en

/

it

Privacy Policy

1. Data Controller

The Data Controller is Bagni D’Arienzo S.r.l., headquartered at Via Pasitea, 71 – 84017 Positano (SA), Italy, VAT ID: IT02972990655.
Contacts:

2. Scope and Legal Framework

This Policy applies to personal data collected via:

Legal frameworks covered:

  • GDPR (UE): access, rectification, deletion, portability, objection.
  • CCPA/CPRA (USA): right to know, delete, restrict data sharing.
  • DMA (UE): transparency and fairness in processing.
  • LGPD (Brasile): principles of purpose, necessity, accountability.
  • POPIA (Sudafrica): explicit consent, security safeguards.

3.  Purposes and Legal Bases

Purpose:

  • Booking management, customer support
  • WhatsApp/SMS notifications
  • Newsletter/promotions
  • Accounting, tax compliance
  • Targeted advertising

Legal Basis:

  • GDPR Art. 6(1)(b); LGPD: contractual execution; CCPA: operational necessity
  • Explicit consent during booking
  • Consent (non-customers); legitimate interest (existing customers)
  • GDPR Art. 6(1)(c); LGPD: legal obligations; POPIA: specific purpose
  • Cookie-based consent; CCPA: restrictions on data “sale”

Note: Failure to provide mandatory data may result in service denial.

4. Marketing and Communications

  • WhatsApp/SMS: only with explicit opt-in; unsubscribe by replying “STOP” or contacting us
  • Newsletter: consent-based for new users; legitimate interest for clients. All emails include an “unsubscribe” link
  • Cookie/Consent Mode: preferences managed via cookie banner

5. Data Subject Rights

  • GDPR access, rectification, deletion, restriction, portability, objection.
  • CCPA/CPRA access to data (12 months), deletion, opt-out of sharing
  • LGPD confirmation, anonymization, explanation of processing
  • POPIA rectification, consent withdrawal, data portability

To exercise your rights:

6. Data Recipients

Data may be shared with:

  • Technical providers (hosting, email tools)
  • Legal/tax authorities
  • Marketing platforms (e.g., Google, Meta) with prior consent

Transfers outside the EU are covered by appropriate safeguards (e.g., Standard Contractual Clauses).

7. Data Retention

  • Booking & contracts (Up to 5 years – Italian Civil Code Art. 2948)
  • Tax documents  (10 years – Italian Civil Code Art. 2220)
  • Marketing data (Until consent withdrawal)

8. Cookies and Online Tracking

  • Technical cookies: essential for the site
  • Marketing cookies:  subject to consent (e.g., Google Ads, Meta)
    Manage settings via banner or Cookie Policy.

9. Data Security

We implement technical and organizational measures to protect personal data from unauthorized access, loss, or unlawful processing.

10. Policy Updates

This Privacy Policy may be updated to remain compliant with legal requirements. Last updated: 02/05/2025