menu
eng
ita eng
Gallery
Offers
Info
Privacy Policy 2

Privacy Policy

PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (GDPR) AND ITALIAN LEGISLATION (LEG. DECREE 196/2003, AS AMENDED)

This privacy notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018. It applies to all users interacting with the web services of Sogetur Sicilia S.r.l., accessible online at www.hotelvillaromana.com.



Data Controller

Sogetur Sicilia S.r.l.
Registered office: Via Umberto I, No. 9 – 92014 Porto Empedocle (AG), Italy
VAT Number: 02803430848
E-mail: sogetursicilia@gmail.com



Data Protection Officer (DPO)

The company has appointed Mr. Salvatore Patti as Data Protection Officer (DPO).
DPO contact: sogetursicilia@gmail.com



Purposes and Legal Basis for Processing

Personal data are processed for the following purposes:

  • Managing contact or booking form requests: processing is necessary for pre-contractual or contractual measures (Art. 6(1)(b), GDPR);
  • Managing hotel bookings and related services: contractual performance and legal obligations (Art. 6(1)(b) and (c));
  • Compliance with accounting and tax requirements: legal obligation (Art. 6(1)(c));
  • Use of technical and functional cookies: legitimate interest of the controller (Art. 6(1)(f));
  • Use of profiling/statistical cookies (e.g., Google Ads, Booking.com, Expedia): user’s consent (Art. 6(1)(a)).



Categories of Personal Data

  • Identifying data (name, surname)
  • Contact details (email, phone number)
  • Booking data (dates, preferences, number of guests)
  • Billing and tax data
  • Browsing data and cookies (see Cookie Policy)

Providing personal data is mandatory for contractual and legal purposes. It is optional for profiling/statistical purposes.



Data Processing Methods

Data will be processed using manual and electronic tools, with appropriate technical and organizational security measures in accordance with Article 32 GDPR.



Data Retention Periods

  • Booking and accounting data: 10 years
  • Data submitted via contact forms (without contract): up to 12 months
  • Cookies: as specified in the Cookie Policy



Data Recipients

Data may be disclosed to:

  • Authorized staff of the Data Controller
  • External processors (e.g., booking engine providers, channel managers, IT providers)
  • Public authorities where required by law (e.g., tax authorities)

An updated list of external processors is available upon request.



Transfers to Non-EU Countries

Some services (such as Google Ads, Booking.com, Expedia) may transfer data to non-EU countries. Such transfers are based on Standard Contractual Clauses (SCC) approved by the European Commission.



Data Subject Rights

You have the right to:

  • access your personal data (Art. 15 GDPR)
  • request rectification or erasure (Art. 16 and 17 GDPR)
  • restrict processing (Art. 18 GDPR)
  • object to processing (Art. 21 GDPR)
  • receive your data in a structured, commonly used format (Art. 20 GDPR)
  • withdraw your consent at any time (Art. 7(3) GDPR)
  • lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)



How to Exercise Your Rights

You may exercise your rights by sending an email to: sogetursicilia@gmail.com



Automated Decision-Making and Profiling

No automated decision-making or individual profiling is performed.
Statistical/profiling cookies are described in the Cookie Policy.

Last update: June 2025