Privacy Policy and Cookie Policy

Information on Personal Data Processing

This information is provided pursuant to Art. 13 of EU Regulation 2016/679 (GDPR - General Data Protection Regulation) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Personal Data Protection Code).

Regulatory Framework of Reference

  • EU Regulation 2016/679 (GDPR): European regulation on personal data protection, in force since May 25, 2018
  • Legislative Decree 196/2003: Personal Data Protection Code
  • Legislative Decree 101/2018: Provisions for adapting national legislation to GDPR
  • Directive 2002/58/EC: regulation on the processing of personal data in the electronic communications sector
  • Privacy Authority Provisions: in particular the Guidelines on cookies and other tracking tools of June 10, 2021
Data Controller

The Data Controller is BeigeEtBle Guesthouse, located at Via degli Uffici del Vicario, 33, 00186, Rome - Italy.

According to Art. 4 GDPR, "data controller" means the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

Definitions under Art. 4 GDPR

  • Personal data: any information relating to an identified or identifiable natural person
  • Processing: any operation or set of operations performed on personal data
  • Profiling: any form of automated processing of personal data to evaluate certain personal aspects
  • Data subject: the natural person to whom the personal data refers
Applicable Principles to Processing (Art. 5 GDPR)

The processing of personal data is based on the following principles:

  • Lawfulness, fairness, and transparency: data is processed lawfully, fairly, and transparently
  • Purpose limitation: data is collected for specified, explicit, and legitimate purposes
  • Data minimization: data is adequate, relevant, and limited to what is necessary
  • Accuracy: data is accurate and, where necessary, kept up to date
  • Storage limitation: data is kept for no longer than necessary
  • Integrity and confidentiality: data is processed in a way that ensures appropriate security
Types of Data Processed

Navigation Data

During website navigation, we collect:

  • IP addresses
  • Domain names of computers used
  • URI/URL addresses of requested resources
  • Time and date of requests
  • Method used to submit the request to the server
  • Size of the file received in response
  • Server numeric code
  • Other parameters related to the user's operating system and browser
Voluntarily Provided Data

We process the following data voluntarily provided during booking or contact:

  • Personal information
  • Contact details
  • Booking information
  • Other information voluntarily provided by the user
Purposes and Legal Basis of Processing

Personal data is processed to:

  • Manage bookings and requested services (Legal basis: contract execution - Art. 6.1.b GDPR)
  • Comply with legal obligations, including fiscal and public security requirements (Legal basis: legal obligation - Art. 6.1.c GDPR)
  • Respond to information requests (Legal basis: pre-contractual measures - Art. 6.1.b GDPR)
  • Send service communications (Legal basis: legitimate interest - Art. 6.1.f GDPR)
  • Analyze website usage to improve functionality (Legal basis: legitimate interest - Art. 6.1.f GDPR)
  • Prevent and detect fraudulent activities (Legal basis: legitimate interest - Art. 6.1.f GDPR)

What are cookies

Cookies are small text files that websites send to the user's device, where they are stored to be retransmitted to the same sites on subsequent visits.

Types of cookies used

Technical cookies (necessary):

  • Are essential for website operation
  • Enable normal navigation and use of the website
  • Cannot be deactivated

Analytics cookies:

  • We use Google Analytics with anonymized IP
  • Used to collect statistical information about website usage
  • Can be disabled through cookie settings

Functional cookies:

  • Allow saving user preferences (e.g., language)
  • Improve browsing experience
  • Can be disabled through cookie settings

Cookie Management

Users can manage cookie preferences through:

  • The cookie banner shown on first visit
  • Their browser settings
  • Tools provided by third parties (e.g., Google Analytics opt-out)
Retention Period

Personal data will be retained for:

  • Booking data: 10 years for fiscal obligations (Art. 2220 Civil Code)
  • Contact data: 2 years from last contact
  • Navigation data: 7 days
  • Technical cookies: session duration
  • Analytics and functional cookies: maximum 12 months
Data Recipients

Personal data may be communicated to:

  • Authorized personnel of the Controller
  • Technical and IT service providers
  • Public authorities when required by law
  • Other subjects when necessary for contract execution
International Data Transfer

According to Articles 44-50 of GDPR, personal data transfer to third countries can only occur if:

  • The European Commission has decided that the third country ensures an adequate level of protection
  • Adequate safeguards are provided and enforceable data subject rights are available
  • One of the specific derogations provided by Art. 49 GDPR applies
Data Subject Rights

Under Articles 15-22 of GDPR, the data subject has the right to:

  • Access (Art. 15): obtain confirmation of processing and access their data
  • Rectification (Art. 16): obtain correction of inaccurate data or completion of incomplete data
  • Erasure (Art. 17): obtain erasure of data in cases provided by GDPR
  • Restriction (Art. 18): obtain restriction of processing in cases provided by GDPR
  • Portability (Art. 20): receive data in a structured format and transmit it to another controller
  • Opposition (Art. 21): object to data processing in cases provided by GDPR
  • Automated process (Art. 22): not be subject to automated decision-making
Security

We adopt appropriate technical and organizational security measures to protect personal data from:

  • Unauthorized access
  • Accidental or unlawful alteration
  • Accidental loss
  • Processing not compliant with collection purposes
Complaint to Supervisory Authority

Pursuant to Art. 77 GDPR, the data subject has the right to lodge a complaint with the competent supervisory authority (in Italy, the Data Protection Authority) if they consider that the processing of their personal data violates the GDPR.

Cookie Settings

BeigeEtBle Guesthouse uses cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

Cookies categorized as "Necessary" are stored in your browser as they are essential to enable the basic functionalities of the website.

We also use third-party cookies that help us analyze how you use this website, store your preferences, and provide you with relevant content and advertising. These cookies will only be stored in your browser with your consent.

You can choose to enable or disable some or all of these cookies, but disabling some of them may impact your browser experience.

Necessary cookies (always active)
Necessary cookies are essential for the basic functions of the website and the website will not work as intended without them. These cookies do not store any personally identifiable information.

Functional Cookies
Functional cookies help perform certain functionalities like sharing the website's content on social media platforms, collecting feedback, and other third-party features.

Analytics Cookies
Analytics cookies are used to understand how visitors interact with the website. These cookies help provide information about metrics such as number of visitors, bounce rate, traffic source, etc.

Advertising Cookies
Advertising cookies are used to provide visitors with customized advertisements based on the pages they visited previously and analyze the effectiveness of the advertising campaign.

For more information, please consult our Privacy Policy