than the period necessary to fulfil the purposes for which they were collected.
Pursuant to Article 7, Paragraph 3 of the Regulations, a person has the right at any time, in a quick and efficient way, to revoke his or her consent regarding the treatment of data and request that his or her personal data be deleted by sending a specific communication to the Data Controller at privacy@bed-and-breakfast.it. Following the request to delete the data by the user, all personal data will be deleted or stored in anonymized form (anonymous and aggregated to allow analysis and statistics), without prejudice to the further conservation of the data required by regulatory obligations.
In the event, however, that a user has made or received reservations or booking requests, the personal data of that user will be deleted or stored anonymously (rendered anonymous and aggregated to allow for analysis and statistics) only after 30 days have elapsed from the collection of data collected upon check-out from the accommodation where the stay took place. This is to allow the correct management and provision of the platform’s services.
In addition, should the user be recalled, suspended, or sanctioned for fraudulent or suspicious behaviour, or should the user request cancellation after having published an advertisement, the Data Controller reserves the right to keep personal data relating to such user for a period of 2 (two) years from the cancellation request, to prevent the occurrence and/or reoccurrence of any fraud against the Data Controller itself. After this period, the data will only be kept in an anonymous form (anonymous and aggregated to allow for analysis and the compiling of statistics).
If, however, the Data Controller does not receive a cancellation request, the personal data will be kept for a period not exceeding 10 (ten) years, starting from the date in which the site and/or app was last accessed by the user. After this period, the data will only be kept in anonymous form (anonymous and aggregated to allow for analysis and the compiling of statistics).
In addition to the Data Controller, the personal data collected may be treated by a party or parties acting as Data Controllers pursuant to Article 28 of the respective Regulations, or who are authorized to treat data pursuant to Article 29 of the Regulations.
Furthermore, for some services, the data may be disclosed to companies that collaborate or use the services of the Data Controller with the sole intent of providing services requested by the user. In these cases, the partners are independent controllers, therefore the Data Controller is not responsible for their treatment of data. The Data Controller is also not responsible for the content and compliance with the legislation regarding the protection of personal data by sites not managed by the Data Controller.
Specifically, the data provided by the user may be shared by the Data Controller with the following third parties for the sole purposes of providing the services requested by the user or to comply with other regulatory obligations:
Apart from the scenarios mentioned above, personal data will not be disclosed except to parties, organizations, and authorities to whom the communication is mandatory according to the provisions of the law or regulations.
Personal data collected using one of the network’s sites may be transferred outside the country solely and exclusively for the execution of the services required in compliance with the specific provisions outlined in the regulations.
Some personal data may be shared with recipients outside the European Economic Area (EEA). The Data Controller ensures that the treatment of personal data by these recipients complies with the regulations.
The computer systems and the technical and software procedures underlying the operation of the network sites acquire, during their normal operation, some personal data for which transmission is implicit to the access, operational mechanisms, and protocols used on the internet.
Each time the user connects to one of the network sites and accesses or requests content, the access data is stored in the Data Controller’s systems, in the form of tabular or linear data files.
For example, this category of data includes the IP addresses, domain names of the computers used by the users who connect to the site and app, requests by the user’s browser in the form of URI (Uniform Resource Identifier) notation addresses, the date and time of the request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numerical code indicating the status of the response given by the server, and other parameters related to the operating system and to the user’s computer.
This data may be used by the Data Controller for the sole purposes of obtaining anonymous statistical information to identify the pages preferred by the users so that increasingly adequate content can be provided and to check that it is functioning efficiently. At the request of a competent authority, the data may be used to ascertain responsibility in the case of hypothetical computer crimes committed against the network of sites or its users.
This site is optimized for navigation using mobile devices, for which there are special apps offered by the Data Controller. These apps manage the personal data provided by the user in the same way as the site, and, like the website, allow the user to use geolocation services to perform location-based property searches. With the user’s consent, the Data Controller may send notifications (in push mode) with information regarding the booking. The user has the right to authorize the data’s controllers site and app to access his geographical location to receive the requested service. The Data Controller invites users to carefully read the instructions on their mobile devices to change the settings and activate (or disable) the sharing of this data or the reception of push notifications.
The network websites use cookies to improve navigation, speech up the analysis of internet traffic, and facilitate user access to services offered by the sites. Should the user explore the website, he or she should be aware that the usage of cookies is accepted.
