Privacy Policy_EN

Guest privacy policy diagram pursuant to art. 13 of the GDPR
Privacy policy pursuant to art. 13 of EU Regulation 2016/679 governing the processing of personal data

Before supplying your own personal data, in compliance with the terms laid down in the European Regulation on the protection of personal data 2016/679 and in Italian Legislative Decree No. 196 of 30 June 2003 (so-called Privacy Code), amended pursuant to Legislative Decree No. 101 of 10 August 2018, the aim of which is to protect the fundamental rights and freedom of physical persons, particularly the right to the protection of personal data, you are required to read a series of information points that will help you to understand how and why your personal data are processed, as well as informing you of your rights and how you can exercise them.                       

1. Aims and legal basis of the processing of personal data

Your personal data are processed for the primary aim of:       
a. fulfilling statutory obligations in the field of statistics and public safety, including:
1) complying with statistical surveys “IST-00138 Occupancy of accommodation establishments” and “IST-00139 Capacity of accommodation establishments”, which are compulsory for Accommodation Establishments and included in ISTAT’s National Statistical Program (Programma Statistico Nazionale, PSN);
2) providing data on the Guests and on their stay to the competent Public Security Authorities, pursuant to art. 109 of the T.U.L.P.S. (Testo Unico Leggi di Pubblica Sicurezza, Consolidated Law on public security;
b. acquiring and confirming your booking of accommodation services: since this processing is necessary for the definition of the contractual agreement and its subsequent implementation, your consent is not required, except in the event that special, so-called sensitive data is provided. If you refuse to provide personal data, it will not be possible to accommodate you at our facility;

2. Data Controller

The Data Controller, i.e. the entity that decides how and why your data are processed, is:

SIRMIONE APARTMENTS by Matteo Defranceschi for the apartments

  • “Il Papavero”, via Case Nuove 25, Sirmione (BS)
  • “Hibiscus”, Piazza Caduti 10, Padenghe s/G (BS)
  •  “Tiffany”, via G. Garibaldi 11, Sirmione (BS)

GIORGIO DEFRANCESCHI for the apartment

  • “Il Gabbiano” via G. Garibaldi 11, Sirmione (BS)

Contact details of the Data Controller:  SIRMIONE APARTMENTS by Matteo Defranceschi or GIORGIO DEFRANCESCHI, as the legal representative of the apartment (see list ) located in (see above), who can be contacted by writing an email with the subject line: “Privacy” to the e-mail address, telefono +39 338 8454162;

3. Data subjects  

Guests of the Accommodation Establishments;

4. Type of data processed

Common personal data: identifying (first and last name, social security number, references of a valid identity document); biographical (Citizenship and state of birth, place and date of birth, residence), contact information (telephone numbers, e-mail);

5. Data processing methods

Processing is carried out with the aid of electronic or otherwise automated means and transmitted through telematic networks. The same data are processed in paper form. The Data Controller adopts appropriate technical and organizational measures to ensure an appropriate level of security with respect to the type of data processed;

6. Optional and mandatory aspects of the consent

We inform you that, in the absence of your consent for the purposes referred to in point 1 letter a.1), a.2) and b. above, it will not be possible to proceed with the processing of your personal data, as well as those of your family/group, and this will result in the impossibility of hosting you at our apartments;

7. Transmission and dissemination of personal data

Your data may be communicated, for the primary purposes (point 1 letter a.1), a.2) and as fulfillment of legal obligations to other autonomous Holders of public data processing such as Provincial Offices, Lombardy Region and the Ministry of Interior.
These data will be processed with due and appropriate technical and organizational measures in order to be able to guarantee their confidentiality and security, including through the tourist data management system made available through ARIA S.p.A. – Regional Company for Innovation and Procurement, for the statistical purposes provided for by the National Statistical Program (NSP). For the purposes mentioned in point 1 letter a), your data will be anonymized and communicated to ISTAT in aggregate. Your personal data will not be disclosed to third parties;

8. Data retention time frame

In accordance with current legislation, anonymised data relating to notifications to the Public Safety Authority and to bookings made will be stored for a period of 5 years;

9. Rights of the data subject

You are entitled to exercise your rights pursuant to articles 15-22 of EU Regulation 679/2016, where applicable and, among these, we draw your attention to your right to obtain the correction, integration or deletion (so-called right to erasure) of your personal data, the right to pose a limitation on the processing of your data, the right to data portability, and the right to object to the processing of your personal data, including their use for profiling.
Any requests regarding the exercising of your rights must be sent to the e-mail address of the Accommodation Establishment, to the attention of MATTEO DEFRANCESCHI.
You also have the right to lodge a complaint with a Supervisory Authority: if you think that the processing of your data does not comply with the provisions in force, or if the response to a complaint in which you have exercised one or more of the rights provided for in Articles 15-22 of the GDPR is not received within the time limits indicated or is not satisfactory, you may apply to a Supervisory Authority.

Rev. 3_13/03/2023