Third party sites such as Facebook (www.facebook.com) are integrated into our website. If the user logs into Facebook and accesses our site, Facebook detects which internet pages to visit. This information is collected by Facebook and associated with the user’s Facebook account. For example, if the user clicks on a Facebook button integrated into our site (for example, “like”), Facebook collects this information and associates it with the user’s Facebook account.
Facebook always collects information on the visitors to our site through components of the site integrated into our website and when they log into Facebook. Should you wish to withhold consent regarding the collection of this information, you need to log out from Facebook before accessing our site. You can find more information on the data protection guidelines adopted by Facebook by accessing the following link: https://facebook.com/about/privacy/
The Google Analytics feature has been integrated into this site (with the anonymization function activated). Google Analytics collects information on visitor behaviour, such as the pages they visit, the site from which they are referred (the referrer), the user, the IP address, and the time in which individual pages are displayed.
The purpose of Google Analytics is to analyse the traffic on our site. Google collects and organizes information to provide, among other things, reports that show activity on our site. This information is mainly used to optimize the browsing experience of the visitor to tour site.
To do this, Google Analytics creates a cookie on the visitor’s system that stores personal information, such as access time, the location from which sites are visited, and the frequency of visits. Every time a user visits our site, the information collected is sent to Google in America and store and managed there by Google.
You can install a browser plugin that will prevent Google Analytics from gathering information while browsing our site to prevent that this information is collected.
You can download the plugin at: https://tools.google.com/dlpage/gaoptout.
If your system is re-formatted or re-installed, it will be necessary to reinstall the plugin.
You can find more information about the data protection guidelines adopted by Google at the following addresses: https://policies.google.com/privacy?hl=it, https://www.google.com/analytics/terms/it.html and https://www.google.com/analytics.
Services provided by Webtrekk have been integrated into this site. Webtrekk is a combined system of analysis and marketing that allows us to gather information on the activity on our site, facilitating the identification of customized marketing campaigns based on pseudonymized profiles. This means that information collected is pseudonymized, which means that is separated from real identities. To do this, Webtrekk creates a cookie on the visitor’s system that stores various information to track the activity on our site.
The information collected by Webtrekk is stored and maintained in Germany.
The user can prevent this collection of information, should he or she desire, through special software or by configuring his or her browser appropriately. In addition to this, the user may object to data collection by Webtrekk by clicking on the link: https://www.webtrekk.com/en/legal/opt-out-webtrekk and following the listed instructions.
Further information regarding the data protection guidelines adopted by Webtrekk can be found at the following address: https://www.webtrekk.com/en/why-webtrekk/data-protection.
Some aspects of the Bed-and-Breakfast.it platform use Google Maps/Earth services, including the Google Maps application programming interfaces (APIs). The use of Google Maps/Earth is subject to the additional Terms of Use for Google Maps/Earth and the Google Privacy Policy.
Bed-and-Breakfast.it constantly implements and updates security measures of an administrative, technical, and organizational nature with the aim to protect your data from unauthorized access by third parties, destruction, and alteration. Some of the security measures that we use protect your information are firewalls, cryptography, and accessing controls to your information. Should you believe for any reason that your Bed-and-Breakfast.it account credentials have been lost, stolen, misappropriated, or otherwise compromised, or suspect unauthorized use of your Bed-and-Breakfast.it account, you can contact us as described in the Contact Us section of our site.
The Bed-and-Breakfast.it servers and network sites are hosted by EdgeHosting/DataBank server farm, which is based in The United States, and by Amazon Web Services in Europe. Read the security criteria adopted by clicking on the following link:
Pursuant to Articles 15 to 22 of the regulations, the user, as an interested party, has the right to exercise specific rights regarding his or her personal data. Specifically, the interested party has the right to obtain:
To exercise rights detailed in the previous points outlined above, the party or parties concerned can contact the Data Controller and/or the Data Protection Officer at any time, for any reason, concerning the treatment of their personal data, or to request an updated list of any data supervisors appointed by the company, by contacting:
Studio Scivoletto srl Unipersonale
Via Catagirasi snc
97015 Modica (RG)
VAT Number: 01194800882
E-mail:
privacy@bed-and-breakfast.it
The Data Controller and DPO is the administrator of Studio Scivoletto s.r.l. Unipersonale: Giambattista Scivoletto.